Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/UNLvHIhLd6Isppv8HQZVizOoHGg.roa
File:                     UNLvHIhLd6Isppv8HQZVizOoHGg.roa (raw, json)
Hash identifier:          Vf2pbEGZ4oULfnj0vp6lsIFVEp0auUDZAaTCLoua6Xs=
Subject key identifier:   50:D2:EF:1C:88:4B:77:A2:2C:A6:9B:FC:1D:06:55:8B:33:A8:1C:68
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       01899778DDA5EC7724287AFF970D41888994
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/UNLvHIhLd6Isppv8HQZVizOoHGg.roa
Signing time:             Thu 27 Jul 2023 13:10:27 +0000
ROA not before:           Thu 27 Jul 2023 13:10:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56534
IP address blocks:        85.142.164.0/22 maxlen: 22
                          85.142.168.0/21 maxlen: 21
                          85.142.176.0/22 maxlen: 22
                          85.143.144.0/22 maxlen: 22
                          85.143.203.0/24 maxlen: 24
                          85.143.204.0/22 maxlen: 22
                          85.143.250.0/24 maxlen: 24
                          85.143.252.0/22 maxlen: 22
                          85.143.160.0/21 maxlen: 21
                          85.142.208.0/22 maxlen: 22
                          85.143.176.0/22 maxlen: 22
                          85.143.184.0/22 maxlen: 22
                          82.179.248.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:97:78:dd:a5:ec:77:24:28:7a:ff:97:0d:41:88:89:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jul 27 13:10:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=50d2ef1c884b77a22ca69bfc1d06558b33a81c68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2b:24:17:20:36:fa:db:96:7b:3b:b6:ee:c1:
                    0f:ba:d6:ec:65:b4:d8:e8:98:07:e8:74:0a:a9:b8:
                    bc:77:4a:48:03:59:1f:1c:5f:e4:80:a7:58:f2:5b:
                    9e:dc:16:05:c3:ae:dc:ca:90:e8:df:bf:fa:bb:7d:
                    4e:be:4a:04:35:2c:71:ed:05:c8:53:0a:d2:d2:d3:
                    70:b4:57:39:89:80:d4:2c:b6:27:a6:33:05:d0:6f:
                    1c:5c:56:78:4a:f4:c5:33:8c:86:77:29:d5:c4:78:
                    8a:28:ee:e9:bf:95:8b:bc:4c:80:7c:60:84:59:43:
                    50:cb:a0:b4:91:d0:f5:89:dd:14:1c:75:52:5f:b2:
                    e1:bc:88:18:28:de:bb:16:2d:02:25:07:6f:27:fb:
                    60:c6:1d:a5:da:6c:45:6d:70:65:31:b7:7f:b4:c7:
                    92:c3:fc:d2:b1:f8:2e:dd:c3:6e:1e:2e:41:c6:9c:
                    5c:09:71:f5:8f:98:16:c4:32:2d:2f:ec:9e:8a:5b:
                    48:78:10:ae:a4:9c:5b:bc:13:ae:b8:e0:65:58:db:
                    4f:a8:bf:ad:cc:69:3d:9b:65:5d:2a:48:6c:f8:cd:
                    f3:66:9e:52:7e:44:77:d4:62:38:7e:68:1c:9b:21:
                    ee:fe:de:ce:b1:20:14:9b:44:af:30:9e:aa:9a:70:
                    75:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D2:EF:1C:88:4B:77:A2:2C:A6:9B:FC:1D:06:55:8B:33:A8:1C:68
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/UNLvHIhLd6Isppv8HQZVizOoHGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.179.248.0/22
                  85.142.164.0-85.142.179.255
                  85.142.208.0/22
                  85.143.144.0/22
                  85.143.160.0/21
                  85.143.176.0/22
                  85.143.184.0/22
                  85.143.203.0-85.143.207.255
                  85.143.250.0/24
                  85.143.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:08:1a:dd:3d:2f:a7:13:69:28:55:7f:b0:53:79:c3:57:c3:
         e3:69:83:d9:a0:90:7d:f3:29:6e:39:e5:04:41:a1:ee:65:58:
         2a:b6:3e:2f:46:7f:1b:d3:d9:fd:a0:ab:c7:c2:c5:d9:45:2a:
         30:71:4e:65:e7:bb:2f:33:9f:78:86:11:ad:4c:49:69:7d:20:
         a9:ac:27:10:a7:e4:b8:4f:1f:7b:49:65:be:03:77:50:11:0f:
         aa:ed:14:d9:5e:9e:00:f6:3c:52:cc:2a:5e:2d:e7:f3:a3:da:
         96:93:83:8c:7b:72:84:48:0d:cf:66:5a:45:d5:e7:8f:60:88:
         e1:af:69:c5:90:c6:dd:98:2a:46:62:4c:70:b5:3b:8c:f5:c0:
         68:73:4c:b4:a4:1c:08:dc:cf:3e:a1:4e:c7:30:27:50:34:95:
         b9:74:f8:54:19:b9:b7:32:42:e9:f1:c4:31:78:76:18:3d:b3:
         71:57:5e:e2:a3:dc:b0:8c:39:23:c1:02:af:e6:6b:f9:67:2e:
         e9:ff:25:bf:1d:d2:31:c2:f2:67:bb:c9:a6:34:32:61:9d:15:
         67:bb:20:c7:69:f3:ab:69:af:e0:de:0d:04:7f:65:24:74:2c:
         76:e8:f6:6e:2d:bc:5b:77:73:78:bd:96:d9:e5:ff:5e:ef:72:
         f2:0b:e0:01
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYmXeN2l7HckKHr/lw1BiImUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjMwNzI3MTMxMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGQyZWYxYzg4NGI3N2EyMmNhNjliZmMxZDA2NTU4YjMzYTgxYzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviskFyA2+tuWezu27sEPutbsZbTY
6JgH6HQKqbi8d0pIA1kfHF/kgKdY8lue3BYFw67cypDo37/6u31OvkoENSxx7QXI
UwrS0tNwtFc5iYDULLYnpjMF0G8cXFZ4SvTFM4yGdynVxHiKKO7pv5WLvEyAfGCE
WUNQy6C0kdD1id0UHHVSX7LhvIgYKN67Fi0CJQdvJ/tgxh2l2mxFbXBlMbd/tMeS
w/zSsfgu3cNuHi5BxpxcCXH1j5gWxDItL+yeiltIeBCupJxbvBOuuOBlWNtPqL+t
zGk9m2VdKkhs+M3zZp5SfkR31GI4fmgcmyHu/t7OsSAUm0SvMJ6qmnB1YwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFFDS7xyIS3eiLKab/B0GVYszqBxoMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvVU5MdkhJaExkNklzcHB2OEhRWlZpek9vSEdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQCUrP4MAwD
BAJVjqQDBAJVjrADBAJVjtADBAJVj5ADBANVj6ADBAJVj7ADBAJVj7gwDAMEAFWP
ywMEBFWPwAMEAFWP+gMEAlWP/DANBgkqhkiG9w0BAQsFAAOCAQEACQga3T0vpxNp
KFV/sFN5w1fD42mD2aCQffMpbjnlBEGh7mVYKrY+L0Z/G9PZ/aCrx8LF2UUqMHFO
Zee7LzOfeIYRrUxJaX0gqawnEKfkuE8fe0llvgN3UBEPqu0U2V6eAPY8UswqXi3n
86PalpODjHtyhEgNz2ZaRdXnj2CI4a9pxZDG3ZgqRmJMcLU7jPXAaHNMtKQcCNzP
PqFOxzAnUDSVuXT4VBm5tzJC6fHEMXh2GD2zcVde4qPcsIw5I8ECr+Zr+Wcu6f8l
vx3SMcLyZ7vJpjQyYZ0VZ7sgx2nzq2mv4N4NBH9lJHQsduj2bi28W3dzeL2W2eX/
Xu9y8gvgAQ==
-----END CERTIFICATE-----