Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/i0pO2ttE6an1SCEZniYgt3FVGlA.roa
File:                     i0pO2ttE6an1SCEZniYgt3FVGlA.roa (raw, json)
Hash identifier:          MhsLcg6eq4TNVvEOLddNK6huvqB/AzFLxqbC2dCZCxU=
Subject key identifier:   8B:4A:4E:DA:DB:44:E9:A9:F5:48:21:19:9E:26:20:B7:71:55:1A:50
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       01856BDCB2FE4CEB15807C22D4D4646627D1
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/i0pO2ttE6an1SCEZniYgt3FVGlA.roa
Signing time:             Sun 01 Jan 2023 05:45:03 +0000
ROA not before:           Sun 01 Jan 2023 05:45:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207023
IP address blocks:        91.245.88.0/23 maxlen: 23
                          91.234.122.0/23 maxlen: 24
                          194.33.64.0/23 maxlen: 23
                          176.118.200.0/22 maxlen: 22
                          176.118.204.0/22 maxlen: 22
                          77.36.72.0/21 maxlen: 21
                          91.200.133.0/24 maxlen: 24
                          192.162.186.0/23 maxlen: 24
                          176.116.238.0/23 maxlen: 24
                          91.237.92.0/24 maxlen: 24
                          91.232.18.0/24 maxlen: 24
                          46.173.252.0/23 maxlen: 23
                          91.229.147.0/24 maxlen: 24
                          37.97.116.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:30:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:dc:b2:fe:4c:eb:15:80:7c:22:d4:d4:64:66:27:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  1 05:45:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b4a4edadb44e9a9f54821199e2620b771551a50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6c:be:3c:89:fd:e6:f4:7c:54:45:78:2d:12:
                    aa:02:ee:13:8e:f6:b8:0a:39:49:44:91:18:3c:e1:
                    60:84:b7:ee:51:fe:1d:4c:dc:1f:fe:67:ca:58:dd:
                    a5:62:c5:07:5f:92:b6:75:02:03:99:ca:a9:1e:33:
                    ef:c0:48:54:4f:68:e5:eb:0e:1f:65:b0:26:09:05:
                    4b:40:a4:87:5d:40:d9:05:c3:d3:c7:00:58:1b:8f:
                    5c:14:99:d5:6d:58:ce:b2:62:68:66:2b:4e:b7:03:
                    05:59:ac:cd:e0:2a:98:ff:cd:47:9d:64:7a:8b:74:
                    15:18:77:2e:db:70:1c:be:88:d5:51:0f:c1:5a:b5:
                    ed:9b:de:bb:51:46:40:af:10:6a:eb:d0:6d:0a:6c:
                    5a:4b:fd:b5:5c:b9:2f:ca:d8:a5:27:25:b8:08:77:
                    a7:d6:b2:d8:d0:d1:9a:e3:d8:c9:d3:ca:9e:28:68:
                    22:6f:93:72:07:e5:32:0f:df:60:2a:05:93:2f:42:
                    99:79:6a:ae:bf:be:b3:24:89:86:0d:9a:fb:fc:0c:
                    e5:c9:e4:28:81:e1:22:21:66:c8:e1:c5:70:ad:b7:
                    58:1f:d9:7b:6e:01:08:3c:76:c7:64:66:3d:05:46:
                    1a:fa:ca:bf:f3:57:85:1f:01:ad:fa:9f:3a:6c:a1:
                    ce:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:4A:4E:DA:DB:44:E9:A9:F5:48:21:19:9E:26:20:B7:71:55:1A:50
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/i0pO2ttE6an1SCEZniYgt3FVGlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.97.116.0/22
                  46.173.252.0/23
                  77.36.72.0/21
                  91.200.133.0/24
                  91.229.147.0/24
                  91.232.18.0/24
                  91.234.122.0/23
                  91.237.92.0/24
                  91.245.88.0/23
                  176.116.238.0/23
                  176.118.200.0/21
                  192.162.186.0/23
                  194.33.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:a0:47:ac:b4:be:a7:ac:46:1b:fd:71:8b:c7:28:a2:cb:77:
         82:7a:cb:af:a3:cf:f8:8f:95:65:1f:39:51:56:c2:d0:96:98:
         9b:9e:3a:9c:4a:83:f4:b2:e9:04:35:e7:d6:24:15:38:2c:c2:
         d2:51:9c:1f:42:c9:32:ff:f4:30:b8:b7:fe:3f:81:a5:de:fb:
         6c:af:66:da:f7:96:cf:77:53:b1:f0:c1:47:45:3f:3a:6d:d6:
         02:ed:71:9f:3b:e0:fa:0c:93:bc:9a:7b:27:56:93:06:03:bc:
         ca:c6:14:4b:0c:6f:67:d5:14:f9:b4:37:43:57:f1:cf:86:ab:
         9e:78:79:57:4d:50:22:3b:a9:45:6d:6c:e5:3e:3f:94:5e:be:
         5c:48:14:2e:13:20:11:93:99:0f:d1:f9:60:1b:f0:59:be:6d:
         4a:b5:13:02:98:9a:c9:97:76:89:15:ac:83:19:99:15:94:04:
         09:03:9d:91:e7:3a:51:a3:36:c9:e9:2f:27:31:9d:63:e3:af:
         01:58:e2:78:96:fa:bc:46:fe:b3:0d:2d:81:18:09:75:04:ff:
         71:00:28:42:4c:2b:f5:07:af:b7:c3:b6:49:8e:32:fa:f3:a8:
         3d:33:82:1d:73:2a:83:ed:19:f1:93:b6:74:3d:02:d0:d2:7b:
         78:ef:2c:be
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYVr3LL+TOsVgHwi1NRkZifRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjMwMTAxMDU0NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjRhNGVkYWRiNDRlOWE5ZjU0ODIxMTk5ZTI2MjBiNzcxNTUxYTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGy+PIn95vR8VEV4LRKqAu4Tjva4
CjlJRJEYPOFghLfuUf4dTNwf/mfKWN2lYsUHX5K2dQIDmcqpHjPvwEhUT2jl6w4f
ZbAmCQVLQKSHXUDZBcPTxwBYG49cFJnVbVjOsmJoZitOtwMFWazN4CqY/81HnWR6
i3QVGHcu23AcvojVUQ/BWrXtm967UUZArxBq69BtCmxaS/21XLkvytilJyW4CHen
1rLY0NGa49jJ08qeKGgib5NyB+UyD99gKgWTL0KZeWquv76zJImGDZr7/AzlyeQo
geEiIWbI4cVwrbdYH9l7bgEIPHbHZGY9BUYa+sq/81eFHwGt+p86bKHO/QIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFItKTtrbROmp9UghGZ4mILdxVRpQMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvaTBwTzJ0dEU2YW4xU0NFWm5pWWd0M0ZWR2xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQCJWF0AwQB
Lq38AwQDTSRIAwQAW8iFAwQAW+WTAwQAW+gSAwQBW+p6AwQAW+1cAwQBW/VYAwQB
sHTuAwQDsHbIAwQBwKK6AwQBwiFAMA0GCSqGSIb3DQEBCwUAA4IBAQAsoEestL6n
rEYb/XGLxyiiy3eCesuvo8/4j5VlHzlRVsLQlpibnjqcSoP0sukENefWJBU4LMLS
UZwfQsky//QwuLf+P4Gl3vtsr2ba95bPd1Ox8MFHRT86bdYC7XGfO+D6DJO8mnsn
VpMGA7zKxhRLDG9n1RT5tDdDV/HPhqueeHlXTVAiO6lFbWzlPj+UXr5cSBQuEyAR
k5kP0flgG/BZvm1KtRMCmJrJl3aJFayDGZkVlAQJA52R5zpRozbJ6S8nMZ1j468B
WOJ4lvq8Rv6zDS2BGAl1BP9xAChCTCv1B6+3w7ZJjjL686g9M4IdcyqD7Rnxk7Z0
PQLQ0nt47yy+
-----END CERTIFICATE-----