Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/N-lzShVZbR8bko3dAwiJsplOEds.roa
File:                     N-lzShVZbR8bko3dAwiJsplOEds.roa (raw, json)
Hash identifier:          Hku3wQm5CVKTEyBSg5vsD2vh3kTvy+BuxDgorWfma+I=
Subject key identifier:   37:E9:73:4A:15:59:6D:1F:1B:92:8D:DD:03:08:89:B2:99:4E:11:DB
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       01875174B0EAEF36298C681DB9ED6E5EBE5A
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/N-lzShVZbR8bko3dAwiJsplOEds.roa
Signing time:             Wed 05 Apr 2023 12:46:54 +0000
ROA not before:           Wed 05 Apr 2023 12:46:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6939
IP address blocks:        62.182.32.0/22 maxlen: 22
                          193.38.44.0/22 maxlen: 22
                          5.133.100.0/22 maxlen: 22
                          85.235.72.0/22 maxlen: 22
                          31.40.204.0/22 maxlen: 22
                          139.28.48.0/22 maxlen: 22
                          84.54.0.0/22 maxlen: 22
                          194.169.92.0/22 maxlen: 22
                          212.87.196.0/22 maxlen: 22
                          139.28.212.0/22 maxlen: 22
                          37.221.76.0/22 maxlen: 22
                          193.32.204.0/22 maxlen: 22
                          77.241.72.0/22 maxlen: 22
                          176.96.128.0/22 maxlen: 22
                          176.53.156.0/22 maxlen: 22
                          194.93.60.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 06 Apr 2023 11:32:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:51:74:b0:ea:ef:36:29:8c:68:1d:b9:ed:6e:5e:be:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Apr  5 12:46:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=37e9734a15596d1f1b928ddd030889b2994e11db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:80:5d:9a:d3:8d:63:fd:5d:3c:d6:e3:3f:99:
                    db:f6:4b:ac:bd:b4:58:f6:15:19:e2:45:66:c8:a3:
                    70:16:8a:5a:08:5e:22:53:0a:9c:76:6b:c6:31:90:
                    d1:1a:f7:57:a4:85:4b:d8:56:92:5e:41:f3:0b:09:
                    9a:5e:03:8e:43:e7:10:ff:fe:18:55:9b:93:93:c7:
                    ef:e1:d7:83:ce:29:9c:b6:f0:c4:e2:8e:ff:17:ae:
                    47:12:eb:31:c6:0b:a5:63:b3:8a:ac:96:88:23:de:
                    67:a0:0e:3d:dd:a1:d5:81:f7:1a:45:03:1b:f4:98:
                    48:cd:93:3d:d1:49:ab:7f:ee:d4:bc:c6:0f:d9:27:
                    db:e0:ac:d6:f4:11:0b:25:ac:fa:38:9d:a2:75:f8:
                    09:e2:0c:cd:98:6b:9b:eb:45:90:bf:f8:0d:be:ca:
                    df:5b:50:e3:da:23:1e:c3:e3:72:d6:e3:7a:fd:cf:
                    90:89:59:a7:4b:fe:96:d3:2a:dc:79:1e:62:2a:e6:
                    d6:46:a6:e7:71:af:ed:e1:8f:ce:31:61:24:5a:a9:
                    ae:dd:c9:89:ed:67:4c:96:2d:08:3a:d5:0d:a2:15:
                    15:d9:29:6a:0b:4f:91:fc:6f:05:0d:dd:6a:46:c5:
                    97:b7:7b:4c:ac:44:36:54:52:1d:8a:b9:a2:60:2d:
                    99:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E9:73:4A:15:59:6D:1F:1B:92:8D:DD:03:08:89:B2:99:4E:11:DB
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/N-lzShVZbR8bko3dAwiJsplOEds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.100.0/22
                  31.40.204.0/22
                  37.221.76.0/22
                  62.182.32.0/22
                  77.241.72.0/22
                  84.54.0.0/22
                  85.235.72.0/22
                  139.28.48.0/22
                  139.28.212.0/22
                  176.53.156.0/22
                  176.96.128.0/22
                  193.32.204.0/22
                  193.38.44.0/22
                  194.93.60.0/22
                  194.169.92.0/22
                  212.87.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         be:82:8c:f0:34:93:e5:5a:98:cf:61:c4:17:bb:cf:af:45:42:
         fc:7c:b8:04:5f:9d:27:11:0d:86:7e:3a:1a:8b:1c:10:5d:30:
         65:46:59:50:68:5f:3f:94:d7:95:02:bd:de:11:e0:9e:86:3e:
         ae:96:1a:2e:8c:d0:9b:00:48:67:60:4f:59:07:74:b3:8d:f4:
         dd:b3:21:65:a3:0d:00:90:c7:12:c8:af:67:23:43:0c:29:b1:
         53:44:2b:6c:bf:05:8d:9a:86:69:50:3f:cf:03:3f:ff:8f:95:
         a4:2d:8b:f0:45:93:f4:9f:5f:ac:f7:60:5d:8a:00:e5:22:60:
         67:08:81:fb:54:fa:8b:1d:ab:3e:e9:0f:51:81:a2:61:f2:65:
         a9:72:73:d0:6e:77:55:6e:3f:a1:05:c1:04:14:71:a7:0d:e4:
         6e:fd:93:8c:5a:ef:5d:2d:24:68:3a:03:23:7b:53:95:cf:2f:
         32:0c:51:0e:66:bc:4e:ca:ac:5e:3d:0b:e0:1b:2b:31:59:7c:
         b3:09:e1:3d:b3:23:40:54:5c:3c:22:4b:10:11:2b:1f:11:89:
         f0:14:37:3b:7e:bf:00:eb:4c:8c:6e:f8:b6:b9:02:ab:60:5d:
         96:6a:94:0b:ce:e6:ec:e1:be:4d:12:b1:64:0a:06:de:4b:00:
         43:84:1c:bb
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYdRdLDq7zYpjGgdue1uXr5aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMwNDA1MTI0NjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2U5NzM0YTE1NTk2ZDFmMWI5MjhkZGQwMzA4ODliMjk5NGUxMWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYBdmtONY/1dPNbjP5nb9kusvbRY
9hUZ4kVmyKNwFopaCF4iUwqcdmvGMZDRGvdXpIVL2FaSXkHzCwmaXgOOQ+cQ//4Y
VZuTk8fv4deDzimctvDE4o7/F65HEusxxgulY7OKrJaII95noA493aHVgfcaRQMb
9JhIzZM90Umrf+7UvMYP2Sfb4KzW9BELJaz6OJ2idfgJ4gzNmGub60WQv/gNvsrf
W1Dj2iMew+Ny1uN6/c+QiVmnS/6W0yrceR5iKubWRqbnca/t4Y/OMWEkWqmu3cmJ
7WdMli0IOtUNohUV2SlqC0+R/G8FDd1qRsWXt3tMrEQ2VFIdirmiYC2ZGQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFDfpc0oVWW0fG5KN3QMIibKZThHbMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvTi1selNoVlpiUjhia28zZEF3aUpzcGxPRWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQCBYVkAwQC
HyjMAwQCJd1MAwQCPrYgAwQCTfFIAwQCVDYAAwQCVetIAwQCixwwAwQCixzUAwQC
sDWcAwQCsGCAAwQCwSDMAwQCwSYsAwQCwl08AwQCwqlcAwQC1FfEMA0GCSqGSIb3
DQEBCwUAA4IBAQC+gozwNJPlWpjPYcQXu8+vRUL8fLgEX50nEQ2GfjoaixwQXTBl
RllQaF8/lNeVAr3eEeCehj6ulhoujNCbAEhnYE9ZB3SzjfTdsyFlow0AkMcSyK9n
I0MMKbFTRCtsvwWNmoZpUD/PAz//j5WkLYvwRZP0n1+s92BdigDlImBnCIH7VPqL
Has+6Q9RgaJh8mWpcnPQbndVbj+hBcEEFHGnDeRu/ZOMWu9dLSRoOgMje1OVzy8y
DFEOZrxOyqxePQvgGysxWXyzCeE9syNAVFw8IksQESsfEYnwFDc7fr8A60yMbvi2
uQKrYF2WapQLzubs4b5NErFkCgbeSwBDhBy7
-----END CERTIFICATE-----