Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5u057sS7X5pb2CXN6uANIUe5ld4.roa
File:                     5u057sS7X5pb2CXN6uANIUe5ld4.roa (raw, json)
Hash identifier:          lRCjmrhIa7VzmwPm1+TO6sGFJavebc/6CYifriKYflM=
Subject key identifier:   E6:ED:39:EE:C4:BB:5F:9A:5B:D8:25:CD:EA:E0:0D:21:47:B9:95:DE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0189BAAEB0FF43D9C792CF9A783C9F246F05
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5u057sS7X5pb2CXN6uANIUe5ld4.roa
Signing time:             Thu 03 Aug 2023 09:15:58 +0000
ROA not before:           Thu 03 Aug 2023 09:15:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49999
IP address blocks:        109.176.219.0/24 maxlen: 24
                          109.176.217.0/24 maxlen: 24
                          109.176.223.0/24 maxlen: 24
                          109.176.221.0/24 maxlen: 24
                          109.176.245.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          213.152.61.0/24 maxlen: 24
                          109.176.212.0/24 maxlen: 24
                          109.176.209.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
                          89.213.151.0/24 maxlen: 24
                          89.213.170.0/24 maxlen: 24
                          89.213.169.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 07 Aug 2023 07:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ba:ae:b0:ff:43:d9:c7:92:cf:9a:78:3c:9f:24:6f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  3 09:15:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e6ed39eec4bb5f9a5bd825cdeae00d2147b995de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:d0:70:c6:8d:97:ba:a7:63:d7:24:32:e4:f9:
                    5a:82:7e:65:ed:ec:f8:90:75:8b:8a:29:78:98:b1:
                    29:03:cf:9d:4c:a6:21:f2:04:ad:42:19:2e:c2:a8:
                    07:f5:f1:cc:d0:1c:52:c4:34:18:24:b4:57:40:e1:
                    1d:3f:58:32:5b:8c:d5:43:30:6a:91:a0:a6:16:e2:
                    dc:58:f6:7f:14:98:89:19:b6:fa:a5:af:de:53:cb:
                    de:12:5e:b8:4f:03:c8:01:a3:56:7c:60:1a:06:52:
                    f2:b8:2f:c8:b7:a6:17:59:fb:f0:d4:a9:1e:fc:45:
                    67:da:f2:d5:ec:41:6d:37:4b:0b:c1:1f:fd:93:1e:
                    3e:b4:98:e7:77:29:2b:68:48:25:c5:9f:7b:fa:21:
                    6d:a3:cd:ed:a8:af:c4:04:b6:eb:b9:54:1e:d5:a6:
                    ff:57:a1:11:54:03:26:4f:6b:3c:e3:14:a1:50:38:
                    41:51:c4:62:3c:d6:7a:c2:a3:d3:27:d6:fa:76:d7:
                    99:6d:21:7d:b5:5e:cb:e9:da:94:4c:57:28:9a:5d:
                    88:4f:53:61:e4:62:b7:7e:fe:18:cc:1f:99:f1:ae:
                    d7:99:90:33:ec:f9:11:cb:2e:16:eb:9e:21:c6:e8:
                    93:dd:0c:c5:28:d8:1f:15:86:50:c5:59:5e:be:46:
                    e6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:ED:39:EE:C4:BB:5F:9A:5B:D8:25:CD:EA:E0:0D:21:47:B9:95:DE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5u057sS7X5pb2CXN6uANIUe5ld4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.46.0/24
                  89.213.151.0/24
                  89.213.169.0-89.213.170.255
                  109.176.208.0/23
                  109.176.212.0/24
                  109.176.217.0/24
                  109.176.219.0/24
                  109.176.221.0/24
                  109.176.223.0/24
                  109.176.245.0/24
                  213.152.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:a9:b9:75:7c:14:8a:ec:e8:b0:c7:e9:6c:fe:cd:a9:96:c3:
         52:b4:d2:63:b9:2f:78:4b:a2:61:c6:92:f0:a6:a3:b0:5b:f9:
         57:d4:e2:ff:4a:74:b1:bb:97:08:6a:37:66:7f:6e:44:a7:61:
         42:1d:86:e0:69:a0:9e:56:8f:37:4b:ad:f7:43:eb:3a:a7:65:
         c3:88:0f:a4:49:4d:84:19:20:ad:50:f7:35:bf:ee:55:9f:c1:
         15:83:bd:e3:b1:4e:b2:8d:af:ea:77:db:80:0b:ad:55:98:b1:
         f8:c7:e9:85:ab:23:00:0b:8a:8c:7d:40:18:85:4f:28:2d:ee:
         79:8a:06:44:7d:b8:70:55:19:11:c9:1c:04:0d:35:00:be:64:
         43:c1:4e:55:68:df:ab:fe:19:47:2a:a0:9e:8d:fe:88:ca:ca:
         2d:11:c4:25:a5:bc:c7:10:dd:bc:eb:d5:b3:7f:7b:1c:04:55:
         2a:29:a3:2c:7d:af:6d:c4:89:41:6e:86:a4:c1:f5:e4:34:74:
         c5:20:cc:c7:3a:4f:ff:22:3e:01:c7:4d:0c:0d:38:71:8d:55:
         74:30:3b:74:d7:26:c8:b4:8e:3e:18:fe:01:11:2e:a8:e0:d5:
         90:40:c7:bb:e3:06:d5:ca:37:e5:72:9d:c8:5c:de:77:3f:6f:
         7d:b0:75:58
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYm6rrD/Q9nHks+aeDyfJG8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODAzMDkxNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmVkMzllZWM0YmI1ZjlhNWJkODI1Y2RlYWUwMGQyMTQ3Yjk5NWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dBwxo2Xuqdj1yQy5Plagn5l7ez4
kHWLiil4mLEpA8+dTKYh8gStQhkuwqgH9fHM0BxSxDQYJLRXQOEdP1gyW4zVQzBq
kaCmFuLcWPZ/FJiJGbb6pa/eU8veEl64TwPIAaNWfGAaBlLyuC/It6YXWfvw1Kke
/EVn2vLV7EFtN0sLwR/9kx4+tJjndykraEglxZ97+iFto83tqK/EBLbruVQe1ab/
V6ERVAMmT2s84xShUDhBUcRiPNZ6wqPTJ9b6dteZbSF9tV7L6dqUTFcoml2IT1Nh
5GK3fv4YzB+Z8a7XmZAz7PkRyy4W654hxuiT3QzFKNgfFYZQxVlevkbmDQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFObtOe7Eu1+aW9glzergDSFHuZXeMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNXUwNTdzUzdYNXBiMkNYTjZ1QU5JVWU1bGQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAWdUuAwQA
WdWXMAwDBABZ1akDBABZ1aoDBAFtsNADBABtsNQDBABtsNkDBABtsNsDBABtsN0D
BABtsN8DBABtsPUDBADVmD0wDQYJKoZIhvcNAQELBQADggEBAAqpuXV8FIrs6LDH
6Wz+zamWw1K00mO5L3hLomHGkvCmo7Bb+VfU4v9KdLG7lwhqN2Z/bkSnYUIdhuBp
oJ5WjzdLrfdD6zqnZcOID6RJTYQZIK1Q9zW/7lWfwRWDveOxTrKNr+p324ALrVWY
sfjH6YWrIwALiox9QBiFTygt7nmKBkR9uHBVGRHJHAQNNQC+ZEPBTlVo36v+GUcq
oJ6N/ojKyi0RxCWlvMcQ3bzr1bN/exwEVSopoyx9r23EiUFuhqTB9eQ0dMUgzMc6
T/8iPgHHTQwNOHGNVXQwO3TXJsi0jj4Y/gERLqjg1ZBAx7vjBtXKN+Vynchc3nc/
b32wdVg=
-----END CERTIFICATE-----