Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/AOo77_7CxS4t1j-YuJNg21R71iU.roa
File:                     AOo77_7CxS4t1j-YuJNg21R71iU.roa (raw, json)
Hash identifier:          z+WGnfHO/uhG9bwx9pmwV41wTtoxA6S4Yq27CDGvngA=
Subject key identifier:   00:EA:3B:EF:FE:C2:C5:2E:2D:D6:3F:98:B8:93:60:DB:54:7B:D6:25
Certificate issuer:       /CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
Certificate serial:       0187E27D6AFA4CFFE4D0849C1629FF274557
Authority key identifier: 95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/AOo77_7CxS4t1j-YuJNg21R71iU.roa
Signing time:             Wed 03 May 2023 16:41:22 +0000
ROA not before:           Wed 03 May 2023 16:41:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     54203
IP address blocks:        185.147.213.0/24 maxlen: 24
                          185.147.212.0/24 maxlen: 24
                          185.147.214.0/24 maxlen: 24
                          185.147.215.0/24 maxlen: 24
                          2a03:efc0:1300::/40 maxlen: 40
                          2a03:efc0:200::/40 maxlen: 40
                          2a03:efc0:900::/40 maxlen: 40
                          2a03:efc0:1900::/40 maxlen: 40
                          2a03:efc0:1700::/40 maxlen: 40
                          2a03:efc0:1500::/40 maxlen: 40
                          2a03:efc0:1100::/40 maxlen: 40
                          2a03:efc0:700::/40 maxlen: 40
                          2a03:efc0:500::/40 maxlen: 40

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e2:7d:6a:fa:4c:ff:e4:d0:84:9c:16:29:ff:27:45:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
        Validity
            Not Before: May  3 16:41:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=00ea3beffec2c52e2dd63f98b89360db547bd625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9d:e5:ed:24:a6:98:6d:14:6d:7c:29:06:3f:
                    04:56:87:a9:48:d9:3e:f0:84:ca:80:d2:c5:c0:bc:
                    79:2f:06:5b:1a:ca:7d:fa:57:01:26:b2:aa:18:ee:
                    f3:7e:c8:1a:7f:a7:63:6a:bb:ad:e8:6d:f1:22:f8:
                    79:92:1f:43:86:2b:6d:de:c2:a7:55:e0:05:6b:11:
                    65:7f:04:f5:c5:25:9b:d5:ac:e1:62:53:65:ec:61:
                    b2:8c:4e:9d:5d:ee:2a:54:16:9e:7d:a5:2b:a7:a6:
                    2e:4e:00:30:36:e8:58:ec:02:7c:1b:d6:05:9c:21:
                    65:c7:19:0e:3f:8b:e4:58:c8:ec:49:d5:fe:42:c0:
                    13:b0:98:89:b0:39:3b:35:38:f0:c5:ed:c5:d0:cc:
                    3f:af:42:d6:c9:4f:b1:d2:69:30:32:d6:25:b2:5c:
                    7a:5e:bf:a9:a5:e1:b3:6f:dd:d9:9a:5c:b2:50:3d:
                    d3:4e:0b:bb:74:dd:0b:6d:56:c2:1a:27:1b:9d:45:
                    e6:12:38:a6:c3:32:c5:15:39:ad:6d:c1:46:69:c2:
                    5a:8c:c2:fb:8d:08:35:79:fe:68:50:0b:89:94:41:
                    c6:4e:11:0e:d8:37:b6:c3:15:de:ae:1c:66:57:f9:
                    65:f3:fb:47:b9:8d:5e:64:25:45:cb:5b:13:34:77:
                    87:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:EA:3B:EF:FE:C2:C5:2E:2D:D6:3F:98:B8:93:60:DB:54:7B:D6:25
            X509v3 Authority Key Identifier:
                keyid:95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/AOo77_7CxS4t1j-YuJNg21R71iU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.212.0/22
                IPv6:
                  2a03:efc0:200::/40
                  2a03:efc0:500::/40
                  2a03:efc0:700::/40
                  2a03:efc0:900::/40
                  2a03:efc0:1100::/40
                  2a03:efc0:1300::/40
                  2a03:efc0:1500::/40
                  2a03:efc0:1700::/40
                  2a03:efc0:1900::/40

    Signature Algorithm: sha256WithRSAEncryption
         29:20:76:95:04:84:2c:8b:9f:8f:76:40:79:67:14:6f:d9:17:
         7e:6f:61:8c:1e:32:13:59:e0:59:2b:51:34:6b:53:b9:8c:4d:
         4d:b2:aa:e9:cf:dc:60:f4:f1:01:ec:ea:e6:aa:2b:c6:18:f5:
         94:88:b3:a3:d2:20:85:fd:20:47:4c:7d:cc:c4:3a:9f:43:7f:
         c2:12:de:98:f1:b1:41:fb:17:24:ce:7c:b1:1f:3d:7d:b4:c5:
         c7:24:fb:4c:d4:03:b5:2b:91:ed:4b:fb:b3:04:bd:b0:57:94:
         47:cc:26:2d:d7:13:77:a4:be:3e:5e:77:39:ac:2a:35:8f:fb:
         4c:17:d5:67:f3:cd:ea:84:a5:bb:06:26:b3:cd:99:66:83:e7:
         63:3e:69:5b:72:fb:cf:9f:de:b6:3d:db:41:9d:d6:8a:cf:d5:
         8b:f4:ca:e6:eb:60:cb:c2:c8:ba:fd:09:8e:c2:6d:de:67:fa:
         45:ba:8f:7f:5d:fd:68:8e:1c:e7:b5:18:2d:85:66:4d:d2:da:
         9d:15:8e:36:3f:1e:12:bd:10:ce:08:68:52:f8:fa:79:33:33:
         ff:ab:ca:3f:70:05:fe:32:9a:a3:0c:5d:c6:00:85:19:26:63:
         ad:66:a1:d6:1a:52:45:9a:48:53:ec:b3:f0:84:7c:ab:95:bd:
         5c:08:e8:c4
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYfifWr6TP/k0IScFin/J0VXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDJkOGI4MjY5YzZiMDdmODE0YWNmMGM3ZWQ3MjliM2Y0
YjU5ODQwHhcNMjMwNTAzMTY0MTIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGVhM2JlZmZlYzJjNTJlMmRkNjNmOThiODkzNjBkYjU0N2JkNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp3l7SSmmG0UbXwpBj8EVoepSNk+
8ITKgNLFwLx5LwZbGsp9+lcBJrKqGO7zfsgaf6djarut6G3xIvh5kh9Dhitt3sKn
VeAFaxFlfwT1xSWb1azhYlNl7GGyjE6dXe4qVBaefaUrp6YuTgAwNuhY7AJ8G9YF
nCFlxxkOP4vkWMjsSdX+QsATsJiJsDk7NTjwxe3F0Mw/r0LWyU+x0mkwMtYlslx6
Xr+ppeGzb93ZmlyyUD3TTgu7dN0LbVbCGicbnUXmEjimwzLFFTmtbcFGacJajML7
jQg1ef5oUAuJlEHGThEO2De2wxXerhxmV/ll8/tHuY1eZCVFy1sTNHeH6QIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFADqO+/+wsUuLdY/mLiTYNtUe9YlMB8GA1UdIwQY
MBaAFJUC2LgmnGsH+BSs8Mftcps/S1mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYt
MDFiOGJiNmFkOTBhLzEvQU9vNzdfN0N4UzR0MWotWXVKTmcyMVI3MWlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYtMDFiOGJiNmFkOTBh
LzEvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjAMBAIAATAGAwQCuZPUME4E
AgACMEgDBgAqA+/AAgMGACoD78AFAwYAKgPvwAcDBgAqA+/ACQMGACoD78ARAwYA
KgPvwBMDBgAqA+/AFQMGACoD78AXAwYAKgPvwBkwDQYJKoZIhvcNAQELBQADggEB
ACkgdpUEhCyLn492QHlnFG/ZF35vYYweMhNZ4FkrUTRrU7mMTU2yqunP3GD08QHs
6uaqK8YY9ZSIs6PSIIX9IEdMfczEOp9Df8IS3pjxsUH7FyTOfLEfPX20xcck+0zU
A7Urke1L+7MEvbBXlEfMJi3XE3ekvj5edzmsKjWP+0wX1WfzzeqEpbsGJrPNmWaD
52M+aVty+8+f3rY920Gd1orP1Yv0yubrYMvCyLr9CY7Cbd5n+kW6j39d/WiOHOe1
GC2FZk3S2p0VjjY/HhK9EM4IaFL4+nkzM/+ryj9wBf4ymqMMXcYAhRkmY61modYa
UkWaSFPss/CEfKuVvVwI6MQ=
-----END CERTIFICATE-----