Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/_ojVUFv1KissbqGYIqfPcbdB9qA.roa
File:                     _ojVUFv1KissbqGYIqfPcbdB9qA.roa (raw, json)
Hash identifier:          FW3zdOnAYznYPMFzfLzNnHfzDWOTiATfxuob9AdQZA4=
Subject key identifier:   FE:88:D5:50:5B:F5:2A:2B:2C:6E:A1:98:22:A7:CF:71:B7:41:F6:A0
Certificate issuer:       /CN=345fb3feb15c03c4d34d9ff444d9ad7e30067208
Certificate serial:       01856EEFF94A20ACBA9A255458C3A3B0524E
Authority key identifier: 34:5F:B3:FE:B1:5C:03:C4:D3:4D:9F:F4:44:D9:AD:7E:30:06:72:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/_ojVUFv1KissbqGYIqfPcbdB9qA.roa
Signing time:             Sun 01 Jan 2023 20:04:58 +0000
ROA not before:           Sun 01 Jan 2023 20:04:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25540
IP address blocks:        185.12.0.0/22 maxlen: 22
                          185.120.176.0/22 maxlen: 22
                          185.9.248.0/22 maxlen: 22
                          130.93.0.0/17 maxlen: 17
                          185.133.128.0/22 maxlen: 22
                          185.137.72.0/22 maxlen: 22
                          130.93.128.0/18 maxlen: 22
                          185.122.160.0/22 maxlen: 22
                          193.84.89.0/24 maxlen: 24
                          45.81.212.0/22 maxlen: 22
                          2a02:ec00::/29 maxlen: 29
                          2a0e:4180::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 17 Apr 2023 10:25:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:ef:f9:4a:20:ac:ba:9a:25:54:58:c3:a3:b0:52:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=345fb3feb15c03c4d34d9ff444d9ad7e30067208
        Validity
            Not Before: Jan  1 20:04:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fe88d5505bf52a2b2c6ea19822a7cf71b741f6a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:b2:8e:77:8a:64:2c:78:da:ec:4c:15:3f:3e:
                    68:5f:35:7b:a2:ec:cb:9d:10:f0:a3:6b:18:8f:a4:
                    63:51:ea:12:2d:6a:73:30:39:84:8a:11:4e:96:4b:
                    43:97:d7:bc:1f:1c:06:99:a1:bd:b3:56:05:bc:ed:
                    6e:b6:fd:93:f5:ba:c4:8c:a6:e5:57:3e:65:9a:55:
                    02:55:12:9c:d0:bb:22:2d:5e:c2:5e:d6:37:90:ef:
                    0b:01:22:b5:ce:4a:4f:5c:67:29:3d:85:f8:a6:01:
                    eb:2c:82:e2:bc:cd:70:33:fa:87:4d:57:71:33:79:
                    ac:d6:04:0f:7c:9d:b3:d2:72:23:61:f1:15:6d:e9:
                    57:fd:f4:7e:5b:34:a5:dd:da:9f:8e:4d:25:e3:08:
                    a7:ab:39:ed:50:4d:4c:a3:9b:ec:73:d1:af:d4:e2:
                    d8:bd:81:88:fe:c7:9f:8c:40:94:a7:bb:15:9c:2c:
                    10:c0:39:e4:d3:aa:e1:93:f8:0e:64:8b:eb:02:05:
                    9e:9a:76:67:14:be:4a:2b:29:22:f9:e8:d2:5b:61:
                    df:78:36:c5:1e:13:ad:e0:3c:b2:1f:65:08:d9:c4:
                    3f:51:a9:6f:7f:c8:df:2b:52:10:04:02:a9:14:9f:
                    58:ad:7b:52:19:f1:27:c0:0e:fc:a0:15:9b:0d:c2:
                    cc:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:88:D5:50:5B:F5:2A:2B:2C:6E:A1:98:22:A7:CF:71:B7:41:F6:A0
            X509v3 Authority Key Identifier:
                keyid:34:5F:B3:FE:B1:5C:03:C4:D3:4D:9F:F4:44:D9:AD:7E:30:06:72:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/_ojVUFv1KissbqGYIqfPcbdB9qA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.212.0/22
                  130.93.0.0-130.93.191.255
                  185.9.248.0/22
                  185.12.0.0/22
                  185.120.176.0/22
                  185.122.160.0/22
                  185.133.128.0/22
                  185.137.72.0/22
                  193.84.89.0/24
                IPv6:
                  2a02:ec00::/29
                  2a0e:4180::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:c1:0d:f7:d1:77:1c:0b:39:c1:5d:33:6a:2c:84:99:97:ca:
         6a:37:78:c2:34:6c:0d:7b:c6:f3:75:37:f7:12:9b:c0:8f:a3:
         2e:14:4a:35:81:db:8d:ce:0e:bd:87:e2:50:56:d9:05:56:5a:
         36:77:74:bb:bb:25:6c:ba:41:c2:e7:e8:ce:92:a2:ee:14:30:
         74:92:6f:83:f6:e1:13:0f:90:ff:de:06:6d:19:5a:eb:42:a1:
         37:a4:bd:75:e7:d2:8b:91:67:b4:cc:83:2b:dd:90:ce:47:b5:
         76:72:54:f4:ec:00:80:92:eb:54:e1:b6:13:11:19:97:d6:42:
         79:89:73:57:40:9f:ef:8a:45:1c:d3:0e:7f:e0:5c:22:4e:4a:
         dd:ba:bb:51:d2:b8:96:a6:a1:33:91:8a:f4:19:67:b9:a4:3a:
         0f:4d:2a:e0:6f:14:ab:73:bd:ef:6f:0d:b9:85:65:e0:42:b2:
         d4:7d:e6:95:eb:a7:5e:a7:3f:03:a8:fe:c0:9a:88:1d:81:54:
         96:a4:56:2c:68:e4:76:a1:6d:d4:71:e0:03:a5:28:de:46:17:
         a0:e2:a7:92:05:d0:0c:ef:70:d9:eb:6f:08:3a:fb:ba:9d:51:
         d1:27:fe:a5:da:46:a7:3b:d5:83:56:d9:a1:45:ef:f0:b8:0c:
         6f:57:de:48
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYVu7/lKIKy6miVUWMOjsFJOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NWZiM2ZlYjE1YzAzYzRkMzRkOWZmNDQ0ZDlhZDdlMzAw
NjcyMDgwHhcNMjMwMTAxMjAwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTg4ZDU1MDViZjUyYTJiMmM2ZWExOTgyMmE3Y2Y3MWI3NDFmNmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8bKOd4pkLHja7EwVPz5oXzV7ouzL
nRDwo2sYj6RjUeoSLWpzMDmEihFOlktDl9e8HxwGmaG9s1YFvO1utv2T9brEjKbl
Vz5lmlUCVRKc0LsiLV7CXtY3kO8LASK1zkpPXGcpPYX4pgHrLILivM1wM/qHTVdx
M3ms1gQPfJ2z0nIjYfEVbelX/fR+WzSl3dqfjk0l4winqzntUE1Mo5vsc9Gv1OLY
vYGI/sefjECUp7sVnCwQwDnk06rhk/gOZIvrAgWemnZnFL5KKyki+ejSW2HfeDbF
HhOt4DyyH2UI2cQ/Ualvf8jfK1IQBAKpFJ9YrXtSGfEnwA78oBWbDcLMzwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFP6I1VBb9SorLG6hmCKnz3G3QfagMB8GA1UdIwQY
MBaAFDRfs/6xXAPE002f9ETZrX4wBnIIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkYtel9yRmNBOFRUVFpfMFJObXRmakFHY2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hNDQyYzUtZDE0Zi00MjlmLWE1MTUt
YmM1NGIxMjExYjYwLzEvX29qVlVGdjFLaXNzYnFHWUlxZlBjYmRCOXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hNDQyYzUtZDE0Zi00MjlmLWE1MTUtYmM1NGIxMjExYjYw
LzEvTkYtel9yRmNBOFRUVFpfMFJObXRmakFHY2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBDBAIAATA9AwQCLVHUMAsD
AwCCXQMEBoJdgAMEArkJ+AMEArkMAAMEArl4sAMEArl6oAMEArmFgAMEArmJSAME
AMFUWTAUBAIAAjAOAwUDKgLsAAMFAyoOQYAwDQYJKoZIhvcNAQELBQADggEBAAHB
DffRdxwLOcFdM2oshJmXymo3eMI0bA17xvN1N/cSm8CPoy4USjWB243ODr2H4lBW
2QVWWjZ3dLu7JWy6QcLn6M6Sou4UMHSSb4P24RMPkP/eBm0ZWutCoTekvXXn0ouR
Z7TMgyvdkM5HtXZyVPTsAICS61ThthMRGZfWQnmJc1dAn++KRRzTDn/gXCJOSt26
u1HSuJamoTORivQZZ7mkOg9NKuBvFKtzve9vDbmFZeBCstR95pXrp16nPwOo/sCa
iB2BVJakVixo5HahbdRx4AOlKN5GF6Dip5IF0AzvcNnrbwg6+7qdUdEn/qXaRqc7
1YNW2aFF7/C4DG9X3kg=
-----END CERTIFICATE-----