Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lbiw6zMGo2RBJ1nn_-3eVs7QY5M.roa
File:                     lbiw6zMGo2RBJ1nn_-3eVs7QY5M.roa (raw, json)
Hash identifier:          NNHER4yF7f/gyRihieU1R8Vj+s91Ldo/7Y83n/k55Bs=
Subject key identifier:   95:B8:B0:EB:33:06:A3:64:41:27:59:E7:FF:ED:DE:56:CE:D0:63:93
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0187D59FA2A0C344C4FF3A1982DEF5C7F362
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lbiw6zMGo2RBJ1nn_-3eVs7QY5M.roa
Signing time:             Mon 01 May 2023 04:43:41 +0000
ROA not before:           Mon 01 May 2023 04:43:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        86.107.50.0/24 maxlen: 24
                          86.107.51.0/24 maxlen: 24
                          89.34.219.0/24 maxlen: 24
                          89.35.129.0/24 maxlen: 24
                          89.35.130.0/23 maxlen: 23
                          89.35.131.0/24 maxlen: 24
                          188.241.136.0/24 maxlen: 24
                          188.241.137.0/24 maxlen: 24
                          94.198.171.0/24 maxlen: 24
                          77.81.88.0/24 maxlen: 24
                          89.45.35.0/24 maxlen: 24
                          188.214.107.0/24 maxlen: 24
                          77.81.100.0/24 maxlen: 24
                          176.223.188.0/24 maxlen: 24
                          62.192.152.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 03 May 2023 08:09:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d5:9f:a2:a0:c3:44:c4:ff:3a:19:82:de:f5:c7:f3:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May  1 04:43:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=95b8b0eb3306a364412759e7ffedde56ced06393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:75:db:cc:87:4d:9e:33:75:35:40:b3:96:a3:
                    92:d6:6c:fd:0a:bb:74:a1:cf:86:8d:5f:3a:6d:c6:
                    a7:89:74:79:72:c1:53:ab:2e:4c:a6:1e:6b:27:df:
                    d6:ea:72:16:5d:19:a9:e2:20:71:d3:78:d6:09:d6:
                    07:41:c8:97:18:a4:90:2d:42:9a:e5:9b:32:e1:58:
                    46:db:47:99:14:b5:a6:47:44:87:b2:bb:69:01:77:
                    f1:fe:c1:70:a3:19:0b:b1:fa:8b:7a:29:9f:92:ca:
                    e4:1e:fd:ca:15:7f:00:79:8f:14:6d:48:b9:4f:17:
                    ac:02:32:b9:36:31:09:a5:9f:eb:d4:35:bf:b0:61:
                    86:45:83:e8:d0:d9:f9:8b:fe:5a:38:fa:02:f5:40:
                    e4:d1:dd:17:83:0b:3d:b6:3f:30:f0:e7:03:89:45:
                    6d:07:02:a0:f0:3b:a4:02:24:b9:ef:1d:d4:98:01:
                    3a:17:9d:d8:d3:13:1b:a5:40:df:50:1a:6a:4d:b2:
                    aa:df:af:88:4a:09:fc:a1:c6:f5:f7:a9:d7:dc:e5:
                    db:9c:14:71:44:86:3b:47:7a:22:59:f3:7e:03:cd:
                    a8:cc:95:1a:99:f3:2a:0a:51:cc:96:f3:b1:80:70:
                    ae:86:8d:34:63:44:e5:da:6c:67:54:8f:d9:bb:0f:
                    ec:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B8:B0:EB:33:06:A3:64:41:27:59:E7:FF:ED:DE:56:CE:D0:63:93
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lbiw6zMGo2RBJ1nn_-3eVs7QY5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.152.0/24
                  77.81.88.0/24
                  77.81.100.0/24
                  86.107.50.0/23
                  89.34.219.0/24
                  89.35.129.0-89.35.131.255
                  89.45.35.0/24
                  94.198.171.0/24
                  176.223.188.0/24
                  188.214.107.0/24
                  188.241.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:29:1d:4c:ee:c6:f4:ec:11:b1:47:9d:79:32:f2:5b:db:b3:
         12:55:93:85:11:c3:68:3c:e4:ba:4d:4d:1a:c7:c5:42:af:10:
         db:d5:40:ec:b0:ee:0e:37:33:a1:65:9a:6f:e5:1b:bb:d4:76:
         14:82:93:68:92:42:c2:80:d8:c7:6e:ad:92:d3:0f:3c:2a:55:
         88:11:f1:26:91:8f:e5:76:fa:92:3e:26:52:ca:bf:39:0f:aa:
         98:c6:b8:30:6e:87:c1:cf:ba:81:15:46:83:9d:99:42:65:c9:
         93:e1:52:e9:4a:9e:aa:5a:02:f4:03:e5:66:25:2d:ed:f3:2d:
         3c:0e:d9:c7:90:fd:4e:3e:2a:71:04:07:ba:6e:d4:30:cb:e6:
         33:01:d0:c9:82:02:83:e2:63:4e:28:ee:63:12:bc:3f:ae:c6:
         bc:18:ec:48:9f:3a:4c:be:e0:d2:5b:a9:7e:a1:28:03:02:20:
         a6:9e:2e:d0:ba:41:b3:a5:fd:03:97:78:d0:66:66:60:d7:6b:
         4d:a7:f5:ae:54:72:2f:9f:13:aa:86:37:a7:8e:58:69:4b:3c:
         6b:75:77:c3:6e:18:88:ee:f4:c4:72:3a:47:1e:76:ea:c0:13:
         2d:13:94:54:f6:92:db:76:46:09:f8:5f:59:54:e6:ec:be:d2:
         c2:4e:9e:fb
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYfVn6Kgw0TE/zoZgt71x/NiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjMwNTAxMDQ0MzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI4YjBlYjMzMDZhMzY0NDEyNzU5ZTdmZmVkZGU1NmNlZDA2MzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnXbzIdNnjN1NUCzlqOS1mz9Crt0
oc+GjV86bcaniXR5csFTqy5Mph5rJ9/W6nIWXRmp4iBx03jWCdYHQciXGKSQLUKa
5Zsy4VhG20eZFLWmR0SHsrtpAXfx/sFwoxkLsfqLeimfksrkHv3KFX8AeY8UbUi5
TxesAjK5NjEJpZ/r1DW/sGGGRYPo0Nn5i/5aOPoC9UDk0d0Xgws9tj8w8OcDiUVt
BwKg8DukAiS57x3UmAE6F53Y0xMbpUDfUBpqTbKq36+ISgn8ocb196nX3OXbnBRx
RIY7R3oiWfN+A82ozJUamfMqClHMlvOxgHCuho00Y0Tl2mxnVI/Zuw/s6wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFJW4sOszBqNkQSdZ5//t3lbO0GOTMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvbGJpdzZ6TUdvMlJCSjFubl8tM2VWczdRWTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAPsCYAwQA
TVFYAwQATVFkAwQBVmsyAwQAWSLbMAwDBABZI4EDBAJZI4ADBABZLSMDBABexqsD
BACw37wDBAC81msDBAG88YgwDQYJKoZIhvcNAQELBQADggEBAJgpHUzuxvTsEbFH
nXky8lvbsxJVk4URw2g85LpNTRrHxUKvENvVQOyw7g43M6Flmm/lG7vUdhSCk2iS
QsKA2MdurZLTDzwqVYgR8SaRj+V2+pI+JlLKvzkPqpjGuDBuh8HPuoEVRoOdmUJl
yZPhUulKnqpaAvQD5WYlLe3zLTwO2ceQ/U4+KnEEB7pu1DDL5jMB0MmCAoPiY04o
7mMSvD+uxrwY7EifOky+4NJbqX6hKAMCIKaeLtC6QbOl/QOXeNBmZmDXa02n9a5U
ci+fE6qGN6eOWGlLPGt1d8NuGIju9MRyOkcedurAEy0TlFT2ktt2Rgn4X1lU5uy+
0sJOnvs=
-----END CERTIFICATE-----