Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/bc0a25-933a-4f5a-a5f3-9dcfd2ef3023/1/lXJirEqO-S7a1m3JFp5UxP4qWgQ.roa
File:                     lXJirEqO-S7a1m3JFp5UxP4qWgQ.roa (raw, json)
Hash identifier:          dAHrko6noGgpwyZRYP+GwQ/EH8j/D3AhZeOhW4NTNuY=
Subject key identifier:   95:72:62:AC:4A:8E:F9:2E:DA:D6:6D:C9:16:9E:54:C4:FE:2A:5A:04
Certificate issuer:       /CN=dd5f2e7cc2c687f58c0d1f6132bb2dcfdf38cb64
Certificate serial:       01857255A1754A4034DF9F5C24CCA128F842
Authority key identifier: DD:5F:2E:7C:C2:C6:87:F5:8C:0D:1F:61:32:BB:2D:CF:DF:38:CB:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3V8ufMLGh_WMDR9hMrstz984y2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/bc0a25-933a-4f5a-a5f3-9dcfd2ef3023/1/lXJirEqO-S7a1m3JFp5UxP4qWgQ.roa
Signing time:             Mon 02 Jan 2023 11:54:52 +0000
ROA not before:           Mon 02 Jan 2023 11:54:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39010
IP address blocks:        109.75.64.0/24 maxlen: 24
                          109.75.69.0/24 maxlen: 24
                          109.75.70.0/24 maxlen: 24
                          109.75.71.0/24 maxlen: 24
                          109.75.65.0/24 maxlen: 24
                          109.75.66.0/24 maxlen: 24
                          109.75.67.0/24 maxlen: 24
                          109.75.68.0/24 maxlen: 24
                          109.75.72.0/24 maxlen: 24
                          109.75.73.0/24 maxlen: 24
                          109.75.74.0/24 maxlen: 24
                          109.75.75.0/24 maxlen: 24
                          109.75.76.0/24 maxlen: 24
                          109.75.77.0/24 maxlen: 24
                          109.75.78.0/24 maxlen: 24
                          109.75.79.0/24 maxlen: 24
                          185.204.50.0/24 maxlen: 24
                          185.204.51.0/24 maxlen: 24
                          185.204.48.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 07 Jan 2023 21:57:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:55:a1:75:4a:40:34:df:9f:5c:24:cc:a1:28:f8:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd5f2e7cc2c687f58c0d1f6132bb2dcfdf38cb64
        Validity
            Not Before: Jan  2 11:54:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=957262ac4a8ef92edad66dc9169e54c4fe2a5a04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:23:30:da:45:b3:46:5c:7e:82:19:32:7c:f2:
                    f0:3b:cf:c9:c1:fe:12:bd:30:ea:87:fb:c0:d6:e6:
                    40:3c:f9:12:44:c4:2d:4e:20:f4:92:f7:a9:50:6e:
                    21:f0:8c:29:8b:20:65:43:05:92:25:5c:e9:25:85:
                    b2:ce:5c:37:48:f0:f3:4e:7d:4d:7e:68:d5:4b:14:
                    fb:12:e1:a3:35:61:d1:c5:73:fc:32:8f:b5:af:68:
                    33:79:0e:47:77:f8:d0:63:d5:e6:37:2b:ac:c9:ce:
                    42:43:d4:a6:fc:bf:7a:33:8e:6e:40:46:a3:25:bf:
                    a2:76:5f:9a:02:4f:33:e5:e9:10:83:ba:6e:38:f8:
                    58:56:28:86:37:a6:42:0f:80:13:81:26:1a:0e:48:
                    c7:0e:03:54:d8:89:8d:6f:43:e1:00:12:1d:70:00:
                    c0:fc:8b:7c:31:1b:a7:bc:c8:90:ed:81:f4:84:0d:
                    69:14:78:42:b4:1a:d1:11:b3:40:c5:9f:b6:0c:c2:
                    e0:61:cd:bd:1a:a6:85:1b:6a:61:9d:6b:58:f7:42:
                    ab:b6:b5:15:34:b0:48:8e:05:65:72:b9:78:fe:8e:
                    b8:d0:11:42:0b:84:ca:8c:27:ea:c6:39:e4:ad:e9:
                    4f:67:a0:7a:1b:c1:c2:f6:9c:6d:62:fb:e9:c4:90:
                    3d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:72:62:AC:4A:8E:F9:2E:DA:D6:6D:C9:16:9E:54:C4:FE:2A:5A:04
            X509v3 Authority Key Identifier:
                keyid:DD:5F:2E:7C:C2:C6:87:F5:8C:0D:1F:61:32:BB:2D:CF:DF:38:CB:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3V8ufMLGh_WMDR9hMrstz984y2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/bc0a25-933a-4f5a-a5f3-9dcfd2ef3023/1/lXJirEqO-S7a1m3JFp5UxP4qWgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/bc0a25-933a-4f5a-a5f3-9dcfd2ef3023/1/3V8ufMLGh_WMDR9hMrstz984y2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.75.64.0/20
                  185.204.48.0/24
                  185.204.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:18:83:aa:55:ec:bb:65:e3:dc:05:82:03:92:9e:ce:c5:13:
         79:02:4d:ee:6c:d6:fe:16:28:8a:80:d3:16:be:4b:cd:3a:e2:
         38:d0:54:8d:63:e3:cb:75:0b:d3:e4:40:7a:eb:f5:a8:56:e5:
         12:46:d5:cb:48:8d:1f:2c:18:ce:63:49:7f:a7:f6:5e:fc:07:
         e2:cf:95:21:94:e8:e4:d5:35:41:13:1e:bc:78:2f:d8:14:61:
         25:7b:24:74:19:4a:0e:92:76:ad:99:95:f7:99:36:b9:d1:04:
         ab:59:8a:94:08:8d:1b:dc:6b:2b:47:31:e0:98:90:b4:fc:91:
         84:5b:cb:6d:58:28:37:60:4f:f9:81:9c:c7:c6:55:8e:a3:d1:
         ea:be:5b:6b:75:e0:39:f5:3b:9c:b7:e0:42:d2:cd:ce:01:d9:
         77:47:da:81:75:c2:40:4c:d0:a3:9e:e4:4e:0b:8b:2b:77:d2:
         9c:44:01:92:e8:5d:f0:a6:19:52:65:e7:16:dd:0c:42:37:2f:
         1b:09:1b:37:4d:be:35:ed:c4:77:74:dd:0d:35:8e:0f:c4:5d:
         77:8c:2a:71:c9:73:f0:cd:05:b6:1d:96:9d:4e:8f:1b:c2:11:
         f1:9d:50:7b:f5:04:f0:4b:e9:16:8a:23:26:07:f0:d1:f3:a9:
         9d:02:bf:eb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVyVaF1SkA0359cJMyhKPhCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNWYyZTdjYzJjNjg3ZjU4YzBkMWY2MTMyYmIyZGNmZGYz
OGNiNjQwHhcNMjMwMTAyMTE1NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTcyNjJhYzRhOGVmOTJlZGFkNjZkYzkxNjllNTRjNGZlMmE1YTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SMw2kWzRlx+ghkyfPLwO8/Jwf4S
vTDqh/vA1uZAPPkSRMQtTiD0kvepUG4h8IwpiyBlQwWSJVzpJYWyzlw3SPDzTn1N
fmjVSxT7EuGjNWHRxXP8Mo+1r2gzeQ5Hd/jQY9XmNyusyc5CQ9Sm/L96M45uQEaj
Jb+idl+aAk8z5ekQg7puOPhYViiGN6ZCD4ATgSYaDkjHDgNU2ImNb0PhABIdcADA
/It8MRunvMiQ7YH0hA1pFHhCtBrREbNAxZ+2DMLgYc29GqaFG2phnWtY90KrtrUV
NLBIjgVlcrl4/o640BFCC4TKjCfqxjnkrelPZ6B6G8HC9pxtYvvpxJA9SQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJVyYqxKjvku2tZtyRaeVMT+KloEMB8GA1UdIwQY
MBaAFN1fLnzCxof1jA0fYTK7Lc/fOMtkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1Y4dWZNTEdoX1dNRFI5aE1yc3R6OTg0eTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9iYzBhMjUtOTMzYS00ZjVhLWE1ZjMt
OWRjZmQyZWYzMDIzLzEvbFhKaXJFcU8tUzdhMW0zSkZwNVV4UDRxV2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9iYzBhMjUtOTMzYS00ZjVhLWE1ZjMtOWRjZmQyZWYzMDIz
LzEvM1Y4dWZNTEdoX1dNRFI5aE1yc3R6OTg0eTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEbUtAAwQA
ucwwAwQBucwyMA0GCSqGSIb3DQEBCwUAA4IBAQBGGIOqVey7ZePcBYIDkp7OxRN5
Ak3ubNb+FiiKgNMWvkvNOuI40FSNY+PLdQvT5EB66/WoVuUSRtXLSI0fLBjOY0l/
p/Ze/Afiz5UhlOjk1TVBEx68eC/YFGEleyR0GUoOknatmZX3mTa50QSrWYqUCI0b
3GsrRzHgmJC0/JGEW8ttWCg3YE/5gZzHxlWOo9HqvltrdeA59Tuct+BC0s3OAdl3
R9qBdcJATNCjnuROC4srd9KcRAGS6F3wphlSZecW3QxCNy8bCRs3Tb417cR3dN0N
NY4PxF13jCpxyXPwzQW2HZadTo8bwhHxnVB79QTwS+kWiiMmB/DR86mdAr/r
-----END CERTIFICATE-----