Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/3ECMlQmtvSqkfPwQJiD_BSOn9ZE.roa
File:                     3ECMlQmtvSqkfPwQJiD_BSOn9ZE.roa (raw, json)
Hash identifier:          reROQoc8d4P+bm9zdO0S0JIqmPm34Q4OO7nYkpntVtE=
Subject key identifier:   DC:40:8C:95:09:AD:BD:2A:A4:7C:FC:10:26:20:FF:05:23:A7:F5:91
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       0189B2DC4C019BBA60B8C2387AE8C2448FB9
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/3ECMlQmtvSqkfPwQJiD_BSOn9ZE.roa
Signing time:             Tue 01 Aug 2023 20:48:48 +0000
ROA not before:           Tue 01 Aug 2023 20:48:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6939
IP address blocks:        62.182.32.0/22 maxlen: 22
                          193.38.44.0/22 maxlen: 22
                          139.28.240.0/22 maxlen: 22
                          31.40.196.0/22 maxlen: 22
                          85.235.72.0/22 maxlen: 22
                          212.115.100.0/22 maxlen: 22
                          84.54.0.0/22 maxlen: 22
                          85.8.144.0/22 maxlen: 22
                          212.87.196.0/22 maxlen: 22
                          139.28.212.0/22 maxlen: 22
                          193.32.204.0/22 maxlen: 22
                          77.241.72.0/22 maxlen: 22
                          176.53.156.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Tue 19 Sep 2023 18:34:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:b2:dc:4c:01:9b:ba:60:b8:c2:38:7a:e8:c2:44:8f:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Aug  1 20:48:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc408c9509adbd2aa47cfc102620ff0523a7f591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4f:7f:4e:e3:97:9a:0b:92:24:15:72:61:0c:
                    e3:60:8b:e8:e0:f5:40:23:ae:34:00:98:60:83:bb:
                    a2:d1:7f:1d:49:d9:dd:e2:c1:02:15:f0:5a:5e:75:
                    15:a5:75:99:ef:0a:b8:f2:a7:8d:ff:2d:8d:f1:91:
                    b5:43:f5:4b:5f:1b:e8:5a:89:33:74:2d:82:36:9f:
                    f1:0c:3a:fc:1c:c2:d8:48:35:09:c7:f6:bc:29:23:
                    51:f5:ce:ad:96:d4:c4:e0:eb:a4:ec:57:7b:f8:7c:
                    87:62:7e:5d:f0:1e:6c:bb:65:5a:e1:9e:ad:f7:e9:
                    29:29:97:74:9e:4a:7a:17:8f:c1:5d:01:ed:73:43:
                    cb:47:3f:a6:65:f8:76:c2:96:7b:ea:44:f1:54:d3:
                    57:30:44:6c:02:51:7b:d1:0f:cb:4f:37:a4:a5:af:
                    98:5b:66:79:70:82:5d:9b:5e:2c:e3:ec:e1:6c:01:
                    15:84:49:f9:a2:8e:62:fb:5a:20:1c:93:03:9c:8e:
                    f7:33:08:a8:da:d5:0b:2c:91:b7:b8:07:8a:7c:d3:
                    6b:e0:99:77:78:59:ae:43:77:63:83:12:b9:13:1f:
                    54:01:94:87:89:00:c5:3d:69:80:c8:a3:29:89:08:
                    80:42:87:54:f8:54:57:48:77:22:7a:9d:fa:fc:4c:
                    46:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:40:8C:95:09:AD:BD:2A:A4:7C:FC:10:26:20:FF:05:23:A7:F5:91
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/3ECMlQmtvSqkfPwQJiD_BSOn9ZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.196.0/22
                  62.182.32.0/22
                  77.241.72.0/22
                  84.54.0.0/22
                  85.8.144.0/22
                  85.235.72.0/22
                  139.28.212.0/22
                  139.28.240.0/22
                  176.53.156.0/22
                  193.32.204.0/22
                  193.38.44.0/22
                  212.87.196.0/22
                  212.115.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:64:79:bf:71:34:44:6c:4b:6a:6a:6b:dc:c6:b4:bc:85:57:
         06:03:27:0a:ab:d0:ec:4f:a0:9d:56:7d:37:2c:bc:10:00:91:
         0f:ea:63:ec:89:c3:fd:3d:0a:b8:5f:32:5b:e5:53:e7:06:63:
         e4:59:86:7e:75:9d:99:45:11:98:35:66:8a:f5:ad:bf:82:60:
         b1:bf:06:2b:f0:a5:7b:c1:d3:21:06:fa:3b:3f:c0:30:9f:58:
         69:fa:1d:22:c5:05:ba:a8:15:27:35:4b:5f:c3:ac:19:5b:8c:
         1b:4c:e1:a2:c8:56:ab:c2:21:b9:4a:64:4e:06:55:25:0a:a5:
         8d:72:b8:f3:79:05:3a:18:00:82:5e:fb:18:7b:5e:4a:72:62:
         8d:1e:79:a4:ed:da:32:3b:06:8a:0c:6e:96:89:c9:47:86:09:
         94:f4:6c:78:a2:5e:5e:6b:3c:1b:11:9e:90:5d:47:48:95:f0:
         ef:f2:95:e4:c9:fb:69:e4:08:7f:01:cb:bf:44:5c:56:a8:62:
         c1:c8:ca:6b:c0:cd:fc:16:3e:cc:55:50:65:9d:16:30:ee:9e:
         d8:1d:c1:e1:99:e5:57:bb:7a:c7:e2:b1:87:f8:56:07:1d:af:
         b0:73:98:70:f9:5d:0b:17:13:2c:03:2b:39:10:1e:e0:cc:00:
         36:3b:d9:1c
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYmy3EwBm7pguMI4eujCRI+5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMwODAxMjA0ODQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzQwOGM5NTA5YWRiZDJhYTQ3Y2ZjMTAyNjIwZmYwNTIzYTdmNTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuk9/TuOXmguSJBVyYQzjYIvo4PVA
I640AJhgg7ui0X8dSdnd4sECFfBaXnUVpXWZ7wq48qeN/y2N8ZG1Q/VLXxvoWokz
dC2CNp/xDDr8HMLYSDUJx/a8KSNR9c6tltTE4Ouk7Fd7+HyHYn5d8B5su2Va4Z6t
9+kpKZd0nkp6F4/BXQHtc0PLRz+mZfh2wpZ76kTxVNNXMERsAlF70Q/LTzekpa+Y
W2Z5cIJdm14s4+zhbAEVhEn5oo5i+1ogHJMDnI73Mwio2tULLJG3uAeKfNNr4Jl3
eFmuQ3djgxK5Ex9UAZSHiQDFPWmAyKMpiQiAQodU+FRXSHciep36/ExGkwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFNxAjJUJrb0qpHz8ECYg/wUjp/WRMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvM0VDTWxRbXR2U3FrZlB3UUppRF9CU09uOVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQCHyjEAwQC
PrYgAwQCTfFIAwQCVDYAAwQCVQiQAwQCVetIAwQCixzUAwQCixzwAwQCsDWcAwQC
wSDMAwQCwSYsAwQC1FfEAwQC1HNkMA0GCSqGSIb3DQEBCwUAA4IBAQC2ZHm/cTRE
bEtqamvcxrS8hVcGAycKq9DsT6CdVn03LLwQAJEP6mPsicP9PQq4XzJb5VPnBmPk
WYZ+dZ2ZRRGYNWaK9a2/gmCxvwYr8KV7wdMhBvo7P8Awn1hp+h0ixQW6qBUnNUtf
w6wZW4wbTOGiyFarwiG5SmROBlUlCqWNcrjzeQU6GACCXvsYe15KcmKNHnmk7doy
OwaKDG6WiclHhgmU9Gx4ol5eazwbEZ6QXUdIlfDv8pXkyftp5Ah/Acu/RFxWqGLB
yMprwM38Fj7MVVBlnRYw7p7YHcHhmeVXu3rH4rGH+FYHHa+wc5hw+V0LFxMsAys5
EB7gzAA2O9kc
-----END CERTIFICATE-----