Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/9HXpPtnyPcxCeZJ_4ObFYVIXbvE.roa
File:                     9HXpPtnyPcxCeZJ_4ObFYVIXbvE.roa (raw, json)
Hash identifier:          81WQhmTn7jzNpUCSJB05vFTkx5uDAqIH5sS/0OPVX+o=
Subject key identifier:   F4:75:E9:3E:D9:F2:3D:CC:42:79:92:7F:E0:E6:C5:61:52:17:6E:F1
Certificate issuer:       /CN=dbd4f8e4762377f86b07a8753f6e98f6f4b6b792
Certificate serial:       01856F9DB1EDAB96512E1822623DB08F9349
Authority key identifier: DB:D4:F8:E4:76:23:77:F8:6B:07:A8:75:3F:6E:98:F6:F4:B6:B7:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/29T45HYjd_hrB6h1P26Y9vS2t5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/9HXpPtnyPcxCeZJ_4ObFYVIXbvE.roa
Signing time:             Sun 01 Jan 2023 23:14:43 +0000
ROA not before:           Sun 01 Jan 2023 23:14:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59675
IP address blocks:        213.185.78.0/23 maxlen: 23
                          213.185.80.0/22 maxlen: 22
                          213.185.84.0/23 maxlen: 23
                          31.220.150.0/24 maxlen: 24
                          185.5.10.0/23 maxlen: 23
                          185.5.8.0/23 maxlen: 23
                          128.0.144.0/23 maxlen: 23
                          128.0.150.0/24 maxlen: 24
                          128.0.151.0/24 maxlen: 24
                          128.0.152.0/24 maxlen: 24
                          128.0.148.0/23 maxlen: 23
                          128.0.146.0/23 maxlen: 23
                          128.0.154.0/24 maxlen: 24
                          128.0.153.0/24 maxlen: 24
                          2a02:45c0::/32 maxlen: 32
                          2a02:45c0:10::/48 maxlen: 48
                          2a02:45c0:13::/48 maxlen: 48
                          2a02:45c0:9::/48 maxlen: 48
                          2a02:45c0:7::/48 maxlen: 48
                          2a02:45c0:8::/48 maxlen: 48
                          2a02:45c0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 31 Mar 2023 08:39:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:9d:b1:ed:ab:96:51:2e:18:22:62:3d:b0:8f:93:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbd4f8e4762377f86b07a8753f6e98f6f4b6b792
        Validity
            Not Before: Jan  1 23:14:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f475e93ed9f23dcc4279927fe0e6c56152176ef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:24:74:11:63:bf:d3:4f:8c:1d:0b:1f:12:b1:
                    0f:a7:2a:94:c5:83:8a:75:2f:72:ea:6e:81:77:ca:
                    95:a7:ae:2a:1b:59:ad:7a:0b:b0:6f:fd:87:7a:ae:
                    4f:48:24:e8:90:0d:e7:96:fd:b7:cb:67:2c:b6:db:
                    98:3e:47:af:0f:64:85:a9:be:6d:86:98:9f:a4:e9:
                    8d:4d:50:e3:24:c2:cf:a8:15:7d:e3:13:13:af:64:
                    21:3f:7d:6d:8e:0c:1f:7c:a1:6d:a0:a0:04:26:56:
                    fc:00:04:eb:ca:46:1f:54:1e:8c:15:be:c2:82:35:
                    91:9e:d6:d2:82:e2:e5:b2:66:d9:3e:ad:18:eb:e6:
                    23:18:79:a5:19:d5:0e:46:10:37:41:22:bd:93:4f:
                    04:fe:b0:16:d1:a8:b2:ca:9d:67:5d:94:0a:6d:19:
                    d1:ad:91:43:74:b6:74:24:2a:51:cc:63:89:2a:db:
                    0e:f2:af:60:a4:1b:bf:3e:11:bc:e0:f2:cb:d7:22:
                    45:8a:a9:c7:e4:35:a0:f5:2c:ab:51:83:54:cc:fa:
                    8a:ca:73:43:93:5d:f2:98:6c:f9:19:c0:4c:6a:7d:
                    24:0b:34:88:5e:ec:ee:c7:e2:62:a7:47:da:bb:71:
                    49:14:8e:9f:0e:7b:cb:57:52:c9:21:e1:3f:95:68:
                    50:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:75:E9:3E:D9:F2:3D:CC:42:79:92:7F:E0:E6:C5:61:52:17:6E:F1
            X509v3 Authority Key Identifier:
                keyid:DB:D4:F8:E4:76:23:77:F8:6B:07:A8:75:3F:6E:98:F6:F4:B6:B7:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/29T45HYjd_hrB6h1P26Y9vS2t5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/9HXpPtnyPcxCeZJ_4ObFYVIXbvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/29T45HYjd_hrB6h1P26Y9vS2t5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.150.0/24
                  128.0.144.0-128.0.154.255
                  185.5.8.0/22
                  213.185.78.0-213.185.85.255
                IPv6:
                  2a02:45c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:28:08:06:61:16:f8:56:37:25:46:1a:e8:65:e4:19:a8:07:
         a2:01:ec:21:cf:18:4a:09:45:e2:e1:94:f9:e4:1d:38:89:fe:
         b1:e8:88:b2:c7:e7:dc:df:ea:9e:85:49:d3:c0:99:2e:c2:51:
         10:94:f0:14:5c:fa:b5:9f:63:18:ca:60:0b:e3:38:cc:4e:1c:
         4d:2d:25:85:bd:6b:8d:83:6a:fb:11:73:f3:46:4f:4b:2a:b3:
         4a:0b:f8:5d:38:a5:47:52:2e:9a:72:ca:be:e5:6d:8b:37:c7:
         12:7f:c6:f9:64:fe:76:71:82:65:10:9a:e2:89:9d:f6:6f:9b:
         2f:54:d0:e9:a8:f5:26:ea:f6:b1:48:d1:ba:fd:01:c6:1b:52:
         1c:cf:62:3d:50:af:f9:12:4d:68:8e:de:06:e7:05:5c:48:0b:
         02:c0:7f:88:b3:55:14:20:de:f3:96:f6:7e:c6:1f:96:57:c8:
         e4:a1:34:0e:97:b9:fd:f9:0a:30:03:78:6d:85:fb:d9:2f:32:
         6b:7f:c9:10:99:b8:75:72:e1:73:6f:69:f3:90:12:ba:8a:e5:
         42:96:18:2a:4f:34:af:49:78:c6:7f:2a:c8:48:e8:c6:e6:74:
         36:37:25:07:1c:b5:b9:3d:54:c6:de:ae:bb:81:ef:97:eb:e0:
         4b:3d:26:0a
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYVvnbHtq5ZRLhgiYj2wj5NJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZDRmOGU0NzYyMzc3Zjg2YjA3YTg3NTNmNmU5OGY2ZjRi
NmI3OTIwHhcNMjMwMTAxMjMxNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDc1ZTkzZWQ5ZjIzZGNjNDI3OTkyN2ZlMGU2YzU2MTUyMTc2ZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiR0EWO/00+MHQsfErEPpyqUxYOK
dS9y6m6Bd8qVp64qG1mteguwb/2Heq5PSCTokA3nlv23y2csttuYPkevD2SFqb5t
hpifpOmNTVDjJMLPqBV94xMTr2QhP31tjgwffKFtoKAEJlb8AATrykYfVB6MFb7C
gjWRntbSguLlsmbZPq0Y6+YjGHmlGdUORhA3QSK9k08E/rAW0aiyyp1nXZQKbRnR
rZFDdLZ0JCpRzGOJKtsO8q9gpBu/PhG84PLL1yJFiqnH5DWg9SyrUYNUzPqKynND
k13ymGz5GcBMan0kCzSIXuzux+Jip0fau3FJFI6fDnvLV1LJIeE/lWhQFwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFPR16T7Z8j3MQnmSf+DmxWFSF27xMB8GA1UdIwQY
MBaAFNvU+OR2I3f4aweodT9umPb0treSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjlUNDVIWWpkX2hyQjZoMVAyNlk5dlMydDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kM2Y2NWQtYWZhYi00ZDI4LWI0NmUt
NjIwYTc5Y2Y3OTJiLzEvOUhYcFB0bnlQY3hDZVpKXzRPYkZZVklYYnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kM2Y2NWQtYWZhYi00ZDI4LWI0NmUtNjIwYTc5Y2Y3OTJi
LzEvMjlUNDVIWWpkX2hyQjZoMVAyNlk5dlMydDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwQAH9yWMAwD
BASAAJADBACAAJoDBAK5BQgwDAMEAdW5TgMEAdW5VDANBAIAAjAHAwUAKgJFwDAN
BgkqhkiG9w0BAQsFAAOCAQEABigIBmEW+FY3JUYa6GXkGagHogHsIc8YSglF4uGU
+eQdOIn+seiIssfn3N/qnoVJ08CZLsJREJTwFFz6tZ9jGMpgC+M4zE4cTS0lhb1r
jYNq+xFz80ZPSyqzSgv4XTilR1IumnLKvuVtizfHEn/G+WT+dnGCZRCa4omd9m+b
L1TQ6aj1Jur2sUjRuv0BxhtSHM9iPVCv+RJNaI7eBucFXEgLAsB/iLNVFCDe85b2
fsYfllfI5KE0Dpe5/fkKMAN4bYX72S8ya3/JEJm4dXLhc29p85ASuorlQpYYKk80
r0l4xn8qyEjoxuZ0NjclBxy1uT1Uxt6uu4Hvl+vgSz0mCg==
-----END CERTIFICATE-----