Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/Bv64C6AYefSoEJBkIrbzhK7cLeA.roa
File:                     Bv64C6AYefSoEJBkIrbzhK7cLeA.roa (raw, json)
Hash identifier:          uMh2deI6ifis0tFT7CxAG5gnWDrP9Hi4Gw7JKPuHKZo=
Subject key identifier:   06:FE:B8:0B:A0:18:79:F4:A8:10:90:64:22:B6:F3:84:AE:DC:2D:E0
Certificate issuer:       /CN=f19cf09771b8f184caa1a00421b9294491e97e6b
Certificate serial:       018571D7897F0AE6AE611C28BC24985A907F
Authority key identifier: F1:9C:F0:97:71:B8:F1:84:CA:A1:A0:04:21:B9:29:44:91:E9:7E:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Zzwl3G48YTKoaAEIbkpRJHpfms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/Bv64C6AYefSoEJBkIrbzhK7cLeA.roa
Signing time:             Mon 02 Jan 2023 09:37:08 +0000
ROA not before:           Mon 02 Jan 2023 09:37:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51695
IP address blocks:        217.78.98.0/24 maxlen: 24
                          217.78.97.0/24 maxlen: 24
                          217.78.101.0/24 maxlen: 24
                          217.78.100.0/24 maxlen: 24
                          217.78.99.0/24 maxlen: 24
                          217.78.105.0/24 maxlen: 24
                          217.78.104.0/24 maxlen: 24
                          217.78.103.0/24 maxlen: 24
                          217.78.102.0/24 maxlen: 24
                          217.78.108.0/24 maxlen: 24
                          217.78.107.0/24 maxlen: 24
                          217.78.106.0/24 maxlen: 24
                          217.78.111.0/24 maxlen: 24
                          217.78.110.0/24 maxlen: 24
                          217.78.109.0/24 maxlen: 24
                          2a02:6700::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d7:89:7f:0a:e6:ae:61:1c:28:bc:24:98:5a:90:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19cf09771b8f184caa1a00421b9294491e97e6b
        Validity
            Not Before: Jan  2 09:37:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=06feb80ba01879f4a810906422b6f384aedc2de0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:94:88:3d:bc:4c:54:08:50:39:1b:19:cc:b2:
                    7c:86:f6:8f:06:e2:26:99:8f:80:3d:4c:82:76:c9:
                    51:7e:6a:5c:4d:e7:1c:65:a4:8b:3b:40:25:24:e6:
                    a6:16:01:3d:ac:6d:6f:cf:b2:c2:1d:1f:35:e3:cb:
                    2e:37:86:1a:be:36:48:f9:67:62:30:c5:06:f7:30:
                    b5:84:e6:b5:fe:d8:ac:45:f9:e1:0e:8d:75:3d:e2:
                    86:e1:7f:53:b2:f7:53:58:ce:56:74:22:6a:d4:ab:
                    96:49:60:7e:c5:4c:0e:68:69:1d:fa:9c:48:61:ee:
                    86:72:76:3d:72:71:db:47:e0:1c:7e:96:f3:dd:2f:
                    27:93:cf:7e:7b:39:f2:a8:be:e4:e9:4f:71:2f:c4:
                    8e:2d:9b:16:8c:c4:0a:68:ce:85:55:17:e8:af:5d:
                    ec:fa:9a:ab:37:70:1d:f7:69:09:1d:d3:b0:17:b0:
                    42:b4:71:ea:81:06:d4:b0:a0:92:b4:b6:bd:7a:b7:
                    7e:24:19:ac:3f:a1:68:f6:8a:5e:90:1e:1f:7d:8e:
                    15:dd:5b:78:6b:14:6d:c4:30:4a:9d:22:5c:6c:15:
                    50:83:53:01:16:bd:df:2e:aa:5a:8f:e3:ef:7c:8b:
                    cb:9c:8b:ce:b2:94:34:bd:71:22:47:b8:3e:5c:09:
                    fd:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:FE:B8:0B:A0:18:79:F4:A8:10:90:64:22:B6:F3:84:AE:DC:2D:E0
            X509v3 Authority Key Identifier:
                keyid:F1:9C:F0:97:71:B8:F1:84:CA:A1:A0:04:21:B9:29:44:91:E9:7E:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Zzwl3G48YTKoaAEIbkpRJHpfms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/Bv64C6AYefSoEJBkIrbzhK7cLeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/8Zzwl3G48YTKoaAEIbkpRJHpfms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.78.97.0-217.78.111.255
                IPv6:
                  2a02:6700::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:b9:0b:a0:9a:de:8d:3e:92:d3:f3:bf:71:b4:22:4b:01:0d:
         d8:1c:58:6d:3b:fb:90:83:19:ac:fe:f1:39:13:46:23:fa:a3:
         78:1a:56:37:0b:1b:04:67:d6:62:ce:51:e1:93:d7:15:a1:63:
         d5:a8:53:8f:61:c9:1c:90:cb:8b:97:91:e2:02:77:43:b1:a8:
         50:97:dd:db:d5:a8:15:47:29:1e:b3:55:2a:83:a9:49:51:03:
         ca:fd:f2:74:07:dd:96:41:e6:4f:0b:5e:0d:fc:7f:90:bd:f0:
         1b:b9:9d:f2:80:7e:37:ce:b7:d3:f8:01:c1:52:3a:ea:eb:a1:
         01:55:1c:3d:e8:35:05:d2:45:55:f2:93:a4:c6:60:16:40:0e:
         fb:cf:10:97:c4:56:b6:0b:65:8e:10:9a:00:5a:9d:20:43:43:
         50:8b:cf:ca:ae:33:dc:e5:8d:a3:d0:d6:d1:92:65:b9:bf:8d:
         ea:10:64:d0:4f:6b:5e:ac:2e:54:2c:d2:bb:36:74:19:d4:e5:
         e5:02:c8:6a:58:6f:aa:76:56:4b:e2:58:99:d6:76:71:9f:35:
         98:85:5d:2b:b9:3f:92:7c:c4:47:3a:b8:ca:60:2a:e1:9e:f4:
         58:59:21:37:50:d1:cc:e8:49:dc:81:76:18:e9:d2:5d:69:8c:
         e7:5e:25:3d
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVx14l/CuauYRwovCSYWpB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOWNmMDk3NzFiOGYxODRjYWExYTAwNDIxYjkyOTQ0OTFl
OTdlNmIwHhcNMjMwMTAyMDkzNzA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmZlYjgwYmEwMTg3OWY0YTgxMDkwNjQyMmI2ZjM4NGFlZGMyZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZSIPbxMVAhQORsZzLJ8hvaPBuIm
mY+APUyCdslRfmpcTeccZaSLO0AlJOamFgE9rG1vz7LCHR8148suN4YavjZI+Wdi
MMUG9zC1hOa1/tisRfnhDo11PeKG4X9TsvdTWM5WdCJq1KuWSWB+xUwOaGkd+pxI
Ye6GcnY9cnHbR+Acfpbz3S8nk89+eznyqL7k6U9xL8SOLZsWjMQKaM6FVRfor13s
+pqrN3Ad92kJHdOwF7BCtHHqgQbUsKCStLa9erd+JBmsP6Fo9opekB4ffY4V3Vt4
axRtxDBKnSJcbBVQg1MBFr3fLqpaj+PvfIvLnIvOspQ0vXEiR7g+XAn9xwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAb+uAugGHn0qBCQZCK284Su3C3gMB8GA1UdIwQY
MBaAFPGc8JdxuPGEyqGgBCG5KUSR6X5rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFp6d2wzRzQ4WVRLb2FBRUlia3BSSkhwZm1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82NTBjOTctNGViNi00YzkxLWI1YTMt
ZGMxZGI2N2RiM2NiLzEvQnY2NEM2QVllZlNvRUpCa0lyYnpoSzdjTGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82NTBjOTctNGViNi00YzkxLWI1YTMtZGMxZGI2N2RiM2Ni
LzEvOFp6d2wzRzQ4WVRLb2FBRUlia3BSSkhwZm1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBADZTmED
BATZTmAwDQQCAAIwBwMFACoCZwAwDQYJKoZIhvcNAQELBQADggEBABC5C6Ca3o0+
ktPzv3G0IksBDdgcWG07+5CDGaz+8TkTRiP6o3gaVjcLGwRn1mLOUeGT1xWhY9Wo
U49hyRyQy4uXkeICd0OxqFCX3dvVqBVHKR6zVSqDqUlRA8r98nQH3ZZB5k8LXg38
f5C98Bu5nfKAfjfOt9P4AcFSOurroQFVHD3oNQXSRVXyk6TGYBZADvvPEJfEVrYL
ZY4QmgBanSBDQ1CLz8quM9zljaPQ1tGSZbm/jeoQZNBPa16sLlQs0rs2dBnU5eUC
yGpYb6p2VkviWJnWdnGfNZiFXSu5P5J8xEc6uMpgKuGe9FhZITdQ0czoSdyBdhjp
0l1pjOdeJT0=
-----END CERTIFICATE-----