Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/4lZ78JwdPL_VzgnSmcVvLhhEiv4.roa
File:                     4lZ78JwdPL_VzgnSmcVvLhhEiv4.roa (raw, json)
Hash identifier:          RnxSVCj9DlzH/v6hxO3qyIiip9D6h7kAXSAS6A9I60U=
Subject key identifier:   E2:56:7B:F0:9C:1D:3C:BF:D5:CE:09:D2:99:C5:6F:2E:18:44:8A:FE
Certificate issuer:       /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial:       01856D5CEF33413D20679E7DBBC6631FE7C3
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/4lZ78JwdPL_VzgnSmcVvLhhEiv4.roa
Signing time:             Sun 01 Jan 2023 12:44:45 +0000
ROA not before:           Sun 01 Jan 2023 12:44:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21155
IP address blocks:        91.216.162.0/24 maxlen: 24
                          81.4.112.0/22 maxlen: 22
                          81.4.116.0/22 maxlen: 22
                          81.4.64.0/19 maxlen: 19
                          185.95.68.0/22 maxlen: 22
                          81.4.96.0/22 maxlen: 22
                          193.93.172.0/22 maxlen: 22
                          91.142.240.0/20 maxlen: 20
                          85.158.248.0/21 maxlen: 21
                          80.84.224.0/19 maxlen: 19
                          193.242.119.0/24 maxlen: 24
                          83.96.128.0/17 maxlen: 17
                          91.205.32.0/22 maxlen: 22
                          141.255.176.0/22 maxlen: 24
                          2001:828::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 29 Aug 2023 14:42:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:5c:ef:33:41:3d:20:67:9e:7d:bb:c6:63:1f:e7:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
        Validity
            Not Before: Jan  1 12:44:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e2567bf09c1d3cbfd5ce09d299c56f2e18448afe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:90:18:33:f6:b6:72:60:1e:1f:0c:1b:85:59:
                    a8:1c:4c:fb:62:78:cf:6e:bb:73:1c:2b:cf:b9:dc:
                    2f:91:2a:6a:34:57:a8:e1:55:5b:65:02:48:ba:3e:
                    76:5f:e8:3b:9c:0c:e9:52:b9:c1:49:03:f6:31:2e:
                    55:d0:b3:f3:16:2e:9e:11:a8:98:bd:dd:27:b6:8e:
                    db:9e:a4:69:06:12:7b:d6:2c:b6:9f:3f:31:f6:3c:
                    ab:6e:43:f9:c2:80:b5:21:0a:ee:64:d0:5d:4d:78:
                    e0:66:6b:5b:74:ab:87:0a:ba:e4:f0:27:be:4d:e8:
                    82:59:0b:fc:07:e6:31:76:b2:4c:2a:0b:ba:33:a5:
                    49:54:d2:34:6c:d3:2a:b8:ba:f0:ed:16:7a:71:1d:
                    30:73:dd:3d:bd:dd:0a:00:1e:e6:fa:15:cf:20:15:
                    e8:0e:47:0d:a5:e5:05:5c:94:14:88:42:8f:2e:0c:
                    4c:7b:27:a4:71:83:a8:a0:5e:5a:03:11:b1:21:77:
                    b4:16:3e:c1:74:39:c9:59:3b:39:ae:95:a5:46:d9:
                    ca:e5:0a:40:54:4f:d0:e2:c8:05:1d:e8:f7:bf:3a:
                    9a:9d:63:98:95:83:e0:a9:71:ac:37:7e:58:00:25:
                    ac:12:14:b8:db:8c:4b:82:82:58:7c:cb:25:e6:c7:
                    e7:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:56:7B:F0:9C:1D:3C:BF:D5:CE:09:D2:99:C5:6F:2E:18:44:8A:FE
            X509v3 Authority Key Identifier:
                keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/4lZ78JwdPL_VzgnSmcVvLhhEiv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.84.224.0/19
                  81.4.64.0-81.4.99.255
                  81.4.112.0/21
                  83.96.128.0/17
                  85.158.248.0/21
                  91.142.240.0/20
                  91.205.32.0/22
                  91.216.162.0/24
                  141.255.176.0/22
                  185.95.68.0/22
                  193.93.172.0/22
                  193.242.119.0/24
                IPv6:
                  2001:828::/32

    Signature Algorithm: sha256WithRSAEncryption
         ca:b1:b0:1e:33:7f:91:c0:33:15:d3:db:16:8a:7c:7f:29:87:
         7e:ec:b6:31:e3:2c:de:1f:2b:a3:f6:5c:5b:73:02:99:78:9a:
         dd:c0:9f:96:ba:11:a9:1b:cb:45:4d:d4:3b:68:8b:4b:ae:83:
         29:3d:0c:81:15:c6:b6:0c:a2:37:a4:fb:8d:36:89:df:a4:4a:
         01:30:e6:85:0a:be:40:34:c9:74:0b:25:0a:64:67:59:f8:1a:
         e8:ad:ed:91:dc:f6:81:72:d3:34:84:06:fa:71:e7:de:9c:9f:
         bf:07:87:6c:c0:2e:f0:36:7f:3e:d2:3f:b6:0e:18:8b:13:82:
         11:bb:61:eb:7f:11:a7:c8:3f:05:25:c4:d0:49:90:46:2a:2f:
         45:ba:2f:13:4a:f6:e1:85:4e:3f:37:66:f9:88:68:67:a8:0a:
         5d:da:80:8b:6e:ba:eb:a9:72:cf:ac:ad:70:77:ee:b4:23:2a:
         61:5b:8e:a5:47:da:98:9b:d3:2d:85:6a:ef:ee:93:87:83:4d:
         aa:98:bb:a7:41:f2:2a:4d:f3:06:b2:f8:08:bc:c4:64:29:9e:
         10:fc:e6:a9:68:f3:ee:25:6b:16:dc:cb:f5:a7:12:42:f0:99:
         37:b0:cd:58:23:57:f1:ff:a8:39:c6:0d:ed:5b:12:e8:cb:bd:
         41:29:55:54
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYVtXO8zQT0gZ559u8ZjH+fDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjMwMTAxMTI0NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjU2N2JmMDljMWQzY2JmZDVjZTA5ZDI5OWM1NmYyZTE4NDQ4YWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZAYM/a2cmAeHwwbhVmoHEz7YnjP
brtzHCvPudwvkSpqNFeo4VVbZQJIuj52X+g7nAzpUrnBSQP2MS5V0LPzFi6eEaiY
vd0nto7bnqRpBhJ71iy2nz8x9jyrbkP5woC1IQruZNBdTXjgZmtbdKuHCrrk8Ce+
TeiCWQv8B+YxdrJMKgu6M6VJVNI0bNMquLrw7RZ6cR0wc909vd0KAB7m+hXPIBXo
DkcNpeUFXJQUiEKPLgxMeyekcYOooF5aAxGxIXe0Fj7BdDnJWTs5rpWlRtnK5QpA
VE/Q4sgFHej3vzqanWOYlYPgqXGsN35YACWsEhS424xLgoJYfMsl5sfnDQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFOJWe/CcHTy/1c4J0pnFby4YRIr+MB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvNGxaNzhKd2RQTF9WemduU21jVnZMaGhFaXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBWBAIAATBQAwQFUFTgMAwD
BAZRBEADBAJRBGADBANRBHADBAdTYIADBANVnvgDBARbjvADBAJbzSADBABb2KID
BAKN/7ADBAK5X0QDBALBXawDBADB8ncwDQQCAAIwBwMFACABCCgwDQYJKoZIhvcN
AQELBQADggEBAMqxsB4zf5HAMxXT2xaKfH8ph37stjHjLN4fK6P2XFtzApl4mt3A
n5a6Eakby0VN1Dtoi0uugyk9DIEVxrYMojek+402id+kSgEw5oUKvkA0yXQLJQpk
Z1n4Guit7ZHc9oFy0zSEBvpx596cn78Hh2zALvA2fz7SP7YOGIsTghG7Yet/EafI
PwUlxNBJkEYqL0W6LxNK9uGFTj83ZvmIaGeoCl3agItuuuupcs+srXB37rQjKmFb
jqVH2pib0y2Fau/uk4eDTaqYu6dB8ipN8way+Ai8xGQpnhD85qlo8+4laxbcy/Wn
EkLwmTewzVgjV/H/qDnGDe1bEujLvUEpVVQ=
-----END CERTIFICATE-----