Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Mj9YHMgqxWeJq6AkW7vq60OtyrY.roa
File:                     Mj9YHMgqxWeJq6AkW7vq60OtyrY.roa (raw, json)
Hash identifier:          fPk9cmfAGw/Uw1zjoZr6VFYjxNNHqpQTwxmOLNOoNlc=
Subject key identifier:   32:3F:58:1C:C8:2A:C5:67:89:AB:A0:24:5B:BB:EA:EB:43:AD:CA:B6
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0185A0D7DE013ACB4C2BFEE36A9C12F8E5C0
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Mj9YHMgqxWeJq6AkW7vq60OtyrY.roa
Signing time:             Wed 11 Jan 2023 12:39:39 +0000
ROA not before:           Wed 11 Jan 2023 12:39:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        5.105.138.0/23 maxlen: 24
                          5.105.142.0/23 maxlen: 24
                          5.105.164.0/23 maxlen: 24
                          91.200.212.0/22 maxlen: 24
                          5.105.68.0/23 maxlen: 24
                          5.105.112.0/23 maxlen: 24
                          5.105.114.0/23 maxlen: 24
                          5.105.29.0/24 maxlen: 24
                          5.105.248.0/23 maxlen: 24
                          5.105.186.0/23 maxlen: 24
                          5.105.198.0/23 maxlen: 24
                          5.105.206.0/23 maxlen: 24
                          5.105.202.0/23 maxlen: 24
                          85.255.176.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Tue 17 Jan 2023 06:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a0:d7:de:01:3a:cb:4c:2b:fe:e3:6a:9c:12:f8:e5:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jan 11 12:39:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=323f581cc82ac56789aba0245bbbeaeb43adcab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5c:96:6c:fb:e2:87:01:6f:ff:ea:2d:de:76:
                    37:56:9e:2c:62:06:f8:94:90:1c:17:cd:e8:17:20:
                    e6:c2:28:01:cc:7a:7e:de:2c:43:7f:31:5c:0d:bc:
                    81:8e:33:87:b0:e2:0a:a3:52:57:ce:d6:f2:dd:ae:
                    0d:e9:90:09:e7:4e:5b:74:9b:8c:42:8d:82:cd:0b:
                    59:6d:e7:b8:d3:f8:79:0d:12:60:d3:f0:64:85:51:
                    d5:36:52:15:d1:74:7d:fc:45:98:d0:f8:2b:18:8c:
                    14:b8:2a:96:fe:03:fc:f3:cd:83:58:a6:01:29:8e:
                    06:39:95:87:02:c3:59:c2:2e:12:45:7f:39:4b:86:
                    80:ad:94:05:f8:58:a7:0e:29:b7:97:3f:78:4b:20:
                    ce:d5:c4:48:a7:88:9b:e6:6b:db:0f:f8:bc:38:ff:
                    c4:43:92:92:89:53:1b:3e:b3:71:7c:7d:eb:7b:1f:
                    db:84:e1:ff:0a:43:cf:0e:e6:5d:2b:b4:3e:e7:39:
                    a5:37:fc:48:f1:aa:2c:a0:8a:a6:a0:e7:a6:24:0a:
                    77:06:8e:68:8a:c4:47:a4:af:a4:03:e7:28:b4:28:
                    b1:c6:e9:47:15:d5:1a:72:45:2f:80:8a:c3:8f:b2:
                    af:06:d0:5c:c6:8e:62:36:f6:1c:c5:d0:5e:94:3f:
                    3e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:3F:58:1C:C8:2A:C5:67:89:AB:A0:24:5B:BB:EA:EB:43:AD:CA:B6
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Mj9YHMgqxWeJq6AkW7vq60OtyrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.29.0/24
                  5.105.68.0/23
                  5.105.112.0/22
                  5.105.138.0/23
                  5.105.142.0/23
                  5.105.164.0/23
                  5.105.186.0/23
                  5.105.198.0/23
                  5.105.202.0/23
                  5.105.206.0/23
                  5.105.248.0/23
                  85.255.176.0/21
                  91.200.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:78:b0:23:88:c1:1f:ac:f0:e8:e5:c3:73:12:c5:cd:74:eb:
         90:b5:ef:16:09:41:c1:a3:6e:27:23:1e:8f:f3:a6:7b:a5:17:
         6b:44:93:94:bc:11:3c:f7:51:36:3c:ae:40:35:04:0d:7e:f6:
         db:de:cf:0c:64:48:a5:44:92:5f:ac:a4:11:78:69:cb:9f:e6:
         94:eb:a4:17:6f:cb:0c:f3:44:e5:44:3f:31:da:0f:b4:92:3b:
         d1:6f:1b:4b:0e:55:21:5b:e1:31:ae:69:f6:cb:cb:80:86:2b:
         30:c4:b7:80:ee:4b:27:3f:81:0d:8c:8a:66:c1:d7:5e:7e:e5:
         aa:9a:6e:be:50:50:b8:ee:c1:95:7b:82:3a:ae:45:5d:24:ed:
         62:25:c6:b7:4d:ae:96:f7:65:08:6d:84:f5:10:30:b0:9a:cf:
         3f:2d:f9:3c:c5:81:83:ba:db:8c:93:03:9e:cc:7f:fd:76:9f:
         5a:ce:d8:4f:bd:cd:79:2e:32:48:42:d2:09:6a:3f:35:ce:78:
         20:32:b3:29:5a:da:47:8b:55:5e:f0:d7:4b:ae:d3:95:0a:34:
         fa:9c:37:f7:16:44:d1:e6:e6:c7:21:a1:c5:4e:fd:fe:55:5e:
         f4:a6:0f:b4:f8:eb:56:7a:cb:06:72:05:17:30:35:3e:a9:7e:
         0f:0b:0b:9b
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYWg194BOstMK/7japwS+OXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwMTExMTIzOTM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjNmNTgxY2M4MmFjNTY3ODlhYmEwMjQ1YmJiZWFlYjQzYWRjYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1yWbPvihwFv/+ot3nY3Vp4sYgb4
lJAcF83oFyDmwigBzHp+3ixDfzFcDbyBjjOHsOIKo1JXztby3a4N6ZAJ505bdJuM
Qo2CzQtZbee40/h5DRJg0/BkhVHVNlIV0XR9/EWY0PgrGIwUuCqW/gP8882DWKYB
KY4GOZWHAsNZwi4SRX85S4aArZQF+FinDim3lz94SyDO1cRIp4ib5mvbD/i8OP/E
Q5KSiVMbPrNxfH3rex/bhOH/CkPPDuZdK7Q+5zmlN/xI8aosoIqmoOemJAp3Bo5o
isRHpK+kA+cotCixxulHFdUackUvgIrDj7KvBtBcxo5iNvYcxdBelD8+LwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFDI/WBzIKsVniaugJFu76utDrcq2MB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvTWo5WUhNZ3F4V2VKcTZBa1c3dnE2ME90eXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQABWkdAwQB
BWlEAwQCBWlwAwQBBWmKAwQBBWmOAwQBBWmkAwQBBWm6AwQBBWnGAwQBBWnKAwQB
BWnOAwQBBWn4AwQDVf+wAwQCW8jUMA0GCSqGSIb3DQEBCwUAA4IBAQAHeLAjiMEf
rPDo5cNzEsXNdOuQte8WCUHBo24nIx6P86Z7pRdrRJOUvBE891E2PK5ANQQNfvbb
3s8MZEilRJJfrKQReGnLn+aU66QXb8sM80TlRD8x2g+0kjvRbxtLDlUhW+Exrmn2
y8uAhiswxLeA7ksnP4ENjIpmwddefuWqmm6+UFC47sGVe4I6rkVdJO1iJca3Ta6W
92UIbYT1EDCwms8/Lfk8xYGDutuMkwOezH/9dp9azthPvc15LjJIQtIJaj81zngg
MrMpWtpHi1Ve8NdLrtOVCjT6nDf3FkTR5ubHIaHFTv3+VV70pg+0+OtWessGcgUX
MDU+qX4PCwub
-----END CERTIFICATE-----