Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/OT9DOt57o2D4clXbTCbVdXQRYl4.roa
File:                     OT9DOt57o2D4clXbTCbVdXQRYl4.roa (raw, json)
Hash identifier:          SKleSZnHEO+CUJUDaNrRhBPzlURVCYz75soiM14OlOA=
Subject key identifier:   39:3F:43:3A:DE:7B:A3:60:F8:72:55:DB:4C:26:D5:75:74:11:62:5E
Certificate issuer:       /CN=9fcc2f3ee6b5c3ff6dc5346a7535506fa824123e
Certificate serial:       018CC94ABB307CADF554C5C8F628D32972D7
Authority key identifier: 9F:CC:2F:3E:E6:B5:C3:FF:6D:C5:34:6A:75:35:50:6F:A8:24:12:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n8wvPua1w_9txTRqdTVQb6gkEj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/OT9DOt57o2D4clXbTCbVdXQRYl4.roa
Signing time:             Tue 02 Jan 2024 08:29:27 +0000
ROA not before:           Tue 02 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42892
IP address blocks:        94.45.192.0/22 maxlen: 22
                          94.45.192.0/19 maxlen: 19
                          94.45.196.0/22 maxlen: 22
                          94.45.199.0/24 maxlen: 24
                          94.45.204.0/22 maxlen: 22
                          94.45.200.0/22 maxlen: 22
                          94.45.201.0/24 maxlen: 24
                          94.45.208.0/22 maxlen: 22
                          94.45.212.0/22 maxlen: 22
                          94.45.216.0/22 maxlen: 22
                          94.45.220.0/22 maxlen: 22
                          91.193.222.0/23 maxlen: 23
                          91.193.220.0/22 maxlen: 22
                          176.120.224.0/21 maxlen: 21
                          176.120.224.0/19 maxlen: 19
                          176.120.239.0/24 maxlen: 24
                          176.120.237.0/24 maxlen: 24
                          176.120.238.0/24 maxlen: 24
                          176.120.236.0/24 maxlen: 24
                          176.120.240.0/21 maxlen: 21
                          176.120.248.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Thu 25 Jan 2024 17:27:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:bb:30:7c:ad:f5:54:c5:c8:f6:28:d3:29:72:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fcc2f3ee6b5c3ff6dc5346a7535506fa824123e
        Validity
            Not Before: Jan  2 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=393f433ade7ba360f87255db4c26d5757411625e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7c:cb:08:df:93:50:30:a1:9c:d4:de:38:10:
                    1c:6b:8d:a5:bd:79:ab:76:94:4c:1f:11:50:8f:fb:
                    9f:6e:18:8c:8f:7d:65:54:f9:58:73:20:93:0e:86:
                    74:5b:58:f2:b9:64:c0:78:fb:92:fe:e1:05:ad:6e:
                    2c:32:91:2c:2e:04:1b:58:b3:d5:d7:de:93:5c:b1:
                    86:e2:f0:e0:81:9f:0e:24:a8:1c:94:b0:b2:9f:be:
                    82:4b:86:91:11:c7:b0:2e:f2:50:f2:95:ce:e5:86:
                    d8:e5:80:dc:67:77:63:ee:86:42:32:64:91:68:ed:
                    af:91:e7:e2:8c:2e:df:d0:88:b5:11:de:4a:75:6d:
                    1c:ec:52:4b:58:b9:1a:86:55:c0:34:a5:36:09:12:
                    b5:21:bf:54:47:76:64:13:21:cc:de:75:41:73:b8:
                    4a:88:be:ca:18:cb:83:d4:b2:b2:e5:d3:92:4d:f4:
                    7a:24:98:c7:a5:45:f3:d1:84:24:43:18:4d:2e:33:
                    7e:da:e3:65:e8:5c:ba:e9:a9:df:ec:0a:eb:76:14:
                    f2:30:bb:4c:8b:9d:c7:36:a0:60:45:e6:4f:a6:09:
                    fe:d6:3e:0c:f4:c8:b0:6e:c6:a7:16:b2:8c:bf:8b:
                    9d:8f:76:63:12:aa:ad:7e:e0:69:ff:37:23:04:23:
                    40:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:3F:43:3A:DE:7B:A3:60:F8:72:55:DB:4C:26:D5:75:74:11:62:5E
            X509v3 Authority Key Identifier:
                keyid:9F:CC:2F:3E:E6:B5:C3:FF:6D:C5:34:6A:75:35:50:6F:A8:24:12:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n8wvPua1w_9txTRqdTVQb6gkEj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/OT9DOt57o2D4clXbTCbVdXQRYl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/n8wvPua1w_9txTRqdTVQb6gkEj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.220.0/22
                  94.45.192.0/19
                  176.120.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4f:b3:f2:b4:1b:d3:95:fa:ee:c1:f0:1f:e9:07:d4:1d:29:42:
         fe:bf:8a:fd:2a:85:a5:eb:4d:c0:8a:04:0c:b1:37:38:79:90:
         bd:74:e0:76:2a:b4:55:cd:3c:c3:aa:60:25:62:c7:41:7a:71:
         8d:67:bb:0c:a5:c1:32:cb:dc:c5:79:2b:9e:93:fc:80:a4:c7:
         6c:2b:54:1a:d6:8b:80:3b:20:30:3b:e4:e0:d2:79:cf:5b:f2:
         a2:f1:14:29:3a:42:a0:09:33:3e:22:f0:15:70:b4:cd:32:54:
         d3:50:a8:34:20:9a:83:eb:5d:95:3e:4b:99:68:e3:39:42:1b:
         24:a8:74:4d:c3:cb:21:f8:30:d2:fd:20:3f:ee:e8:9b:ac:42:
         2c:2b:42:13:6c:2c:1f:30:ef:0a:c2:a5:05:8b:3f:4e:fe:1e:
         8b:b7:ef:eb:57:59:92:cf:72:b0:f9:e2:35:c8:7f:6c:2c:11:
         49:6e:00:dc:32:5d:09:b8:64:fc:7f:55:61:a6:83:4c:51:5b:
         51:08:45:0a:77:5d:11:07:22:39:49:2e:6a:52:37:1b:8f:72:
         8d:66:0d:82:94:e8:bc:40:10:86:2f:93:31:df:4f:4e:69:62:
         e2:ac:30:7f:aa:e5:70:3e:ef:c7:56:9b:5a:c6:ea:cd:cb:46:
         6e:e1:5e:68
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJSrswfK31VMXI9ijTKXLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmY2MyZjNlZTZiNWMzZmY2ZGM1MzQ2YTc1MzU1MDZmYTgy
NDEyM2UwHhcNMjQwMTAyMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTNmNDMzYWRlN2JhMzYwZjg3MjU1ZGI0YzI2ZDU3NTc0MTE2MjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3zLCN+TUDChnNTeOBAca42lvXmr
dpRMHxFQj/ufbhiMj31lVPlYcyCTDoZ0W1jyuWTAePuS/uEFrW4sMpEsLgQbWLPV
196TXLGG4vDggZ8OJKgclLCyn76CS4aREcewLvJQ8pXO5YbY5YDcZ3dj7oZCMmSR
aO2vkefijC7f0Ii1Ed5KdW0c7FJLWLkahlXANKU2CRK1Ib9UR3ZkEyHM3nVBc7hK
iL7KGMuD1LKy5dOSTfR6JJjHpUXz0YQkQxhNLjN+2uNl6Fy66anf7ArrdhTyMLtM
i53HNqBgReZPpgn+1j4M9MiwbsanFrKMv4udj3ZjEqqtfuBp/zcjBCNASwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDk/Qzree6Ng+HJV20wm1XV0EWJeMB8GA1UdIwQY
MBaAFJ/MLz7mtcP/bcU0anU1UG+oJBI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjh3dlB1YTF3Xzl0eFRScWRUVlFiNmdrRWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy83Zjg0MGQtM2JkNC00ZmFkLTlhMTUt
OGJmMDRhZjRiMmI0LzEvT1Q5RE90NTdvMkQ0Y2xYYlRDYlZkWFFSWWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy83Zjg0MGQtM2JkNC00ZmFkLTlhMTUtOGJmMDRhZjRiMmI0
LzEvbjh3dlB1YTF3Xzl0eFRScWRUVlFiNmdrRWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8HcAwQF
Xi3AAwQFsHjgMA0GCSqGSIb3DQEBCwUAA4IBAQBPs/K0G9OV+u7B8B/pB9QdKUL+
v4r9KoWl603AigQMsTc4eZC9dOB2KrRVzTzDqmAlYsdBenGNZ7sMpcEyy9zFeSue
k/yApMdsK1Qa1ouAOyAwO+Tg0nnPW/Ki8RQpOkKgCTM+IvAVcLTNMlTTUKg0IJqD
612VPkuZaOM5QhskqHRNw8sh+DDS/SA/7uibrEIsK0ITbCwfMO8KwqUFiz9O/h6L
t+/rV1mSz3Kw+eI1yH9sLBFJbgDcMl0JuGT8f1VhpoNMUVtRCEUKd10RByI5SS5q
Ujcbj3KNZg2ClOi8QBCGL5Mx309OaWLirDB/quVwPu/HVptaxurNy0Zu4V5o
-----END CERTIFICATE-----