Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/3d3c3b-1a95-4b50-8974-c1d0acb7819a/1/LFzanIb0dn-g2_wQOvnuoIm8hkY.roa
File:                     LFzanIb0dn-g2_wQOvnuoIm8hkY.roa (raw, json)
Hash identifier:          c+s/4h80br4ZbIeAtFUQ9TLlriVf4dijp8Q/KzoHMCA=
Subject key identifier:   2C:5C:DA:9C:86:F4:76:7F:A0:DB:FC:10:3A:F9:EE:A0:89:BC:86:46
Certificate issuer:       /CN=8f90f6b75e913f2782ed549eb72172c59cc47af1
Certificate serial:       01874BA783581C8588C1ADA0D182FA817537
Authority key identifier: 8F:90:F6:B7:5E:91:3F:27:82:ED:54:9E:B7:21:72:C5:9C:C4:7A:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j5D2t16RPyeC7VSetyFyxZzEevE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/3d3c3b-1a95-4b50-8974-c1d0acb7819a/1/LFzanIb0dn-g2_wQOvnuoIm8hkY.roa
Signing time:             Tue 04 Apr 2023 09:44:42 +0000
ROA not before:           Tue 04 Apr 2023 09:44:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203924
IP address blocks:        185.216.120.0/24 maxlen: 24
                          185.216.120.0/22 maxlen: 22
                          185.216.121.0/24 maxlen: 24
                          185.216.122.0/23 maxlen: 23
                          85.117.252.0/23 maxlen: 23
                          85.117.252.0/22 maxlen: 22
                          85.117.254.0/23 maxlen: 23
                          185.113.144.0/22 maxlen: 22
                          185.146.36.0/22 maxlen: 22
                          193.105.0.0/24 maxlen: 24
                          2a0b:b640::/29 maxlen: 29
                          2a07:4d00::/30 maxlen: 30
                          2a07:4d00::/29 maxlen: 29
                          2a06:6a40::/29 maxlen: 29
                          2a07:4d04::/30 maxlen: 30

Validation:               Failed, certificate revoked on Fri 16 Jun 2023 12:54:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4b:a7:83:58:1c:85:88:c1:ad:a0:d1:82:fa:81:75:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f90f6b75e913f2782ed549eb72172c59cc47af1
        Validity
            Not Before: Apr  4 09:44:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2c5cda9c86f4767fa0dbfc103af9eea089bc8646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4a:83:bc:06:53:4d:f1:e5:33:e7:34:20:79:
                    ac:ab:c9:54:7b:36:6b:0f:ee:8b:bf:04:79:9b:24:
                    28:8c:34:54:f4:14:cb:a9:ec:50:3b:f3:16:6b:ff:
                    6b:83:13:07:97:9f:df:84:77:5c:ec:0d:78:ca:2c:
                    9a:df:76:ad:45:d2:9b:4c:5f:e7:b1:6e:7b:c2:25:
                    51:bc:a7:5b:a0:0a:81:4e:ce:64:d8:17:3b:73:bf:
                    24:27:b2:03:fa:fe:09:da:c3:93:8e:83:16:c3:19:
                    63:41:56:fc:55:8c:28:5d:fc:e5:e2:c4:21:53:08:
                    43:a6:58:36:15:69:6f:07:f8:cf:6d:61:ec:a6:84:
                    af:ea:b6:b9:1c:83:f0:3f:4c:d4:b7:15:96:74:c0:
                    e5:e2:d0:ae:a9:67:99:8a:1c:2e:8d:5d:03:f1:15:
                    ce:f9:e7:27:10:4d:ab:e6:45:da:24:05:06:84:f9:
                    ef:fd:c9:b2:1c:13:27:33:14:71:29:cf:a3:32:cb:
                    9e:f9:ce:14:ee:32:b8:c6:bc:b6:92:69:9e:79:5d:
                    df:30:f4:e4:f6:d1:a7:8a:10:75:b4:c8:c5:b4:80:
                    b0:40:95:c8:92:ee:d4:6c:74:c3:fc:c4:f2:ba:71:
                    ec:63:da:24:f5:c2:c7:92:97:3a:3f:48:ee:45:57:
                    76:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:5C:DA:9C:86:F4:76:7F:A0:DB:FC:10:3A:F9:EE:A0:89:BC:86:46
            X509v3 Authority Key Identifier:
                keyid:8F:90:F6:B7:5E:91:3F:27:82:ED:54:9E:B7:21:72:C5:9C:C4:7A:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j5D2t16RPyeC7VSetyFyxZzEevE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3d3c3b-1a95-4b50-8974-c1d0acb7819a/1/LFzanIb0dn-g2_wQOvnuoIm8hkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3d3c3b-1a95-4b50-8974-c1d0acb7819a/1/j5D2t16RPyeC7VSetyFyxZzEevE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.252.0/22
                  185.113.144.0/22
                  185.146.36.0/22
                  185.216.120.0/22
                  193.105.0.0/24
                IPv6:
                  2a06:6a40::/29
                  2a07:4d00::/29
                  2a0b:b640::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:27:db:12:a8:3d:b3:57:9a:03:68:2f:69:58:a6:fe:81:94:
         06:22:be:2a:51:a9:82:29:fd:c5:3d:71:c2:34:a5:6a:e9:b3:
         54:a4:92:5b:7b:41:dd:d5:b5:71:95:35:1c:d6:80:77:db:20:
         49:99:33:d9:a9:6b:47:02:98:3d:ba:63:70:39:ab:e3:7c:f3:
         df:92:06:10:b2:38:12:ba:57:69:1d:7a:e6:27:4d:5d:30:23:
         ad:34:9a:0a:8a:59:36:d4:53:ef:c6:65:5d:5c:79:d6:9b:19:
         14:f0:10:bb:5c:78:72:e4:79:e8:ed:df:87:74:36:10:df:c1:
         7e:57:17:c0:b4:84:7a:1b:84:6d:fe:5d:aa:20:41:61:50:4c:
         5d:9d:4a:e5:e1:f6:63:2e:52:47:2e:48:dd:f2:b0:92:19:ba:
         42:e6:5e:96:80:2e:30:f4:60:03:7c:06:4a:71:e7:a0:7e:de:
         ea:73:7b:fe:c2:71:3d:64:db:92:ad:f1:b8:d6:d4:da:4a:3c:
         52:c2:05:25:ec:df:c8:3e:05:59:62:7a:27:64:05:98:58:60:
         80:76:5a:06:c5:97:c4:23:a7:66:b3:11:60:bc:8d:65:ba:c3:
         54:e0:0b:d7:93:59:4e:f8:38:0a:5f:fb:6e:0c:c7:b1:e6:84:
         50:56:6b:ce
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYdLp4NYHIWIwa2g0YL6gXU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmOTBmNmI3NWU5MTNmMjc4MmVkNTQ5ZWI3MjE3MmM1OWNj
NDdhZjEwHhcNMjMwNDA0MDk0NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzVjZGE5Yzg2ZjQ3NjdmYTBkYmZjMTAzYWY5ZWVhMDg5YmM4NjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEqDvAZTTfHlM+c0IHmsq8lUezZr
D+6LvwR5myQojDRU9BTLqexQO/MWa/9rgxMHl5/fhHdc7A14yiya33atRdKbTF/n
sW57wiVRvKdboAqBTs5k2Bc7c78kJ7ID+v4J2sOTjoMWwxljQVb8VYwoXfzl4sQh
UwhDplg2FWlvB/jPbWHspoSv6ra5HIPwP0zUtxWWdMDl4tCuqWeZihwujV0D8RXO
+ecnEE2r5kXaJAUGhPnv/cmyHBMnMxRxKc+jMsue+c4U7jK4xry2kmmeeV3fMPTk
9tGnihB1tMjFtICwQJXIku7UbHTD/MTyunHsY9ok9cLHkpc6P0juRVd2fQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFCxc2pyG9HZ/oNv8EDr57qCJvIZGMB8GA1UdIwQY
MBaAFI+Q9rdekT8ngu1UnrchcsWcxHrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajVEMnQxNlJQeWVDN1ZTZXR5Rnl4WnpFZXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8zZDNjM2ItMWE5NS00YjUwLTg5NzQt
YzFkMGFjYjc4MTlhLzEvTEZ6YW5JYjBkbi1nMl93UU92bnVvSW04aGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8zZDNjM2ItMWE5NS00YjUwLTg5NzQtYzFkMGFjYjc4MTlh
LzEvajVEMnQxNlJQeWVDN1ZTZXR5Rnl4WnpFZXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAkBAIAATAeAwQCVXX8AwQC
uXGQAwQCuZIkAwQCudh4AwQAwWkAMBsEAgACMBUDBQMqBmpAAwUDKgdNAAMFAyoL
tkAwDQYJKoZIhvcNAQELBQADggEBADMn2xKoPbNXmgNoL2lYpv6BlAYivipRqYIp
/cU9ccI0pWrps1Skklt7Qd3VtXGVNRzWgHfbIEmZM9mpa0cCmD26Y3A5q+N889+S
BhCyOBK6V2kdeuYnTV0wI600mgqKWTbUU+/GZV1cedabGRTwELtceHLkeejt34d0
NhDfwX5XF8C0hHobhG3+XaogQWFQTF2dSuXh9mMuUkcuSN3ysJIZukLmXpaALjD0
YAN8Bkpx56B+3upze/7CcT1k25Kt8bjW1NpKPFLCBSXs38g+BVlieidkBZhYYIB2
WgbFl8Qjp2azEWC8jWW6w1TgC9eTWU74OApf+24Mx7HmhFBWa84=
-----END CERTIFICATE-----