Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/idNMy_wnRMrj2OYVZn7ujFfmeJw.roa
File:                     idNMy_wnRMrj2OYVZn7ujFfmeJw.roa (raw, json)
Hash identifier:          aTdSNBTs0r1AXpdLvHoExdjWx+AqJ154plEAaQkxajg=
Subject key identifier:   89:D3:4C:CB:FC:27:44:CA:E3:D8:E6:15:66:7E:EE:8C:57:E6:78:9C
Certificate issuer:       /CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
Certificate serial:       01856D5CE4A99D74186B601E7516488AA86C
Authority key identifier: 95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/idNMy_wnRMrj2OYVZn7ujFfmeJw.roa
Signing time:             Sun 01 Jan 2023 12:44:42 +0000
ROA not before:           Sun 01 Jan 2023 12:44:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     54203
IP address blocks:        185.147.213.0/24 maxlen: 24
                          185.147.212.0/24 maxlen: 24
                          185.147.214.0/24 maxlen: 24
                          185.147.215.0/24 maxlen: 24
                          2a03:efc0:ba5e::/48 maxlen: 48
                          2a03:efc0:500::/40 maxlen: 40
                          2a03:efc0:700::/40 maxlen: 40
                          2a03:efc0:1100::/40 maxlen: 40
                          2a03:efc0:1500::/40 maxlen: 40
                          2a03:efc0:1700::/40 maxlen: 40
                          2a03:efc0:1900::/40 maxlen: 40
                          2a03:efc0:900::/40 maxlen: 40
                          2a03:efc0:200::/40 maxlen: 40
                          2a03:efc0:1300::/40 maxlen: 40

Validation:               Failed, certificate revoked on Wed 03 May 2023 16:41:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:5c:e4:a9:9d:74:18:6b:60:1e:75:16:48:8a:a8:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
        Validity
            Not Before: Jan  1 12:44:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=89d34ccbfc2744cae3d8e615667eee8c57e6789c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:fe:1a:1e:52:e6:22:32:d1:83:d3:26:13:65:
                    57:0e:10:56:59:4c:c0:d1:d8:a0:f7:bf:4a:dd:fe:
                    10:b4:f9:ee:7e:08:d1:2e:62:19:c3:9e:26:0a:88:
                    3a:4b:02:f9:3a:7a:d7:ad:06:0c:97:cf:fe:b2:1e:
                    f5:3e:99:f4:f3:ea:98:87:80:17:6b:11:33:3c:c0:
                    5f:dc:b9:4f:f2:1e:31:66:e6:c3:ac:bf:aa:97:c2:
                    32:a1:83:c8:d5:b3:da:89:bf:c5:a9:8a:38:01:51:
                    f8:5a:47:a9:04:03:99:4c:a6:ab:47:b0:3c:09:e4:
                    fa:ba:97:50:08:07:f5:50:7e:87:77:12:f2:2e:c4:
                    f8:75:c2:da:56:18:4b:9f:5b:77:ae:ed:df:26:4c:
                    18:fd:7b:eb:4b:39:dc:d3:15:59:0b:cb:f7:56:0a:
                    87:fe:b3:a3:c9:5a:ac:09:da:09:ce:70:69:b9:fd:
                    04:fb:00:71:3b:50:ea:3a:3d:f3:d4:2f:c5:b4:2a:
                    b4:71:f3:61:43:d7:58:3c:b6:19:b2:d5:01:52:ba:
                    c3:fe:e7:73:61:ff:9a:4a:ea:a6:31:aa:de:c0:5d:
                    49:35:94:28:f6:db:37:90:6d:41:23:20:ab:fe:b4:
                    48:2a:02:73:dd:81:3b:e7:73:0c:e1:72:52:a2:16:
                    ab:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:D3:4C:CB:FC:27:44:CA:E3:D8:E6:15:66:7E:EE:8C:57:E6:78:9C
            X509v3 Authority Key Identifier:
                keyid:95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/idNMy_wnRMrj2OYVZn7ujFfmeJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.212.0/22
                IPv6:
                  2a03:efc0:200::/40
                  2a03:efc0:500::/40
                  2a03:efc0:700::/40
                  2a03:efc0:900::/40
                  2a03:efc0:1100::/40
                  2a03:efc0:1300::/40
                  2a03:efc0:1500::/40
                  2a03:efc0:1700::/40
                  2a03:efc0:1900::/40
                  2a03:efc0:ba5e::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:f6:c8:e4:8a:ef:4b:56:a3:58:40:88:2b:f3:30:9c:9a:71:
         ae:7f:69:11:e7:bc:2c:c9:80:4a:81:45:62:83:13:a5:19:53:
         25:78:f7:02:c5:80:36:76:ae:0e:cc:46:0d:75:7e:e2:15:93:
         b5:b3:a0:d1:46:5d:3d:02:e5:6d:22:17:f0:12:7c:c7:98:67:
         f6:f4:d0:1b:5a:77:6d:cf:2b:86:54:25:ce:3e:b4:eb:97:20:
         eb:63:d4:10:45:38:42:25:84:82:3f:e0:ce:b8:14:d6:29:5e:
         80:ec:04:34:c6:ca:dd:f5:a7:3f:15:3f:9f:cd:ed:27:ae:18:
         53:f5:e3:71:3c:ac:c8:fe:f8:e1:e6:d7:b8:50:f2:a9:4f:ba:
         dc:80:d2:61:30:3f:68:91:d2:bd:07:ab:f3:cc:9e:ea:66:ed:
         40:fe:e9:ad:ae:93:9b:d9:a8:22:b0:5c:00:e8:13:8c:3d:f2:
         3b:fd:d5:8c:39:89:08:97:e7:20:b9:a5:d3:58:fc:15:25:2f:
         67:90:98:8b:16:5c:39:54:14:30:e6:15:01:16:2c:ed:f9:7a:
         8e:ae:90:9e:12:13:15:26:7d:51:45:61:f2:d0:74:65:b0:d1:
         cd:82:bd:4c:97:c3:31:04:7f:a1:d2:6a:cf:9a:e5:7e:0c:93:
         68:2f:4b:34
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYVtXOSpnXQYa2AedRZIiqhsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDJkOGI4MjY5YzZiMDdmODE0YWNmMGM3ZWQ3MjliM2Y0
YjU5ODQwHhcNMjMwMTAxMTI0NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWQzNGNjYmZjMjc0NGNhZTNkOGU2MTU2NjdlZWU4YzU3ZTY3ODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgP4aHlLmIjLRg9MmE2VXDhBWWUzA
0dig979K3f4QtPnufgjRLmIZw54mCog6SwL5OnrXrQYMl8/+sh71Ppn08+qYh4AX
axEzPMBf3LlP8h4xZubDrL+ql8IyoYPI1bPaib/FqYo4AVH4WkepBAOZTKarR7A8
CeT6updQCAf1UH6HdxLyLsT4dcLaVhhLn1t3ru3fJkwY/XvrSznc0xVZC8v3VgqH
/rOjyVqsCdoJznBpuf0E+wBxO1DqOj3z1C/FtCq0cfNhQ9dYPLYZstUBUrrD/udz
Yf+aSuqmMarewF1JNZQo9ts3kG1BIyCr/rRIKgJz3YE753MM4XJSoharOwIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFInTTMv8J0TK49jmFWZ+7oxX5nicMB8GA1UdIwQY
MBaAFJUC2LgmnGsH+BSs8Mftcps/S1mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYt
MDFiOGJiNmFkOTBhLzEvaWROTXlfd25STXJqMk9ZVlpuN3VqRmZtZUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYtMDFiOGJiNmFkOTBh
LzEvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzAMBAIAATAGAwQCuZPUMFcE
AgACMFEDBgAqA+/AAgMGACoD78AFAwYAKgPvwAcDBgAqA+/ACQMGACoD78ARAwYA
KgPvwBMDBgAqA+/AFQMGACoD78AXAwYAKgPvwBkDBwAqA+/Aul4wDQYJKoZIhvcN
AQELBQADggEBAAD2yOSK70tWo1hAiCvzMJyaca5/aRHnvCzJgEqBRWKDE6UZUyV4
9wLFgDZ2rg7MRg11fuIVk7WzoNFGXT0C5W0iF/ASfMeYZ/b00Btad23PK4ZUJc4+
tOuXIOtj1BBFOEIlhII/4M64FNYpXoDsBDTGyt31pz8VP5/N7SeuGFP143E8rMj+
+OHm17hQ8qlPutyA0mEwP2iR0r0Hq/PMnupm7UD+6a2uk5vZqCKwXADoE4w98jv9
1Yw5iQiX5yC5pdNY/BUlL2eQmIsWXDlUFDDmFQEWLO35eo6ukJ4SExUmfVFFYfLQ
dGWw0c2CvUyXwzEEf6HSas+a5X4Mk2gvSzQ=
-----END CERTIFICATE-----