Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/clvFxFXti77JHxUB3V2gVNOVZdE.roa
File:                     clvFxFXti77JHxUB3V2gVNOVZdE.roa (raw, json)
Hash identifier:          1ZDweyC3o2yisRruAj9kRKL7ypdt1s2BRA/ZG6LNlAc=
Subject key identifier:   72:5B:C5:C4:55:ED:8B:BE:C9:1F:15:01:DD:5D:A0:54:D3:95:65:D1
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       01856ECBA42074FCB955756A80F8D79C5666
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/clvFxFXti77JHxUB3V2gVNOVZdE.roa
Signing time:             Sun 01 Jan 2023 19:25:17 +0000
ROA not before:           Sun 01 Jan 2023 19:25:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39521
IP address blocks:        185.144.56.0/22 maxlen: 24
                          45.95.40.0/22 maxlen: 22
                          83.229.23.0/24 maxlen: 24
                          188.191.48.0/22 maxlen: 22
                          5.22.204.0/22 maxlen: 22
                          217.194.153.0/24 maxlen: 24
                          83.229.34.0/24 maxlen: 24
                          45.130.100.0/22 maxlen: 22
                          95.178.107.0/24 maxlen: 24
                          45.10.16.0/22 maxlen: 22
                          45.88.5.0/24 maxlen: 24
                          45.88.6.0/24 maxlen: 24
                          45.88.7.0/24 maxlen: 24
                          2a05:e4c0::/29 maxlen: 32

Validation:               Failed, certificate revoked on Thu 18 May 2023 10:44:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:cb:a4:20:74:fc:b9:55:75:6a:80:f8:d7:9c:56:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: Jan  1 19:25:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=725bc5c455ed8bbec91f1501dd5da054d39565d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:88:c0:66:cf:5f:3f:8b:ae:c8:5b:62:ca:a1:
                    d4:b1:de:7f:e2:78:b1:74:b7:be:f2:3a:b7:53:c5:
                    3e:dd:27:af:db:f3:25:5f:c1:97:3c:f5:32:28:d2:
                    b3:9e:99:3c:d5:01:af:dc:43:ab:90:bb:00:61:a6:
                    bd:75:16:d0:6a:96:90:f9:9e:43:df:cc:4e:09:78:
                    a3:2e:c4:f6:2a:96:25:b6:2b:18:77:25:24:c9:cf:
                    43:b9:87:a0:9a:21:73:d9:2b:a6:ab:d0:6a:54:57:
                    36:cf:36:7b:cd:76:17:38:e2:66:58:66:d1:ff:36:
                    a1:42:0f:25:65:a1:b9:55:74:32:d8:c0:11:25:83:
                    b1:76:1d:a6:ff:83:7b:14:49:42:bb:cd:8f:4f:c2:
                    99:64:8c:c8:ee:9d:8f:37:dc:4f:48:39:aa:52:1c:
                    df:04:3b:b3:1c:6c:a6:61:6e:30:04:76:4b:fe:4d:
                    7c:f1:79:2b:eb:96:b6:c8:e9:db:89:d3:f1:de:0b:
                    80:25:cf:ef:1a:7d:ab:06:a8:9e:01:0c:8c:d8:4e:
                    dd:44:bc:98:a5:c2:28:34:01:33:df:9b:48:28:9d:
                    56:f4:7f:a4:82:43:2b:72:4f:9e:b4:d2:8e:d2:62:
                    63:e3:18:b0:39:e1:46:ce:9d:07:6d:08:59:9e:7e:
                    8c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:5B:C5:C4:55:ED:8B:BE:C9:1F:15:01:DD:5D:A0:54:D3:95:65:D1
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/clvFxFXti77JHxUB3V2gVNOVZdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.204.0/22
                  45.10.16.0/22
                  45.88.5.0-45.88.7.255
                  45.95.40.0/22
                  45.130.100.0/22
                  83.229.23.0/24
                  83.229.34.0/24
                  95.178.107.0/24
                  185.144.56.0/22
                  188.191.48.0/22
                  217.194.153.0/24
                IPv6:
                  2a05:e4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:ae:43:c3:19:da:24:da:1c:0f:0a:e3:91:48:13:0f:46:ec:
         de:77:70:d9:35:ec:c1:23:18:ba:e6:4b:62:d6:be:6e:0b:c4:
         53:8d:03:c6:d3:52:8c:eb:79:3e:9c:88:df:64:5a:19:95:d8:
         40:d5:2a:00:db:d5:6e:60:a2:0d:e3:e6:23:62:56:e3:8f:b4:
         e8:d0:77:29:1d:b4:63:7e:16:dc:15:e8:b5:31:68:91:58:82:
         e9:a4:64:44:40:41:c9:47:cc:2d:53:ed:aa:9a:88:23:5a:06:
         98:fa:3c:27:c0:d4:b1:fb:1b:67:8d:0f:ad:e8:42:47:24:1d:
         92:e6:84:92:e4:43:c2:01:27:39:02:be:4f:17:83:8c:d8:c4:
         0f:75:19:a4:3c:27:7f:52:2b:de:9b:7d:dc:49:89:88:3d:24:
         cd:8f:07:f4:f6:40:d1:81:60:c0:c3:d4:9d:dd:48:f2:2e:33:
         cc:3c:29:8c:cf:8b:b9:46:ee:b4:27:09:ee:21:5c:85:ce:9f:
         66:46:94:16:e8:98:b1:8d:be:ca:b7:19:73:f2:c9:1d:21:56:
         f2:cc:c4:90:20:4a:e4:8d:95:45:c2:64:46:4f:b9:ec:70:05:
         c8:46:7f:67:57:f8:96:46:9b:20:f4:a7:ab:12:96:7f:97:e5:
         00:5a:de:8b
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYVuy6QgdPy5VXVqgPjXnFZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjMwMTAxMTkyNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjViYzVjNDU1ZWQ4YmJlYzkxZjE1MDFkZDVkYTA1NGQzOTU2NWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYjAZs9fP4uuyFtiyqHUsd5/4nix
dLe+8jq3U8U+3Sev2/MlX8GXPPUyKNKznpk81QGv3EOrkLsAYaa9dRbQapaQ+Z5D
38xOCXijLsT2KpYltisYdyUkyc9DuYegmiFz2Sumq9BqVFc2zzZ7zXYXOOJmWGbR
/zahQg8lZaG5VXQy2MARJYOxdh2m/4N7FElCu82PT8KZZIzI7p2PN9xPSDmqUhzf
BDuzHGymYW4wBHZL/k188Xkr65a2yOnbidPx3guAJc/vGn2rBqieAQyM2E7dRLyY
pcIoNAEz35tIKJ1W9H+kgkMrck+etNKO0mJj4xiwOeFGzp0HbQhZnn6MIwIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFHJbxcRV7Yu+yR8VAd1doFTTlWXRMB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvY2x2RnhGWHRpNzdKSHhVQjNWMmdWTk9WWmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQCBRbMAwQC
LQoQMAwDBAAtWAUDBAMtWAADBAItXygDBAItgmQDBABT5RcDBABT5SIDBABfsmsD
BAK5kDgDBAK8vzADBADZwpkwDQQCAAIwBwMFAyoF5MAwDQYJKoZIhvcNAQELBQAD
ggEBAGWuQ8MZ2iTaHA8K45FIEw9G7N53cNk17MEjGLrmS2LWvm4LxFONA8bTUozr
eT6ciN9kWhmV2EDVKgDb1W5gog3j5iNiVuOPtOjQdykdtGN+FtwV6LUxaJFYgumk
ZERAQclHzC1T7aqaiCNaBpj6PCfA1LH7G2eND63oQkckHZLmhJLkQ8IBJzkCvk8X
g4zYxA91GaQ8J39SK96bfdxJiYg9JM2PB/T2QNGBYMDD1J3dSPIuM8w8KYzPi7lG
7rQnCe4hXIXOn2ZGlBbomLGNvsq3GXPyyR0hVvLMxJAgSuSNlUXCZEZPuexwBchG
f2dX+JZGmyD0p6sSln+X5QBa3os=
-----END CERTIFICATE-----