Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/u8zDhFI3AeN4aHOhE-3UVMABFWM.roa
File:                     u8zDhFI3AeN4aHOhE-3UVMABFWM.roa (raw, json)
Hash identifier:          wjBByxnjMzz8ed5K1vnodoAgmx39ox6W+dSpxgrZZww=
Subject key identifier:   BB:CC:C3:84:52:37:01:E3:78:68:73:A1:13:ED:D4:54:C0:01:15:63
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018856FCC0311995742982A4B0AF6F8AB751
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/u8zDhFI3AeN4aHOhE-3UVMABFWM.roa
Signing time:             Fri 26 May 2023 07:36:24 +0000
ROA not before:           Fri 26 May 2023 07:36:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        84.32.63.0/24 maxlen: 24
                          88.216.186.0/24 maxlen: 24
                          84.32.95.0/24 maxlen: 24
                          84.32.217.0/24 maxlen: 24
                          84.32.15.0/24 maxlen: 24
                          84.32.24.0/24 maxlen: 24
                          84.32.32.0/24 maxlen: 24
                          84.32.178.0/23 maxlen: 24
                          84.32.174.0/23 maxlen: 24
                          88.216.34.0/24 maxlen: 24
                          84.32.151.0/24 maxlen: 24
                          84.32.152.0/24 maxlen: 24
                          84.32.149.0/24 maxlen: 24
                          88.216.41.0/24 maxlen: 24
                          84.32.154.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 May 2023 20:24:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:56:fc:c0:31:19:95:74:29:82:a4:b0:af:6f:8a:b7:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: May 26 07:36:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bbccc384523701e3786873a113edd454c0011563
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e4:cf:f9:cf:44:ea:0a:e7:53:9a:5d:7a:c6:
                    a5:9d:40:bf:0e:c0:7f:a4:09:49:b3:9f:71:6c:a0:
                    24:5b:a5:ad:ec:f3:8b:3e:1e:b4:1e:f4:39:a1:08:
                    90:20:55:0f:85:8a:1a:96:be:ef:34:c3:36:3f:20:
                    8f:4b:45:50:cb:e7:a8:f5:44:24:ad:ef:b6:92:90:
                    11:d3:be:05:be:eb:2d:c7:a9:4d:0a:18:1a:4a:8c:
                    5f:67:01:35:26:0d:c3:bb:c1:f8:eb:f4:06:4a:e2:
                    f7:c8:8a:0b:c5:67:43:c0:7e:dd:c2:e4:ae:cc:d5:
                    e6:c9:f6:51:34:d6:e6:7b:c3:fb:92:44:c8:d1:ad:
                    2d:1d:88:36:4c:95:fc:75:1f:d4:6e:ee:f0:5f:ad:
                    63:0b:bd:17:3c:b1:56:4b:66:3d:84:30:e6:6d:cb:
                    0b:99:c0:60:bb:51:7d:9e:b2:73:c2:0b:17:b1:96:
                    e8:21:36:24:be:86:01:2c:66:b8:c7:ca:6f:7d:f4:
                    d4:78:6d:eb:e3:d4:ed:e2:44:14:00:33:05:7c:20:
                    e2:c4:8a:2a:ef:25:0a:4a:35:a3:94:81:d1:6e:79:
                    63:8e:e6:3c:e4:43:21:eb:1c:b4:29:e7:b3:b4:37:
                    eb:26:a0:d8:23:9e:27:fc:f8:61:72:9f:b1:3c:27:
                    2a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:CC:C3:84:52:37:01:E3:78:68:73:A1:13:ED:D4:54:C0:01:15:63
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/u8zDhFI3AeN4aHOhE-3UVMABFWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.15.0/24
                  84.32.24.0/24
                  84.32.32.0/24
                  84.32.63.0/24
                  84.32.95.0/24
                  84.32.149.0/24
                  84.32.151.0-84.32.152.255
                  84.32.154.0/24
                  84.32.174.0/23
                  84.32.178.0/23
                  84.32.217.0/24
                  88.216.34.0/24
                  88.216.41.0/24
                  88.216.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:4e:75:b5:64:15:31:91:ba:2f:4e:9d:9d:1f:ec:1c:b4:85:
         3d:30:c8:c7:0d:8f:cf:78:36:b5:bd:93:c9:b7:e3:fd:43:28:
         dd:97:e7:99:65:85:71:06:c5:ac:89:85:47:58:a1:0a:ba:d1:
         9d:c4:cb:16:22:48:10:55:cb:2a:b6:9b:ff:15:98:05:bf:d8:
         63:6e:08:5c:5c:70:f9:45:39:93:d5:80:be:30:a5:09:0c:83:
         1f:0d:1a:3b:c7:d0:31:93:5c:b8:f8:8f:c0:28:66:1b:f7:03:
         21:6d:32:da:36:8b:b7:53:8e:08:fe:90:26:f3:4e:37:a0:e8:
         c1:c9:e7:50:fe:23:7e:48:e7:55:d3:3c:a8:88:83:9d:d9:58:
         ab:a6:ac:80:5c:de:62:e3:f4:08:6a:93:ca:14:75:1e:33:6f:
         06:bf:12:23:3b:28:3b:2c:86:df:b3:ed:a4:8f:99:7e:cd:d1:
         dd:2b:4d:90:ca:0b:1a:1d:9c:f5:dc:ad:02:cb:a0:0d:b5:99:
         df:d8:22:ca:33:b8:22:5b:d1:b0:46:0c:3a:25:47:e3:cd:eb:
         83:4a:cb:b1:d9:00:cf:5c:e7:0e:ab:92:4b:ef:63:90:f0:84:
         7a:67:b9:d8:db:08:ac:16:4d:4a:75:08:bc:fd:a6:e0:b3:d2:
         07:66:d2:3a
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYhW/MAxGZV0KYKksK9virdRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwNTI2MDczNjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmNjYzM4NDUyMzcwMWUzNzg2ODczYTExM2VkZDQ1NGMwMDExNTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+TP+c9E6grnU5pdesalnUC/DsB/
pAlJs59xbKAkW6Wt7POLPh60HvQ5oQiQIFUPhYoalr7vNMM2PyCPS0VQy+eo9UQk
re+2kpAR074Fvustx6lNChgaSoxfZwE1Jg3Du8H46/QGSuL3yIoLxWdDwH7dwuSu
zNXmyfZRNNbme8P7kkTI0a0tHYg2TJX8dR/Ubu7wX61jC70XPLFWS2Y9hDDmbcsL
mcBgu1F9nrJzwgsXsZboITYkvoYBLGa4x8pvffTUeG3r49Tt4kQUADMFfCDixIoq
7yUKSjWjlIHRbnljjuY85EMh6xy0KeeztDfrJqDYI54n/Phhcp+xPCcqKQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFLvMw4RSNwHjeGhzoRPt1FTAARVjMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvdTh6RGhGSTNBZU40YUhPaEUtM1VWTUFCRldNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAVCAPAwQA
VCAYAwQAVCAgAwQAVCA/AwQAVCBfAwQAVCCVMAwDBABUIJcDBABUIJgDBABUIJoD
BAFUIK4DBAFUILIDBABUINkDBABY2CIDBABY2CkDBABY2LowDQYJKoZIhvcNAQEL
BQADggEBAGROdbVkFTGRui9OnZ0f7By0hT0wyMcNj894NrW9k8m34/1DKN2X55ll
hXEGxayJhUdYoQq60Z3EyxYiSBBVyyq2m/8VmAW/2GNuCFxccPlFOZPVgL4wpQkM
gx8NGjvH0DGTXLj4j8AoZhv3AyFtMto2i7dTjgj+kCbzTjeg6MHJ51D+I35I51XT
PKiIg53ZWKumrIBc3mLj9Ahqk8oUdR4zbwa/EiM7KDssht+z7aSPmX7N0d0rTZDK
CxodnPXcrQLLoA21md/YIsozuCJb0bBGDDolR+PN64NKy7HZAM9c5w6rkkvvY5Dw
hHpnudjbCKwWTUp1CLz9puCz0gdm0jo=
-----END CERTIFICATE-----