Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/Ek5EMTmLHJnTWd9vkk-C8MnXhR8.roa
File:                     Ek5EMTmLHJnTWd9vkk-C8MnXhR8.roa (raw, json)
Hash identifier:          2g9BDXbCs9tL0FnOgmnSI46Y6kUDHr3/ZRJFMoOY3V8=
Subject key identifier:   12:4E:44:31:39:8B:1C:99:D3:59:DF:6F:92:4F:82:F0:C9:D7:85:1F
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       01864F9464F9D4C73EC7026C3BAF93B5FCD8
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/Ek5EMTmLHJnTWd9vkk-C8MnXhR8.roa
Signing time:             Tue 14 Feb 2023 10:59:30 +0000
ROA not before:           Tue 14 Feb 2023 10:59:30 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44592
IP address blocks:        195.62.32.0/24 maxlen: 24
                          45.153.34.0/24 maxlen: 24
                          195.62.46.0/24 maxlen: 24
                          45.153.35.0/24 maxlen: 24
                          45.142.182.0/24 maxlen: 24
                          45.142.181.0/24 maxlen: 24
                          45.142.180.0/24 maxlen: 24
                          92.246.85.0/24 maxlen: 24
                          92.246.84.0/24 maxlen: 24
                          92.246.86.0/24 maxlen: 24
                          2a10:ca80::/29 maxlen: 29
                          2a0d:c2c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 16 May 2023 15:33:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:4f:94:64:f9:d4:c7:3e:c7:02:6c:3b:af:93:b5:fc:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: Feb 14 10:59:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=124e4431398b1c99d359df6f924f82f0c9d7851f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:33:b4:45:9d:49:0a:71:65:b4:31:24:ac:d2:
                    9c:98:d8:82:f0:a0:b1:ad:45:26:dc:46:af:ae:b8:
                    41:47:d5:ed:e7:07:ba:fe:b5:b6:b0:a8:f4:5b:5b:
                    5a:ac:a2:75:71:55:57:02:31:fa:60:80:57:fa:33:
                    60:03:f0:32:e3:8c:e5:2d:60:dc:91:ba:af:d5:2b:
                    a1:22:a4:a0:7b:60:72:19:e5:65:fc:18:ad:e1:e7:
                    41:b7:d8:01:81:f0:ef:1a:4c:1a:52:8d:fd:a8:56:
                    d2:5b:a1:f7:57:4b:0a:84:48:ac:4d:e2:55:06:c0:
                    53:54:9d:a5:e3:c1:3e:3b:59:f9:2c:a6:69:6c:f0:
                    d1:eb:2a:ac:50:bf:3c:68:4f:cd:22:d4:a4:70:30:
                    61:ab:0d:2e:5e:55:f2:cc:27:de:c3:ce:eb:2a:9c:
                    98:b6:f8:bd:73:32:12:56:07:ea:b9:b6:57:01:5c:
                    f0:aa:0c:ab:0c:9a:70:08:81:4c:8c:ec:bd:dc:7b:
                    a9:2c:19:e2:d2:cb:1d:47:44:b5:a7:d8:8e:ef:5a:
                    93:90:f7:44:31:92:2a:ab:fd:11:d4:14:7f:b0:5e:
                    27:4c:09:d2:12:b0:b3:96:5f:bc:16:db:b2:10:03:
                    2e:7d:8d:c6:fa:6e:5f:da:1c:8a:9d:6d:d0:08:58:
                    c0:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:4E:44:31:39:8B:1C:99:D3:59:DF:6F:92:4F:82:F0:C9:D7:85:1F
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/Ek5EMTmLHJnTWd9vkk-C8MnXhR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.180.0-45.142.182.255
                  45.153.34.0/23
                  92.246.84.0-92.246.86.255
                  195.62.32.0/24
                  195.62.46.0/24
                IPv6:
                  2a0d:c2c0::/29
                  2a10:ca80::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:da:e6:9b:ac:cc:ec:16:08:2e:10:9b:8f:fa:98:3e:46:a5:
         c1:b9:c5:bb:b8:45:20:66:9e:15:b6:77:3d:eb:5b:f7:57:98:
         6d:b0:2b:3e:75:61:2a:fa:b2:86:f1:0b:cd:6c:59:2c:90:85:
         b3:49:76:41:2f:fa:e5:e0:a4:87:8a:a9:31:d3:6f:8f:64:d2:
         38:0a:d5:8e:79:bf:db:c4:ca:2c:f0:bf:9c:db:93:f4:b1:29:
         f7:5d:ea:6f:4d:bd:0c:87:dd:9e:25:98:15:39:14:05:05:a0:
         fc:20:70:ca:60:aa:d5:c8:1d:eb:4f:25:8c:d6:62:22:70:45:
         9c:84:19:f3:c5:3b:04:97:f3:e1:06:da:b5:cf:97:a9:6d:68:
         ab:65:14:77:80:d2:c3:16:3c:da:ad:37:56:1a:4a:73:e4:02:
         e2:6f:5b:ba:72:c1:13:73:a0:6c:dd:e2:e0:90:74:5a:b7:5e:
         57:8d:c0:6f:0b:f7:fc:b3:1e:c5:93:58:bf:f4:0d:71:d7:da:
         33:ae:bc:f3:52:dd:80:00:3d:6b:58:57:60:6e:ed:42:b7:dc:
         9e:ef:b8:55:29:a1:49:69:bc:3f:25:9d:1f:4c:50:ce:b1:f9:
         fd:6e:d3:db:6e:55:bd:a0:84:6f:83:ce:1f:7d:95:1f:b1:38:
         14:e9:8a:f6
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYZPlGT51Mc+xwJsO6+TtfzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjMwMjE0MTA1OTMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjRlNDQzMTM5OGIxYzk5ZDM1OWRmNmY5MjRmODJmMGM5ZDc4NTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDO0RZ1JCnFltDEkrNKcmNiC8KCx
rUUm3EavrrhBR9Xt5we6/rW2sKj0W1tarKJ1cVVXAjH6YIBX+jNgA/Ay44zlLWDc
kbqv1SuhIqSge2ByGeVl/Bit4edBt9gBgfDvGkwaUo39qFbSW6H3V0sKhEisTeJV
BsBTVJ2l48E+O1n5LKZpbPDR6yqsUL88aE/NItSkcDBhqw0uXlXyzCfew87rKpyY
tvi9czISVgfqubZXAVzwqgyrDJpwCIFMjOy93HupLBni0ssdR0S1p9iO71qTkPdE
MZIqq/0R1BR/sF4nTAnSErCzll+8FtuyEAMufY3G+m5f2hyKnW3QCFjAMQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFBJORDE5ixyZ01nfb5JPgvDJ14UfMB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvRWs1RU1UbUxISm5UV2Q5dmtrLUM4TW5YaFI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEtNDg1MmM4ZmY4YWYy
LzEva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDA0BAIAATAuMAwDBAItjrQD
BAAtjrYDBAEtmSIwDAMEAlz2VAMEAFz2VgMEAMM+IAMEAMM+LjAUBAIAAjAOAwUD
Kg3CwAMFAyoQyoAwDQYJKoZIhvcNAQELBQADggEBACba5puszOwWCC4Qm4/6mD5G
pcG5xbu4RSBmnhW2dz3rW/dXmG2wKz51YSr6sobxC81sWSyQhbNJdkEv+uXgpIeK
qTHTb49k0jgK1Y55v9vEyizwv5zbk/SxKfdd6m9NvQyH3Z4lmBU5FAUFoPwgcMpg
qtXIHetPJYzWYiJwRZyEGfPFOwSX8+EG2rXPl6ltaKtlFHeA0sMWPNqtN1YaSnPk
AuJvW7pywRNzoGzd4uCQdFq3XleNwG8L9/yzHsWTWL/0DXHX2jOuvPNS3YAAPWtY
V2Bu7UK33J7vuFUpoUlpvD8lnR9MUM6x+f1u09tuVb2ghG+Dzh99lR+xOBTpivY=
-----END CERTIFICATE-----