Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/DgopKiY-pjaYsZHL1-i77seSI_4.roa
File:                     DgopKiY-pjaYsZHL1-i77seSI_4.roa (raw, json)
Hash identifier:          SupSKDmVRc4yeV5ynp1ioxkVGiGVecCHk4LJ7R/7UR8=
Subject key identifier:   0E:0A:29:2A:26:3E:A6:36:98:B1:91:CB:D7:E8:BB:EE:C7:92:23:FE
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       0189F95E074090CB8A64E29A11D5E0B8A5C1
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/DgopKiY-pjaYsZHL1-i77seSI_4.roa
Signing time:             Tue 15 Aug 2023 13:23:56 +0000
ROA not before:           Tue 15 Aug 2023 13:23:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8985
IP address blocks:        194.190.146.0/24 maxlen: 24
                          194.226.16.0/24 maxlen: 24
                          194.85.16.0/24 maxlen: 24
                          195.208.222.0/24 maxlen: 24
                          195.208.24.0/21 maxlen: 21
                          195.208.29.0/24 maxlen: 24
                          193.232.64.0/24 maxlen: 24
                          193.232.76.0/24 maxlen: 24
                          195.209.147.0/24 maxlen: 24
                          195.209.148.0/24 maxlen: 24
                          193.232.226.0/23 maxlen: 23
                          194.226.41.0/24 maxlen: 24
                          194.226.38.0/23 maxlen: 23
                          195.19.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 15 Aug 2023 13:48:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:f9:5e:07:40:90:cb:8a:64:e2:9a:11:d5:e0:b8:a5:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Aug 15 13:23:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0e0a292a263ea63698b191cbd7e8bbeec79223fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:75:1c:8e:65:99:52:31:37:27:37:01:85:84:
                    0b:a7:94:00:35:50:37:0f:74:11:e0:4a:4e:04:68:
                    f5:e3:af:90:56:df:a3:a3:32:85:fc:d4:22:30:21:
                    1a:da:95:fd:5d:97:2c:44:26:2f:0c:7f:09:e2:df:
                    d6:34:2e:ef:f3:19:46:c1:2d:d3:dd:6b:70:3f:c5:
                    ec:f5:ea:e3:22:74:0d:0a:9a:e6:04:f3:65:a8:b9:
                    8e:5e:f0:09:d2:05:04:de:74:00:4c:88:25:34:05:
                    ff:a1:62:eb:8c:0d:23:0b:92:bf:48:b0:b8:71:78:
                    5c:d6:fc:88:45:cd:99:e7:ba:a7:64:34:4e:6e:d2:
                    17:24:58:24:08:8b:e5:e2:f1:b2:2d:c9:a5:74:69:
                    44:6e:3b:ed:5e:87:2f:8b:dc:79:73:fe:3f:1e:87:
                    33:58:b5:de:50:76:1b:7c:53:18:b9:5b:ea:2f:43:
                    b6:82:e5:ad:30:3e:c0:0e:25:6f:c0:1c:24:1e:d6:
                    67:66:82:91:3b:e5:59:da:1f:e3:d4:76:4e:b4:34:
                    0b:70:71:bb:04:39:ac:79:6e:46:69:4b:6b:93:83:
                    2b:4d:cd:8d:1c:ed:95:fd:d5:21:53:12:21:ea:86:
                    16:7e:37:5e:58:03:92:fb:b5:85:12:6f:22:65:64:
                    b1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:0A:29:2A:26:3E:A6:36:98:B1:91:CB:D7:E8:BB:EE:C7:92:23:FE
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/DgopKiY-pjaYsZHL1-i77seSI_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.64.0/24
                  193.232.76.0/24
                  193.232.226.0/23
                  194.85.16.0/24
                  194.190.146.0/24
                  194.226.16.0/24
                  194.226.38.0/23
                  194.226.41.0/24
                  195.19.8.0/24
                  195.208.24.0/21
                  195.208.222.0/24
                  195.209.147.0-195.209.148.255

    Signature Algorithm: sha256WithRSAEncryption
         55:f3:4b:fb:ab:b6:e3:2b:58:d5:f2:88:6b:be:85:f6:6e:81:
         9e:d5:23:09:8b:a0:2d:8c:9d:6d:f2:24:99:6c:eb:89:8f:1c:
         8d:c1:c2:0e:40:4c:84:28:71:c0:75:9d:a0:20:d4:66:55:74:
         d7:f5:72:7f:5b:d4:a4:79:62:46:5c:94:6c:f9:6b:b8:82:43:
         93:0e:da:f9:e7:24:53:0f:9e:d2:47:d8:9a:dc:15:8c:53:44:
         14:bd:ec:b2:88:1d:68:f5:9b:75:a8:bc:18:cd:01:a7:45:ae:
         49:31:28:09:0e:f4:f4:51:ec:fd:25:20:af:24:0e:63:51:51:
         1e:0d:41:d5:f9:44:e7:a6:27:5d:29:ae:3a:0a:8c:25:4d:05:
         24:dd:45:3c:77:70:e1:1f:3a:f2:5f:3e:54:3d:e2:5b:7f:4d:
         c6:db:92:67:dd:e3:5f:1c:fc:24:e3:c7:f3:72:c0:cd:65:32:
         da:27:6a:fb:15:ae:e6:c7:f5:8a:5f:23:4e:2f:b3:48:cf:b7:
         83:2d:f2:21:c9:93:84:c6:55:a2:8b:a0:4e:54:82:0d:b6:5f:
         ff:1e:67:3d:bd:67:67:f4:72:b9:00:c3:cd:be:59:a6:ee:9d:
         36:26:1a:80:6f:de:d9:bd:5b:76:14:90:55:14:78:86:9c:38:
         ad:61:50:e2
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYn5XgdAkMuKZOKaEdXguKXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjMwODE1MTMyMzU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTBhMjkyYTI2M2VhNjM2OThiMTkxY2JkN2U4YmJlZWM3OTIyM2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXUcjmWZUjE3JzcBhYQLp5QANVA3
D3QR4EpOBGj146+QVt+jozKF/NQiMCEa2pX9XZcsRCYvDH8J4t/WNC7v8xlGwS3T
3WtwP8Xs9erjInQNCprmBPNlqLmOXvAJ0gUE3nQATIglNAX/oWLrjA0jC5K/SLC4
cXhc1vyIRc2Z57qnZDRObtIXJFgkCIvl4vGyLcmldGlEbjvtXocvi9x5c/4/Hocz
WLXeUHYbfFMYuVvqL0O2guWtMD7ADiVvwBwkHtZnZoKRO+VZ2h/j1HZOtDQLcHG7
BDmseW5GaUtrk4MrTc2NHO2V/dUhUxIh6oYWfjdeWAOS+7WFEm8iZWSxFQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFA4KKSomPqY2mLGRy9fou+7HkiP+MB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvRGdvcEtpWS1wamFZc1pITDEtaTc3c2VTSV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAwehAAwQA
wehMAwQBwejiAwQAwlUQAwQAwr6SAwQAwuIQAwQBwuImAwQAwuIpAwQAwxMIAwQD
w9AYAwQAw9DeMAwDBADD0ZMDBADD0ZQwDQYJKoZIhvcNAQELBQADggEBAFXzS/ur
tuMrWNXyiGu+hfZugZ7VIwmLoC2MnW3yJJls64mPHI3Bwg5ATIQoccB1naAg1GZV
dNf1cn9b1KR5YkZclGz5a7iCQ5MO2vnnJFMPntJH2JrcFYxTRBS97LKIHWj1m3Wo
vBjNAadFrkkxKAkO9PRR7P0lIK8kDmNRUR4NQdX5ROemJ10prjoKjCVNBSTdRTx3
cOEfOvJfPlQ94lt/Tcbbkmfd418c/CTjx/NywM1lMtonavsVrubH9YpfI04vs0jP
t4Mt8iHJk4TGVaKLoE5Ugg22X/8eZz29Z2f0crkAw82+WabunTYmGoBv3tm9W3YU
kFUUeIacOK1hUOI=
-----END CERTIFICATE-----