Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/9WrmoH1lT7nlxLTWc-Uerfd8EDU.roa
File:                     9WrmoH1lT7nlxLTWc-Uerfd8EDU.roa (raw, json)
Hash identifier:          ktpCH3Sy/zPLuTOLQRX0xlgu5aovM5ghgiXNLVxCJqg=
Subject key identifier:   F5:6A:E6:A0:7D:65:4F:B9:E5:C4:B4:D6:73:E5:1E:AD:F7:7C:10:35
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       01887AAE6E882D5B3E4682D8B503226BD12E
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/9WrmoH1lT7nlxLTWc-Uerfd8EDU.roa
Signing time:             Fri 02 Jun 2023 05:57:11 +0000
ROA not before:           Fri 02 Jun 2023 05:57:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35913
IP address blocks:        85.153.76.0/22 maxlen: 22
                          85.153.112.0/24 maxlen: 24
                          85.153.116.0/24 maxlen: 24
                          85.153.117.0/24 maxlen: 24
                          85.153.114.0/24 maxlen: 24
                          85.153.115.0/24 maxlen: 24
                          85.153.22.0/24 maxlen: 24
                          85.153.23.0/24 maxlen: 24
                          85.153.20.0/24 maxlen: 24
                          85.153.21.0/24 maxlen: 24
                          85.153.31.0/24 maxlen: 24
                          85.153.30.0/24 maxlen: 24
                          85.153.28.0/24 maxlen: 24
                          85.153.44.0/24 maxlen: 24
                          85.153.47.0/24 maxlen: 24
                          85.153.57.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 27 Jun 2023 15:46:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7a:ae:6e:88:2d:5b:3e:46:82:d8:b5:03:22:6b:d1:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Jun  2 05:57:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f56ae6a07d654fb9e5c4b4d673e51eadf77c1035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d7:80:ca:d9:b1:f9:c7:1f:89:12:97:a0:3b:
                    aa:e8:ab:a1:f3:fb:f5:c4:9f:77:52:bf:4f:9b:32:
                    d9:be:05:0d:6e:66:ef:1b:d6:af:8d:70:53:81:99:
                    4d:03:f0:00:a2:87:16:6d:ab:66:90:86:05:ce:5f:
                    b6:4b:54:50:04:8f:48:e2:71:06:1c:c5:e9:67:2e:
                    49:41:1a:ae:85:ec:6f:29:ff:0d:4b:3a:40:89:5f:
                    31:ff:08:0e:8e:95:09:0d:94:89:54:64:e1:5f:ca:
                    50:c0:1b:37:80:dd:41:ea:91:e4:74:92:17:23:51:
                    b3:98:8f:d3:3b:58:29:ce:27:f1:62:15:9c:23:22:
                    96:88:ab:33:d5:1d:f5:41:ed:48:a3:65:dd:5a:d4:
                    a5:a4:a8:c7:69:63:13:25:40:5a:aa:4e:e4:6b:8a:
                    ce:b7:b4:e5:3e:6b:fe:28:18:40:3a:47:6e:32:25:
                    69:f2:57:ad:43:2f:38:b5:6c:8a:12:97:36:30:ce:
                    98:e8:32:14:b4:70:59:3f:68:16:34:71:55:c3:aa:
                    8e:ab:d4:e5:f8:bb:bb:c0:fd:52:00:16:8e:31:4d:
                    b1:2e:cc:f1:f5:52:4b:5f:14:c4:78:83:2d:c1:9a:
                    03:95:20:2b:70:c3:18:17:93:f1:bb:e5:8d:b7:43:
                    ac:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:6A:E6:A0:7D:65:4F:B9:E5:C4:B4:D6:73:E5:1E:AD:F7:7C:10:35
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/9WrmoH1lT7nlxLTWc-Uerfd8EDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.20.0/22
                  85.153.28.0/24
                  85.153.30.0/23
                  85.153.44.0/24
                  85.153.47.0/24
                  85.153.57.0/24
                  85.153.76.0/22
                  85.153.112.0/24
                  85.153.114.0-85.153.117.255

    Signature Algorithm: sha256WithRSAEncryption
         84:a3:c5:29:a0:8c:a1:53:74:bf:de:ab:2c:91:d4:6c:d2:bd:
         bc:37:f0:17:33:2a:64:c6:1f:b6:d0:ea:83:74:13:39:cf:20:
         81:13:b8:62:06:be:37:55:aa:3e:30:8b:0e:0d:64:b0:b3:e7:
         04:11:c1:64:0e:d8:8c:fc:6e:75:cf:fa:18:bd:85:72:8b:6e:
         bb:28:dc:51:82:6f:25:4f:f5:1f:56:82:7c:4f:56:a0:51:b7:
         14:45:9a:c9:8c:21:d6:be:8c:27:e0:db:fc:8e:91:0b:1a:70:
         68:a7:7a:6b:a6:62:b3:75:dd:bc:5b:69:cd:ea:7d:3b:bc:88:
         43:b2:4e:f1:08:cf:19:69:4a:3b:ea:f3:36:a2:89:cb:29:73:
         93:2b:34:c9:24:5f:29:9b:12:b3:cd:da:f9:b9:af:7e:bb:0c:
         a5:47:ea:4c:9e:a6:06:5c:59:8e:91:be:49:c7:d1:e1:63:8b:
         ba:7f:6f:53:f3:01:fe:a8:d7:9c:c9:29:e7:61:7c:ec:14:b8:
         ff:c7:db:da:c8:96:cb:85:58:b9:09:24:97:8b:68:fc:15:4c:
         dc:b1:b3:9e:12:24:4e:41:8c:ed:ed:b7:7d:dd:3b:29:06:0b:
         be:83:cb:8f:07:88:f6:de:ce:9e:a7:5f:ea:b3:a2:96:3b:a4:
         45:9c:1d:27
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYh6rm6ILVs+RoLYtQMia9EuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjMwNjAyMDU1NzExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTZhZTZhMDdkNjU0ZmI5ZTVjNGI0ZDY3M2U1MWVhZGY3N2MxMDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdeAytmx+ccfiRKXoDuq6Kuh8/v1
xJ93Ur9PmzLZvgUNbmbvG9avjXBTgZlNA/AAoocWbatmkIYFzl+2S1RQBI9I4nEG
HMXpZy5JQRquhexvKf8NSzpAiV8x/wgOjpUJDZSJVGThX8pQwBs3gN1B6pHkdJIX
I1GzmI/TO1gpzifxYhWcIyKWiKsz1R31Qe1Io2XdWtSlpKjHaWMTJUBaqk7ka4rO
t7TlPmv+KBhAOkduMiVp8letQy84tWyKEpc2MM6Y6DIUtHBZP2gWNHFVw6qOq9Tl
+Lu7wP1SABaOMU2xLszx9VJLXxTEeIMtwZoDlSArcMMYF5Pxu+WNt0OsMQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPVq5qB9ZU+55cS01nPlHq33fBA1MB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvOVdybW9IMWxUN25seExUV2MtVWVyZmQ4RURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCVZkUAwQA
VZkcAwQBVZkeAwQAVZksAwQAVZkvAwQAVZk5AwQCVZlMAwQAVZlwMAwDBAFVmXID
BAFVmXQwDQYJKoZIhvcNAQELBQADggEBAISjxSmgjKFTdL/eqyyR1GzSvbw38Bcz
KmTGH7bQ6oN0EznPIIETuGIGvjdVqj4wiw4NZLCz5wQRwWQO2Iz8bnXP+hi9hXKL
brso3FGCbyVP9R9WgnxPVqBRtxRFmsmMIda+jCfg2/yOkQsacGinemumYrN13bxb
ac3qfTu8iEOyTvEIzxlpSjvq8zaiicspc5MrNMkkXymbErPN2vm5r367DKVH6kye
pgZcWY6RvknH0eFji7p/b1PzAf6o15zJKedhfOwUuP/H29rIlsuFWLkJJJeLaPwV
TNyxs54SJE5BjO3tt33dOykGC76Dy48HiPbezp6nX+qzopY7pEWcHSc=
-----END CERTIFICATE-----