Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rVAgJ_zYlkgc2s_w1iosy0nBQmU.roa
File:                     rVAgJ_zYlkgc2s_w1iosy0nBQmU.roa (raw, json)
Hash identifier:          1bYAGx53zmygO4BtJJgJ2Ma/AftALzS0DMRtPhqDXr4=
Subject key identifier:   AD:50:20:27:FC:D8:96:48:1C:DA:CF:F0:D6:2A:2C:CB:49:C1:42:65
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018B295545E36C64AC87A6CD17A98584C559
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rVAgJ_zYlkgc2s_w1iosy0nBQmU.roa
Signing time:             Fri 13 Oct 2023 13:58:55 +0000
ROA not before:           Fri 13 Oct 2023 13:58:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     33922
IP address blocks:        88.216.164.0/24 maxlen: 24
                          88.216.165.0/24 maxlen: 24
                          88.216.166.0/24 maxlen: 24
                          88.216.167.0/24 maxlen: 24
                          88.216.148.0/24 maxlen: 24
                          88.216.68.0/22 maxlen: 24
                          84.32.182.0/24 maxlen: 24
                          84.32.183.0/24 maxlen: 24
                          88.216.76.0/22 maxlen: 24
                          84.32.180.0/24 maxlen: 24
                          84.32.181.0/24 maxlen: 24
                          84.32.116.0/23 maxlen: 24
                          84.32.114.0/23 maxlen: 24
                          88.216.24.0/23 maxlen: 24
                          88.216.26.0/23 maxlen: 24
                          88.216.28.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:29:55:45:e3:6c:64:ac:87:a6:cd:17:a9:85:84:c5:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Oct 13 13:58:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad502027fcd896481cdacff0d62a2ccb49c14265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a4:8b:1a:b0:89:e6:a9:28:98:21:96:9e:03:
                    b4:15:63:2b:66:f7:b8:20:11:97:f0:91:48:b6:69:
                    bf:34:15:4e:7d:49:1d:cb:5c:4a:12:1f:9e:f3:b2:
                    dc:0c:58:c6:12:1d:3b:3b:1f:c1:eb:1c:69:18:ce:
                    0f:54:fb:66:7f:f9:c0:04:df:cb:80:b5:43:94:82:
                    a8:7c:7a:60:84:fd:fc:25:d6:0b:d4:c4:6c:0a:24:
                    f1:80:5b:28:60:ea:af:6b:e8:e3:63:ea:84:14:fe:
                    24:ab:69:54:f4:57:84:31:31:b0:68:b7:6d:3b:d8:
                    8b:ad:e5:2e:d9:f0:a0:e4:60:c3:b6:b9:11:32:ae:
                    fe:8a:bc:f1:97:b6:f7:a0:88:52:1c:cd:af:68:0c:
                    9c:ee:7e:b1:61:65:48:d9:7d:89:b3:86:2f:e5:ad:
                    d1:f5:cd:2e:84:f8:a5:12:44:c6:68:2c:2f:f5:aa:
                    bb:b5:d8:84:c9:b1:31:05:48:7d:15:ce:d1:f1:43:
                    5a:5c:90:84:0c:97:31:a2:8f:31:c8:29:c6:1f:d9:
                    09:11:5d:fc:f3:ee:dc:eb:95:02:11:10:1b:94:61:
                    9b:8a:98:bd:47:0b:85:66:54:a8:05:09:7f:d1:06:
                    d1:96:7f:8c:90:d4:8e:f7:e4:24:08:e7:b4:66:cb:
                    79:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:50:20:27:FC:D8:96:48:1C:DA:CF:F0:D6:2A:2C:CB:49:C1:42:65
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/rVAgJ_zYlkgc2s_w1iosy0nBQmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.114.0-84.32.117.255
                  84.32.180.0/22
                  88.216.24.0/21
                  88.216.68.0/22
                  88.216.76.0/22
                  88.216.148.0/24
                  88.216.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:12:b1:a0:2b:56:84:cd:3b:de:51:38:7c:24:d0:d3:32:9d:
         23:0d:64:f1:a6:3f:2d:d6:76:0e:dc:e6:b0:8f:28:c2:01:43:
         ab:30:3d:6b:a2:fb:06:4b:1e:05:99:e8:67:6e:f0:79:26:a2:
         18:1e:52:16:9f:76:8e:c7:fb:02:3a:60:d7:87:76:fc:d5:11:
         95:6e:fc:55:92:7e:4f:8f:f8:9d:39:88:de:cf:20:0d:73:18:
         dd:9b:37:13:74:c2:67:4c:02:c6:53:b9:62:1a:f9:36:5b:d3:
         78:da:e2:6f:c9:f7:c3:c6:8b:04:2e:57:a1:a4:af:c0:b4:f4:
         a9:e5:6b:e1:19:6d:d1:90:f2:6a:40:aa:03:80:4a:9c:a4:76:
         be:34:d2:8f:f2:d9:e0:47:1d:60:9f:60:65:7c:1b:68:38:c1:
         7d:99:d0:a6:06:80:ab:69:5f:7c:f0:3a:e5:29:12:bc:7a:eb:
         3d:83:b0:23:fa:c1:77:07:cf:61:57:bc:01:03:35:b8:a0:24:
         a9:65:7a:34:37:6c:26:54:d9:48:44:d9:51:fe:0c:4e:7c:54:
         d6:95:91:1e:8e:d3:db:1c:65:9f:45:47:ac:e6:b0:b7:b9:b8:
         d8:45:b4:2b:86:c6:73:aa:1f:c0:c9:25:e6:61:f7:f8:0a:2c:
         df:bb:4f:a9
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYspVUXjbGSsh6bNF6mFhMVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMxMDEzMTM1ODU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDUwMjAyN2ZjZDg5NjQ4MWNkYWNmZjBkNjJhMmNjYjQ5YzE0MjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaSLGrCJ5qkomCGWngO0FWMrZve4
IBGX8JFItmm/NBVOfUkdy1xKEh+e87LcDFjGEh07Ox/B6xxpGM4PVPtmf/nABN/L
gLVDlIKofHpghP38JdYL1MRsCiTxgFsoYOqva+jjY+qEFP4kq2lU9FeEMTGwaLdt
O9iLreUu2fCg5GDDtrkRMq7+irzxl7b3oIhSHM2vaAyc7n6xYWVI2X2Js4Yv5a3R
9c0uhPilEkTGaCwv9aq7tdiEybExBUh9Fc7R8UNaXJCEDJcxoo8xyCnGH9kJEV38
8+7c65UCERAblGGbipi9RwuFZlSoBQl/0QbRln+MkNSO9+QkCOe0Zst5IwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFK1QICf82JZIHNrP8NYqLMtJwUJlMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvclZBZ0pfellsa2djMnNfdzFpb3N5MG5CUW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBAFUIHID
BAFUIHQDBAJUILQDBANY2BgDBAJY2EQDBAJY2EwDBABY2JQDBAJY2KQwDQYJKoZI
hvcNAQELBQADggEBAHASsaArVoTNO95ROHwk0NMynSMNZPGmPy3Wdg7c5rCPKMIB
Q6swPWui+wZLHgWZ6Gdu8HkmohgeUhafdo7H+wI6YNeHdvzVEZVu/FWSfk+P+J05
iN7PIA1zGN2bNxN0wmdMAsZTuWIa+TZb03ja4m/J98PGiwQuV6Gkr8C09Knla+EZ
bdGQ8mpAqgOASpykdr400o/y2eBHHWCfYGV8G2g4wX2Z0KYGgKtpX3zwOuUpErx6
6z2DsCP6wXcHz2FXvAEDNbigJKllejQ3bCZU2UhE2VH+DE58VNaVkR6O09scZZ9F
R6zmsLe5uNhFtCuGxnOqH8DJJeZh9/gKLN+7T6k=
-----END CERTIFICATE-----