Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/MH4LPPp9fH20ctkzynpyA0ygIDk.roa
File:                     MH4LPPp9fH20ctkzynpyA0ygIDk.roa (raw, json)
Hash identifier:          b76WWKxbV53rWQn9iGOvyqmEiTE4otzMYVXk1ScRpqg=
Subject key identifier:   30:7E:0B:3C:FA:7D:7C:7D:B4:72:D9:33:CA:7A:72:03:4C:A0:20:39
Certificate issuer:       /CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
Certificate serial:       018679657438F3F875742D52E9AB0C30E5C1
Authority key identifier: B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/MH4LPPp9fH20ctkzynpyA0ygIDk.roa
Signing time:             Wed 22 Feb 2023 13:52:17 +0000
ROA not before:           Wed 22 Feb 2023 13:52:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212369
IP address blocks:        185.255.93.0/24 maxlen: 24
                          185.255.94.0/24 maxlen: 24
                          185.255.95.0/24 maxlen: 24
                          185.132.126.0/24 maxlen: 24
                          185.93.68.0/24 maxlen: 24
                          185.93.69.0/24 maxlen: 24
                          185.93.70.0/24 maxlen: 24
                          193.164.5.0/24 maxlen: 24
                          193.164.6.0/24 maxlen: 24
                          89.35.52.0/24 maxlen: 24
                          93.115.10.0/24 maxlen: 24
                          93.177.101.0/24 maxlen: 24
                          93.177.102.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 01 Mar 2023 19:14:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:79:65:74:38:f3:f8:75:74:2d:52:e9:ab:0c:30:e5:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
        Validity
            Not Before: Feb 22 13:52:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=307e0b3cfa7d7c7db472d933ca7a72034ca02039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4c:27:91:92:04:f3:b9:be:47:18:ca:56:b9:
                    5e:ca:fd:d7:64:88:78:c7:6a:ca:90:32:3d:8f:02:
                    84:cc:fe:cf:5e:66:b4:7f:a1:98:bc:68:f1:fe:fc:
                    43:a3:cc:bc:55:b8:0c:34:33:c3:d8:fc:7b:e7:70:
                    fd:1f:bd:de:ba:00:eb:26:d3:99:56:09:15:11:9e:
                    a7:71:d6:82:72:e6:57:34:eb:c0:06:b3:5e:bd:99:
                    49:8f:6e:e1:d9:c0:41:58:c5:c6:2b:b4:19:c4:42:
                    12:f3:67:8d:74:60:d2:ef:32:1e:34:83:97:28:a0:
                    9a:03:9b:f2:b0:36:af:6b:57:e7:76:ab:4b:f1:45:
                    78:76:3e:a8:6a:77:bc:20:c2:cf:d7:fc:f0:fb:ad:
                    0b:90:20:73:b3:e5:f0:69:dd:9b:2c:16:c0:16:a5:
                    ee:8d:2c:7d:93:8e:ce:fc:51:71:9e:22:e8:cd:e0:
                    80:7d:b2:e8:52:31:35:9a:35:02:fa:be:f8:77:7c:
                    ec:2c:b3:79:7b:f9:75:dc:46:39:6c:51:8f:59:f2:
                    b7:8a:a6:31:40:82:31:21:4f:8e:08:bf:63:c4:e2:
                    49:63:da:1a:09:77:1c:12:b2:c3:37:89:2f:42:7e:
                    20:a9:f3:c7:87:1f:2e:2c:9a:5e:af:32:f1:51:53:
                    ed:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:7E:0B:3C:FA:7D:7C:7D:B4:72:D9:33:CA:7A:72:03:4C:A0:20:39
            X509v3 Authority Key Identifier:
                keyid:B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/MH4LPPp9fH20ctkzynpyA0ygIDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.52.0/24
                  93.115.10.0/24
                  93.177.101.0-93.177.102.255
                  185.93.68.0-185.93.70.255
                  185.132.126.0/24
                  185.255.93.0-185.255.95.255
                  193.164.5.0-193.164.6.255

    Signature Algorithm: sha256WithRSAEncryption
         3d:21:14:f7:0f:ab:8f:08:bc:c3:8e:6c:c1:93:2a:08:9b:63:
         01:32:82:03:5c:35:3a:ba:ca:a0:83:32:7c:13:27:73:cf:89:
         ef:ce:50:da:04:34:65:a5:41:1b:d7:9f:61:fa:1e:4d:51:e0:
         31:2a:67:bc:7f:9a:c4:f4:b3:85:92:dd:51:4b:80:9b:4b:b1:
         64:36:dc:19:07:9a:fd:4c:b5:0f:26:9a:ec:74:e0:43:9b:18:
         3f:5f:10:eb:b8:26:64:2b:ab:e7:a9:87:a5:36:21:d9:73:81:
         37:b6:84:0a:8a:53:c3:bf:95:0b:eb:0b:3a:f2:56:1f:bd:39:
         90:fd:0e:a2:37:83:7d:3f:43:9f:12:84:44:14:e8:f5:17:71:
         a5:6d:24:2c:3a:84:3c:5e:c5:bb:c6:b1:37:4c:75:8c:b5:01:
         a1:0f:b3:19:43:53:cd:ea:1f:02:f3:93:6b:b0:0d:46:91:4c:
         8e:47:c4:f0:4f:58:b9:ee:bd:bf:d5:38:b8:d1:0c:d2:b8:2e:
         f4:f8:2e:07:3f:a2:ca:41:b3:97:b3:0a:ab:43:d3:f8:0e:68:
         66:53:96:9f:9f:ab:3f:9d:bf:46:4b:42:b9:d6:9d:bd:cc:8f:
         3b:c2:ce:07:91:83:8a:4f:ea:c6:45:5c:76:24:82:c6:7e:07:
         4d:80:3c:f0
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYZ5ZXQ48/h1dC1S6asMMOXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjVhODBhNzEwNmUwYTRiODU0NWM4MTUwYmI3MmM2OTlm
Y2M5YTAwHhcNMjMwMjIyMTM1MjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDdlMGIzY2ZhN2Q3YzdkYjQ3MmQ5MzNjYTdhNzIwMzRjYTAyMDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkwnkZIE87m+RxjKVrleyv3XZIh4
x2rKkDI9jwKEzP7PXma0f6GYvGjx/vxDo8y8VbgMNDPD2Px753D9H73eugDrJtOZ
VgkVEZ6ncdaCcuZXNOvABrNevZlJj27h2cBBWMXGK7QZxEIS82eNdGDS7zIeNIOX
KKCaA5vysDava1fndqtL8UV4dj6oane8IMLP1/zw+60LkCBzs+Xwad2bLBbAFqXu
jSx9k47O/FFxniLozeCAfbLoUjE1mjUC+r74d3zsLLN5e/l13EY5bFGPWfK3iqYx
QIIxIU+OCL9jxOJJY9oaCXccErLDN4kvQn4gqfPHhx8uLJperzLxUVPttwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFDB+Czz6fXx9tHLZM8p6cgNMoCA5MB8GA1UdIwQY
MBaAFLC1qApxBuCkuFRcgVC7csaZ/MmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDIt
NzQ1ZTA4ZmU1OGM2LzEvTUg0TFBQcDlmSDIwY3RrenlucHlBMHlnSURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDItNzQ1ZTA4ZmU1OGM2
LzEvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAWSM0AwQA
XXMKMAwDBABdsWUDBABdsWYwDAMEArldRAMEALldRgMEALmEfjAMAwQAuf9dAwQF
uf9AMAwDBADBpAUDBADBpAYwDQYJKoZIhvcNAQELBQADggEBAD0hFPcPq48IvMOO
bMGTKgibYwEyggNcNTq6yqCDMnwTJ3PPie/OUNoENGWlQRvXn2H6Hk1R4DEqZ7x/
msT0s4WS3VFLgJtLsWQ23BkHmv1MtQ8mmux04EObGD9fEOu4JmQrq+eph6U2Idlz
gTe2hAqKU8O/lQvrCzryVh+9OZD9DqI3g30/Q58ShEQU6PUXcaVtJCw6hDxexbvG
sTdMdYy1AaEPsxlDU83qHwLzk2uwDUaRTI5HxPBPWLnuvb/VOLjRDNK4LvT4Lgc/
ospBs5ezCqtD0/gOaGZTlp+fqz+dv0ZLQrnWnb3MjzvCzgeRg4pP6sZFXHYkgsZ+
B02APPA=
-----END CERTIFICATE-----