Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/1b1272-83c1-4864-9cd3-027c7f7dc6d5/1/TfeGx4dB93pf9IuHhO9eBfz1OoI.roa
File:                     TfeGx4dB93pf9IuHhO9eBfz1OoI.roa (raw, json)
Hash identifier:          eyhJeQdr/4finkWc/dN0edKegNdaB6g9mSrumSYDZyA=
Subject key identifier:   4D:F7:86:C7:87:41:F7:7A:5F:F4:8B:87:84:EF:5E:05:FC:F5:3A:82
Certificate issuer:       /CN=4f617d6b03e2fe5f8911cbeb5fae2dca3bd6677f
Certificate serial:       018798B834529FEB9AA8471FB1F9963D6904
Authority key identifier: 4F:61:7D:6B:03:E2:FE:5F:89:11:CB:EB:5F:AE:2D:CA:3B:D6:67:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T2F9awPi_l-JEcvrX64tyjvWZ38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/1b1272-83c1-4864-9cd3-027c7f7dc6d5/1/TfeGx4dB93pf9IuHhO9eBfz1OoI.roa
Signing time:             Wed 19 Apr 2023 08:53:41 +0000
ROA not before:           Wed 19 Apr 2023 08:53:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44034
IP address blocks:        2.64.0.0/13 maxlen: 13
                          77.241.128.0/20 maxlen: 20
                          77.241.128.0/21 maxlen: 21
                          94.191.128.0/17 maxlen: 17
                          37.250.0.0/16 maxlen: 16
                          80.251.192.0/20 maxlen: 20
                          79.138.128.0/17 maxlen: 17
                          212.27.0.0/19 maxlen: 19
                          109.56.0.0/14 maxlen: 14
                          78.156.192.0/19 maxlen: 19
                          95.209.0.0/16 maxlen: 16
                          2a02:aa0::/29 maxlen: 32

Validation:               Failed, certificate revoked on Tue 24 Oct 2023 06:47:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:98:b8:34:52:9f:eb:9a:a8:47:1f:b1:f9:96:3d:69:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f617d6b03e2fe5f8911cbeb5fae2dca3bd6677f
        Validity
            Not Before: Apr 19 08:53:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4df786c78741f77a5ff48b8784ef5e05fcf53a82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:43:67:2b:e8:e2:35:99:ed:43:dd:4c:18:c1:
                    c3:93:a1:26:8c:f1:87:db:61:ed:48:4a:85:9f:33:
                    dc:0a:44:74:12:e3:8f:41:9e:1e:1b:78:f9:98:4a:
                    61:d7:04:8c:17:46:53:84:f7:5f:b3:95:7a:36:38:
                    4b:83:55:1a:51:01:6a:ab:c1:08:58:ee:25:a3:27:
                    85:53:d6:22:a6:8f:15:20:a5:cd:40:13:23:6e:4a:
                    3a:ec:aa:33:a3:ae:6f:35:c8:b5:12:f4:9d:b6:7f:
                    60:da:ef:80:21:f4:b5:a0:3b:7b:6d:f3:1c:e5:f9:
                    94:2d:ab:84:cb:ce:e5:bb:c3:d5:34:17:7d:92:08:
                    15:2b:bb:cf:e9:01:66:56:8c:a3:61:8c:c2:08:b3:
                    7d:c5:11:ee:5b:20:5a:36:c9:2b:29:27:25:ee:48:
                    a9:f7:74:f2:28:21:2f:3a:6d:6c:ce:76:f9:2e:34:
                    50:16:1d:9d:4b:a6:d1:e4:eb:35:60:f8:02:21:b1:
                    a9:90:f0:42:3a:97:a2:66:0e:fd:c3:75:b5:d1:76:
                    9d:96:31:df:cc:82:ba:97:47:c6:26:b7:5a:e3:d0:
                    a8:09:a0:13:a9:98:44:23:b9:5d:70:bc:4f:00:9a:
                    2c:a2:2e:13:19:dc:4c:3f:ec:f2:22:f3:e8:72:82:
                    af:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F7:86:C7:87:41:F7:7A:5F:F4:8B:87:84:EF:5E:05:FC:F5:3A:82
            X509v3 Authority Key Identifier:
                keyid:4F:61:7D:6B:03:E2:FE:5F:89:11:CB:EB:5F:AE:2D:CA:3B:D6:67:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T2F9awPi_l-JEcvrX64tyjvWZ38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/1b1272-83c1-4864-9cd3-027c7f7dc6d5/1/TfeGx4dB93pf9IuHhO9eBfz1OoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/1b1272-83c1-4864-9cd3-027c7f7dc6d5/1/T2F9awPi_l-JEcvrX64tyjvWZ38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.64.0.0/13
                  37.250.0.0/16
                  77.241.128.0/20
                  78.156.192.0/19
                  79.138.128.0/17
                  80.251.192.0/20
                  94.191.128.0/17
                  95.209.0.0/16
                  109.56.0.0/14
                  212.27.0.0/19
                IPv6:
                  2a02:aa0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:2f:2b:65:a0:4e:d6:65:d4:01:69:1d:e1:a6:35:96:a2:94:
         33:54:6e:b2:8f:8b:da:2d:d3:ae:a1:77:71:5b:02:ae:63:76:
         1e:e1:13:53:0a:61:aa:7a:cd:62:01:9a:64:84:ed:3f:96:5f:
         b5:ce:24:cb:7b:15:b4:a8:66:89:ae:91:2c:95:68:7d:bd:1d:
         ee:93:b0:fd:5b:d0:7d:fe:2d:e7:e1:ae:3f:a1:f3:26:f0:6c:
         11:95:dc:3c:a9:03:e4:99:2f:d1:63:df:6b:df:bb:d2:6a:8f:
         cc:d2:5f:1d:53:c0:07:63:f9:35:2c:63:df:68:0c:69:cb:61:
         e3:f7:eb:a8:62:9e:63:50:9b:a3:59:32:b4:7d:fc:ac:a7:78:
         c9:ed:d4:bd:72:47:8e:04:6b:b7:ea:c8:11:2a:00:e5:ef:d6:
         ce:60:e5:ff:43:62:bf:c1:e8:5b:b3:75:ec:48:b9:00:c1:28:
         94:b0:76:1d:a9:28:6d:ce:25:a4:68:f7:41:c4:18:fa:15:6d:
         13:5c:4c:c7:42:d9:dd:92:ca:8d:13:a2:fe:76:8b:17:d0:61:
         f6:8f:b9:ee:57:53:43:7d:a5:f5:3e:fc:60:e8:48:a4:d8:7f:
         bc:d7:3b:7f:71:95:80:c1:c7:4c:5e:49:23:2a:5e:1d:2d:e4:
         af:39:ef:79
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYeYuDRSn+uaqEcfsfmWPWkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNjE3ZDZiMDNlMmZlNWY4OTExY2JlYjVmYWUyZGNhM2Jk
NjY3N2YwHhcNMjMwNDE5MDg1MzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGY3ODZjNzg3NDFmNzdhNWZmNDhiODc4NGVmNWUwNWZjZjUzYTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUNnK+jiNZntQ91MGMHDk6EmjPGH
22HtSEqFnzPcCkR0EuOPQZ4eG3j5mEph1wSMF0ZThPdfs5V6NjhLg1UaUQFqq8EI
WO4loyeFU9Yipo8VIKXNQBMjbko67Kozo65vNci1EvSdtn9g2u+AIfS1oDt7bfMc
5fmULauEy87lu8PVNBd9kggVK7vP6QFmVoyjYYzCCLN9xRHuWyBaNskrKScl7kip
93TyKCEvOm1sznb5LjRQFh2dS6bR5Os1YPgCIbGpkPBCOpeiZg79w3W10XadljHf
zIK6l0fGJrda49CoCaATqZhEI7ldcLxPAJosoi4TGdxMP+zyIvPocoKvdwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFE33hseHQfd6X/SLh4TvXgX89TqCMB8GA1UdIwQY
MBaAFE9hfWsD4v5fiRHL61+uLco71md/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDJGOWF3UGlfbC1KRWN2clg2NHR5anZXWjM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xYjEyNzItODNjMS00ODY0LTljZDMt
MDI3YzdmN2RjNmQ1LzEvVGZlR3g0ZEI5M3BmOUl1SGhPOWVCZnoxT29JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xYjEyNzItODNjMS00ODY0LTljZDMtMDI3YzdmN2RjNmQ1
LzEvVDJGOWF3UGlfbC1KRWN2clg2NHR5anZXWjM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwMDAkADAwAl
+gMEBE3xgAMEBU6cwAMEB0+KgAMEBFD7wAMEB16/gAMDAF/RAwMCbTgDBAXUGwAw
DQQCAAIwBwMFAyoCCqAwDQYJKoZIhvcNAQELBQADggEBAH0vK2WgTtZl1AFpHeGm
NZailDNUbrKPi9ot066hd3FbAq5jdh7hE1MKYap6zWIBmmSE7T+WX7XOJMt7FbSo
ZomukSyVaH29He6TsP1b0H3+Lefhrj+h8ybwbBGV3DypA+SZL9Fj32vfu9Jqj8zS
Xx1TwAdj+TUsY99oDGnLYeP366hinmNQm6NZMrR9/KyneMnt1L1yR44Ea7fqyBEq
AOXv1s5g5f9DYr/B6FuzdexIuQDBKJSwdh2pKG3OJaRo90HEGPoVbRNcTMdC2d2S
yo0Tov52ixfQYfaPue5XU0N9pfU+/GDoSKTYf7zXO39xlYDBx0xeSSMqXh0t5K85
73k=
-----END CERTIFICATE-----