Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KaeUsXfYDlSvJmEmvp10aVePasA.roa
File:                     KaeUsXfYDlSvJmEmvp10aVePasA.roa (raw, json)
Hash identifier:          M95vv2PqITsuGv5/bYLqwATZz7u66lvOw4fw6KcPKSE=
Subject key identifier:   29:A7:94:B1:77:D8:0E:54:AF:26:61:26:BE:9D:74:69:57:8F:6A:C0
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0189626D35B3560D98AA6FCD749AECEEC66E
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KaeUsXfYDlSvJmEmvp10aVePasA.roa
Signing time:             Mon 17 Jul 2023 05:57:51 +0000
ROA not before:           Mon 17 Jul 2023 05:57:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        84.32.52.0/22 maxlen: 24
                          88.216.185.0/24 maxlen: 24
                          84.32.95.0/24 maxlen: 24
                          88.216.212.0/24 maxlen: 24
                          88.216.213.0/24 maxlen: 24
                          84.32.6.0/24 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.103.0/24 maxlen: 24
                          88.216.215.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.20.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          88.216.43.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 11 Sep 2023 05:56:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:62:6d:35:b3:56:0d:98:aa:6f:cd:74:9a:ec:ee:c6:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jul 17 05:57:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=29a794b177d80e54af266126be9d7469578f6ac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c5:e5:5f:0e:f8:0b:63:8a:5f:29:26:59:4e:
                    c9:62:12:3c:02:b8:62:6b:d0:2a:61:bd:16:af:4e:
                    ed:97:25:e3:89:2e:2b:62:07:fd:20:82:7a:ee:9e:
                    13:13:a5:64:f2:95:5b:62:8c:9c:89:76:60:da:f0:
                    1b:9d:a3:28:53:b6:9b:ad:4c:dc:40:3f:5f:f5:7e:
                    93:5d:1a:d9:79:94:9f:f6:14:d5:1b:fc:6d:cd:87:
                    a2:89:ef:97:e9:3e:25:2f:1b:38:d6:1d:cb:b7:4b:
                    64:84:bf:bc:d6:bd:9c:35:68:d0:dc:3b:1a:09:ad:
                    41:9d:82:0d:b9:b7:e9:fa:84:18:71:7a:83:de:c8:
                    cb:4d:a1:ea:b7:b9:fe:ce:da:a2:9a:25:6f:27:18:
                    8f:1d:1c:d5:fd:13:d4:59:c7:cb:72:8d:62:66:a2:
                    bf:c5:96:f5:36:c4:2f:30:ff:50:99:82:3b:17:bd:
                    d3:cd:c1:5c:c4:14:df:cd:9c:5d:03:91:64:d9:f6:
                    17:40:1c:23:48:b0:7c:13:f2:90:f6:e9:79:14:04:
                    7f:4f:7d:34:7b:d6:9c:20:da:43:4a:ee:ee:ca:08:
                    11:16:3d:e3:4c:d8:af:d9:2c:08:7b:a3:fa:5f:15:
                    cc:3c:82:f1:5e:28:6a:7b:2f:a2:ab:35:67:63:cd:
                    ed:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:A7:94:B1:77:D8:0E:54:AF:26:61:26:BE:9D:74:69:57:8F:6A:C0
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/KaeUsXfYDlSvJmEmvp10aVePasA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.6.0/24
                  84.32.52.0/22
                  84.32.95.0/24
                  88.216.20.0/23
                  88.216.43.0/24
                  88.216.98.0/24
                  88.216.103.0/24
                  88.216.185.0/24
                  88.216.212.0/23
                  88.216.215.0/24
                  88.216.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:ed:b2:76:82:3c:40:4d:21:27:4f:f5:a9:15:3a:f6:78:20:
         10:e4:3e:83:27:e1:4f:83:10:a2:75:09:d3:9f:71:fd:b2:b5:
         57:8b:e8:2c:ee:1a:9a:dc:01:1e:f0:4a:93:7d:cd:d9:fa:22:
         27:92:85:5a:6f:09:f9:02:ec:6f:c9:b9:db:e0:e3:b7:25:ec:
         f0:30:82:29:c1:d6:2d:7b:26:15:f3:a0:b5:f7:f1:d3:83:63:
         32:01:73:36:09:cf:a1:2d:11:19:35:47:e5:33:ab:f4:79:6c:
         d7:cf:e0:37:9f:4d:89:da:68:d0:96:60:85:b1:12:63:59:c0:
         ca:69:03:24:2d:b7:4a:b7:d4:07:86:ee:4d:3d:fa:d0:a8:29:
         cd:f5:1e:8d:97:a8:82:c4:00:43:2a:76:75:49:ce:97:92:ef:
         11:17:ee:e3:25:55:c8:63:ef:61:ea:81:d2:a5:97:67:61:9e:
         98:9e:ae:16:e1:bd:8a:9b:bd:47:8b:3a:a2:61:2a:74:11:1c:
         ab:93:8f:49:88:f0:88:fa:28:b8:0a:46:87:1f:12:3e:c8:49:
         80:71:4a:07:04:16:6d:ac:98:51:ae:17:60:dc:07:54:e0:0e:
         9b:79:d7:73:75:e8:4d:95:79:42:03:3a:13:7a:de:a0:75:b8:
         a4:6f:c2:da
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYlibTWzVg2Yqm/NdJrs7sZuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwNzE3MDU1NzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWE3OTRiMTc3ZDgwZTU0YWYyNjYxMjZiZTlkNzQ2OTU3OGY2YWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMXlXw74C2OKXykmWU7JYhI8Arhi
a9AqYb0Wr07tlyXjiS4rYgf9IIJ67p4TE6Vk8pVbYoyciXZg2vAbnaMoU7abrUzc
QD9f9X6TXRrZeZSf9hTVG/xtzYeiie+X6T4lLxs41h3Lt0tkhL+81r2cNWjQ3Dsa
Ca1BnYINubfp+oQYcXqD3sjLTaHqt7n+ztqimiVvJxiPHRzV/RPUWcfLco1iZqK/
xZb1NsQvMP9QmYI7F73TzcFcxBTfzZxdA5Fk2fYXQBwjSLB8E/KQ9ul5FAR/T300
e9acINpDSu7uyggRFj3jTNiv2SwIe6P6XxXMPILxXihqey+iqzVnY83tkQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCmnlLF32A5UryZhJr6ddGlXj2rAMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvS2FlVXNYZllEbFN2Sm1FbXZwMTBhVmVQYXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAVCAGAwQC
VCA0AwQAVCBfAwQBWNgUAwQAWNgrAwQAWNhiAwQAWNhnAwQAWNi5AwQBWNjUAwQA
WNjXAwQCWNj8MA0GCSqGSIb3DQEBCwUAA4IBAQCD7bJ2gjxATSEnT/WpFTr2eCAQ
5D6DJ+FPgxCidQnTn3H9srVXi+gs7hqa3AEe8EqTfc3Z+iInkoVabwn5Auxvybnb
4OO3JezwMIIpwdYteyYV86C19/HTg2MyAXM2Cc+hLREZNUflM6v0eWzXz+A3n02J
2mjQlmCFsRJjWcDKaQMkLbdKt9QHhu5NPfrQqCnN9R6Nl6iCxABDKnZ1Sc6Xku8R
F+7jJVXIY+9h6oHSpZdnYZ6Ynq4W4b2Km71HizqiYSp0ERyrk49JiPCI+ii4CkaH
HxI+yEmAcUoHBBZtrJhRrhdg3AdU4A6beddzdehNlXlCAzoTet6gdbikb8La
-----END CERTIFICATE-----