Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/0nKhaltagIQv4d50Ter3JPPA920.roa
File:                     0nKhaltagIQv4d50Ter3JPPA920.roa (raw, json)
Hash identifier:          Oju7uuGTTDl9FuUfcK3aI2drhTfzhVN8E+vAR0gCahg=
Subject key identifier:   D2:72:A1:6A:5B:5A:80:84:2F:E1:DE:74:4D:EA:F7:24:F3:C0:F7:6D
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018756571C88387A72B946B3210501AE1CB7
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/0nKhaltagIQv4d50Ter3JPPA920.roa
Signing time:             Thu 06 Apr 2023 11:32:42 +0000
ROA not before:           Thu 06 Apr 2023 11:32:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6939
IP address blocks:        62.182.32.0/22 maxlen: 22
                          193.38.44.0/22 maxlen: 22
                          5.133.100.0/22 maxlen: 22
                          31.40.204.0/22 maxlen: 22
                          139.28.48.0/22 maxlen: 22
                          84.54.0.0/22 maxlen: 22
                          194.169.92.0/22 maxlen: 22
                          212.87.196.0/22 maxlen: 22
                          139.28.212.0/22 maxlen: 22
                          37.221.76.0/22 maxlen: 22
                          193.32.204.0/22 maxlen: 22
                          77.241.72.0/22 maxlen: 22
                          176.96.128.0/22 maxlen: 22
                          176.53.156.0/22 maxlen: 22
                          194.93.60.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 06 Apr 2023 11:33:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:56:57:1c:88:38:7a:72:b9:46:b3:21:05:01:ae:1c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Apr  6 11:32:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d272a16a5b5a80842fe1de744deaf724f3c0f76d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b2:1a:df:87:0e:8f:9e:63:93:96:1e:c5:9d:
                    ae:60:7b:d0:95:7c:cf:f4:81:64:87:f0:dc:88:55:
                    ed:15:ba:f8:20:4a:0e:69:1f:e1:79:d9:19:5f:49:
                    f9:30:14:4f:70:0e:c1:91:17:13:f4:04:d3:f4:8e:
                    cf:76:6a:4a:0a:f4:ed:ca:3b:37:c1:89:f6:68:37:
                    ef:55:64:5a:3a:09:03:61:6f:66:2d:2a:e8:86:ac:
                    02:99:6e:08:07:b7:98:08:35:8f:ef:6f:bc:1b:5f:
                    20:98:52:97:4f:59:8b:4a:f7:12:71:52:dc:75:30:
                    15:54:ad:2d:9c:2c:61:e8:e5:a5:91:d5:a1:8a:4f:
                    bd:62:fb:31:27:20:e7:bc:c1:f0:3f:73:ea:41:39:
                    61:d0:3d:17:1e:32:bb:98:88:cb:65:67:93:e3:72:
                    83:c6:84:e8:0b:30:44:f4:38:90:ea:8e:51:98:53:
                    64:57:c9:b4:36:b8:3f:52:4b:14:96:9b:e1:3f:8f:
                    b5:ee:f7:be:4d:16:71:1a:82:4f:b2:85:32:61:4c:
                    ad:ed:0b:e0:31:2d:e5:c0:85:2d:18:7b:ed:e1:44:
                    bd:69:8a:54:6c:c9:91:c8:13:21:d6:53:5e:39:18:
                    9f:19:b6:bc:d0:c3:f7:49:75:43:ed:fa:99:0b:1d:
                    17:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:72:A1:6A:5B:5A:80:84:2F:E1:DE:74:4D:EA:F7:24:F3:C0:F7:6D
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/0nKhaltagIQv4d50Ter3JPPA920.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.100.0/22
                  31.40.204.0/22
                  37.221.76.0/22
                  62.182.32.0/22
                  77.241.72.0/22
                  84.54.0.0/22
                  139.28.48.0/22
                  139.28.212.0/22
                  176.53.156.0/22
                  176.96.128.0/22
                  193.32.204.0/22
                  193.38.44.0/22
                  194.93.60.0/22
                  194.169.92.0/22
                  212.87.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:e4:10:e2:76:27:3d:ed:4d:3a:cc:2c:85:37:11:7f:ee:af:
         29:7e:7f:aa:00:8a:98:75:b1:94:98:4f:9c:6e:44:5c:ad:02:
         57:75:94:34:26:a9:0c:3d:1b:18:2c:4e:0a:ce:a7:fa:49:c2:
         38:14:31:46:c9:b2:e2:65:2e:9d:79:67:6e:91:87:e5:4b:88:
         67:62:06:83:dc:dc:99:79:9b:5f:61:f2:29:b8:7e:3c:03:31:
         ab:f5:3f:97:44:92:2e:00:a3:2a:a3:6c:e4:42:a8:cd:83:a0:
         22:a7:d0:7a:8e:05:1f:a3:87:67:65:09:ef:ab:96:8e:b0:e8:
         05:d8:5f:a3:2c:c0:34:1b:97:db:5c:c9:05:b1:75:25:3a:0c:
         d9:c9:9a:9d:c7:fe:83:14:05:6c:72:a1:61:4f:29:de:f7:eb:
         fd:8a:c9:de:18:b2:46:3f:72:7e:75:5d:1e:28:34:7d:e4:e1:
         9e:fc:bd:71:a7:e6:0a:10:6b:77:23:fe:cf:07:8d:8d:fd:86:
         22:3a:79:dc:6a:28:02:41:25:06:be:ec:09:4e:b8:92:3f:1b:
         54:17:88:c8:c8:02:55:46:e1:53:1a:45:5f:bc:74:3d:22:aa:
         c2:62:f4:91:41:54:87:47:af:9d:c0:e8:b1:46:48:35:74:47:
         f9:be:bd:11
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYdWVxyIOHpyuUazIQUBrhy3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMwNDA2MTEzMjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjcyYTE2YTViNWE4MDg0MmZlMWRlNzQ0ZGVhZjcyNGYzYzBmNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbIa34cOj55jk5YexZ2uYHvQlXzP
9IFkh/DciFXtFbr4IEoOaR/hedkZX0n5MBRPcA7BkRcT9ATT9I7PdmpKCvTtyjs3
wYn2aDfvVWRaOgkDYW9mLSrohqwCmW4IB7eYCDWP72+8G18gmFKXT1mLSvcScVLc
dTAVVK0tnCxh6OWlkdWhik+9YvsxJyDnvMHwP3PqQTlh0D0XHjK7mIjLZWeT43KD
xoToCzBE9DiQ6o5RmFNkV8m0Nrg/UksUlpvhP4+17ve+TRZxGoJPsoUyYUyt7Qvg
MS3lwIUtGHvt4US9aYpUbMmRyBMh1lNeORifGba80MP3SXVD7fqZCx0X9QIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFNJyoWpbWoCEL+HedE3q9yTzwPdtMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvMG5LaGFsdGFnSVF2NGQ1MFRlcjNKUFBBOTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQCBYVkAwQC
HyjMAwQCJd1MAwQCPrYgAwQCTfFIAwQCVDYAAwQCixwwAwQCixzUAwQCsDWcAwQC
sGCAAwQCwSDMAwQCwSYsAwQCwl08AwQCwqlcAwQC1FfEMA0GCSqGSIb3DQEBCwUA
A4IBAQBm5BDidic97U06zCyFNxF/7q8pfn+qAIqYdbGUmE+cbkRcrQJXdZQ0JqkM
PRsYLE4Kzqf6ScI4FDFGybLiZS6deWdukYflS4hnYgaD3NyZeZtfYfIpuH48AzGr
9T+XRJIuAKMqo2zkQqjNg6Aip9B6jgUfo4dnZQnvq5aOsOgF2F+jLMA0G5fbXMkF
sXUlOgzZyZqdx/6DFAVscqFhTyne9+v9isneGLJGP3J+dV0eKDR95OGe/L1xp+YK
EGt3I/7PB42N/YYiOnncaigCQSUGvuwJTriSPxtUF4jIyAJVRuFTGkVfvHQ9IqrC
YvSRQVSHR6+dwOixRkg1dEf5vr0R
-----END CERTIFICATE-----