Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/pPnx4f-V5Fd5F4I0SEjZfFZb72c.roa
File:                     pPnx4f-V5Fd5F4I0SEjZfFZb72c.roa (raw, json)
Hash identifier:          9Els/nxzH0yUl15bsze7+riVM5foe0nO8kOWvheUWp4=
Subject key identifier:   A4:F9:F1:E1:FF:95:E4:57:79:17:82:34:48:48:D9:7C:56:5B:EF:67
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0186725C9B9A98BB4253C0F93B7D272FC624
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/pPnx4f-V5Fd5F4I0SEjZfFZb72c.roa
Signing time:             Tue 21 Feb 2023 05:05:17 +0000
ROA not before:           Tue 21 Feb 2023 05:05:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        89.34.202.0/24 maxlen: 24
                          89.43.62.0/24 maxlen: 24
                          89.34.219.0/24 maxlen: 24
                          185.112.249.0/24 maxlen: 24
                          89.35.129.0/24 maxlen: 24
                          89.35.130.0/23 maxlen: 23
                          188.241.136.0/24 maxlen: 24
                          89.46.42.0/24 maxlen: 24
                          188.241.137.0/24 maxlen: 24
                          89.34.106.0/24 maxlen: 24
                          89.39.125.0/24 maxlen: 24
                          89.35.73.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          89.40.215.0/24 maxlen: 24
                          93.114.244.0/24 maxlen: 24
                          62.192.152.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 03 Mar 2023 10:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:72:5c:9b:9a:98:bb:42:53:c0:f9:3b:7d:27:2f:c6:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Feb 21 05:05:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a4f9f1e1ff95e457791782344848d97c565bef67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:eb:4e:9d:6e:d3:c2:7c:88:a5:ce:29:cc:ba:
                    f6:da:0d:27:42:3a:32:3b:45:d4:84:0d:9e:8a:f3:
                    f9:9c:23:8d:10:5d:d6:29:64:25:b4:9a:a6:5c:3f:
                    85:dc:c6:0d:93:98:58:67:99:c0:7f:2a:8b:f0:32:
                    b7:1a:bc:e0:9c:92:89:be:b1:41:f8:f8:39:fd:8d:
                    b3:ba:2e:0d:ac:d7:cb:08:7e:ac:3f:30:72:7b:3e:
                    11:40:d1:b8:95:31:7e:19:62:28:79:03:12:52:35:
                    52:a9:d9:01:a5:c3:97:32:9f:3e:93:29:30:1e:cb:
                    e2:5a:50:dd:db:b0:7f:d4:62:67:14:54:8d:53:45:
                    2b:34:8e:d9:2b:38:45:bc:98:76:80:eb:1b:13:c6:
                    d1:6d:ad:d2:f9:6f:e3:f0:c3:9b:81:8b:f8:a4:18:
                    a6:d6:79:2d:1a:4e:2b:12:01:35:69:83:34:2c:a0:
                    fa:21:5c:81:da:05:fd:e4:1f:ba:65:f4:34:40:e4:
                    fb:f9:61:a7:5e:83:f6:d9:82:23:1b:d1:ff:36:7a:
                    ab:c0:46:85:28:d8:44:32:81:c0:dd:c4:5e:d2:ed:
                    f7:c2:89:a7:0e:e6:63:38:bf:67:74:15:99:a0:44:
                    22:88:e6:aa:fa:ec:a8:10:3e:e4:6f:4a:b1:e1:a3:
                    40:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F9:F1:E1:FF:95:E4:57:79:17:82:34:48:48:D9:7C:56:5B:EF:67
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/pPnx4f-V5Fd5F4I0SEjZfFZb72c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.152.0/24
                  89.34.106.0/24
                  89.34.202.0/24
                  89.34.219.0/24
                  89.35.73.0/24
                  89.35.129.0-89.35.131.255
                  89.39.125.0/24
                  89.40.215.0/24
                  89.43.62.0/24
                  89.46.42.0/24
                  89.47.36.0/24
                  93.114.244.0/24
                  185.112.249.0/24
                  188.241.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:28:ab:47:ae:89:30:85:a3:3c:16:d0:1b:17:f1:5a:10:de:
         5d:06:7b:90:df:b7:ce:d6:1f:4b:75:2b:fb:94:f6:eb:0e:fa:
         47:96:31:02:79:a0:bb:e4:11:b1:98:94:1d:5b:b0:04:21:3c:
         68:c7:6f:5e:98:aa:26:97:56:a8:ce:bc:36:75:11:bf:71:24:
         8b:0d:b9:1e:d9:36:37:aa:74:6d:9f:f7:57:57:a4:36:56:eb:
         f2:8d:46:a2:c5:8a:fc:f9:ec:59:95:68:3e:0a:7b:3d:df:ef:
         91:3a:e6:91:ce:a8:bf:7c:b6:37:a3:5c:6b:4a:83:7a:82:6b:
         c9:89:45:92:16:6c:37:8f:d0:33:90:29:c5:15:d9:3f:75:26:
         33:9d:19:8d:1a:90:a7:b6:f9:94:87:61:9f:54:84:d8:c5:8e:
         27:d2:e4:69:a2:67:75:a8:72:3b:17:79:55:5c:be:a7:ae:a5:
         d7:43:9e:8c:75:b4:9a:79:c1:18:6f:66:a1:80:6f:d4:50:70:
         73:52:c3:c4:77:fd:17:a0:d7:c5:5e:a0:60:2b:37:41:7a:9a:
         4a:36:ce:64:c8:ce:5c:63:9d:60:d3:d3:0f:d8:05:c3:52:99:
         a1:f8:59:98:06:00:f4:91:0b:a9:2d:1d:91:31:55:bb:56:0e:
         fe:d9:6c:74
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYZyXJuamLtCU8D5O30nL8YkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjMwMjIxMDUwNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY5ZjFlMWZmOTVlNDU3NzkxNzgyMzQ0ODQ4ZDk3YzU2NWJlZjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgutOnW7TwnyIpc4pzLr22g0nQjoy
O0XUhA2eivP5nCONEF3WKWQltJqmXD+F3MYNk5hYZ5nAfyqL8DK3GrzgnJKJvrFB
+Pg5/Y2zui4NrNfLCH6sPzByez4RQNG4lTF+GWIoeQMSUjVSqdkBpcOXMp8+kykw
HsviWlDd27B/1GJnFFSNU0UrNI7ZKzhFvJh2gOsbE8bRba3S+W/j8MObgYv4pBim
1nktGk4rEgE1aYM0LKD6IVyB2gX95B+6ZfQ0QOT7+WGnXoP22YIjG9H/NnqrwEaF
KNhEMoHA3cRe0u33womnDuZjOL9ndBWZoEQiiOaq+uyoED7kb0qx4aNAQQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFKT58eH/leRXeReCNEhI2XxWW+9nMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvcFBueDRmLVY1RmQ1RjRJMFNFalpmRlpiNzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAPsCYAwQA
WSJqAwQAWSLKAwQAWSLbAwQAWSNJMAwDBABZI4EDBAJZI4ADBABZJ30DBABZKNcD
BABZKz4DBABZLioDBABZLyQDBABdcvQDBAC5cPkDBAG88YgwDQYJKoZIhvcNAQEL
BQADggEBAHsoq0euiTCFozwW0BsX8VoQ3l0Ge5Dft87WH0t1K/uU9usO+keWMQJ5
oLvkEbGYlB1bsAQhPGjHb16YqiaXVqjOvDZ1Eb9xJIsNuR7ZNjeqdG2f91dXpDZW
6/KNRqLFivz57FmVaD4Kez3f75E65pHOqL98tjejXGtKg3qCa8mJRZIWbDeP0DOQ
KcUV2T91JjOdGY0akKe2+ZSHYZ9UhNjFjifS5GmiZ3WocjsXeVVcvqeupddDnox1
tJp5wRhvZqGAb9RQcHNSw8R3/Reg18VeoGArN0F6mko2zmTIzlxjnWDT0w/YBcNS
maH4WZgGAPSRC6ktHZExVbtWDv7ZbHQ=
-----END CERTIFICATE-----