Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/96GB_t9iPb80Ogqk5AAd6dhXWbs.roa
File:                     96GB_t9iPb80Ogqk5AAd6dhXWbs.roa (raw, json)
Hash identifier:          QUTpfjgveHhaSb34NtotYqLmtZUdxyzSZA7M4m4ZtqU=
Subject key identifier:   F7:A1:81:FE:DF:62:3D:BF:34:3A:0A:A4:E4:00:1D:E9:D8:57:59:BB
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018678023B563A33506A1477699195B5748C
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/96GB_t9iPb80Ogqk5AAd6dhXWbs.roa
Signing time:             Wed 22 Feb 2023 07:24:17 +0000
ROA not before:           Wed 22 Feb 2023 07:24:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211237
IP address blocks:        84.32.71.0/24 maxlen: 24
                          88.216.199.0/24 maxlen: 24
                          84.32.88.0/24 maxlen: 24
                          88.216.92.0/24 maxlen: 24
                          88.216.3.0/24 maxlen: 24
                          84.32.10.0/24 maxlen: 24
                          84.32.8.0/24 maxlen: 24
                          84.32.232.0/24 maxlen: 24
                          84.32.245.0/24 maxlen: 24
                          84.32.150.0/24 maxlen: 24
                          84.32.151.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 22 Feb 2023 18:57:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:78:02:3b:56:3a:33:50:6a:14:77:69:91:95:b5:74:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb 22 07:24:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f7a181fedf623dbf343a0aa4e4001de9d85759bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:61:bb:d9:bb:80:2d:9a:05:b7:5c:5f:fa:e8:
                    00:12:57:39:6b:d5:70:a5:23:c1:60:61:1c:33:f0:
                    a1:4d:02:df:fe:86:19:92:6c:c9:02:ff:f4:4c:cd:
                    ff:47:66:c8:ca:1e:7d:26:60:50:51:0d:d4:4d:ba:
                    b7:0a:ec:64:1f:8b:cf:d0:1e:5a:92:d7:4e:c3:d4:
                    48:dd:65:37:da:2a:0c:6a:f7:c6:58:3e:ee:e1:d3:
                    b5:f0:e9:9b:cb:41:bf:b9:66:3c:bc:c6:6e:c0:c8:
                    5f:23:8c:bf:63:28:f2:e8:9c:b4:55:b7:83:67:bc:
                    ec:21:8e:44:27:d1:08:2e:a3:aa:ca:e9:34:6b:ac:
                    e7:a8:36:f2:a2:b4:e8:62:8b:51:49:4f:40:2b:a6:
                    58:54:7c:0c:20:3c:a2:92:a3:84:63:46:39:e4:d0:
                    d4:37:7c:89:79:bf:1c:b2:d1:b8:91:f9:f3:c0:54:
                    e2:e8:a4:9b:f3:e9:bc:5c:84:72:19:b8:1b:90:81:
                    17:66:d8:44:ba:e0:98:b8:97:ec:cb:f8:ee:49:f6:
                    3f:2a:ba:92:58:db:fc:39:ab:29:7f:95:29:0a:e0:
                    f0:74:44:70:f5:b3:74:71:04:b3:92:da:f4:d9:8e:
                    5b:dd:db:3e:d2:9e:16:7a:07:36:2d:75:09:0f:3a:
                    cf:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A1:81:FE:DF:62:3D:BF:34:3A:0A:A4:E4:00:1D:E9:D8:57:59:BB
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/96GB_t9iPb80Ogqk5AAd6dhXWbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.8.0/24
                  84.32.10.0/24
                  84.32.71.0/24
                  84.32.88.0/24
                  84.32.150.0/23
                  84.32.232.0/24
                  84.32.245.0/24
                  88.216.3.0/24
                  88.216.92.0/24
                  88.216.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:41:9b:53:66:d1:5d:7f:75:89:cb:19:bb:82:92:31:9b:e3:
         ac:2e:89:8f:dd:2f:23:e0:39:d5:b5:56:2a:4e:90:c8:6b:a6:
         c2:a8:7b:b1:6b:5c:db:ff:73:89:d4:c6:d8:c7:99:9f:54:e4:
         52:57:12:dc:e1:34:2b:50:00:7a:37:d5:7b:99:4f:35:98:40:
         c0:ee:c4:4f:0a:3a:88:a8:9b:55:e9:84:d1:ba:79:80:ee:68:
         6f:78:d0:c4:4d:5e:c6:c9:aa:05:19:78:53:d1:b1:61:d5:19:
         c9:b2:a1:46:26:29:7b:f4:b3:b6:66:d3:7f:8b:63:1a:38:df:
         ff:c7:a0:15:f7:db:c7:7f:2c:48:fd:48:bc:b6:73:21:42:24:
         ea:f4:15:d4:fd:1a:e3:0e:47:fb:5f:5d:bd:f7:65:48:af:bd:
         71:83:14:03:60:03:7a:02:6a:ac:1a:19:75:d5:67:b0:b7:e6:
         b4:ff:37:d2:38:e8:41:03:0a:5d:a2:8d:6e:34:3d:85:d1:46:
         bf:dd:f9:d2:8a:da:70:34:e3:9c:90:a8:f6:db:4c:37:b3:41:
         5b:a5:c5:fc:f3:16:d3:92:fe:3d:1a:07:55:3a:45:b7:11:de:
         7b:ea:95:65:b0:fb:0e:f3:d4:be:8c:46:8f:63:cc:6a:de:ef:
         51:c7:a5:5e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYZ4AjtWOjNQahR3aZGVtXSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMjIyMDcyNDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2ExODFmZWRmNjIzZGJmMzQzYTBhYTRlNDAwMWRlOWQ4NTc1OWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmG72buALZoFt1xf+ugAElc5a9Vw
pSPBYGEcM/ChTQLf/oYZkmzJAv/0TM3/R2bIyh59JmBQUQ3UTbq3CuxkH4vP0B5a
ktdOw9RI3WU32ioMavfGWD7u4dO18Omby0G/uWY8vMZuwMhfI4y/Yyjy6Jy0VbeD
Z7zsIY5EJ9EILqOqyuk0a6znqDbyorToYotRSU9AK6ZYVHwMIDyikqOEY0Y55NDU
N3yJeb8cstG4kfnzwFTi6KSb8+m8XIRyGbgbkIEXZthEuuCYuJfsy/juSfY/KrqS
WNv8Oaspf5UpCuDwdERw9bN0cQSzktr02Y5b3ds+0p4Wegc2LXUJDzrPSQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPehgf7fYj2/NDoKpOQAHenYV1m7MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvOTZHQl90OWlQYjgwT2dxazVBQWQ2ZGhYV2JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAVCAIAwQA
VCAKAwQAVCBHAwQAVCBYAwQBVCCWAwQAVCDoAwQAVCD1AwQAWNgDAwQAWNhcAwQA
WNjHMA0GCSqGSIb3DQEBCwUAA4IBAQA6QZtTZtFdf3WJyxm7gpIxm+OsLomP3S8j
4DnVtVYqTpDIa6bCqHuxa1zb/3OJ1MbYx5mfVORSVxLc4TQrUAB6N9V7mU81mEDA
7sRPCjqIqJtV6YTRunmA7mhveNDETV7GyaoFGXhT0bFh1RnJsqFGJil79LO2ZtN/
i2MaON//x6AV99vHfyxI/Ui8tnMhQiTq9BXU/RrjDkf7X12992VIr71xgxQDYAN6
AmqsGhl11Wewt+a0/zfSOOhBAwpdoo1uND2F0Ua/3fnSitpwNOOckKj220w3s0Fb
pcX88xbTkv49GgdVOkW3Ed576pVlsPsO89S+jEaPY8xq3u9Rx6Ve
-----END CERTIFICATE-----