Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/z7SkzzYl0cC4e5C7P6gOG6iUEek.roa
File:                     z7SkzzYl0cC4e5C7P6gOG6iUEek.roa (raw, json)
Hash identifier:          cteqVIIXkU+m9QC/2QNe2SboJKA/FfwNPlEZd8VAxWo=
Subject key identifier:   CF:B4:A4:CF:36:25:D1:C0:B8:7B:90:BB:3F:A8:0E:1B:A8:94:11:E9
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0185DA3C3ABADAE959507928D56B2AF3485C
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/z7SkzzYl0cC4e5C7P6gOG6iUEek.roa
Signing time:             Sun 22 Jan 2023 16:07:38 +0000
ROA not before:           Sun 22 Jan 2023 16:07:38 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        84.32.179.0/24 maxlen: 24
                          84.32.77.0/24 maxlen: 24
                          84.32.79.0/24 maxlen: 24
                          84.32.212.0/24 maxlen: 24
                          84.32.221.0/24 maxlen: 24
                          84.32.222.0/24 maxlen: 24
                          84.32.220.0/24 maxlen: 24
                          88.216.224.0/22 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          88.216.129.0/24 maxlen: 24
                          84.32.24.0/22 maxlen: 24
                          84.32.30.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 23 Jan 2023 07:30:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:da:3c:3a:ba:da:e9:59:50:79:28:d5:6b:2a:f3:48:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan 22 16:07:38 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cfb4a4cf3625d1c0b87b90bb3fa80e1ba89411e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a8:0d:3c:51:b1:f6:d6:96:df:7b:31:60:71:
                    b0:5e:15:2f:3f:0a:2e:08:95:e9:ec:8d:c7:4f:81:
                    8a:7d:46:0a:d0:38:b4:db:ac:17:50:9d:33:05:5e:
                    e5:82:22:80:8c:a3:10:ff:16:eb:98:6c:83:d5:3a:
                    b7:59:94:d6:eb:6d:82:8a:25:a9:04:bb:07:43:ac:
                    a1:f5:da:19:ee:7e:7a:09:91:99:e2:c6:02:43:23:
                    90:2c:4f:8b:a5:c9:ba:95:92:dd:5e:94:d7:15:4f:
                    c0:09:f5:f6:38:d8:64:5a:55:5e:af:a3:c4:9a:3a:
                    a8:62:2a:97:96:9b:6c:64:56:91:a9:fb:9a:d9:b6:
                    82:19:6c:c8:8f:4e:da:e2:17:9f:6a:9e:4f:76:c4:
                    89:2c:96:6c:f6:be:f7:b8:0b:86:a2:90:e5:bc:9e:
                    71:bd:44:c0:c6:b4:1d:39:8f:e9:04:fd:fa:67:6d:
                    bd:d7:23:fb:09:b2:3a:0f:06:7d:7e:59:0a:1b:ad:
                    54:4a:44:18:28:80:fa:92:2e:7f:c3:9b:c7:87:24:
                    7e:e7:db:52:fb:4b:55:ad:65:de:65:db:f0:e6:5e:
                    f6:86:94:df:6c:c9:b5:5c:8d:88:07:64:17:55:86:
                    4d:67:70:91:3a:68:44:33:8c:60:08:48:80:33:71:
                    6d:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B4:A4:CF:36:25:D1:C0:B8:7B:90:BB:3F:A8:0E:1B:A8:94:11:E9
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/z7SkzzYl0cC4e5C7P6gOG6iUEek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.24.0/22
                  84.32.30.0/24
                  84.32.77.0/24
                  84.32.79.0/24
                  84.32.179.0/24
                  84.32.212.0/24
                  84.32.220.0-84.32.222.255
                  88.216.128.0/23
                  88.216.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:29:5b:75:df:bd:23:df:35:cb:1f:1c:2e:fe:45:ce:2e:7a:
         48:60:26:94:9e:d1:1a:82:2a:1c:92:42:80:5e:5e:23:a9:d7:
         3d:71:3b:3d:9c:d7:37:b4:18:17:d3:61:f9:d7:c7:09:ff:a5:
         c2:ee:9f:7b:a3:70:2e:ba:3d:2a:eb:24:96:08:ff:74:ba:57:
         63:68:4e:f0:f3:9d:b1:9a:9f:4f:63:ab:f2:c6:4d:b2:f8:71:
         6b:01:b8:d6:d0:d1:54:6e:b2:bc:b9:27:a4:08:b8:d0:e4:c1:
         89:e0:b0:e4:cd:90:c3:14:1c:c9:ee:64:60:6d:05:66:61:c9:
         d1:44:03:d0:27:09:d4:84:bf:c1:6f:a5:cb:70:2b:bd:98:89:
         26:3b:9e:19:50:cf:d4:47:a4:fb:ca:77:6f:12:58:35:1a:ee:
         01:34:f8:23:18:70:4c:e6:12:51:9e:a3:d9:44:32:e2:4a:0c:
         10:b8:68:9b:ab:83:ae:0b:b8:46:bb:55:7b:14:07:2e:6e:72:
         c4:93:63:93:c9:ef:f5:e7:0f:f7:76:b3:e6:d4:3d:ed:7a:8e:
         2e:c9:6b:67:1d:80:13:91:99:41:1a:a9:09:ca:b2:35:fe:24:
         72:16:eb:36:91:68:c6:be:73:3b:b2:f6:0a:2a:f8:d1:9f:39:
         67:4b:10:da
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYXaPDq62ulZUHko1Wsq80hcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMTIyMTYwNzM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmI0YTRjZjM2MjVkMWMwYjg3YjkwYmIzZmE4MGUxYmE4OTQxMWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvagNPFGx9taW33sxYHGwXhUvPwou
CJXp7I3HT4GKfUYK0Di026wXUJ0zBV7lgiKAjKMQ/xbrmGyD1Tq3WZTW622CiiWp
BLsHQ6yh9doZ7n56CZGZ4sYCQyOQLE+Lpcm6lZLdXpTXFU/ACfX2ONhkWlVer6PE
mjqoYiqXlptsZFaRqfua2baCGWzIj07a4hefap5PdsSJLJZs9r73uAuGopDlvJ5x
vUTAxrQdOY/pBP36Z2291yP7CbI6DwZ9flkKG61USkQYKID6ki5/w5vHhyR+59tS
+0tVrWXeZdvw5l72hpTfbMm1XI2IB2QXVYZNZ3CROmhEM4xgCEiAM3Ft9QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFM+0pM82JdHAuHuQuz+oDhuolBHpMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvejdTa3p6WWwwY0M0ZTVDN1A2Z09HNmlVRWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCVCAYAwQA
VCAeAwQAVCBNAwQAVCBPAwQAVCCzAwQAVCDUMAwDBAJUINwDBABUIN4DBAFY2IAD
BAJY2OAwDQYJKoZIhvcNAQELBQADggEBAC8pW3XfvSPfNcsfHC7+Rc4uekhgJpSe
0RqCKhySQoBeXiOp1z1xOz2c1ze0GBfTYfnXxwn/pcLun3ujcC66PSrrJJYI/3S6
V2NoTvDznbGan09jq/LGTbL4cWsBuNbQ0VRusry5J6QIuNDkwYngsOTNkMMUHMnu
ZGBtBWZhydFEA9AnCdSEv8FvpctwK72YiSY7nhlQz9RHpPvKd28SWDUa7gE0+CMY
cEzmElGeo9lEMuJKDBC4aJurg64LuEa7VXsUBy5ucsSTY5PJ7/XnD/d2s+bUPe16
ji7Ja2cdgBORmUEaqQnKsjX+JHIW6zaRaMa+czuy9goq+NGfOWdLENo=
-----END CERTIFICATE-----