Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/Z49VOsUzRDE8L5LAh9rTC15Gp6A.roa
File:                     Z49VOsUzRDE8L5LAh9rTC15Gp6A.roa (raw, json)
Hash identifier:          l12pv55hmysa8zpE1LHaKfbVFA2x8jvkSSj7w5v+by0=
Subject key identifier:   67:8F:55:3A:C5:33:44:31:3C:2F:92:C0:87:DA:D3:0B:5E:46:A7:A0
Certificate issuer:       /CN=8f368feb9e553bdd131562584a3353b1d7555c50
Certificate serial:       018973298077B89B648FF1BD46E535FB08E8
Authority key identifier: 8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/Z49VOsUzRDE8L5LAh9rTC15Gp6A.roa
Signing time:             Thu 20 Jul 2023 11:57:26 +0000
ROA not before:           Thu 20 Jul 2023 11:57:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201565
IP address blocks:        185.11.232.0/22 maxlen: 22
                          185.91.150.0/23 maxlen: 23
                          185.91.149.0/24 maxlen: 24
                          185.91.148.0/23 maxlen: 24
                          185.91.148.0/24 maxlen: 24
                          94.176.185.0/24 maxlen: 24
                          94.176.184.0/24 maxlen: 24
                          185.59.96.0/22 maxlen: 22
                          89.35.206.0/24 maxlen: 24
                          89.35.207.0/24 maxlen: 24
                          2a03:7e40::/36 maxlen: 36
                          2a03:7e40:1000::/36 maxlen: 36
                          2a03:7e40:3000::/36 maxlen: 36
                          2a03:7e40:2000::/36 maxlen: 36
                          2a03:7e40:4000::/36 maxlen: 36
                          2a03:7e40:5000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Thu 20 Jul 2023 12:12:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:73:29:80:77:b8:9b:64:8f:f1:bd:46:e5:35:fb:08:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f368feb9e553bdd131562584a3353b1d7555c50
        Validity
            Not Before: Jul 20 11:57:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=678f553ac53344313c2f92c087dad30b5e46a7a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:17:de:3c:b6:ff:b5:36:4d:f9:18:dc:ef:7c:
                    a5:30:08:25:5f:c6:81:9f:72:69:c1:a5:3c:7b:72:
                    37:27:aa:ec:48:95:36:00:85:45:e4:c2:01:76:5e:
                    b6:b4:59:38:7d:51:93:13:c8:a0:d2:13:8f:a9:8c:
                    1f:97:f8:61:53:13:5c:1b:f2:5c:4c:36:e4:e2:62:
                    47:25:7d:67:a7:60:74:e5:0f:9a:7b:ae:fb:ab:60:
                    f6:61:3a:12:92:fa:31:0a:06:3e:de:17:d4:32:1d:
                    6e:c1:fe:2d:33:c5:36:8d:a3:ce:97:63:3f:59:5f:
                    26:b8:89:1a:56:3c:91:f4:6e:f9:4d:3c:66:85:aa:
                    75:30:30:9e:5f:0c:41:7b:76:37:4f:98:c9:a4:1e:
                    14:50:a3:73:78:95:4d:4f:51:b4:29:c5:ab:fe:1b:
                    25:ac:14:aa:2e:66:75:8e:43:1d:2a:8c:2b:74:f3:
                    aa:2e:ad:3b:1c:79:98:8e:c3:c5:2b:56:cb:f8:10:
                    f9:56:72:39:7e:eb:30:3c:23:51:6e:de:e9:02:fb:
                    90:27:6a:2b:ea:9f:e9:3c:39:d8:a0:e3:59:a9:83:
                    9f:c1:df:00:02:c1:4b:42:bf:a2:3a:12:97:04:96:
                    31:8f:4d:26:8a:0b:48:08:42:3a:2d:fd:32:b0:71:
                    81:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:8F:55:3A:C5:33:44:31:3C:2F:92:C0:87:DA:D3:0B:5E:46:A7:A0
            X509v3 Authority Key Identifier:
                keyid:8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/Z49VOsUzRDE8L5LAh9rTC15Gp6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/jzaP655VO90TFWJYSjNTsddVXFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.206.0/23
                  94.176.184.0/23
                  185.11.232.0/22
                  185.59.96.0/22
                  185.91.148.0/22
                IPv6:
                  2a03:7e40::-2a03:7e40:5fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         2c:24:22:9b:2e:26:1e:85:1e:fa:72:9c:8e:8b:1f:49:e0:75:
         00:a3:f3:57:f2:7e:55:fc:63:a5:46:c0:9d:93:e4:bd:2a:08:
         f9:13:76:cc:bb:ed:83:02:34:44:fb:cd:5a:e8:45:64:7d:5e:
         c1:76:48:3f:c6:d9:1a:07:a4:c5:ae:aa:5c:14:a2:34:d7:c3:
         05:bf:25:df:5d:12:13:f4:ea:b8:b3:8c:87:25:96:2f:6b:56:
         10:f8:7f:76:f2:cf:62:ad:44:df:37:42:b6:38:0b:a9:53:6c:
         f6:13:75:38:c9:b4:bf:7b:c7:19:7e:22:79:1f:e8:62:a8:83:
         d9:1a:60:ae:6b:46:5a:30:bd:b1:a0:0d:af:ec:05:c6:17:b6:
         48:b9:2a:62:e2:27:af:92:e8:a8:ad:d3:63:7b:97:b1:16:46:
         db:b8:8b:b9:14:f5:cf:1b:7a:e3:59:cd:76:53:f6:04:eb:f1:
         64:14:bf:e4:ff:cc:2e:3a:79:47:80:50:ec:39:4b:c5:8a:99:
         64:3d:1c:9e:30:44:46:de:9a:93:2d:3b:ed:7b:5b:ba:24:fd:
         31:d4:35:9c:b0:ec:f4:ec:e0:19:c7:f0:05:26:15:ce:07:68:
         4d:6a:85:14:96:10:44:f2:b2:1f:c7:6c:a3:29:78:fc:4c:2d:
         c7:49:b8:db
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYlzKYB3uJtkj/G9RuU1+wjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzY4ZmViOWU1NTNiZGQxMzE1NjI1ODRhMzM1M2IxZDc1
NTVjNTAwHhcNMjMwNzIwMTE1NzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzhmNTUzYWM1MzM0NDMxM2MyZjkyYzA4N2RhZDMwYjVlNDZhN2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBfePLb/tTZN+Rjc73ylMAglX8aB
n3JpwaU8e3I3J6rsSJU2AIVF5MIBdl62tFk4fVGTE8ig0hOPqYwfl/hhUxNcG/Jc
TDbk4mJHJX1np2B05Q+ae677q2D2YToSkvoxCgY+3hfUMh1uwf4tM8U2jaPOl2M/
WV8muIkaVjyR9G75TTxmhap1MDCeXwxBe3Y3T5jJpB4UUKNzeJVNT1G0KcWr/hsl
rBSqLmZ1jkMdKowrdPOqLq07HHmYjsPFK1bL+BD5VnI5fuswPCNRbt7pAvuQJ2or
6p/pPDnYoONZqYOfwd8AAsFLQr+iOhKXBJYxj00migtICEI6Lf0ysHGBAwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFGePVTrFM0QxPC+SwIfa0wteRqegMB8GA1UdIwQY
MBaAFI82j+ueVTvdExViWEozU7HXVVxQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjct
M2VjYTdkZjJhZTU3LzEvWjQ5Vk9zVXpSREU4TDVMQWg5clRDMTVHcDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjctM2VjYTdkZjJhZTU3
LzEvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAkBAIAATAeAwQBWSPOAwQB
XrC4AwQCuQvoAwQCuTtgAwQCuVuUMBcEAgACMBEwDwMFBioDfkADBgUqA35AQDAN
BgkqhkiG9w0BAQsFAAOCAQEALCQimy4mHoUe+nKcjosfSeB1AKPzV/J+VfxjpUbA
nZPkvSoI+RN2zLvtgwI0RPvNWuhFZH1ewXZIP8bZGgekxa6qXBSiNNfDBb8l310S
E/TquLOMhyWWL2tWEPh/dvLPYq1E3zdCtjgLqVNs9hN1OMm0v3vHGX4ieR/oYqiD
2RpgrmtGWjC9saANr+wFxhe2SLkqYuInr5LoqK3TY3uXsRZG27iLuRT1zxt641nN
dlP2BOvxZBS/5P/MLjp5R4BQ7DlLxYqZZD0cnjBERt6aky077XtbuiT9MdQ1nLDs
9OzgGcfwBSYVzgdoTWqFFJYQRPKyH8dsoyl4/Ewtx0m42w==
-----END CERTIFICATE-----