Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/3d3c3b-1a95-4b50-8974-c1d0acb7819a/1/xrBuOg6jvVLswHys9OvNea-vcy4.roa
File:                     xrBuOg6jvVLswHys9OvNea-vcy4.roa (raw, json)
Hash identifier:          RoGph7FfQgx5WGVBV7dKYYKSq/PLD6lCXQHJYzkKNmg=
Subject key identifier:   C6:B0:6E:3A:0E:A3:BD:52:EC:C0:7C:AC:F4:EB:CD:79:AF:AF:73:2E
Certificate issuer:       /CN=8f90f6b75e913f2782ed549eb72172c59cc47af1
Certificate serial:       0188C4451D8B1BC4BB1A15921824EE964E40
Authority key identifier: 8F:90:F6:B7:5E:91:3F:27:82:ED:54:9E:B7:21:72:C5:9C:C4:7A:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j5D2t16RPyeC7VSetyFyxZzEevE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/3d3c3b-1a95-4b50-8974-c1d0acb7819a/1/xrBuOg6jvVLswHys9OvNea-vcy4.roa
Signing time:             Fri 16 Jun 2023 12:54:03 +0000
ROA not before:           Fri 16 Jun 2023 12:54:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203924
IP address blocks:        185.216.120.0/24 maxlen: 24
                          185.216.120.0/22 maxlen: 22
                          185.216.121.0/24 maxlen: 24
                          185.216.122.0/23 maxlen: 23
                          85.117.252.0/23 maxlen: 23
                          85.117.252.0/22 maxlen: 22
                          85.117.254.0/23 maxlen: 23
                          185.113.144.0/24 maxlen: 24
                          185.113.144.0/22 maxlen: 22
                          185.113.145.0/24 maxlen: 24
                          185.113.147.0/24 maxlen: 24
                          185.146.36.0/22 maxlen: 22
                          193.105.0.0/24 maxlen: 24
                          2a0b:b644::/30 maxlen: 30
                          2a0b:b640::/30 maxlen: 30
                          2a0b:b640::/29 maxlen: 29
                          2a07:4d00::/30 maxlen: 30
                          2a07:4d00::/29 maxlen: 29
                          2a06:6a40::/29 maxlen: 29
                          2a07:4d04::/30 maxlen: 30

Validation:               Failed, certificate revoked on Mon 19 Jun 2023 13:32:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c4:45:1d:8b:1b:c4:bb:1a:15:92:18:24:ee:96:4e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f90f6b75e913f2782ed549eb72172c59cc47af1
        Validity
            Not Before: Jun 16 12:54:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c6b06e3a0ea3bd52ecc07cacf4ebcd79afaf732e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f1:96:ef:6a:64:61:e8:81:88:4a:3e:f1:de:
                    dd:45:6a:2a:5f:e4:8d:91:36:1a:42:df:13:63:cb:
                    60:fb:f5:56:42:d5:bb:a5:88:6e:8e:e9:de:14:b9:
                    9a:38:bb:88:1e:fc:d8:e2:6d:05:40:34:e8:82:d0:
                    34:a5:d9:2c:ac:22:b4:60:b8:09:0d:05:44:5f:1c:
                    e7:79:09:ec:0a:2e:b2:d7:cf:ef:5c:71:b4:ae:01:
                    4d:0f:1f:97:4f:be:05:8f:32:a2:1b:fc:f2:9e:c4:
                    c8:2e:08:85:11:29:7b:ee:27:60:1e:d9:b4:f7:91:
                    cd:df:54:71:35:a2:82:d0:d1:aa:83:31:9f:7a:f7:
                    84:3d:03:c5:8b:d0:cd:aa:fc:83:2b:db:57:13:80:
                    56:8d:7c:46:46:78:c8:fa:3a:3d:47:26:5e:49:26:
                    c9:29:a0:8f:83:fe:08:d0:99:39:8e:41:4c:32:d4:
                    e2:cf:d3:d2:f5:26:49:32:6d:a3:e0:49:52:bb:01:
                    e8:85:a9:3b:b0:5e:d9:d0:80:04:d7:56:d2:90:ce:
                    2c:04:c9:f3:1e:62:39:89:c1:ad:0d:d6:d8:9c:f7:
                    7d:ab:b5:a5:ea:68:4e:82:92:98:da:26:38:24:a9:
                    f8:94:ec:56:46:51:1b:17:14:ab:cd:aa:8f:23:f1:
                    91:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B0:6E:3A:0E:A3:BD:52:EC:C0:7C:AC:F4:EB:CD:79:AF:AF:73:2E
            X509v3 Authority Key Identifier:
                keyid:8F:90:F6:B7:5E:91:3F:27:82:ED:54:9E:B7:21:72:C5:9C:C4:7A:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j5D2t16RPyeC7VSetyFyxZzEevE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3d3c3b-1a95-4b50-8974-c1d0acb7819a/1/xrBuOg6jvVLswHys9OvNea-vcy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3d3c3b-1a95-4b50-8974-c1d0acb7819a/1/j5D2t16RPyeC7VSetyFyxZzEevE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.252.0/22
                  185.113.144.0/22
                  185.146.36.0/22
                  185.216.120.0/22
                  193.105.0.0/24
                IPv6:
                  2a06:6a40::/29
                  2a07:4d00::/29
                  2a0b:b640::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:fc:ba:6e:c2:be:af:5f:14:56:ac:b2:c3:83:94:0a:41:30:
         5f:bd:d1:df:43:e3:fc:6a:5c:8a:f2:5e:e3:68:0d:1a:ce:c2:
         35:c9:e1:45:e9:fd:5b:f4:2d:15:89:ab:25:f5:a9:6c:66:8b:
         79:41:ab:27:15:f4:ff:d4:0c:6d:59:82:35:87:b3:85:ca:d0:
         52:09:2d:2a:48:dc:b2:8c:ed:1d:5a:cb:1b:b3:33:45:34:80:
         64:f3:71:bc:cf:2f:b3:e9:1d:19:93:df:9f:64:bd:d8:cd:cb:
         e6:40:61:78:2c:40:02:54:9b:31:3a:75:05:bc:84:00:f3:3e:
         84:88:53:2f:5e:8a:b8:66:d1:81:ef:73:6d:2c:a1:6e:8a:63:
         b2:27:2b:1e:23:14:97:0b:0c:02:19:30:e5:fb:93:dc:20:d5:
         5c:5b:11:89:a6:e2:bb:83:56:f9:30:e5:7c:43:91:f3:6c:fe:
         91:84:64:80:a3:30:ec:39:86:c1:dc:6b:8b:c8:51:29:89:51:
         9c:e5:87:ec:de:da:c7:1a:b9:46:0d:13:01:40:47:c8:bf:8b:
         c2:8b:9f:31:27:ee:fb:4f:9c:c8:24:9f:61:c9:a9:ff:e7:d8:
         8e:22:91:50:38:f4:13:9b:ce:85:b9:44:bb:84:38:9e:c1:f3:
         9a:1e:0a:93
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYjERR2LG8S7GhWSGCTulk5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmOTBmNmI3NWU5MTNmMjc4MmVkNTQ5ZWI3MjE3MmM1OWNj
NDdhZjEwHhcNMjMwNjE2MTI1NDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmIwNmUzYTBlYTNiZDUyZWNjMDdjYWNmNGViY2Q3OWFmYWY3MzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/GW72pkYeiBiEo+8d7dRWoqX+SN
kTYaQt8TY8tg+/VWQtW7pYhujuneFLmaOLuIHvzY4m0FQDTogtA0pdksrCK0YLgJ
DQVEXxzneQnsCi6y18/vXHG0rgFNDx+XT74FjzKiG/zynsTILgiFESl77idgHtm0
95HN31RxNaKC0NGqgzGfeveEPQPFi9DNqvyDK9tXE4BWjXxGRnjI+jo9RyZeSSbJ
KaCPg/4I0Jk5jkFMMtTiz9PS9SZJMm2j4ElSuwHohak7sF7Z0IAE11bSkM4sBMnz
HmI5icGtDdbYnPd9q7Wl6mhOgpKY2iY4JKn4lOxWRlEbFxSrzaqPI/GRvwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFMawbjoOo71S7MB8rPTrzXmvr3MuMB8GA1UdIwQY
MBaAFI+Q9rdekT8ngu1UnrchcsWcxHrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajVEMnQxNlJQeWVDN1ZTZXR5Rnl4WnpFZXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8zZDNjM2ItMWE5NS00YjUwLTg5NzQt
YzFkMGFjYjc4MTlhLzEveHJCdU9nNmp2Vkxzd0h5czlPdk5lYS12Y3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8zZDNjM2ItMWE5NS00YjUwLTg5NzQtYzFkMGFjYjc4MTlh
LzEvajVEMnQxNlJQeWVDN1ZTZXR5Rnl4WnpFZXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAkBAIAATAeAwQCVXX8AwQC
uXGQAwQCuZIkAwQCudh4AwQAwWkAMBsEAgACMBUDBQMqBmpAAwUDKgdNAAMFAyoL
tkAwDQYJKoZIhvcNAQELBQADggEBADz8um7Cvq9fFFasssODlApBMF+90d9D4/xq
XIryXuNoDRrOwjXJ4UXp/Vv0LRWJqyX1qWxmi3lBqycV9P/UDG1ZgjWHs4XK0FIJ
LSpI3LKM7R1ayxuzM0U0gGTzcbzPL7PpHRmT359kvdjNy+ZAYXgsQAJUmzE6dQW8
hADzPoSIUy9eirhm0YHvc20soW6KY7InKx4jFJcLDAIZMOX7k9wg1VxbEYmm4ruD
Vvkw5XxDkfNs/pGEZICjMOw5hsHca4vIUSmJUZzlh+ze2scauUYNEwFAR8i/i8KL
nzEn7vtPnMgkn2HJqf/n2I4ikVA49BObzoW5RLuEOJ7B85oeCpM=
-----END CERTIFICATE-----