Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/2JkBG-oA_u-vd4fsy-tD5ipLlJI.roa
File:                     2JkBG-oA_u-vd4fsy-tD5ipLlJI.roa (raw, json)
Hash identifier:          XswlcTG3CNFz0qoGdqAZv4q1eJlzB1ONKjUnVu9nTZ0=
Subject key identifier:   D8:99:01:1B:EA:00:FE:EF:AF:77:87:EC:CB:EB:43:E6:2A:4B:94:92
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018571D7D020C1E470A557FC4D2D1E2067EB
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/2JkBG-oA_u-vd4fsy-tD5ipLlJI.roa
Signing time:             Mon 02 Jan 2023 09:37:26 +0000
ROA not before:           Mon 02 Jan 2023 09:37:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     136258
IP address blocks:        185.213.23.0/24 maxlen: 24
                          147.78.0.0/24 maxlen: 24
                          147.78.1.0/24 maxlen: 24
                          185.126.239.0/24 maxlen: 24
                          2a11:840:12::/48 maxlen: 48
                          2a11:840:8::/48 maxlen: 48
                          2a11:840:18::/48 maxlen: 48
                          2a11:840:13::/48 maxlen: 48
                          2a11:840:11::/48 maxlen: 48
                          2a11:840:41::/48 maxlen: 48
                          2a11:840:17::/48 maxlen: 48
                          2a11:840:7::/48 maxlen: 48
                          2a11:840:40::/48 maxlen: 48
                          2a11:840:10::/48 maxlen: 48
                          2a11:840:19::/48 maxlen: 48
                          2a11:840:14::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 19 Jan 2023 14:18:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d7:d0:20:c1:e4:70:a5:57:fc:4d:2d:1e:20:67:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  2 09:37:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d899011bea00feefaf7787eccbeb43e62a4b9492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:21:ba:a4:96:44:56:0b:3c:1d:a3:2b:7a:64:
                    bb:cf:16:ba:bb:47:a8:03:ed:de:de:07:2f:2a:c9:
                    ef:05:b4:69:e3:34:d1:ed:0f:e7:f4:2d:a1:0a:c6:
                    b4:58:60:fe:5f:b3:55:1e:e5:d6:af:b3:c7:04:aa:
                    c9:1b:21:bb:db:bf:b6:95:8d:2c:65:c6:85:d1:59:
                    17:d2:93:43:cf:75:82:76:bc:10:7f:f2:e6:54:4f:
                    f2:e4:c4:46:f0:12:5b:8f:d5:f5:65:ef:73:02:e3:
                    57:28:51:f1:7c:2b:42:b2:32:bd:8f:ec:30:01:dc:
                    dd:bb:1d:9d:9a:36:5e:58:c7:64:2a:6c:5d:bf:13:
                    e4:e0:0b:46:42:da:de:18:07:43:13:46:d0:98:97:
                    96:f9:cd:df:87:1c:a6:a2:e2:02:73:b7:2d:bb:37:
                    f4:1f:e8:69:4d:2a:48:83:c4:7d:46:68:d9:02:3d:
                    2f:18:d6:a7:73:de:62:b8:f4:ff:1e:7e:81:5b:1a:
                    32:43:76:40:22:e2:73:63:c7:af:bc:a0:5c:4e:45:
                    89:08:c2:2b:61:ec:29:63:70:90:9e:80:8f:9f:38:
                    cc:bc:09:9e:45:e6:f3:f4:98:0b:07:41:31:00:0e:
                    da:3c:a4:de:ef:10:6a:e3:ee:63:27:dc:aa:a8:18:
                    62:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:99:01:1B:EA:00:FE:EF:AF:77:87:EC:CB:EB:43:E6:2A:4B:94:92
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/2JkBG-oA_u-vd4fsy-tD5ipLlJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.0.0/23
                  185.126.239.0/24
                  185.213.23.0/24
                IPv6:
                  2a11:840:7::-2a11:840:8:ffff:ffff:ffff:ffff:ffff
                  2a11:840:10::-2a11:840:14:ffff:ffff:ffff:ffff:ffff
                  2a11:840:17::-2a11:840:19:ffff:ffff:ffff:ffff:ffff
                  2a11:840:40::/47

    Signature Algorithm: sha256WithRSAEncryption
         3f:dd:23:0e:09:5c:d4:ac:42:bf:eb:8e:a6:aa:17:0d:83:34:
         22:b7:6c:73:90:67:b2:07:a9:af:f2:73:5d:f6:da:a7:a5:eb:
         f9:46:59:92:c4:0d:9b:73:57:1c:79:f5:83:50:b0:ee:bb:f1:
         70:8e:b4:58:82:cc:b9:3c:a5:66:f6:e4:73:04:f9:23:20:59:
         76:16:c4:c7:54:e8:d3:fb:ef:79:ba:da:00:52:94:0f:e0:dc:
         f8:b5:25:5c:6c:14:86:7b:5a:ed:d5:2a:a7:a3:26:c0:86:9a:
         b1:0a:d3:27:d1:b6:3c:95:53:c9:4d:05:ba:7b:11:7b:45:ff:
         c3:61:f1:bf:59:98:6a:6e:8a:f5:f9:eb:e8:c6:89:99:cf:24:
         cb:e2:1c:c7:35:dd:21:d4:b4:5b:d6:0c:a7:b4:1a:bf:20:1e:
         f6:8b:4a:1a:4c:63:94:8a:70:7c:dc:05:d4:b2:9c:96:6b:eb:
         a2:dd:83:77:83:96:a5:3d:6d:ea:9e:a6:ee:29:28:1a:36:30:
         d8:74:e2:bd:69:51:4e:ff:e4:ff:8a:dc:59:7f:59:de:9b:af:
         97:ed:ce:71:ed:49:97:37:88:6d:b9:3f:5d:9a:c8:a9:61:62:
         ea:3f:86:3e:fe:fc:a9:ad:9c:94:1d:05:8e:0a:f2:df:61:f2:
         73:ad:0d:7a
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYVx19AgweRwpVf8TS0eIGfrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjMwMTAyMDkzNzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODk5MDExYmVhMDBmZWVmYWY3Nzg3ZWNjYmViNDNlNjJhNGI5NDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiG6pJZEVgs8HaMremS7zxa6u0eo
A+3e3gcvKsnvBbRp4zTR7Q/n9C2hCsa0WGD+X7NVHuXWr7PHBKrJGyG727+2lY0s
ZcaF0VkX0pNDz3WCdrwQf/LmVE/y5MRG8BJbj9X1Ze9zAuNXKFHxfCtCsjK9j+ww
Adzdux2dmjZeWMdkKmxdvxPk4AtGQtreGAdDE0bQmJeW+c3fhxymouICc7ctuzf0
H+hpTSpIg8R9RmjZAj0vGNanc95iuPT/Hn6BWxoyQ3ZAIuJzY8evvKBcTkWJCMIr
YewpY3CQnoCPnzjMvAmeRebz9JgLB0ExAA7aPKTe7xBq4+5jJ9yqqBhi7QIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFNiZARvqAP7vr3eH7MvrQ+YqS5SSMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvMkprQkctb0FfdS12ZDRmc3ktdEQ1aXBMbEpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzAYBAIAATASAwQBk04AAwQA
uX7vAwQAudUXMEsEAgACMEUwEgMHACoRCEAABwMHACoRCEAACDASAwcEKhEIQAAQ
AwcAKhEIQAAUMBIDBwAqEQhAABcDBwEqEQhAABgDBwEqEQhAAEAwDQYJKoZIhvcN
AQELBQADggEBAD/dIw4JXNSsQr/rjqaqFw2DNCK3bHOQZ7IHqa/yc1322qel6/lG
WZLEDZtzVxx59YNQsO678XCOtFiCzLk8pWb25HME+SMgWXYWxMdU6NP773m62gBS
lA/g3Pi1JVxsFIZ7Wu3VKqejJsCGmrEK0yfRtjyVU8lNBbp7EXtF/8Nh8b9ZmGpu
ivX56+jGiZnPJMviHMc13SHUtFvWDKe0Gr8gHvaLShpMY5SKcHzcBdSynJZr66Ld
g3eDlqU9beqepu4pKBo2MNh04r1pUU7/5P+K3Fl/Wd6br5ftznHtSZc3iG25P12a
yKlhYuo/hj7+/KmtnJQdBY4K8t9h8nOtDXo=
-----END CERTIFICATE-----