Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/yghRh4icyO_eLrDAlOXflTXXaao.roa
File:                     yghRh4icyO_eLrDAlOXflTXXaao.roa (raw, json)
Hash identifier:          hJBy9/34p9oV5A28ccciA+m0tIxZ9ggJL+ndl0NO1jA=
Subject key identifier:   CA:08:51:87:88:9C:C8:EF:DE:2E:B0:C0:94:E5:DF:95:35:D7:69:AA
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018CC6B8C75ECB3FA3477181C249CB380EDE
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/yghRh4icyO_eLrDAlOXflTXXaao.roa
Signing time:             Mon 01 Jan 2024 20:30:47 +0000
ROA not before:           Mon 01 Jan 2024 20:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        85.8.160.0/22 maxlen: 22
                          217.18.208.0/22 maxlen: 22
                          5.133.100.0/22 maxlen: 22
                          31.40.204.0/22 maxlen: 22
                          212.107.4.0/22 maxlen: 22
                          194.169.92.0/22 maxlen: 22
                          83.171.244.0/22 maxlen: 22
                          212.87.196.0/22 maxlen: 22
                          37.221.76.0/22 maxlen: 22
                          193.32.184.0/22 maxlen: 22
                          92.249.60.0/22 maxlen: 22
                          188.119.68.0/22 maxlen: 22
                          176.53.156.0/22 maxlen: 22
                          194.93.60.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Wed 10 Jan 2024 17:57:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c7:5e:cb:3f:a3:47:71:81:c2:49:cb:38:0e:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  1 20:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca085187889cc8efde2eb0c094e5df9535d769aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:70:5f:a1:4f:3e:ef:77:a8:41:ca:64:d0:01:
                    87:19:e8:d2:fb:5f:19:6d:2a:ac:76:7e:1f:f3:3a:
                    a5:09:ba:db:07:fa:6c:41:83:bf:23:26:db:07:f8:
                    92:5c:d6:5d:2c:1b:cb:30:35:1e:f0:2e:86:ec:3b:
                    37:63:66:86:6f:18:32:22:4e:cf:4b:bf:4b:d8:43:
                    62:54:04:8a:71:50:ef:79:2f:6c:12:f5:b2:d0:96:
                    20:db:71:20:11:c5:b3:0d:89:49:19:cd:96:bd:2c:
                    e2:79:7d:b9:12:86:80:eb:fc:1b:a6:19:2e:6c:3a:
                    66:f0:d7:f4:ea:73:0a:33:e1:77:a8:75:91:07:e9:
                    54:75:bf:3f:ef:62:90:1f:35:c0:bf:5f:77:fa:43:
                    5f:f8:5d:27:c1:8d:77:58:40:14:2b:18:63:52:7b:
                    f3:2d:2f:ea:7b:7f:e8:40:91:9c:af:bd:1c:e5:c1:
                    38:ee:6e:33:aa:b1:fa:ea:f1:5a:23:14:7e:7f:16:
                    6d:0f:1f:55:e4:61:13:ff:a6:87:15:48:2d:f8:22:
                    1f:ee:50:08:63:d5:73:1a:a2:6f:c7:a8:c1:e5:95:
                    94:52:38:43:15:81:d2:37:53:0c:c6:ce:c2:6d:e2:
                    0c:a9:27:22:31:b2:42:b6:84:6b:94:62:de:cf:fa:
                    f3:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:08:51:87:88:9C:C8:EF:DE:2E:B0:C0:94:E5:DF:95:35:D7:69:AA
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/yghRh4icyO_eLrDAlOXflTXXaao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.100.0/22
                  31.40.204.0/22
                  37.221.76.0/22
                  83.171.244.0/22
                  85.8.160.0/22
                  92.249.60.0/22
                  176.53.156.0/22
                  188.119.68.0/22
                  193.32.184.0/22
                  194.93.60.0/22
                  194.169.92.0/22
                  212.87.196.0/22
                  212.107.4.0/22
                  217.18.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:3e:84:23:ef:79:24:16:dd:1d:80:b4:a6:3d:17:ee:3c:7e:
         cb:b6:6b:32:b0:43:cd:88:d3:b8:f4:10:fd:44:79:63:f9:d8:
         5c:1b:1d:94:9a:bc:c0:75:37:82:91:cf:5e:25:c1:fa:fd:7e:
         b0:f1:a5:3c:80:8f:68:9e:49:29:b8:9a:41:b2:aa:be:af:06:
         9a:3f:59:68:0f:f5:f5:4d:6d:47:a7:12:f1:f8:41:66:22:73:
         2a:35:5e:7f:ed:d4:99:c1:e3:d0:43:52:fe:de:7e:57:ac:9e:
         b7:bc:54:2a:ce:e7:8a:a3:e2:70:b3:ef:be:6c:b6:aa:fc:73:
         52:1d:30:be:41:45:a7:fe:7c:35:86:38:c1:eb:57:b8:7f:94:
         fd:6b:47:4a:8c:c4:61:d0:6c:03:e1:09:1d:e0:ce:ed:96:b5:
         77:c6:fa:2a:5a:09:a7:3f:38:f6:43:a5:8b:fc:51:16:c4:7a:
         8f:34:1a:f6:0e:03:1e:e1:a2:27:cf:5d:5d:e4:76:17:cd:7c:
         27:50:4c:b3:93:21:8e:54:5c:9d:46:0d:17:0d:ef:a4:b7:7f:
         84:c4:ca:bd:0d:d8:17:b6:6f:e8:29:bc:ed:6d:c9:43:4d:d0:
         9d:68:3e:84:7b:a9:d0:f9:25:ea:8c:6b:2e:2e:fc:f9:bf:ec:
         8c:20:a7:82
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYzGuMdeyz+jR3GBwknLOA7eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwMTAxMjAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTA4NTE4Nzg4OWNjOGVmZGUyZWIwYzA5NGU1ZGY5NTM1ZDc2OWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnBfoU8+73eoQcpk0AGHGejS+18Z
bSqsdn4f8zqlCbrbB/psQYO/IybbB/iSXNZdLBvLMDUe8C6G7Ds3Y2aGbxgyIk7P
S79L2ENiVASKcVDveS9sEvWy0JYg23EgEcWzDYlJGc2WvSzieX25EoaA6/wbphku
bDpm8Nf06nMKM+F3qHWRB+lUdb8/72KQHzXAv193+kNf+F0nwY13WEAUKxhjUnvz
LS/qe3/oQJGcr70c5cE47m4zqrH66vFaIxR+fxZtDx9V5GET/6aHFUgt+CIf7lAI
Y9VzGqJvx6jB5ZWUUjhDFYHSN1MMxs7CbeIMqSciMbJCtoRrlGLez/rz/QIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFMoIUYeInMjv3i6wwJTl35U112mqMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEveWdoUmg0aWN5T19lTHJEQWxPWGZsVFhYYWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQCBYVkAwQC
HyjMAwQCJd1MAwQCU6v0AwQCVQigAwQCXPk8AwQCsDWcAwQCvHdEAwQCwSC4AwQC
wl08AwQCwqlcAwQC1FfEAwQC1GsEAwQC2RLQMA0GCSqGSIb3DQEBCwUAA4IBAQAn
PoQj73kkFt0dgLSmPRfuPH7LtmsysEPNiNO49BD9RHlj+dhcGx2UmrzAdTeCkc9e
JcH6/X6w8aU8gI9onkkpuJpBsqq+rwaaP1loD/X1TW1HpxLx+EFmInMqNV5/7dSZ
wePQQ1L+3n5XrJ63vFQqzueKo+Jws+++bLaq/HNSHTC+QUWn/nw1hjjB61e4f5T9
a0dKjMRh0GwD4Qkd4M7tlrV3xvoqWgmnPzj2Q6WL/FEWxHqPNBr2DgMe4aInz11d
5HYXzXwnUEyzkyGOVFydRg0XDe+kt3+ExMq9DdgXtm/oKbztbclDTdCdaD6Ee6nQ
+SXqjGsuLvz5v+yMIKeC
-----END CERTIFICATE-----