Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/MPfbeHxKEqao9oIkrLv9Rp5uQVA.roa
File:                     MPfbeHxKEqao9oIkrLv9Rp5uQVA.roa (raw, json)
Hash identifier:          Ej8634+Dw/j4ykvOfur65S0BPhunDFhifHQKQsQmHLE=
Subject key identifier:   30:F7:DB:78:7C:4A:12:A6:A8:F6:82:24:AC:BB:FD:46:9E:6E:41:50
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       0186E52D26DB53FB1458FDE1877110297BA6
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/MPfbeHxKEqao9oIkrLv9Rp5uQVA.roa
Signing time:             Wed 15 Mar 2023 12:09:46 +0000
ROA not before:           Wed 15 Mar 2023 12:09:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204916
IP address blocks:        84.54.36.0/24 maxlen: 24
                          83.171.240.0/24 maxlen: 24
                          83.171.240.0/22 maxlen: 22
                          83.171.243.0/24 maxlen: 24
                          83.171.242.0/24 maxlen: 24
                          194.113.105.0/24 maxlen: 24
                          2a10:c0c3::/32 maxlen: 32
                          2a10:c0c0::/29 maxlen: 29
                          2a11:200::/36 maxlen: 36
                          2a11:200:4000::/36 maxlen: 36
                          2a11:202::/32 maxlen: 32
                          2a11:201::/32 maxlen: 32
                          2a10:c0c1::/32 maxlen: 32
                          2a10:c0c7:3000::/36 maxlen: 36
                          2a10:c0c7:5000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Thu 16 Mar 2023 06:55:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e5:2d:26:db:53:fb:14:58:fd:e1:87:71:10:29:7b:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Mar 15 12:09:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=30f7db787c4a12a6a8f68224acbbfd469e6e4150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:98:69:45:37:6c:21:13:bc:6d:de:59:3f:34:
                    56:20:5b:db:8f:dd:b5:58:8a:28:86:00:87:f6:d5:
                    56:99:f5:63:63:50:5f:ee:c0:0f:9f:d1:8f:1e:2e:
                    6e:93:d4:0f:63:ac:a9:0c:c0:65:cb:37:20:8e:e4:
                    73:9f:96:52:82:b8:38:88:9a:61:9f:45:2e:a0:d7:
                    97:a4:6b:a4:bc:0b:30:84:8c:f5:44:a7:a7:59:48:
                    9c:15:22:3b:36:a2:31:c1:fd:2a:7e:3f:9a:00:d6:
                    24:7f:3a:ce:7a:e6:15:6a:90:68:92:e8:ca:af:fc:
                    2c:50:ed:18:f0:0e:81:ea:6b:f6:07:f8:d0:a7:68:
                    4f:1f:8c:f8:90:cf:63:13:9b:d3:b1:52:b0:67:28:
                    84:de:a5:35:1a:da:08:36:d9:b9:e8:63:1b:50:88:
                    c4:0c:4d:45:86:b6:cd:c7:43:1e:f6:4b:a6:6e:f1:
                    e8:23:fb:5c:8f:04:f8:99:4f:59:7e:e7:aa:17:c5:
                    0f:ca:a3:3d:15:f6:d4:af:86:20:d4:01:fc:bd:b2:
                    db:61:90:c0:1e:47:fa:95:59:97:b6:e2:43:bb:00:
                    98:24:b6:0a:6f:91:11:d8:94:a1:8a:41:e9:f5:5a:
                    1f:aa:c2:39:88:74:a3:5b:cb:49:a9:fb:cc:2c:cf:
                    3b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:F7:DB:78:7C:4A:12:A6:A8:F6:82:24:AC:BB:FD:46:9E:6E:41:50
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/MPfbeHxKEqao9oIkrLv9Rp5uQVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.171.240.0/22
                  84.54.36.0/24
                  194.113.105.0/24
                IPv6:
                  2a10:c0c0::/29
                  2a11:200::/36
                  2a11:200:4000::/36
                  2a11:201::-2a11:202:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3b:63:0a:78:f8:85:da:59:a6:ed:de:f2:b7:45:12:51:0a:ff:
         2b:f2:5b:32:a4:d4:5b:48:81:b8:f3:2a:f9:34:a0:ac:62:8c:
         00:11:db:6a:9b:69:59:48:04:a7:20:32:ff:99:13:2f:0e:24:
         4b:48:e6:3d:41:6e:4c:3e:a3:12:ae:32:94:2a:6c:3a:99:ec:
         4a:dd:c1:2e:94:ee:30:07:6e:6d:ef:35:c5:67:b0:10:91:7c:
         1d:5f:75:ec:53:2b:3f:4c:1b:84:22:ce:3d:aa:32:86:d6:20:
         16:6e:34:89:9d:ae:93:e2:b2:ad:1e:b8:0f:aa:27:fe:ce:ca:
         91:e7:e4:df:48:03:85:53:d6:86:88:40:fb:15:f2:a2:ee:db:
         24:38:a0:bd:bc:c1:dd:37:4c:cc:82:13:f4:99:97:cc:39:d4:
         98:d2:7c:b2:b9:be:3b:68:fe:9a:d8:22:94:83:aa:3a:4c:e8:
         29:3f:d4:d9:d0:1f:83:5d:70:c6:41:90:1f:ed:48:f4:1a:a4:
         a2:61:f7:61:e9:1c:01:c9:52:58:28:2c:88:ab:63:0f:34:3f:
         e4:5a:42:6e:84:12:31:ee:8b:6d:32:eb:bb:6b:40:e3:5d:1c:
         14:46:a6:2b:7a:9f:29:e3:72:9e:74:86:aa:f9:e6:ff:4c:d3:
         69:1b:e2:f6
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYblLSbbU/sUWP3hh3EQKXumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjMwMzE1MTIwOTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGY3ZGI3ODdjNGExMmE2YThmNjgyMjRhY2JiZmQ0NjllNmU0MTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlphpRTdsIRO8bd5ZPzRWIFvbj921
WIoohgCH9tVWmfVjY1Bf7sAPn9GPHi5uk9QPY6ypDMBlyzcgjuRzn5ZSgrg4iJph
n0UuoNeXpGukvAswhIz1RKenWUicFSI7NqIxwf0qfj+aANYkfzrOeuYVapBokujK
r/wsUO0Y8A6B6mv2B/jQp2hPH4z4kM9jE5vTsVKwZyiE3qU1GtoINtm56GMbUIjE
DE1FhrbNx0Me9kumbvHoI/tcjwT4mU9ZfueqF8UPyqM9FfbUr4Yg1AH8vbLbYZDA
Hkf6lVmXtuJDuwCYJLYKb5ER2JShikHp9VofqsI5iHSjW8tJqfvMLM87iwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFDD323h8ShKmqPaCJKy7/UaebkFQMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvTVBmYmVIeEtFcWFvOW9Ja3JMdjlScDV1UVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAYBAIAATASAwQCU6vwAwQA
VDYkAwQAwnFpMC0EAgACMCcDBQMqEMDAAwYEKhECAAADBgQqEQIAQDAOAwUAKhEC
AQMFACoRAgIwDQYJKoZIhvcNAQELBQADggEBADtjCnj4hdpZpu3e8rdFElEK/yvy
WzKk1FtIgbjzKvk0oKxijAAR22qbaVlIBKcgMv+ZEy8OJEtI5j1Bbkw+oxKuMpQq
bDqZ7ErdwS6U7jAHbm3vNcVnsBCRfB1fdexTKz9MG4Qizj2qMobWIBZuNImdrpPi
sq0euA+qJ/7OypHn5N9IA4VT1oaIQPsV8qLu2yQ4oL28wd03TMyCE/SZl8w51JjS
fLK5vjto/prYIpSDqjpM6Ck/1NnQH4NdcMZBkB/tSPQapKJh92HpHAHJUlgoLIir
Yw80P+RaQm6EEjHui20y67trQONdHBRGpit6nynjcp50hqr55v9M02kb4vY=
-----END CERTIFICATE-----