Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/iFHZ9V51HiftCLBPy6L3KjsYmjs.roa
File:                     iFHZ9V51HiftCLBPy6L3KjsYmjs.roa (raw, json)
Hash identifier:          Ro54ZtPky3u7Mr3WSEHAw8I9uP0kLOdfiSZQE+r1rlg=
Subject key identifier:   88:51:D9:F5:5E:75:1E:27:ED:08:B0:4F:CB:A2:F7:2A:3B:18:9A:3B
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       0185CF7DF8C4E8C52F6DAA03BA1B6DE656DA
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/iFHZ9V51HiftCLBPy6L3KjsYmjs.roa
Signing time:             Fri 20 Jan 2023 14:03:37 +0000
ROA not before:           Fri 20 Jan 2023 14:03:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     22773
IP address blocks:        85.8.160.0/23 maxlen: 23
                          85.8.162.0/23 maxlen: 23
                          217.18.208.0/22 maxlen: 22
                          84.54.0.0/23 maxlen: 23
                          84.54.2.0/23 maxlen: 23
                          85.8.144.0/23 maxlen: 23
                          85.8.146.0/23 maxlen: 23
                          92.249.62.0/23 maxlen: 23
                          92.249.60.0/23 maxlen: 23
                          77.241.72.0/22 maxlen: 22
                          193.187.108.0/22 maxlen: 22
                          176.53.156.0/23 maxlen: 23
                          176.53.158.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Thu 26 Jan 2023 15:04:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:cf:7d:f8:c4:e8:c5:2f:6d:aa:03:ba:1b:6d:e6:56:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan 20 14:03:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8851d9f55e751e27ed08b04fcba2f72a3b189a3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9e:37:8c:69:c5:5b:ab:47:04:7b:0b:a9:3e:
                    9e:44:02:85:37:51:fe:ac:bd:cf:6c:5c:5f:c0:34:
                    9a:33:80:58:c5:4d:d2:32:36:1c:93:14:81:12:a2:
                    01:77:6d:ef:a3:05:69:81:24:2c:8e:29:c4:aa:1f:
                    2d:40:62:7e:37:69:74:d3:1b:fc:21:1b:5f:8d:fe:
                    0c:68:e4:31:20:20:a2:22:f0:17:39:e1:56:5b:7b:
                    bf:76:5f:4d:94:8f:55:8e:98:bd:00:ca:01:fa:94:
                    6e:a4:3f:7f:79:55:c8:6e:fa:96:d1:8f:09:0f:40:
                    74:06:cb:d8:aa:6c:2a:6d:02:4c:2a:ff:f3:56:16:
                    30:60:07:ea:45:8d:1a:0f:25:c4:77:59:f1:58:3e:
                    08:eb:70:62:5f:21:c7:7e:51:ff:58:c9:c0:62:81:
                    cc:6d:82:d5:0c:c4:d6:8a:c5:0c:9c:b9:71:2a:8e:
                    14:d0:70:13:0e:7f:1c:ae:a3:b3:9f:bd:2b:37:3f:
                    94:1f:6b:31:f0:ba:ae:e2:d4:50:13:58:86:43:82:
                    50:a8:cc:f6:50:0a:eb:7b:81:96:85:c5:fc:3d:ea:
                    d4:2f:70:4d:68:ed:73:90:91:e5:cb:ac:eb:c4:4a:
                    47:fb:e4:d3:64:0a:6b:85:09:c7:73:31:7a:be:56:
                    61:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:51:D9:F5:5E:75:1E:27:ED:08:B0:4F:CB:A2:F7:2A:3B:18:9A:3B
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/iFHZ9V51HiftCLBPy6L3KjsYmjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.241.72.0/22
                  84.54.0.0/22
                  85.8.144.0/22
                  85.8.160.0/22
                  92.249.60.0/22
                  176.53.156.0/22
                  193.187.108.0/22
                  217.18.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:77:47:f6:f3:89:ec:c5:76:d3:47:97:96:8a:aa:76:75:ab:
         67:c6:8d:58:8e:1b:9b:25:a7:b6:77:dc:0a:b5:1b:e3:6a:c4:
         b0:7f:34:c9:2f:15:67:f0:86:4d:f0:e3:4c:d9:7b:08:47:d6:
         d7:09:4d:ec:da:3b:7f:f1:a9:75:7b:7b:c3:6c:48:54:cb:ad:
         b9:2c:55:ca:c9:02:8f:6d:86:b1:eb:80:c6:b3:06:a5:d2:e8:
         e3:ed:39:ea:43:71:41:04:64:e9:ac:63:fa:eb:8a:3e:4f:ba:
         bc:0b:99:70:e0:7a:05:18:c1:bf:26:fa:21:68:71:64:05:d0:
         a3:72:07:c9:43:69:63:47:45:b3:53:17:c0:8d:f6:5a:73:bb:
         a0:b0:7e:f6:ff:81:38:53:af:ed:3e:7e:dd:09:ae:1b:da:9f:
         be:88:20:07:21:eb:8e:99:e7:2d:a5:53:e6:4c:ff:80:4b:6f:
         c9:cd:a3:73:66:c0:31:11:20:b7:4a:f9:47:cc:d4:42:e5:c1:
         db:96:f7:a2:6f:42:6e:a8:52:7f:05:93:1c:6b:3c:23:92:f9:
         35:d6:1a:be:35:81:d0:11:f4:d8:25:1c:00:2b:c3:d9:30:4c:
         3e:4f:be:02:c9:23:80:a5:d8:34:ed:e2:11:0a:01:d2:45:0a:
         b4:5a:01:75
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYXPffjE6MUvbaoDuhtt5lbaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMwMTIwMTQwMzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODUxZDlmNTVlNzUxZTI3ZWQwOGIwNGZjYmEyZjcyYTNiMTg5YTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZ43jGnFW6tHBHsLqT6eRAKFN1H+
rL3PbFxfwDSaM4BYxU3SMjYckxSBEqIBd23vowVpgSQsjinEqh8tQGJ+N2l00xv8
IRtfjf4MaOQxICCiIvAXOeFWW3u/dl9NlI9Vjpi9AMoB+pRupD9/eVXIbvqW0Y8J
D0B0BsvYqmwqbQJMKv/zVhYwYAfqRY0aDyXEd1nxWD4I63BiXyHHflH/WMnAYoHM
bYLVDMTWisUMnLlxKo4U0HATDn8crqOzn70rNz+UH2sx8Lqu4tRQE1iGQ4JQqMz2
UArre4GWhcX8PerUL3BNaO1zkJHly6zrxEpH++TTZAprhQnHczF6vlZhaQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFIhR2fVedR4n7QiwT8ui9yo7GJo7MB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvaUZIWjlWNTFIaWZ0Q0xCUHk2TDNLanNZbWpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCTfFIAwQC
VDYAAwQCVQiQAwQCVQigAwQCXPk8AwQCsDWcAwQCwbtsAwQC2RLQMA0GCSqGSIb3
DQEBCwUAA4IBAQAmd0f284nsxXbTR5eWiqp2datnxo1YjhubJae2d9wKtRvjasSw
fzTJLxVn8IZN8ONM2XsIR9bXCU3s2jt/8al1e3vDbEhUy625LFXKyQKPbYax64DG
swal0ujj7TnqQ3FBBGTprGP664o+T7q8C5lw4HoFGMG/JvohaHFkBdCjcgfJQ2lj
R0WzUxfAjfZac7ugsH72/4E4U6/tPn7dCa4b2p++iCAHIeuOmectpVPmTP+AS2/J
zaNzZsAxESC3SvlHzNRC5cHblveib0JuqFJ/BZMcazwjkvk11hq+NYHQEfTYJRwA
K8PZMEw+T74CySOApdg07eIRCgHSRQq0WgF1
-----END CERTIFICATE-----