Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/8Exqj6dM9_ASy52j3oFGDm9ADwg.roa
File:                     8Exqj6dM9_ASy52j3oFGDm9ADwg.roa (raw, json)
Hash identifier:          THoW41QcGXUtkSEQB+TE3RYfuX+sfUAynehIcXYMXWQ=
Subject key identifier:   F0:4C:6A:8F:A7:4C:F7:F0:12:CB:9D:A3:DE:81:46:0E:6F:40:0F:08
Certificate issuer:       /CN=9812e491aaa655b6324dbcc0cff00a8d63191076
Certificate serial:       01898B4D51803123CA9E44E9F9E3452861D5
Authority key identifier: 98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/8Exqj6dM9_ASy52j3oFGDm9ADwg.roa
Signing time:             Tue 25 Jul 2023 04:27:27 +0000
ROA not before:           Tue 25 Jul 2023 04:27:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8362
IP address blocks:        5.158.240.0/20 maxlen: 20
                          79.141.192.0/24 maxlen: 24
                          79.141.197.0/24 maxlen: 24
                          79.141.193.0/24 maxlen: 24
                          79.141.206.0/23 maxlen: 23
                          195.146.224.0/20 maxlen: 20
                          37.220.48.0/20 maxlen: 20
                          46.162.128.0/18 maxlen: 18
                          195.146.240.0/20 maxlen: 20
                          185.9.96.0/22 maxlen: 22
                          62.64.32.0/19 maxlen: 19
                          2a01:8e80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8b:4d:51:80:31:23:ca:9e:44:e9:f9:e3:45:28:61:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9812e491aaa655b6324dbcc0cff00a8d63191076
        Validity
            Not Before: Jul 25 04:27:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f04c6a8fa74cf7f012cb9da3de81460e6f400f08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:9f:d1:45:99:62:66:e3:bd:a1:be:45:41:95:
                    84:e0:12:f0:53:a6:15:60:b0:db:33:96:d8:ec:01:
                    b2:ad:9e:d5:6e:c7:bb:3f:67:10:e6:e5:41:45:fe:
                    7b:96:f8:bd:81:7f:64:b3:72:86:fe:02:7c:16:26:
                    dd:55:d1:d1:5c:4a:21:09:64:5f:43:7e:a0:32:e3:
                    48:08:9f:28:8c:77:46:92:c4:cd:dc:01:a5:24:41:
                    a5:0b:2d:65:60:8a:66:e1:79:12:d8:85:9b:29:90:
                    52:ba:96:eb:86:1a:da:2e:f4:fa:66:9a:dc:12:37:
                    df:37:d9:de:fe:91:41:c6:f3:d3:e8:bd:2d:e6:ba:
                    da:d3:c2:41:3e:1c:d9:ce:ce:6a:fa:ca:5c:5a:d1:
                    fa:7c:6f:4f:bf:83:6c:a5:f0:8d:d7:d3:80:7c:cb:
                    69:bf:a7:d7:75:6f:e9:83:9e:82:25:8a:7b:12:ab:
                    e1:b2:fb:f8:58:65:1e:b4:e8:98:1e:b0:c4:c5:4d:
                    d9:d9:36:4b:0e:89:d3:9d:bb:01:59:dc:bd:f6:8a:
                    bf:7a:b2:63:fd:f9:3d:00:41:64:f2:a4:5a:12:50:
                    78:a2:db:16:ad:6e:9d:b3:5f:1b:cf:19:eb:54:de:
                    be:8e:8e:ec:f8:29:de:7d:16:cd:96:ae:d7:d0:59:
                    47:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:4C:6A:8F:A7:4C:F7:F0:12:CB:9D:A3:DE:81:46:0E:6F:40:0F:08
            X509v3 Authority Key Identifier:
                keyid:98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/8Exqj6dM9_ASy52j3oFGDm9ADwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.240.0/20
                  37.220.48.0/20
                  46.162.128.0/18
                  62.64.32.0/19
                  79.141.192.0/23
                  79.141.197.0/24
                  79.141.206.0/23
                  185.9.96.0/22
                  195.146.224.0/19
                IPv6:
                  2a01:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:06:d7:14:28:34:cc:00:75:a4:b6:55:2a:db:f7:82:49:f6:
         94:ca:ed:a3:45:eb:58:fd:cc:68:7b:ca:0b:c9:0b:19:05:18:
         ec:11:aa:0e:68:f0:0b:0a:4b:c3:d2:6e:43:80:46:da:0b:90:
         5c:d0:27:68:f4:9f:5b:25:08:1f:af:48:43:e7:7a:7b:4d:ac:
         e1:21:5b:8a:6a:7c:b0:fd:2f:6e:9a:d3:c6:2e:aa:30:ac:65:
         4d:d3:26:fb:80:e6:84:56:ca:92:00:f1:5f:cc:a5:07:1a:6a:
         85:97:52:12:f8:64:7e:40:07:8e:9f:94:0e:a9:e4:6e:c6:07:
         9d:7a:dc:53:01:20:d8:73:52:8d:76:b2:65:1f:fd:c8:b6:2f:
         38:81:aa:3f:bb:38:5d:e5:6f:2c:b6:27:a3:c5:7a:b2:d1:60:
         75:2d:37:10:48:b1:90:e2:ec:34:1b:a4:59:3e:91:b9:1c:a1:
         d6:d7:aa:40:48:aa:b2:9c:0d:1f:49:14:aa:5b:28:e2:b1:02:
         0c:dd:a7:9c:ec:10:ef:68:b1:35:6e:40:8a:53:06:66:94:7a:
         f4:52:4f:7d:c8:42:dd:69:f8:68:39:58:4c:fa:ab:e9:a8:7c:
         11:85:cd:79:45:11:03:aa:8b:79:35:63:67:b2:12:1b:8e:6e:
         61:7e:6a:48
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYmLTVGAMSPKnkTp+eNFKGHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTJlNDkxYWFhNjU1YjYzMjRkYmNjMGNmZjAwYThkNjMx
OTEwNzYwHhcNMjMwNzI1MDQyNzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDRjNmE4ZmE3NGNmN2YwMTJjYjlkYTNkZTgxNDYwZTZmNDAwZjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z/RRZliZuO9ob5FQZWE4BLwU6YV
YLDbM5bY7AGyrZ7Vbse7P2cQ5uVBRf57lvi9gX9ks3KG/gJ8FibdVdHRXEohCWRf
Q36gMuNICJ8ojHdGksTN3AGlJEGlCy1lYIpm4XkS2IWbKZBSupbrhhraLvT6Zprc
EjffN9ne/pFBxvPT6L0t5rra08JBPhzZzs5q+spcWtH6fG9Pv4NspfCN19OAfMtp
v6fXdW/pg56CJYp7Eqvhsvv4WGUetOiYHrDExU3Z2TZLDonTnbsBWdy99oq/erJj
/fk9AEFk8qRaElB4otsWrW6ds18bzxnrVN6+jo7s+CnefRbNlq7X0FlH7QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPBMao+nTPfwEsudo96BRg5vQA8IMB8GA1UdIwQY
MBaAFJgS5JGqplW2Mk28wM/wCo1jGRB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUt
ZGZmZTE3ZjNkYjU0LzEvOEV4cWo2ZE05X0FTeTUyajNvRkdEbTlBRHdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUtZGZmZTE3ZjNkYjU0
LzEvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQEBZ7wAwQE
JdwwAwQGLqKAAwQFPkAgAwQBT43AAwQAT43FAwQBT43OAwQCuQlgAwQFw5LgMA0E
AgACMAcDBQMqAY6AMA0GCSqGSIb3DQEBCwUAA4IBAQA6BtcUKDTMAHWktlUq2/eC
SfaUyu2jRetY/cxoe8oLyQsZBRjsEaoOaPALCkvD0m5DgEbaC5Bc0Cdo9J9bJQgf
r0hD53p7TazhIVuKanyw/S9umtPGLqowrGVN0yb7gOaEVsqSAPFfzKUHGmqFl1IS
+GR+QAeOn5QOqeRuxgedetxTASDYc1KNdrJlH/3Iti84gao/uzhd5W8stiejxXqy
0WB1LTcQSLGQ4uw0G6RZPpG5HKHW16pASKqynA0fSRSqWyjisQIM3aec7BDvaLE1
bkCKUwZmlHr0Uk99yELdafhoOVhM+qvpqHwRhc15RREDqot5NWNnshIbjm5hfmpI
-----END CERTIFICATE-----