Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/RbrUL_gDPobhMb7rQJWNuTm-zDY.roa
File:                     RbrUL_gDPobhMb7rQJWNuTm-zDY.roa (raw, json)
Hash identifier:          7UsHTQ8m0hfSooCqt2+2+K/t4BIby0jzGwCpBPs8rL4=
Subject key identifier:   45:BA:D4:2F:F8:03:3E:86:E1:31:BE:EB:40:95:8D:B9:39:BE:CC:36
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018697E61CD99A7AB4539422F1100B4D9727
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/RbrUL_gDPobhMb7rQJWNuTm-zDY.roa
Signing time:             Tue 28 Feb 2023 12:01:25 +0000
ROA not before:           Tue 28 Feb 2023 12:01:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29262
IP address blocks:        193.38.44.0/23 maxlen: 23
                          194.56.186.0/23 maxlen: 23
                          193.38.46.0/23 maxlen: 23
                          85.235.74.0/23 maxlen: 23
                          85.235.72.0/23 maxlen: 23
                          139.28.35.0/24 maxlen: 24
                          139.28.34.0/24 maxlen: 24
                          139.28.33.0/24 maxlen: 24
                          139.28.32.0/24 maxlen: 24
                          194.169.94.0/23 maxlen: 23
                          194.169.92.0/23 maxlen: 23
                          83.171.244.0/22 maxlen: 22
                          37.221.78.0/23 maxlen: 23
                          185.254.54.0/24 maxlen: 24
                          185.254.55.0/24 maxlen: 24
                          188.119.68.0/22 maxlen: 22
                          193.187.140.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Sun 26 Mar 2023 15:29:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:97:e6:1c:d9:9a:7a:b4:53:94:22:f1:10:0b:4d:97:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Feb 28 12:01:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=45bad42ff8033e86e131beeb40958db939becc36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5d:b1:6b:78:f7:40:95:38:ea:08:f2:30:2f:
                    ef:6f:9c:81:92:d6:e8:13:18:a3:d4:96:da:09:ad:
                    e4:fc:5d:9b:1a:36:e4:74:81:95:2d:9b:d6:07:f4:
                    4f:e0:69:22:2b:4f:85:47:f4:4d:d1:8a:24:db:47:
                    73:65:41:03:63:d6:72:1d:7e:0a:a9:de:e0:b8:56:
                    b9:a9:e5:e2:3a:b2:26:ab:b0:4e:62:1f:d7:4d:d2:
                    b4:1f:3e:7f:d7:d8:fe:d1:ad:92:7f:a1:35:72:6c:
                    8f:0b:1a:e3:0f:40:c7:1d:5c:a0:02:a4:4b:cf:ec:
                    79:cc:17:3e:b0:3b:f1:01:35:c7:38:54:dc:7b:49:
                    43:0a:d5:d4:1b:4a:16:f8:8e:11:ad:24:5d:80:bf:
                    b3:92:f6:13:bd:83:6e:f2:53:fc:7c:bd:82:cd:63:
                    eb:65:85:a6:8d:58:08:6a:3c:13:97:6b:8c:b2:79:
                    22:ef:73:82:d1:66:ab:cd:3b:45:c5:33:12:78:79:
                    e5:7f:6b:03:09:fd:e3:cb:84:1c:d0:f1:e0:7c:d6:
                    99:a2:5e:b2:02:d3:68:40:a5:09:e1:86:5c:6f:ed:
                    20:41:91:84:49:db:15:eb:12:1c:94:db:15:e9:88:
                    94:8c:76:18:b1:37:f4:bf:5f:0d:d9:4f:42:29:84:
                    b8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:BA:D4:2F:F8:03:3E:86:E1:31:BE:EB:40:95:8D:B9:39:BE:CC:36
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/RbrUL_gDPobhMb7rQJWNuTm-zDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.78.0/23
                  83.171.244.0/22
                  85.235.72.0/22
                  139.28.32.0/22
                  185.254.54.0/23
                  188.119.68.0/22
                  193.38.44.0/22
                  193.187.140.0/22
                  194.56.186.0/23
                  194.169.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cb:db:4e:2d:d7:19:db:a7:d2:a7:88:c2:4a:62:30:77:87:94:
         65:cc:88:91:01:f0:65:8d:63:0c:2e:45:9f:e7:09:af:71:48:
         33:bc:9a:b6:ce:3a:7c:59:83:22:5d:ce:99:af:52:2d:fc:bb:
         60:32:9c:10:d7:b3:6f:34:89:93:7b:00:0d:db:18:c7:8a:d6:
         02:19:8a:3d:e9:c1:fe:b5:7e:87:ef:76:5f:b2:e3:43:81:71:
         16:aa:8c:64:ee:15:35:db:82:7f:f4:f8:03:e9:95:a9:36:f8:
         40:81:14:36:f8:7f:47:26:2e:db:04:39:80:1e:53:88:53:48:
         ff:e3:c1:4c:cd:17:9c:5d:89:92:c5:29:81:a8:ff:44:79:74:
         2c:5c:02:24:2c:90:f4:4a:f7:88:f4:12:cc:7b:6a:94:04:ad:
         8b:e2:ef:ce:68:1f:66:52:c3:b2:fa:d2:af:53:3d:16:5e:e7:
         0d:b6:8b:0c:7a:8e:e8:7e:46:ad:c3:25:39:59:9c:43:ec:ac:
         cd:da:e0:4c:36:fd:cb:51:8e:2e:b7:4f:db:d3:f1:c2:25:1e:
         4a:14:24:b1:15:6f:0f:a7:a5:93:b3:79:3f:d9:1f:3a:14:d4:
         9e:e3:f5:c1:c0:28:10:89:d7:02:f1:89:f7:9a:5d:03:d2:d5:
         72:61:0f:10
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYaX5hzZmnq0U5Qi8RALTZcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMwMjI4MTIwMTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWJhZDQyZmY4MDMzZTg2ZTEzMWJlZWI0MDk1OGRiOTM5YmVjYzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuF2xa3j3QJU46gjyMC/vb5yBktbo
Exij1JbaCa3k/F2bGjbkdIGVLZvWB/RP4GkiK0+FR/RN0Yok20dzZUEDY9ZyHX4K
qd7guFa5qeXiOrImq7BOYh/XTdK0Hz5/19j+0a2Sf6E1cmyPCxrjD0DHHVygAqRL
z+x5zBc+sDvxATXHOFTce0lDCtXUG0oW+I4RrSRdgL+zkvYTvYNu8lP8fL2CzWPr
ZYWmjVgIajwTl2uMsnki73OC0WarzTtFxTMSeHnlf2sDCf3jy4Qc0PHgfNaZol6y
AtNoQKUJ4YZcb+0gQZGESdsV6xIclNsV6YiUjHYYsTf0v18N2U9CKYS44QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFEW61C/4Az6G4TG+60CVjbk5vsw2MB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvUmJyVUxfZ0RQb2JoTWI3clFKV051VG0tekRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBJd1OAwQC
U6v0AwQCVetIAwQCixwgAwQBuf42AwQCvHdEAwQCwSYsAwQCwbuMAwQBwji6AwQC
wqlcMA0GCSqGSIb3DQEBCwUAA4IBAQDL204t1xnbp9KniMJKYjB3h5RlzIiRAfBl
jWMMLkWf5wmvcUgzvJq2zjp8WYMiXc6Zr1It/LtgMpwQ17NvNImTewAN2xjHitYC
GYo96cH+tX6H73ZfsuNDgXEWqoxk7hU124J/9PgD6ZWpNvhAgRQ2+H9HJi7bBDmA
HlOIU0j/48FMzRecXYmSxSmBqP9EeXQsXAIkLJD0SveI9BLMe2qUBK2L4u/OaB9m
UsOy+tKvUz0WXucNtosMeo7ofkatwyU5WZxD7KzN2uBMNv3LUY4ut0/b0/HCJR5K
FCSxFW8Pp6WTs3k/2R86FNSe4/XBwCgQidcC8Yn3ml0D0tVyYQ8Q
-----END CERTIFICATE-----