Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/drIPIh0yDroaUKy1vGX8-U8-oiQ.roa
File:                     drIPIh0yDroaUKy1vGX8-U8-oiQ.roa (raw, json)
Hash identifier:          ha+lwl8ramr1Aqt8KLxLdV15SHKuaAAJeMlIAHbhfdI=
Subject key identifier:   76:B2:0F:22:1D:32:0E:BA:1A:50:AC:B5:BC:65:FC:F9:4F:3E:A2:24
Certificate issuer:       /CN=9fcc2f3ee6b5c3ff6dc5346a7535506fa824123e
Certificate serial:       0185700B906718DEB321F4F6933000FB8D73
Authority key identifier: 9F:CC:2F:3E:E6:B5:C3:FF:6D:C5:34:6A:75:35:50:6F:A8:24:12:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n8wvPua1w_9txTRqdTVQb6gkEj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/drIPIh0yDroaUKy1vGX8-U8-oiQ.roa
Signing time:             Mon 02 Jan 2023 01:14:44 +0000
ROA not before:           Mon 02 Jan 2023 01:14:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42892
IP address blocks:        94.45.192.0/19 maxlen: 19
                          94.45.192.0/22 maxlen: 22
                          94.45.196.0/22 maxlen: 22
                          94.45.199.0/24 maxlen: 24
                          94.45.204.0/22 maxlen: 22
                          94.45.200.0/22 maxlen: 22
                          94.45.201.0/24 maxlen: 24
                          94.45.208.0/22 maxlen: 22
                          94.45.212.0/22 maxlen: 22
                          94.45.220.0/22 maxlen: 22
                          91.193.222.0/23 maxlen: 23
                          91.193.220.0/22 maxlen: 22
                          176.120.224.0/21 maxlen: 21
                          176.120.224.0/19 maxlen: 19
                          176.120.239.0/24 maxlen: 24
                          176.120.237.0/24 maxlen: 24
                          176.120.238.0/24 maxlen: 24
                          176.120.236.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 14 Nov 2023 07:22:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:0b:90:67:18:de:b3:21:f4:f6:93:30:00:fb:8d:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fcc2f3ee6b5c3ff6dc5346a7535506fa824123e
        Validity
            Not Before: Jan  2 01:14:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=76b20f221d320eba1a50acb5bc65fcf94f3ea224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8e:ca:ab:ac:43:24:8c:6c:57:98:9d:80:fb:
                    a3:34:f5:d6:d3:33:fe:84:b8:e9:0d:09:f2:8d:bd:
                    ad:cf:5e:80:46:0f:61:9d:91:64:47:54:20:2e:75:
                    a4:23:9a:6a:6a:6d:47:ab:b4:3c:b5:f4:d2:00:db:
                    dc:47:0d:9f:d8:7d:fe:89:31:27:e5:b1:08:35:44:
                    76:99:35:32:df:89:18:65:68:4e:a9:15:3c:39:f9:
                    5b:92:ce:03:ea:05:3a:9d:0f:78:07:01:e6:2a:4e:
                    47:bd:51:ef:cb:08:e1:92:b1:ef:3f:c8:3e:af:1c:
                    44:f8:a0:71:34:cb:6a:6b:b9:fe:2a:8a:2a:6b:c7:
                    4b:fe:e6:3e:4c:91:89:79:f2:d7:1e:45:d9:6e:b6:
                    6f:8c:f3:c3:6b:da:a7:26:08:fe:7e:77:8d:29:56:
                    37:3e:ed:24:c6:94:c4:64:b7:39:f8:60:a2:1d:5e:
                    1a:1e:24:88:3e:5a:db:9a:25:6e:fb:21:c5:13:31:
                    90:fa:62:b9:d4:45:14:74:63:e6:c4:0b:4e:0b:21:
                    9a:41:f4:23:79:4a:07:2f:cf:c4:57:61:a9:d3:0b:
                    3b:81:d8:e2:ec:9c:93:55:db:6a:08:6e:b3:03:79:
                    74:57:0b:fa:15:cf:58:d5:8f:1e:bb:c4:ad:fc:60:
                    e7:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:B2:0F:22:1D:32:0E:BA:1A:50:AC:B5:BC:65:FC:F9:4F:3E:A2:24
            X509v3 Authority Key Identifier:
                keyid:9F:CC:2F:3E:E6:B5:C3:FF:6D:C5:34:6A:75:35:50:6F:A8:24:12:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n8wvPua1w_9txTRqdTVQb6gkEj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/drIPIh0yDroaUKy1vGX8-U8-oiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/7f840d-3bd4-4fad-9a15-8bf04af4b2b4/1/n8wvPua1w_9txTRqdTVQb6gkEj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.220.0/22
                  94.45.192.0/19
                  176.120.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         58:9c:15:50:e0:5f:0c:6e:4d:10:0f:a1:0f:ec:b9:b5:3d:5d:
         f4:ed:33:cf:63:83:af:0e:53:90:05:e8:e3:27:9b:d1:06:c5:
         39:4b:7b:b3:9a:7e:23:0a:41:d9:6c:be:a4:48:0c:b4:59:85:
         b8:0c:b7:0b:78:f7:6a:9b:8a:9a:2d:8b:15:38:af:c9:a3:fb:
         4d:a9:ec:64:e4:19:4e:91:40:08:2c:23:fa:95:57:d1:79:a8:
         20:dc:2a:08:12:dc:6e:f2:61:37:82:2e:53:9d:09:12:9b:1c:
         bb:a3:d4:e8:8b:c3:c8:4b:88:13:2e:90:74:0a:14:0c:c4:a0:
         81:49:5e:f3:be:8f:67:8c:d5:e1:6b:c7:2e:7e:04:61:f5:29:
         e2:30:da:7d:35:41:67:4e:70:29:dc:09:a5:2d:3b:ab:ca:a3:
         06:57:b7:cc:f2:5b:57:4b:30:67:1b:48:ea:d9:c5:15:ef:fe:
         90:0a:47:b8:1a:13:1d:79:ab:88:6d:0d:50:1a:1e:45:ed:da:
         a5:e2:18:04:b6:aa:f5:91:42:f9:ea:1b:0c:a2:86:40:74:26:
         93:0b:f2:3f:83:bf:10:a5:bc:4c:83:be:c3:d0:2f:b5:16:3c:
         f9:5a:be:27:e4:1f:6b:23:5e:d8:24:8f:b2:54:fa:fb:41:01:
         5d:f1:10:85
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVwC5BnGN6zIfT2kzAA+41zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmY2MyZjNlZTZiNWMzZmY2ZGM1MzQ2YTc1MzU1MDZmYTgy
NDEyM2UwHhcNMjMwMTAyMDExNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmIyMGYyMjFkMzIwZWJhMWE1MGFjYjViYzY1ZmNmOTRmM2VhMjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAto7Kq6xDJIxsV5idgPujNPXW0zP+
hLjpDQnyjb2tz16ARg9hnZFkR1QgLnWkI5pqam1Hq7Q8tfTSANvcRw2f2H3+iTEn
5bEINUR2mTUy34kYZWhOqRU8Oflbks4D6gU6nQ94BwHmKk5HvVHvywjhkrHvP8g+
rxxE+KBxNMtqa7n+Kooqa8dL/uY+TJGJefLXHkXZbrZvjPPDa9qnJgj+fneNKVY3
Pu0kxpTEZLc5+GCiHV4aHiSIPlrbmiVu+yHFEzGQ+mK51EUUdGPmxAtOCyGaQfQj
eUoHL8/EV2Gp0ws7gdji7JyTVdtqCG6zA3l0Vwv6Fc9Y1Y8eu8St/GDnTQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHayDyIdMg66GlCstbxl/PlPPqIkMB8GA1UdIwQY
MBaAFJ/MLz7mtcP/bcU0anU1UG+oJBI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjh3dlB1YTF3Xzl0eFRScWRUVlFiNmdrRWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy83Zjg0MGQtM2JkNC00ZmFkLTlhMTUt
OGJmMDRhZjRiMmI0LzEvZHJJUEloMHlEcm9hVUt5MXZHWDgtVTgtb2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy83Zjg0MGQtM2JkNC00ZmFkLTlhMTUtOGJmMDRhZjRiMmI0
LzEvbjh3dlB1YTF3Xzl0eFRScWRUVlFiNmdrRWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8HcAwQF
Xi3AAwQFsHjgMA0GCSqGSIb3DQEBCwUAA4IBAQBYnBVQ4F8Mbk0QD6EP7Lm1PV30
7TPPY4OvDlOQBejjJ5vRBsU5S3uzmn4jCkHZbL6kSAy0WYW4DLcLePdqm4qaLYsV
OK/Jo/tNqexk5BlOkUAILCP6lVfReagg3CoIEtxu8mE3gi5TnQkSmxy7o9Toi8PI
S4gTLpB0ChQMxKCBSV7zvo9njNXha8cufgRh9SniMNp9NUFnTnAp3AmlLTuryqMG
V7fM8ltXSzBnG0jq2cUV7/6QCke4GhMdeauIbQ1QGh5F7dql4hgEtqr1kUL56hsM
ooZAdCaTC/I/g78QpbxMg77D0C+1Fjz5Wr4n5B9rI17YJI+yVPr7QQFd8RCF
-----END CERTIFICATE-----