Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/lRjcrmcrbmYXr60peZdAsh8EVBY.roa
File:                     lRjcrmcrbmYXr60peZdAsh8EVBY.roa (raw, json)
Hash identifier:          5vlV192YJShj5nwQMdZXFWV1lj1cPsyej1Oa7sM2/TQ=
Subject key identifier:   95:18:DC:AE:67:2B:6E:66:17:AF:AD:29:79:97:40:B2:1F:04:54:16
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01894982C0CCF9F3A927FC4F354BA04A076A
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/lRjcrmcrbmYXr60peZdAsh8EVBY.roa
Signing time:             Wed 12 Jul 2023 09:50:53 +0000
ROA not before:           Wed 12 Jul 2023 09:50:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59729
IP address blocks:        91.243.44.0/22 maxlen: 22
                          5.188.10.0/23 maxlen: 23
                          46.161.26.0/24 maxlen: 24
                          5.8.66.0/23 maxlen: 23
                          91.243.52.0/22 maxlen: 22
                          91.243.56.0/22 maxlen: 22
                          46.161.28.0/22 maxlen: 22
                          5.101.92.0/22 maxlen: 22
                          46.161.41.0/24 maxlen: 24
                          5.188.48.0/23 maxlen: 23
                          5.188.60.0/23 maxlen: 23
                          91.243.32.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 24 Jul 2023 17:41:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:49:82:c0:cc:f9:f3:a9:27:fc:4f:35:4b:a0:4a:07:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jul 12 09:50:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9518dcae672b6e6617afad29799740b21f045416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:36:d1:b5:23:94:30:d3:5b:69:2d:18:a8:13:
                    56:51:ba:a0:c9:03:8d:62:11:f6:83:30:ed:35:58:
                    dd:40:43:34:34:47:87:a3:8f:fe:d8:18:67:46:b2:
                    2b:68:71:99:a0:69:f5:c7:a2:aa:5d:41:8d:3e:f8:
                    78:af:58:04:de:1d:c0:05:fa:a7:44:f1:bf:25:6a:
                    3c:2b:6e:5f:76:de:4d:1a:a1:35:45:1c:9e:6c:81:
                    d6:1f:2f:03:0c:62:0d:1b:88:5c:91:a1:1f:56:4f:
                    15:d4:16:0b:f9:45:37:d8:71:7b:d8:d5:fb:11:fd:
                    57:b9:4f:2f:ec:b4:70:40:31:01:8c:d3:d7:86:26:
                    76:18:fd:be:71:45:50:20:c1:c3:9f:92:cd:73:e4:
                    0e:9f:15:11:74:a7:5a:71:0f:da:3e:02:00:b6:b8:
                    73:6a:30:2c:b0:aa:e0:39:a9:79:2e:3b:7f:f1:bd:
                    3f:36:24:fc:46:f7:21:40:79:bc:c7:b0:04:46:59:
                    65:7c:5a:43:a7:86:cb:5a:c7:0a:f6:5b:3d:a5:3f:
                    88:c8:ff:73:1d:49:f3:8f:c8:94:5f:d7:19:0c:91:
                    2d:57:5b:97:ad:56:f3:c3:76:2b:86:4f:db:43:d0:
                    02:83:57:40:18:40:0f:70:cb:c5:e8:64:3a:45:ab:
                    e7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:18:DC:AE:67:2B:6E:66:17:AF:AD:29:79:97:40:B2:1F:04:54:16
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/lRjcrmcrbmYXr60peZdAsh8EVBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.66.0/23
                  5.101.92.0/22
                  5.188.10.0/23
                  5.188.48.0/23
                  5.188.60.0/23
                  46.161.26.0/24
                  46.161.28.0/22
                  46.161.41.0/24
                  91.243.32.0/22
                  91.243.44.0/22
                  91.243.52.0-91.243.59.255

    Signature Algorithm: sha256WithRSAEncryption
         4a:2c:42:18:4f:fc:34:5d:8f:ea:f4:fa:37:31:cd:1f:7a:db:
         75:da:27:d9:82:65:4c:df:2a:33:5e:61:51:a5:b1:40:45:b7:
         68:67:0f:a8:4a:6c:45:00:ef:47:2c:36:3c:64:5a:c6:d0:be:
         8d:31:72:b9:52:1d:85:63:90:90:54:0f:89:09:74:3c:50:b9:
         62:ff:0e:61:12:0c:23:03:5d:ab:5d:55:dd:d0:db:f4:45:7e:
         66:7c:9f:8b:4e:cd:51:71:2e:79:a9:d9:a4:8f:9a:d7:2e:94:
         0a:8e:b2:9e:fa:cb:3d:b3:f4:1c:ad:e8:00:3c:c9:cb:14:51:
         12:e0:a4:a2:6c:7a:1a:3b:8a:a6:0b:bb:3b:68:f6:71:9a:5a:
         b1:a9:32:1e:cf:c8:3d:48:c9:aa:5f:45:c6:74:e6:83:06:7c:
         20:5a:2e:60:9c:9b:55:0a:68:66:14:4f:ad:60:3a:50:f3:60:
         e1:9d:aa:76:47:15:df:3b:68:23:fc:ac:6a:50:10:2b:90:4a:
         0e:54:58:0c:18:86:43:41:cd:4b:b2:76:be:30:76:7d:c2:0b:
         c0:a5:b8:44:e5:db:5c:bf:66:8d:7a:1c:52:6b:82:52:0a:0e:
         ed:ae:7f:ee:03:9c:30:7b:04:d7:6f:74:8c:a4:17:0f:0b:d4:
         cf:f1:34:52
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYlJgsDM+fOpJ/xPNUugSgdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjMwNzEyMDk1MDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTE4ZGNhZTY3MmI2ZTY2MTdhZmFkMjk3OTk3NDBiMjFmMDQ1NDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTbRtSOUMNNbaS0YqBNWUbqgyQON
YhH2gzDtNVjdQEM0NEeHo4/+2BhnRrIraHGZoGn1x6KqXUGNPvh4r1gE3h3ABfqn
RPG/JWo8K25fdt5NGqE1RRyebIHWHy8DDGING4hckaEfVk8V1BYL+UU32HF72NX7
Ef1XuU8v7LRwQDEBjNPXhiZ2GP2+cUVQIMHDn5LNc+QOnxURdKdacQ/aPgIAtrhz
ajAssKrgOal5Ljt/8b0/NiT8RvchQHm8x7AERlllfFpDp4bLWscK9ls9pT+IyP9z
HUnzj8iUX9cZDJEtV1uXrVbzw3Yrhk/bQ9ACg1dAGEAPcMvF6GQ6RavnXwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFJUY3K5nK25mF6+tKXmXQLIfBFQWMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvbFJqY3JtY3JibVlYcjYwcGVaZEFzaDhFVkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQBBQhCAwQC
BWVcAwQBBbwKAwQBBbwwAwQBBbw8AwQALqEaAwQCLqEcAwQALqEpAwQCW/MgAwQC
W/MsMAwDBAJb8zQDBAJb8zgwDQYJKoZIhvcNAQELBQADggEBAEosQhhP/DRdj+r0
+jcxzR9623XaJ9mCZUzfKjNeYVGlsUBFt2hnD6hKbEUA70csNjxkWsbQvo0xcrlS
HYVjkJBUD4kJdDxQuWL/DmESDCMDXatdVd3Q2/RFfmZ8n4tOzVFxLnmp2aSPmtcu
lAqOsp76yz2z9Byt6AA8ycsUURLgpKJseho7iqYLuzto9nGaWrGpMh7PyD1Iyapf
RcZ05oMGfCBaLmCcm1UKaGYUT61gOlDzYOGdqnZHFd87aCP8rGpQECuQSg5UWAwY
hkNBzUuydr4wdn3CC8CluETl21y/Zo16HFJrglIKDu2uf+4DnDB7BNdvdIykFw8L
1M/xNFI=
-----END CERTIFICATE-----