Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/EUlNMKa2NfJz4tS1aKXX6zDnuXg.roa
File:                     EUlNMKa2NfJz4tS1aKXX6zDnuXg.roa (raw, json)
Hash identifier:          3QqPyo09T1THesxJzAIbVhPHoqhQ6HqPo/12SpQTZzo=
Subject key identifier:   11:49:4D:30:A6:B6:35:F2:73:E2:D4:B5:68:A5:D7:EB:30:E7:B9:78
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01870AB108CD60F57D5C2988D8847BD93DC3
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/EUlNMKa2NfJz4tS1aKXX6zDnuXg.roa
Signing time:             Wed 22 Mar 2023 18:59:46 +0000
ROA not before:           Wed 22 Mar 2023 18:59:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60721
IP address blocks:        84.32.59.0/24 maxlen: 24
                          84.32.60.0/24 maxlen: 24
                          84.32.66.0/24 maxlen: 24
                          84.32.178.0/24 maxlen: 24
                          84.32.68.0/24 maxlen: 24
                          84.32.90.0/24 maxlen: 24
                          88.216.95.0/24 maxlen: 24
                          88.216.103.0/24 maxlen: 24
                          84.32.225.0/24 maxlen: 24
                          88.216.220.0/24 maxlen: 24
                          84.32.44.0/24 maxlen: 24
                          84.32.47.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 24 Mar 2023 07:08:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0a:b1:08:cd:60:f5:7d:5c:29:88:d8:84:7b:d9:3d:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Mar 22 18:59:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=11494d30a6b635f273e2d4b568a5d7eb30e7b978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a7:83:63:b0:ad:48:da:17:b1:3e:00:91:fc:
                    67:41:cc:81:1b:39:77:f0:9e:b9:81:3d:92:4e:18:
                    30:e5:4a:39:a5:ee:d8:4f:74:83:e9:b4:77:4e:99:
                    da:be:d2:31:57:10:49:30:c2:dc:f4:c8:f8:fd:cf:
                    d4:4f:0e:9c:76:16:ee:1b:19:2d:38:35:71:e2:92:
                    de:1f:92:01:ca:01:be:6a:e1:5d:35:2f:d0:9b:66:
                    6d:dc:79:03:da:cb:74:d7:d5:05:66:d8:fd:ba:8e:
                    03:3a:95:77:6e:06:bd:94:03:a1:48:ae:b9:a6:41:
                    1e:4a:ec:a3:12:fb:b7:18:11:84:bc:d5:d8:12:c3:
                    9a:a3:27:a4:c1:c1:ff:09:7a:6d:7a:ce:80:7c:99:
                    35:e7:25:f2:87:ba:75:52:44:83:c4:55:f3:2c:cd:
                    58:2a:bd:64:9f:36:a4:eb:da:58:83:54:5d:1e:47:
                    e3:d1:ad:dd:82:79:10:b0:ff:ea:db:43:74:fb:3b:
                    10:78:82:11:09:65:ed:dc:a5:c3:82:f6:b4:5b:f4:
                    5b:be:91:df:83:1c:e1:3f:77:8f:62:ae:10:e0:08:
                    07:6a:35:c2:fc:0e:d1:26:cd:6b:1f:95:83:f4:a5:
                    8b:47:1f:c3:a7:58:77:83:94:45:e4:9d:3e:2a:32:
                    19:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:49:4D:30:A6:B6:35:F2:73:E2:D4:B5:68:A5:D7:EB:30:E7:B9:78
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/EUlNMKa2NfJz4tS1aKXX6zDnuXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.44.0/24
                  84.32.47.0/24
                  84.32.59.0-84.32.60.255
                  84.32.66.0/24
                  84.32.68.0/24
                  84.32.90.0/24
                  84.32.178.0/24
                  84.32.225.0/24
                  88.216.95.0/24
                  88.216.103.0/24
                  88.216.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:71:d3:8a:1c:eb:8c:fd:62:1c:56:13:c8:73:56:b6:49:d7:
         c3:99:1b:5b:04:61:00:30:1c:2a:3c:35:e4:24:ee:3b:56:cb:
         76:74:61:48:b2:b3:65:61:be:0d:a6:89:b7:29:4d:49:47:a0:
         bd:7d:71:d7:91:98:ca:4e:58:62:c5:c4:26:08:f8:12:66:d4:
         c2:e1:2b:d7:22:83:0a:60:bc:71:f0:36:70:4d:44:51:66:be:
         a3:c6:a5:e1:00:69:96:46:c6:54:9e:9e:17:9c:6b:f0:a6:a8:
         cb:c9:ab:e1:9f:69:da:97:2f:01:2c:ad:e7:20:3d:8e:39:d2:
         7e:40:61:6c:6c:3a:df:10:3c:c4:86:30:49:6c:56:25:23:f6:
         6c:d7:a0:7d:87:93:ca:66:77:9e:56:49:1f:46:57:e5:dd:c5:
         99:46:a8:58:f5:4b:dd:6b:bf:2d:83:1c:cf:e4:89:ea:62:f2:
         c9:7e:4a:c7:67:87:5d:da:d0:98:f7:ad:51:bf:e2:50:73:0f:
         72:5f:01:e3:66:89:70:71:49:51:f0:2e:3a:ee:72:bf:b9:ce:
         dc:98:88:f6:ce:f1:62:db:8d:9a:9a:af:41:c9:07:e7:7d:6c:
         d1:b4:67:bc:df:f1:98:ee:cb:31:da:48:de:af:60:8c:c3:ad:
         fe:79:d2:c9
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYcKsQjNYPV9XCmI2IR72T3DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMzIyMTg1OTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTQ5NGQzMGE2YjYzNWYyNzNlMmQ0YjU2OGE1ZDdlYjMwZTdiOTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6eDY7CtSNoXsT4AkfxnQcyBGzl3
8J65gT2SThgw5Uo5pe7YT3SD6bR3TpnavtIxVxBJMMLc9Mj4/c/UTw6cdhbuGxkt
ODVx4pLeH5IBygG+auFdNS/Qm2Zt3HkD2st019UFZtj9uo4DOpV3bga9lAOhSK65
pkEeSuyjEvu3GBGEvNXYEsOaoyekwcH/CXptes6AfJk15yXyh7p1UkSDxFXzLM1Y
Kr1knzak69pYg1RdHkfj0a3dgnkQsP/q20N0+zsQeIIRCWXt3KXDgva0W/RbvpHf
gxzhP3ePYq4Q4AgHajXC/A7RJs1rH5WD9KWLRx/Dp1h3g5RF5J0+KjIZ7QIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFBFJTTCmtjXyc+LUtWil1+sw57l4MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvRVVsTk1LYTJOZkp6NHRTMWFLWFg2ekRudVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAVCAsAwQA
VCAvMAwDBABUIDsDBABUIDwDBABUIEIDBABUIEQDBABUIFoDBABUILIDBABUIOED
BABY2F8DBABY2GcDBABY2NwwDQYJKoZIhvcNAQELBQADggEBAIxx04oc64z9YhxW
E8hzVrZJ18OZG1sEYQAwHCo8NeQk7jtWy3Z0YUiys2Vhvg2mibcpTUlHoL19cdeR
mMpOWGLFxCYI+BJm1MLhK9cigwpgvHHwNnBNRFFmvqPGpeEAaZZGxlSenheca/Cm
qMvJq+GfadqXLwEsrecgPY450n5AYWxsOt8QPMSGMElsViUj9mzXoH2Hk8pmd55W
SR9GV+XdxZlGqFj1S91rvy2DHM/kiepi8sl+Ssdnh13a0Jj3rVG/4lBzD3JfAeNm
iXBxSVHwLjrucr+5ztyYiPbO8WLbjZqar0HJB+d9bNG0Z7zf8ZjuyzHaSN6vYIzD
rf550sk=
-----END CERTIFICATE-----