Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/9Vv70B50m17l9M3I8kaNkPquu_E.roa
File:                     9Vv70B50m17l9M3I8kaNkPquu_E.roa (raw, json)
Hash identifier:          kEFmrHMR9bLRVRAcC2ZQHTZVH4BktaBqxl4Jca1kgeg=
Subject key identifier:   F5:5B:FB:D0:1E:74:9B:5E:E5:F4:CD:C8:F2:46:8D:90:FA:AE:BB:F1
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       01856E141EDBC4121BD46BA5780E7B8A55C4
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/9Vv70B50m17l9M3I8kaNkPquu_E.roa
Signing time:             Sun 01 Jan 2023 16:04:50 +0000
ROA not before:           Sun 01 Jan 2023 16:04:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        85.8.162.0/23 maxlen: 23
                          85.8.160.0/23 maxlen: 23
                          62.182.34.0/23 maxlen: 23
                          62.182.32.0/23 maxlen: 23
                          139.28.240.0/23 maxlen: 23
                          139.28.242.0/23 maxlen: 23
                          5.133.102.0/23 maxlen: 23
                          5.133.100.0/23 maxlen: 23
                          31.40.206.0/23 maxlen: 23
                          31.40.204.0/23 maxlen: 23
                          212.107.4.0/23 maxlen: 23
                          212.107.6.0/23 maxlen: 23
                          84.54.2.0/23 maxlen: 23
                          84.54.0.0/23 maxlen: 23
                          85.8.144.0/23 maxlen: 23
                          85.8.146.0/23 maxlen: 23
                          92.249.62.0/23 maxlen: 23
                          92.249.60.0/23 maxlen: 23
                          176.53.158.0/23 maxlen: 23
                          176.53.156.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Fri 20 Jan 2023 05:54:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:14:1e:db:c4:12:1b:d4:6b:a5:78:0e:7b:8a:55:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  1 16:04:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f55bfbd01e749b5ee5f4cdc8f2468d90faaebbf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:89:80:40:95:b6:af:e5:70:7a:47:db:6f:10:
                    a5:3f:b9:0a:79:ec:4e:ac:c0:d5:ec:53:6f:e3:16:
                    5f:b5:1f:df:6f:ae:82:dd:c4:21:0c:c1:64:15:46:
                    16:78:70:b4:b5:3f:25:12:c6:44:08:ef:8c:3c:3a:
                    d4:53:18:42:46:00:97:20:c5:2f:57:d8:30:08:1b:
                    0b:5f:11:ce:e0:53:0a:ea:34:7f:e7:e3:a6:ab:96:
                    2c:b8:3f:3e:98:4c:1e:13:d7:87:b7:9f:d4:d8:88:
                    fd:18:b3:16:10:45:98:5d:77:e2:03:0e:e3:85:de:
                    3a:fd:f1:15:38:6f:16:57:d0:73:b3:f5:5b:7e:7e:
                    30:0a:f0:ba:6f:00:81:87:61:c5:34:4b:f3:3e:cc:
                    8b:d2:70:d2:bb:14:f2:d2:f3:16:c2:8c:dc:b6:a3:
                    b0:b2:97:17:80:b1:f1:0c:d3:1f:ab:68:c1:e8:82:
                    fa:a4:8f:e9:3e:db:e7:40:13:c8:ae:2d:15:c7:ea:
                    d0:83:2d:f9:8c:e6:93:1f:47:e0:4e:60:93:fa:a7:
                    34:a5:32:2a:ac:e6:03:49:e0:7f:92:92:2c:0a:48:
                    2c:cf:6c:07:00:d9:80:2f:67:41:eb:79:f0:da:e4:
                    20:53:57:f3:ae:cd:64:f5:74:c6:33:42:d7:83:ee:
                    6a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:5B:FB:D0:1E:74:9B:5E:E5:F4:CD:C8:F2:46:8D:90:FA:AE:BB:F1
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/9Vv70B50m17l9M3I8kaNkPquu_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.100.0/22
                  31.40.204.0/22
                  62.182.32.0/22
                  84.54.0.0/22
                  85.8.144.0/22
                  85.8.160.0/22
                  92.249.60.0/22
                  139.28.240.0/22
                  176.53.156.0/22
                  212.107.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:c2:85:7c:4d:5c:fd:be:78:da:33:52:76:20:6f:20:8a:44:
         ae:bc:41:8f:ba:b0:04:93:43:ad:33:12:b9:bf:71:24:05:ec:
         4c:47:61:ea:96:f8:ce:6a:75:fd:e8:90:6f:11:a2:e4:b2:70:
         f9:67:d0:3f:48:81:0c:2e:d0:36:83:67:b8:36:10:1c:e2:08:
         cc:b1:25:5f:1f:01:79:e9:ea:f1:05:08:0a:0e:2e:a8:6b:76:
         9d:ad:bb:40:56:ed:d4:b3:be:ca:3f:75:c5:0d:75:29:1f:3a:
         72:4e:e7:79:7e:21:1a:90:0e:4a:b4:36:d5:22:da:e5:89:bb:
         e5:27:f3:73:02:00:2c:0b:04:ae:22:ae:c7:56:7f:f3:99:f6:
         18:86:88:0c:4f:ea:f9:be:f9:cc:a0:c1:0e:6e:95:29:9a:b6:
         fa:05:f0:65:c3:1f:1c:6c:9d:6f:d3:f9:f8:95:d6:0d:ea:c7:
         5f:07:ac:a4:ed:60:5c:82:7f:02:ce:5b:1d:fb:3b:b4:1a:f1:
         ab:5e:9b:74:aa:09:9d:35:a7:37:bd:ca:7d:d2:10:21:44:3f:
         e7:e8:b9:35:17:16:92:6a:2d:87:ae:12:f6:b3:39:4e:c7:b3:
         7c:af:fa:6a:43:d0:b3:f9:1e:34:5c:56:e7:51:13:c4:db:43:
         5a:62:dc:cd
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVuFB7bxBIb1GuleA57ilXEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMwMTAxMTYwNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTViZmJkMDFlNzQ5YjVlZTVmNGNkYzhmMjQ2OGQ5MGZhYWViYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4mAQJW2r+VwekfbbxClP7kKeexO
rMDV7FNv4xZftR/fb66C3cQhDMFkFUYWeHC0tT8lEsZECO+MPDrUUxhCRgCXIMUv
V9gwCBsLXxHO4FMK6jR/5+Omq5YsuD8+mEweE9eHt5/U2Ij9GLMWEEWYXXfiAw7j
hd46/fEVOG8WV9Bzs/Vbfn4wCvC6bwCBh2HFNEvzPsyL0nDSuxTy0vMWwozctqOw
spcXgLHxDNMfq2jB6IL6pI/pPtvnQBPIri0Vx+rQgy35jOaTH0fgTmCT+qc0pTIq
rOYDSeB/kpIsCkgsz2wHANmAL2dB63nw2uQgU1fzrs1k9XTGM0LXg+5qGQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPVb+9AedJte5fTNyPJGjZD6rrvxMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvOVZ2NzBCNTBtMTdsOU0zSThrYU5rUHF1dV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCBYVkAwQC
HyjMAwQCPrYgAwQCVDYAAwQCVQiQAwQCVQigAwQCXPk8AwQCixzwAwQCsDWcAwQC
1GsEMA0GCSqGSIb3DQEBCwUAA4IBAQCIwoV8TVz9vnjaM1J2IG8gikSuvEGPurAE
k0OtMxK5v3EkBexMR2HqlvjOanX96JBvEaLksnD5Z9A/SIEMLtA2g2e4NhAc4gjM
sSVfHwF56erxBQgKDi6oa3adrbtAVu3Us77KP3XFDXUpHzpyTud5fiEakA5KtDbV
ItrlibvlJ/NzAgAsCwSuIq7HVn/zmfYYhogMT+r5vvnMoMEObpUpmrb6BfBlwx8c
bJ1v0/n4ldYN6sdfB6yk7WBcgn8Czlsd+zu0GvGrXpt0qgmdNac3vcp90hAhRD/n
6Lk1FxaSai2HrhL2szlOx7N8r/pqQ9Cz+R40XFbnURPE20NaYtzN
-----END CERTIFICATE-----