Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/gOytP1prpuZ9A_gmaycNAWDON5g.roa
File:                     gOytP1prpuZ9A_gmaycNAWDON5g.roa (raw, json)
Hash identifier:          wWxF4m7B9qIhiDNhXLSRtbFGFaaonU8mjALBiKgEll0=
Subject key identifier:   80:EC:AD:3F:5A:6B:A6:E6:7D:03:F8:26:6B:27:0D:01:60:CE:37:98
Certificate issuer:       /CN=dbd4f8e4762377f86b07a8753f6e98f6f4b6b792
Certificate serial:       018AD5490540CC82D4D558EA1239B687076B
Authority key identifier: DB:D4:F8:E4:76:23:77:F8:6B:07:A8:75:3F:6E:98:F6:F4:B6:B7:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/29T45HYjd_hrB6h1P26Y9vS2t5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/gOytP1prpuZ9A_gmaycNAWDON5g.roa
Signing time:             Wed 27 Sep 2023 06:17:27 +0000
ROA not before:           Wed 27 Sep 2023 06:17:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59675
IP address blocks:        213.185.78.0/23 maxlen: 23
                          213.185.80.0/22 maxlen: 22
                          213.185.84.0/23 maxlen: 23
                          31.220.150.0/24 maxlen: 24
                          185.5.10.0/23 maxlen: 23
                          185.5.8.0/23 maxlen: 23
                          128.0.144.0/23 maxlen: 23
                          128.0.150.0/24 maxlen: 24
                          128.0.151.0/24 maxlen: 24
                          128.0.152.0/24 maxlen: 24
                          128.0.148.0/23 maxlen: 23
                          128.0.146.0/23 maxlen: 23
                          128.0.154.0/24 maxlen: 24
                          128.0.153.0/24 maxlen: 24
                          2a02:45c0::/32 maxlen: 32
                          2a02:45c0:10::/48 maxlen: 48
                          2a02:45c0:13::/48 maxlen: 48
                          2a02:45c0:9::/48 maxlen: 48
                          2a02:45c0:19::/48 maxlen: 48
                          2a02:45c0:7::/48 maxlen: 48
                          2a02:45c0:18::/48 maxlen: 48
                          2a02:45c0:8::/48 maxlen: 48
                          2a02:45c0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 28 Oct 2023 05:33:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d5:49:05:40:cc:82:d4:d5:58:ea:12:39:b6:87:07:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbd4f8e4762377f86b07a8753f6e98f6f4b6b792
        Validity
            Not Before: Sep 27 06:17:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=80ecad3f5a6ba6e67d03f8266b270d0160ce3798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a7:da:cb:b6:57:38:31:05:38:5c:a4:0b:b2:
                    e6:ab:15:8b:6d:ba:e9:dc:5b:da:d3:d2:92:53:2d:
                    cd:9e:88:94:64:7d:56:d5:9a:f6:d9:f1:09:3e:86:
                    bd:ce:c0:6c:5f:32:8a:ce:dc:24:fe:77:46:cc:46:
                    83:0d:20:fa:85:78:10:c9:20:ec:b0:75:f6:19:b7:
                    12:f5:3c:c7:10:fc:ca:94:b5:9d:79:bf:af:4a:62:
                    bc:dd:ae:66:e7:32:14:b2:fd:41:5e:d0:e7:95:d1:
                    f2:eb:81:53:fe:84:aa:88:a1:e9:7c:d9:8c:9d:10:
                    48:de:7e:a7:98:f9:cd:db:26:84:a2:51:34:72:c3:
                    6b:ff:49:84:c4:97:6f:98:1a:e4:e4:c2:61:02:ff:
                    dc:af:23:47:f2:5d:16:ac:3b:08:8f:fe:03:4e:a2:
                    32:5a:96:d0:f6:af:f7:a0:89:ae:6b:d1:8a:f3:50:
                    1a:f9:60:95:26:08:74:9c:b8:00:b7:eb:f1:2e:72:
                    16:85:e8:9a:d1:a2:47:eb:fd:e2:57:32:ae:86:94:
                    41:9a:a2:24:14:be:ee:00:af:36:0b:12:0f:c0:5e:
                    3d:2f:52:c3:8c:b7:b4:56:44:4f:81:7d:a2:94:bc:
                    7c:f6:9e:8e:83:ba:fe:96:ce:69:39:e9:6a:cd:ff:
                    f2:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:EC:AD:3F:5A:6B:A6:E6:7D:03:F8:26:6B:27:0D:01:60:CE:37:98
            X509v3 Authority Key Identifier:
                keyid:DB:D4:F8:E4:76:23:77:F8:6B:07:A8:75:3F:6E:98:F6:F4:B6:B7:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/29T45HYjd_hrB6h1P26Y9vS2t5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/gOytP1prpuZ9A_gmaycNAWDON5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/29T45HYjd_hrB6h1P26Y9vS2t5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.150.0/24
                  128.0.144.0-128.0.154.255
                  185.5.8.0/22
                  213.185.78.0-213.185.85.255
                IPv6:
                  2a02:45c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:85:e6:14:45:c8:93:5c:86:6e:5e:e4:42:ad:fc:49:a3:9b:
         89:1a:48:83:8f:b5:a6:f3:ac:8c:7e:96:b6:6b:02:e2:76:2f:
         fb:bf:71:0f:5d:11:07:7a:02:e9:08:2b:39:03:d2:3d:bd:58:
         b2:1b:bc:98:fe:1f:13:88:7a:46:4d:95:12:32:e9:de:09:53:
         aa:a9:23:55:b9:43:b8:ff:2c:e9:0d:0c:01:46:de:8e:4d:f9:
         d6:1b:71:a8:c1:72:0c:29:cd:b4:04:ec:c1:31:90:c5:b6:fa:
         02:ed:11:fa:fa:b7:bc:d0:86:e2:09:14:b7:6b:10:fe:ad:51:
         41:06:c6:7e:d4:83:59:e4:4d:22:21:9e:7c:ea:43:7b:cc:f1:
         0c:59:38:27:b5:06:63:2f:a2:53:54:5c:4c:d7:da:e3:e8:9b:
         c9:84:01:d7:37:f6:05:7a:e8:eb:40:1e:0e:e1:37:b2:bf:a8:
         61:86:9a:59:60:2b:4d:53:d9:f0:43:23:b5:6a:b8:8f:5c:66:
         ac:f4:50:12:80:51:0c:fc:83:86:ef:91:bc:17:75:c3:c0:fb:
         eb:a9:f4:41:0d:0c:76:d7:7e:60:e1:08:77:1b:df:79:a3:24:
         d0:94:8c:12:cb:4f:1d:a9:fd:0c:37:db:0a:23:0d:25:8a:19:
         41:9c:a5:02
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYrVSQVAzILU1VjqEjm2hwdrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZDRmOGU0NzYyMzc3Zjg2YjA3YTg3NTNmNmU5OGY2ZjRi
NmI3OTIwHhcNMjMwOTI3MDYxNzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGVjYWQzZjVhNmJhNmU2N2QwM2Y4MjY2YjI3MGQwMTYwY2UzNzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlafay7ZXODEFOFykC7LmqxWLbbrp
3Fva09KSUy3NnoiUZH1W1Zr22fEJPoa9zsBsXzKKztwk/ndGzEaDDSD6hXgQySDs
sHX2GbcS9TzHEPzKlLWdeb+vSmK83a5m5zIUsv1BXtDnldHy64FT/oSqiKHpfNmM
nRBI3n6nmPnN2yaEolE0csNr/0mExJdvmBrk5MJhAv/cryNH8l0WrDsIj/4DTqIy
WpbQ9q/3oImua9GK81Aa+WCVJgh0nLgAt+vxLnIWheia0aJH6/3iVzKuhpRBmqIk
FL7uAK82CxIPwF49L1LDjLe0VkRPgX2ilLx89p6Og7r+ls5pOelqzf/yoQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFIDsrT9aa6bmfQP4JmsnDQFgzjeYMB8GA1UdIwQY
MBaAFNvU+OR2I3f4aweodT9umPb0treSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjlUNDVIWWpkX2hyQjZoMVAyNlk5dlMydDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kM2Y2NWQtYWZhYi00ZDI4LWI0NmUt
NjIwYTc5Y2Y3OTJiLzEvZ095dFAxcHJwdVo5QV9nbWF5Y05BV0RPTjVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kM2Y2NWQtYWZhYi00ZDI4LWI0NmUtNjIwYTc5Y2Y3OTJi
LzEvMjlUNDVIWWpkX2hyQjZoMVAyNlk5dlMydDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwQAH9yWMAwD
BASAAJADBACAAJoDBAK5BQgwDAMEAdW5TgMEAdW5VDANBAIAAjAHAwUAKgJFwDAN
BgkqhkiG9w0BAQsFAAOCAQEAZ4XmFEXIk1yGbl7kQq38SaObiRpIg4+1pvOsjH6W
tmsC4nYv+79xD10RB3oC6QgrOQPSPb1Yshu8mP4fE4h6Rk2VEjLp3glTqqkjVblD
uP8s6Q0MAUbejk351htxqMFyDCnNtATswTGQxbb6Au0R+vq3vNCG4gkUt2sQ/q1R
QQbGftSDWeRNIiGefOpDe8zxDFk4J7UGYy+iU1RcTNfa4+ibyYQB1zf2BXro60Ae
DuE3sr+oYYaaWWArTVPZ8EMjtWq4j1xmrPRQEoBRDPyDhu+RvBd1w8D766n0QQ0M
dtd+YOEIdxvfeaMk0JSMEstPHan9DDfbCiMNJYoZQZylAg==
-----END CERTIFICATE-----