Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/dVdDg2qRCuQEr7kPWQm9RiJ3o9I.roa
File:                     dVdDg2qRCuQEr7kPWQm9RiJ3o9I.roa (raw, json)
Hash identifier:          Xs5FIh/kFe5uq47PU3C89NyeBRHVFrMsDYoLrlccs+c=
Subject key identifier:   75:57:43:83:6A:91:0A:E4:04:AF:B9:0F:59:09:BD:46:22:77:A3:D2
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0187FBC8BCCD9FA911AC55CD462BD28A928E
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/dVdDg2qRCuQEr7kPWQm9RiJ3o9I.roa
Signing time:             Mon 08 May 2023 14:34:09 +0000
ROA not before:           Mon 08 May 2023 14:34:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8100
IP address blocks:        64.137.122.0/23 maxlen: 23
                          64.137.16.0/24 maxlen: 24
                          64.137.120.0/24 maxlen: 24
                          104.249.39.0/24 maxlen: 24
                          64.137.54.0/24 maxlen: 24
                          104.222.190.0/24 maxlen: 24
                          64.137.109.0/24 maxlen: 24
                          64.137.110.0/23 maxlen: 23
                          64.137.113.0/24 maxlen: 24
                          64.137.115.0/24 maxlen: 24
                          64.137.9.0/24 maxlen: 24
                          64.137.117.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 29 May 2023 09:18:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:fb:c8:bc:cd:9f:a9:11:ac:55:cd:46:2b:d2:8a:92:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: May  8 14:34:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=755743836a910ae404afb90f5909bd462277a3d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:f8:73:03:99:f1:b9:cc:d3:fb:07:29:a6:1a:
                    10:d5:64:ee:fd:b5:bb:79:25:38:19:69:88:1c:fe:
                    f6:e3:7d:8b:f9:f5:b0:a4:3a:90:1c:05:a1:eb:16:
                    c6:02:f3:60:bd:25:8d:3a:6a:f5:bb:ee:4d:e3:38:
                    c0:6d:63:46:28:ef:46:82:de:ee:3d:3e:e4:fe:3a:
                    fd:26:1a:c5:82:86:8c:f4:87:00:e1:bb:4f:86:93:
                    15:7a:8f:a8:01:03:79:e7:0f:d4:be:4e:4e:da:0c:
                    9b:16:af:7d:46:f9:c8:03:86:0b:cd:91:30:d4:a4:
                    ef:dc:2a:22:ef:bc:ec:6c:d8:bf:ed:77:96:4a:ae:
                    ec:e0:59:7c:61:a4:93:6f:e4:9f:e9:27:dc:c4:d4:
                    78:e1:5b:cd:34:b5:f8:69:54:cd:c8:f0:e3:60:ab:
                    8a:e6:3f:c1:2c:68:21:45:29:18:17:45:87:f0:1c:
                    ad:d6:0f:2c:1b:e8:31:1f:62:cd:36:e3:d4:0a:8d:
                    bf:b2:b7:7e:93:3f:9a:2c:1c:fd:23:f9:5f:35:10:
                    6c:99:5c:4e:9d:83:1b:0e:52:db:0f:f0:77:d7:bc:
                    3b:bf:7a:f5:9b:7b:17:f0:1d:45:53:48:36:bb:88:
                    21:fa:32:3d:28:54:15:e8:49:db:13:dc:1b:65:ad:
                    35:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:57:43:83:6A:91:0A:E4:04:AF:B9:0F:59:09:BD:46:22:77:A3:D2
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/dVdDg2qRCuQEr7kPWQm9RiJ3o9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.9.0/24
                  64.137.16.0/24
                  64.137.54.0/24
                  64.137.109.0-64.137.111.255
                  64.137.113.0/24
                  64.137.115.0/24
                  64.137.117.0/24
                  64.137.120.0/24
                  64.137.122.0/23
                  104.222.190.0/24
                  104.249.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b3:ee:2b:a9:d3:26:e8:23:ec:26:88:e4:0d:6b:e1:4f:9d:
         de:d2:67:e0:3c:82:9a:de:13:f1:f4:87:6c:d3:4a:3c:e0:34:
         8c:be:bc:bf:e0:d4:58:55:ad:4d:d3:3d:d1:73:70:d0:c8:32:
         70:e2:89:e7:63:ba:43:5b:2e:97:04:fb:bc:fd:e7:95:70:1f:
         54:37:0e:ef:2f:f0:69:64:f6:89:6d:32:d8:91:a3:86:7c:29:
         23:7d:a0:ed:a3:a3:c7:1a:7d:e3:59:5a:de:d6:2b:74:77:eb:
         f3:46:6a:d2:7e:17:76:d3:0e:f5:28:c7:a3:40:c8:4b:9a:af:
         7a:ed:05:4a:41:78:2b:36:10:e2:97:48:74:01:1f:ab:5f:bd:
         1a:26:2e:ce:e3:e5:1e:23:db:df:83:33:52:5a:db:3f:30:cb:
         c2:b7:73:dd:8e:3d:0e:9f:c8:a3:28:41:4a:29:b4:09:e8:fa:
         84:41:18:e3:d1:f0:ee:e1:d2:92:30:6b:26:e0:91:70:50:df:
         2a:61:b1:d2:94:a9:2f:51:85:ca:b6:fc:1d:24:d8:dd:0d:eb:
         c2:2b:b3:69:ea:e4:81:d0:73:e9:7a:17:01:e6:ca:e9:fb:a8:
         5b:84:ab:a0:3d:37:c1:6c:30:32:b1:24:40:d0:55:eb:01:9c:
         0e:14:03:17
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYf7yLzNn6kRrFXNRivSipKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwNTA4MTQzNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTU3NDM4MzZhOTEwYWU0MDRhZmI5MGY1OTA5YmQ0NjIyNzdhM2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvhzA5nxuczT+wcpphoQ1WTu/bW7
eSU4GWmIHP72432L+fWwpDqQHAWh6xbGAvNgvSWNOmr1u+5N4zjAbWNGKO9Ggt7u
PT7k/jr9JhrFgoaM9IcA4btPhpMVeo+oAQN55w/Uvk5O2gybFq99RvnIA4YLzZEw
1KTv3Coi77zsbNi/7XeWSq7s4Fl8YaSTb+Sf6SfcxNR44VvNNLX4aVTNyPDjYKuK
5j/BLGghRSkYF0WH8Byt1g8sG+gxH2LNNuPUCo2/srd+kz+aLBz9I/lfNRBsmVxO
nYMbDlLbD/B317w7v3r1m3sX8B1FU0g2u4gh+jI9KFQV6EnbE9wbZa013wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFHVXQ4NqkQrkBK+5D1kJvUYid6PSMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvZFZkRGcycVJDdVFFcjdrUFdRbTlSaUozbzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAQIkJAwQA
QIkQAwQAQIk2MAwDBABAiW0DBARAiWADBABAiXEDBABAiXMDBABAiXUDBABAiXgD
BAFAiXoDBABo3r4DBABo+ScwDQYJKoZIhvcNAQELBQADggEBAGyz7iup0yboI+wm
iOQNa+FPnd7SZ+A8gpreE/H0h2zTSjzgNIy+vL/g1FhVrU3TPdFzcNDIMnDiiedj
ukNbLpcE+7z955VwH1Q3Du8v8Glk9oltMtiRo4Z8KSN9oO2jo8cafeNZWt7WK3R3
6/NGatJ+F3bTDvUox6NAyEuar3rtBUpBeCs2EOKXSHQBH6tfvRomLs7j5R4j29+D
M1Ja2z8wy8K3c92OPQ6fyKMoQUoptAno+oRBGOPR8O7h0pIwaybgkXBQ3yphsdKU
qS9Rhcq2/B0k2N0N68Irs2nq5IHQc+l6FwHmyun7qFuEq6A9N8FsMDKxJEDQVesB
nA4UAxc=
-----END CERTIFICATE-----