Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/2516e2-9e22-4e06-8a44-fa5ef4f53fbb/1/a0WCJcgNOlS4Jlupqf7cPpR2x4g.roa
File:                     a0WCJcgNOlS4Jlupqf7cPpR2x4g.roa (raw, json)
Hash identifier:          XBb0Z13MTAmmrvZ9ucCrSm+GnhPXtO4ZWbr5G6zIIjI=
Subject key identifier:   6B:45:82:25:C8:0D:3A:54:B8:26:5B:A9:A9:FE:DC:3E:94:76:C7:88
Certificate issuer:       /CN=9e394498e4798729ce9950be34b459a9ef29f5e8
Certificate serial:       01857095241FCE8CE2291E6D85419B7B72C6
Authority key identifier: 9E:39:44:98:E4:79:87:29:CE:99:50:BE:34:B4:59:A9:EF:29:F5:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njlEmOR5hynOmVC-NLRZqe8p9eg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/2516e2-9e22-4e06-8a44-fa5ef4f53fbb/1/a0WCJcgNOlS4Jlupqf7cPpR2x4g.roa
Signing time:             Mon 02 Jan 2023 03:45:00 +0000
ROA not before:           Mon 02 Jan 2023 03:45:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     38999
IP address blocks:        212.98.134.0/24 maxlen: 24
                          185.76.176.64/26 maxlen: 26
                          185.76.177.0/24 maxlen: 24
                          185.76.176.0/25 maxlen: 25
                          185.76.176.0/24 maxlen: 24
                          185.76.178.0/24 maxlen: 24
                          185.76.177.192/27 maxlen: 27
                          185.76.177.224/28 maxlen: 28
                          5.57.0.0/24 maxlen: 24
                          213.204.96.0/24 maxlen: 24
                          2a05:5b81::/32 maxlen: 32
                          2a05:5b84::/32 maxlen: 32
                          2a05:5b82::/32 maxlen: 32
                          2a05:5b83::/32 maxlen: 32
                          2a05:5b80::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:29:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:95:24:1f:ce:8c:e2:29:1e:6d:85:41:9b:7b:72:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e394498e4798729ce9950be34b459a9ef29f5e8
        Validity
            Not Before: Jan  2 03:45:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6b458225c80d3a54b8265ba9a9fedc3e9476c788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d8:64:08:13:8f:89:44:2c:a1:d6:0b:42:3b:
                    ac:91:a0:e1:29:c3:e7:de:98:d4:c2:0f:0a:73:9a:
                    07:c5:3d:6f:17:53:d0:53:00:09:11:23:89:d0:ea:
                    d1:52:24:2f:74:2f:26:14:00:8a:4b:d6:e1:ae:35:
                    0a:4b:d8:c6:d0:76:25:12:84:96:42:69:3a:14:28:
                    6e:16:dc:27:96:3c:72:9d:1f:be:2f:75:ad:3f:9d:
                    14:25:5b:05:dd:dc:18:3e:99:33:22:8a:a1:b9:88:
                    ef:da:2a:f7:06:d0:41:de:87:75:bf:6c:bb:c3:60:
                    26:07:b4:12:63:7e:d5:49:f3:5f:db:74:5e:3a:7b:
                    62:02:35:a0:61:66:19:14:43:61:09:3d:2c:8e:ad:
                    f4:e6:c8:5c:9c:18:7c:c8:04:bb:2e:bc:23:a1:62:
                    4f:f4:4d:2c:03:f8:bb:ea:00:e0:3f:87:57:4f:88:
                    ef:8e:fb:25:e8:5c:2e:70:a2:39:aa:c9:4c:4a:f0:
                    d1:39:c2:f3:72:1b:37:a4:64:08:de:72:27:02:fa:
                    24:12:08:25:5a:f0:f6:f3:ec:99:22:81:df:2e:9b:
                    9f:b9:35:f5:e5:4b:83:94:f7:b3:89:87:57:63:a3:
                    c4:39:5a:7f:d5:41:5f:1b:9b:05:1b:e4:5f:17:ef:
                    44:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:45:82:25:C8:0D:3A:54:B8:26:5B:A9:A9:FE:DC:3E:94:76:C7:88
            X509v3 Authority Key Identifier:
                keyid:9E:39:44:98:E4:79:87:29:CE:99:50:BE:34:B4:59:A9:EF:29:F5:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njlEmOR5hynOmVC-NLRZqe8p9eg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2516e2-9e22-4e06-8a44-fa5ef4f53fbb/1/a0WCJcgNOlS4Jlupqf7cPpR2x4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2516e2-9e22-4e06-8a44-fa5ef4f53fbb/1/njlEmOR5hynOmVC-NLRZqe8p9eg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.0.0/24
                  185.76.176.0-185.76.178.255
                  212.98.134.0/24
                  213.204.96.0/24
                IPv6:
                  2a05:5b80::-2a05:5b84:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         45:ef:e5:a1:f9:0f:02:5d:21:ed:86:26:5a:87:67:d7:51:a5:
         f1:6e:c7:8f:fe:5b:8c:59:a7:1a:dd:66:e0:e2:2b:f0:5f:98:
         a2:51:83:70:10:01:5a:8a:9b:36:4c:d3:8a:94:49:27:a5:44:
         0d:84:d3:3b:c2:86:b4:ff:e1:06:81:4a:32:36:5e:31:7d:51:
         48:6a:61:09:87:3c:25:92:1f:87:94:0b:ea:47:a4:70:ee:0f:
         5d:97:4f:d1:24:7a:93:52:61:99:0d:ab:cb:79:54:31:ea:d5:
         1e:04:1d:60:fd:59:a1:ab:77:28:84:98:6c:8d:95:f5:d9:b9:
         20:26:cd:a1:e2:80:60:66:3c:8e:c0:a2:76:65:8d:92:1b:72:
         c1:5c:0a:e1:00:ea:3f:e6:6e:4e:95:16:af:72:70:74:c6:04:
         b2:14:61:0c:41:23:f7:c4:31:c0:85:b3:0d:38:b5:86:e2:ff:
         20:a3:d6:6f:c3:63:ab:65:1a:65:9c:f5:d3:5c:6d:d3:91:40:
         b6:ff:d1:14:91:78:85:e0:0f:42:95:f9:8d:14:94:7e:33:c7:
         24:98:31:dc:f9:fc:5d:76:cf:ec:b5:e2:d7:25:ee:99:be:00:
         6e:8f:ab:32:8d:65:98:72:33:28:1a:8f:67:f7:0f:f3:3f:7d:
         0f:cd:3d:c7
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVwlSQfzoziKR5thUGbe3LGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzk0NDk4ZTQ3OTg3MjljZTk5NTBiZTM0YjQ1OWE5ZWYy
OWY1ZTgwHhcNMjMwMTAyMDM0NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjQ1ODIyNWM4MGQzYTU0YjgyNjViYTlhOWZlZGMzZTk0NzZjNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtthkCBOPiUQsodYLQjuskaDhKcPn
3pjUwg8Kc5oHxT1vF1PQUwAJESOJ0OrRUiQvdC8mFACKS9bhrjUKS9jG0HYlEoSW
Qmk6FChuFtwnljxynR++L3WtP50UJVsF3dwYPpkzIoqhuYjv2ir3BtBB3od1v2y7
w2AmB7QSY37VSfNf23ReOntiAjWgYWYZFENhCT0sjq305shcnBh8yAS7LrwjoWJP
9E0sA/i76gDgP4dXT4jvjvsl6FwucKI5qslMSvDROcLzchs3pGQI3nInAvokEggl
WvD28+yZIoHfLpufuTX15UuDlPeziYdXY6PEOVp/1UFfG5sFG+RfF+9ESQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGtFgiXIDTpUuCZbqan+3D6UdseIMB8GA1UdIwQY
MBaAFJ45RJjkeYcpzplQvjS0WanvKfXoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpsRW1PUjVoeW5PbVZDLU5MUlpxZThwOWVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8yNTE2ZTItOWUyMi00ZTA2LThhNDQt
ZmE1ZWY0ZjUzZmJiLzEvYTBXQ0pjZ05PbFM0Smx1cHFmN2NQcFIyeDRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8yNTE2ZTItOWUyMi00ZTA2LThhNDQtZmE1ZWY0ZjUzZmJi
LzEvbmpsRW1PUjVoeW5PbVZDLU5MUlpxZThwOWVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAmBAIAATAgAwQABTkAMAwD
BAS5TLADBAC5TLIDBADUYoYDBADVzGAwFgQCAAIwEDAOAwUHKgVbgAMFACoFW4Qw
DQYJKoZIhvcNAQELBQADggEBAEXv5aH5DwJdIe2GJlqHZ9dRpfFux4/+W4xZpxrd
ZuDiK/BfmKJRg3AQAVqKmzZM04qUSSelRA2E0zvChrT/4QaBSjI2XjF9UUhqYQmH
PCWSH4eUC+pHpHDuD12XT9EkepNSYZkNq8t5VDHq1R4EHWD9WaGrdyiEmGyNlfXZ
uSAmzaHigGBmPI7AonZljZIbcsFcCuEA6j/mbk6VFq9ycHTGBLIUYQxBI/fEMcCF
sw04tYbi/yCj1m/DY6tlGmWc9dNcbdORQLb/0RSReIXgD0KV+Y0UlH4zxySYMdz5
/F12z+y14tcl7pm+AG6PqzKNZZhyMygaj2f3D/M/fQ/NPcc=
-----END CERTIFICATE-----