Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/bx8ZLOfsfswfpfXUGwheU1-l8o4.roa
File:                     bx8ZLOfsfswfpfXUGwheU1-l8o4.roa (raw, json)
Hash identifier:          gz8B2Zq5z7OhNeNMm2wyynvV02x1NEZRVNxZhaUA5NE=
Subject key identifier:   6F:1F:19:2C:E7:EC:7E:CC:1F:A5:F5:D4:1B:08:5E:53:5F:A5:F2:8E
Certificate issuer:       /CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
Certificate serial:       0185701ED920FC7FB7DF07C4D7E2EEB3F67F
Authority key identifier: C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/bx8ZLOfsfswfpfXUGwheU1-l8o4.roa
Signing time:             Mon 02 Jan 2023 01:35:47 +0000
ROA not before:           Mon 02 Jan 2023 01:35:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15703
IP address blocks:        213.193.232.0/24 maxlen: 24
                          213.193.232.0/21 maxlen: 24
                          213.193.240.0/21 maxlen: 24
                          213.193.250.0/23 maxlen: 24
                          213.193.252.0/23 maxlen: 24
                          213.193.254.0/23 maxlen: 24
                          213.239.128.0/18 maxlen: 24
                          213.193.192.0/21 maxlen: 24
                          213.193.209.0/24 maxlen: 24
                          213.193.208.0/21 maxlen: 24
                          213.193.212.0/24 maxlen: 24
                          213.193.216.0/22 maxlen: 24
                          80.247.192.0/19 maxlen: 24
                          213.193.220.0/22 maxlen: 24
                          193.28.152.0/24 maxlen: 24
                          87.233.0.0/16 maxlen: 24
                          2001:990::/32 maxlen: 32
                          2001:9a8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:33:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:1e:d9:20:fc:7f:b7:df:07:c4:d7:e2:ee:b3:f6:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
        Validity
            Not Before: Jan  2 01:35:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6f1f192ce7ec7ecc1fa5f5d41b085e535fa5f28e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:a1:c1:6f:b2:6e:6a:94:1c:14:88:da:e7:8e:
                    3b:6f:fc:e9:d4:12:f8:cc:9a:d4:03:3c:f8:ed:b2:
                    58:ec:e6:64:6f:a3:6f:67:f2:e8:0c:60:fd:6f:d5:
                    7e:8f:81:ed:d2:eb:c0:65:03:f8:09:68:bc:b5:46:
                    ad:fd:5c:05:31:58:62:74:28:fe:80:d5:6b:49:fb:
                    48:31:c5:31:39:72:bf:31:64:83:c6:a5:32:ef:d8:
                    fd:06:02:0d:4b:75:97:68:f0:0e:b4:64:b7:3d:09:
                    97:bf:4c:73:c2:60:22:fe:30:f1:d8:2d:ec:a8:00:
                    42:2b:00:89:76:45:01:3a:e8:aa:4b:9b:99:b0:84:
                    2f:e6:7f:f7:ef:22:5c:b0:41:1b:93:76:27:3d:88:
                    72:5a:19:bb:0f:62:9a:ee:2c:bd:fc:6f:ea:9f:78:
                    31:ce:78:3d:f2:0c:8a:ba:6b:5b:a2:35:8d:fc:a3:
                    4d:07:3b:8a:ce:23:33:7f:53:68:2d:f0:c8:6b:a1:
                    d3:16:e0:d8:b2:19:c8:b7:98:bb:4c:76:49:e7:a4:
                    79:cd:bb:14:34:e3:ac:56:0e:6b:47:d2:96:b1:bf:
                    e0:68:91:ac:59:25:06:eb:b3:95:1a:6f:68:b3:59:
                    79:26:fc:18:44:ff:43:93:7b:ed:6d:9e:9a:d8:8d:
                    56:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:1F:19:2C:E7:EC:7E:CC:1F:A5:F5:D4:1B:08:5E:53:5F:A5:F2:8E
            X509v3 Authority Key Identifier:
                keyid:C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/bx8ZLOfsfswfpfXUGwheU1-l8o4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.247.192.0/19
                  87.233.0.0/16
                  193.28.152.0/24
                  213.193.192.0/21
                  213.193.208.0/20
                  213.193.232.0-213.193.247.255
                  213.193.250.0-213.193.255.255
                  213.239.128.0/18
                IPv6:
                  2001:990::/32
                  2001:9a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:e8:fb:bb:26:1d:7b:fc:f1:17:7c:0d:1c:0e:79:49:b4:34:
         15:a3:ff:51:73:2e:2e:b5:13:24:83:e9:1c:89:17:18:26:be:
         aa:21:dc:01:18:14:e9:55:1f:1e:67:05:29:f3:57:d5:e0:46:
         8b:98:1b:a7:11:de:ae:b7:38:6c:91:ff:c3:ee:9f:13:d8:a8:
         be:06:00:41:03:63:4c:c7:8a:44:ea:b7:81:f4:b8:67:ee:b6:
         ba:dc:cb:f0:de:23:d8:21:9f:1b:05:94:00:66:1c:e4:08:8d:
         5a:e7:a6:a2:1e:0f:5c:ad:24:41:99:c1:af:ea:64:d7:a3:c6:
         87:e6:b0:65:29:88:0a:7c:92:f1:50:07:57:e6:a7:e3:aa:4e:
         b6:10:f5:b8:ba:4a:4f:1f:73:ef:00:87:34:3c:12:ee:dd:c2:
         87:a2:fb:4d:73:59:3e:2f:49:58:f4:c1:63:ab:bf:e6:47:33:
         93:01:2d:3c:ed:53:7d:98:aa:fe:a7:2e:14:12:79:b7:8d:39:
         46:e9:6b:af:e4:ab:a7:3e:79:91:4d:3f:ef:b7:80:26:c2:a6:
         62:5d:89:c3:42:82:57:e0:e7:af:e2:14:ef:3e:3e:f7:6d:89:
         b0:28:c6:14:36:08:4e:d0:75:61:5d:e0:a7:ad:1d:b2:fd:39:
         3a:0c:c2:c7
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYVwHtkg/H+33wfE1+Lus/Z/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzM1ODY4MmRmM2RmOGJkYzcwMjQ1MDdmOTJlY2ZjNWFl
MDk3YmIwHhcNMjMwMTAyMDEzNTQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjFmMTkyY2U3ZWM3ZWNjMWZhNWY1ZDQxYjA4NWU1MzVmYTVmMjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5aHBb7JuapQcFIja5447b/zp1BL4
zJrUAzz47bJY7OZkb6NvZ/LoDGD9b9V+j4Ht0uvAZQP4CWi8tUat/VwFMVhidCj+
gNVrSftIMcUxOXK/MWSDxqUy79j9BgINS3WXaPAOtGS3PQmXv0xzwmAi/jDx2C3s
qABCKwCJdkUBOuiqS5uZsIQv5n/37yJcsEEbk3YnPYhyWhm7D2Ka7iy9/G/qn3gx
zng98gyKumtbojWN/KNNBzuKziMzf1NoLfDIa6HTFuDYshnIt5i7THZJ56R5zbsU
NOOsVg5rR9KWsb/gaJGsWSUG67OVGm9os1l5JvwYRP9Dk3vtbZ6a2I1W9wIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFG8fGSzn7H7MH6X11BsIXlNfpfKOMB8GA1UdIwQY
MBaAFMJzWGgt89+L3HAkUH+S7Pxa4Je7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDct
ZTg4NDY1YzQ2MTg2LzEvYng4WkxPZnNmc3dmcGZYVUd3aGVVMS1sOG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDctZTg4NDY1YzQ2MTg2
LzEvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQFUPfAAwMA
V+kDBADBHJgDBAPVwcADBATVwdAwDAMEA9XB6AMEA9XB8DALAwQB1cH6AwMB1cAD
BAbV74AwFAQCAAIwDgMFACABCZADBQAgAQmoMA0GCSqGSIb3DQEBCwUAA4IBAQAy
6Pu7Jh17/PEXfA0cDnlJtDQVo/9Rcy4utRMkg+kciRcYJr6qIdwBGBTpVR8eZwUp
81fV4EaLmBunEd6utzhskf/D7p8T2Ki+BgBBA2NMx4pE6reB9Lhn7ra63Mvw3iPY
IZ8bBZQAZhzkCI1a56aiHg9crSRBmcGv6mTXo8aH5rBlKYgKfJLxUAdX5qfjqk62
EPW4ukpPH3PvAIc0PBLu3cKHovtNc1k+L0lY9MFjq7/mRzOTAS087VN9mKr+py4U
Enm3jTlG6Wuv5KunPnmRTT/vt4AmwqZiXYnDQoJX4Oev4hTvPj73bYmwKMYUNghO
0HVhXeCnrR2y/Tk6DMLH
-----END CERTIFICATE-----