Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/_3vJaqXDx9E-5lYg8FcUCifXVYI.roa
File:                     _3vJaqXDx9E-5lYg8FcUCifXVYI.roa (raw, json)
Hash identifier:          RRZ1VIZryeXlNl20Wy7Nz/C1GmPp26MMO/6n/Coex8M=
Subject key identifier:   FF:7B:C9:6A:A5:C3:C7:D1:3E:E6:56:20:F0:57:14:0A:27:D7:55:82
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       0191044C732D42DF06DE57284887D7B9C9C0
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/_3vJaqXDx9E-5lYg8FcUCifXVYI.roa
Signing time:             Tue 30 Jul 2024 15:40:04 +0000
ROA not before:           Tue 30 Jul 2024 15:40:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209372
IP address blocks:        85.28.32.0/23 maxlen: 23
                          85.28.34.0/24 maxlen: 24
                          85.28.48.0/22 maxlen: 22
                          85.28.52.0/23 maxlen: 23
                          85.28.54.0/23 maxlen: 23
                          85.28.56.0/24 maxlen: 24
                          85.28.57.0/24 maxlen: 24
                          85.28.58.0/24 maxlen: 24
                          85.28.59.0/24 maxlen: 24
                          85.28.60.0/22 maxlen: 22
                          85.28.60.0/24 maxlen: 24
                          109.238.200.0/24 maxlen: 24
                          109.238.203.0/24 maxlen: 24
                          109.238.205.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 31 Jul 2024 19:43:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:04:4c:73:2d:42:df:06:de:57:28:48:87:d7:b9:c9:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Jul 30 15:40:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff7bc96aa5c3c7d13ee65620f057140a27d75582
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c8:07:e3:0b:3c:94:81:81:8b:b9:e9:78:19:
                    f1:8a:73:b0:5b:8a:7b:aa:34:31:4e:1f:80:7f:75:
                    d5:49:59:a2:98:9c:30:8b:c9:b6:be:29:a4:d0:6f:
                    d1:a3:b7:e6:36:73:fc:08:94:b9:bd:70:06:94:1b:
                    de:fe:23:26:fb:47:00:bb:0f:b6:1c:62:6e:8e:d6:
                    c1:4e:3d:ce:e5:c2:29:48:e3:bd:5a:e9:db:8c:ad:
                    d1:91:e7:73:a5:54:90:84:e1:88:1b:5e:08:89:7b:
                    98:1d:b3:66:6a:94:15:33:6f:41:6d:99:dc:3f:5c:
                    cf:ec:4e:62:9e:88:bc:8a:ce:56:3e:b5:68:83:65:
                    33:2c:5d:4d:46:da:a5:28:66:e3:7a:46:4e:4e:38:
                    1e:85:51:80:4a:1d:78:e5:fb:0e:76:ed:e9:05:97:
                    b0:16:d7:b8:0b:a5:54:70:cc:10:e7:09:ca:d9:30:
                    5d:6f:14:c0:66:f3:b2:da:35:d1:bb:b8:dc:ac:7b:
                    98:e9:40:17:af:a8:8e:c7:2a:95:79:31:c7:c7:40:
                    f1:a8:8f:7f:16:9c:44:52:e3:28:f3:63:aa:17:e0:
                    46:b6:78:b2:79:7f:7b:c2:13:85:66:32:90:74:2e:
                    0e:93:e0:21:9f:49:89:41:7f:38:51:62:ed:15:85:
                    95:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:7B:C9:6A:A5:C3:C7:D1:3E:E6:56:20:F0:57:14:0A:27:D7:55:82
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/_3vJaqXDx9E-5lYg8FcUCifXVYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.32.0-85.28.34.255
                  85.28.48.0/20
                  109.238.200.0/24
                  109.238.203.0/24
                  109.238.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:e0:79:c8:f9:47:97:cf:41:ca:0d:1a:51:65:6b:09:da:06:
         3e:06:7c:7a:6d:39:41:95:d9:a5:a3:49:13:56:02:ba:34:1d:
         0e:f0:36:7c:09:15:28:42:6d:9c:26:a5:c7:49:9a:8f:91:51:
         f0:7a:03:c6:4f:72:b6:ee:8c:65:e4:47:ca:f3:85:bd:3d:cf:
         25:a0:92:72:ba:84:26:b5:c8:4f:f4:eb:7a:a9:bd:d3:f1:32:
         3b:27:f4:b5:e3:c6:82:ff:51:ec:e3:c3:ed:7d:4c:9e:5d:80:
         99:7d:b5:93:f2:45:6a:fd:2d:cb:d4:18:88:b7:6d:e7:7e:d4:
         0e:76:85:ac:fe:c2:31:f3:a0:7a:9d:0f:4f:c0:a4:c0:bd:31:
         76:a9:c9:d8:6c:88:ef:98:80:e5:95:68:52:29:c0:fa:90:f1:
         b5:ee:22:40:13:77:6d:e7:35:17:ab:f2:e8:f1:9d:8f:d8:86:
         6c:74:56:c3:e5:c1:4d:63:ef:5c:ca:26:e5:7c:af:6e:f2:72:
         e0:a2:cc:ae:c5:f2:69:2d:c3:e4:35:0b:6f:31:4b:c7:fd:24:
         9a:8f:be:7e:d6:64:86:39:7a:ed:1e:4a:1f:1e:a9:8c:7f:ee:
         dc:61:40:26:f6:c4:be:be:9d:de:4a:59:89:db:6c:89:f7:a0:
         2b:00:56:cd
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZEETHMtQt8G3lcoSIfXucnAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjQwNzMwMTU0MDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjdiYzk2YWE1YzNjN2QxM2VlNjU2MjBmMDU3MTQwYTI3ZDc1NTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMgH4ws8lIGBi7npeBnxinOwW4p7
qjQxTh+Af3XVSVmimJwwi8m2vimk0G/Ro7fmNnP8CJS5vXAGlBve/iMm+0cAuw+2
HGJujtbBTj3O5cIpSOO9WunbjK3RkedzpVSQhOGIG14IiXuYHbNmapQVM29BbZnc
P1zP7E5inoi8is5WPrVog2UzLF1NRtqlKGbjekZOTjgehVGASh145fsOdu3pBZew
Fte4C6VUcMwQ5wnK2TBdbxTAZvOy2jXRu7jcrHuY6UAXr6iOxyqVeTHHx0DxqI9/
FpxEUuMo82OqF+BGtniyeX97whOFZjKQdC4Ok+Ahn0mJQX84UWLtFYWVXwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFP97yWqlw8fRPuZWIPBXFAon11WCMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvXzN2SmFxWER4OUUtNWxZZzhGY1VDaWZYVllJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBAVVHCAD
BABVHCIDBARVHDADBABt7sgDBABt7ssDBABt7s0wDQYJKoZIhvcNAQELBQADggEB
AILgecj5R5fPQcoNGlFlawnaBj4GfHptOUGV2aWjSRNWAro0HQ7wNnwJFShCbZwm
pcdJmo+RUfB6A8ZPcrbujGXkR8rzhb09zyWgknK6hCa1yE/063qpvdPxMjsn9LXj
xoL/Uezjw+19TJ5dgJl9tZPyRWr9LcvUGIi3bed+1A52haz+wjHzoHqdD0/ApMC9
MXapydhsiO+YgOWVaFIpwPqQ8bXuIkATd23nNRer8ujxnY/Yhmx0VsPlwU1j71zK
JuV8r27ycuCizK7F8mktw+Q1C28xS8f9JJqPvn7WZIY5eu0eSh8eqYx/7txhQCb2
xL6+nd5KWYnbbIn3oCsAVs0=