Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/77ac86-31f6-4370-b433-b0e7d41b5d36/1/o1svIgw7QQa3QYZShkqBfxIyPmE.roa
File:                     o1svIgw7QQa3QYZShkqBfxIyPmE.roa (raw, json)
Hash identifier:          RovpKqOvHaUKTKMweWLgCf+bi8QDa8Y4cQuTMMTLMXk=
Subject key identifier:   A3:5B:2F:22:0C:3B:41:06:B7:41:86:52:86:4A:81:7F:12:32:3E:61
Certificate issuer:       /CN=7e0423211f49b1335e94b8bdbbb1168664f6804f
Certificate serial:       01856C53B6A1953A8DEEEE3D4BEF411F5174
Authority key identifier: 7E:04:23:21:1F:49:B1:33:5E:94:B8:BD:BB:B1:16:86:64:F6:80:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fgQjIR9JsTNelLi9u7EWhmT2gE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/77ac86-31f6-4370-b433-b0e7d41b5d36/1/o1svIgw7QQa3QYZShkqBfxIyPmE.roa
Signing time:             Sun 01 Jan 2023 07:55:03 +0000
ROA not before:           Sun 01 Jan 2023 07:55:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204213
IP address blocks:        89.39.208.0/24 maxlen: 24
                          217.144.105.0/24 maxlen: 24
                          217.144.104.0/24 maxlen: 24
                          185.94.96.0/24 maxlen: 24
                          185.94.98.0/24 maxlen: 24
                          185.94.97.0/24 maxlen: 24
                          185.94.99.0/24 maxlen: 24
                          89.32.251.0/24 maxlen: 24
                          89.32.249.0/24 maxlen: 24
                          89.32.248.0/24 maxlen: 24
                          89.32.250.0/24 maxlen: 24
                          89.42.209.0/24 maxlen: 24
                          89.42.211.0/24 maxlen: 24
                          89.42.210.0/24 maxlen: 24
                          89.45.89.0/24 maxlen: 24
                          188.212.22.0/24 maxlen: 24
                          89.42.208.0/24 maxlen: 24
                          217.144.106.0/24 maxlen: 24
                          217.144.107.0/24 maxlen: 24
                          86.106.142.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:53:b6:a1:95:3a:8d:ee:ee:3d:4b:ef:41:1f:51:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e0423211f49b1335e94b8bdbbb1168664f6804f
        Validity
            Not Before: Jan  1 07:55:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a35b2f220c3b4106b7418652864a817f12323e61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9e:28:ed:a8:40:b6:14:52:e0:7a:e3:75:f8:
                    b2:4c:45:a4:06:0f:35:9f:76:f7:b6:fc:d1:c8:f2:
                    8f:47:03:9f:d4:f5:56:a3:dc:fa:b2:d2:b5:35:60:
                    68:af:14:91:b3:0c:c9:4f:3a:d0:7f:c5:ce:82:52:
                    f7:2b:30:57:e4:6c:e1:0a:96:8b:1e:e0:ad:83:a3:
                    22:46:e3:ce:74:f6:d2:e3:92:3f:0e:98:d4:50:d7:
                    de:49:99:49:78:31:21:e3:94:89:6d:06:de:a4:e8:
                    ab:b5:6e:53:e4:a7:72:70:d1:e0:4e:1f:62:95:21:
                    f7:a4:09:f4:39:49:c2:05:90:69:9d:b3:a3:9f:cb:
                    09:d3:0d:8f:47:f4:05:3a:c1:66:ec:7e:f9:4f:04:
                    c8:e2:97:60:40:dc:0f:04:c1:dc:91:3d:d3:59:e7:
                    dc:f5:6c:56:fc:91:c7:57:15:1d:c7:b5:bc:85:1f:
                    5a:ec:fa:b5:1f:66:71:4f:ef:e4:cf:78:bb:1a:5e:
                    df:1e:7d:76:7e:b6:6e:eb:71:95:81:cc:0d:b8:73:
                    3a:06:80:31:c6:95:a0:52:13:6d:3c:d7:81:5d:17:
                    d8:3b:1d:44:a6:66:a8:de:8f:85:aa:41:82:13:76:
                    75:f2:65:1e:f1:f1:66:da:5b:ea:13:ab:2b:72:4e:
                    bd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:5B:2F:22:0C:3B:41:06:B7:41:86:52:86:4A:81:7F:12:32:3E:61
            X509v3 Authority Key Identifier:
                keyid:7E:04:23:21:1F:49:B1:33:5E:94:B8:BD:BB:B1:16:86:64:F6:80:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fgQjIR9JsTNelLi9u7EWhmT2gE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/77ac86-31f6-4370-b433-b0e7d41b5d36/1/o1svIgw7QQa3QYZShkqBfxIyPmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/77ac86-31f6-4370-b433-b0e7d41b5d36/1/fgQjIR9JsTNelLi9u7EWhmT2gE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.142.0/24
                  89.32.248.0/22
                  89.39.208.0/24
                  89.42.208.0/22
                  89.45.89.0/24
                  185.94.96.0/22
                  188.212.22.0/24
                  217.144.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:3c:f8:96:47:7d:e8:d7:63:81:ce:19:65:a8:4b:4c:e9:a3:
         e8:1e:cc:ed:64:48:2d:ee:3f:e1:34:d0:a8:17:fe:ad:ec:27:
         45:7b:b4:bb:21:3d:2f:4c:9a:a6:9d:04:2a:e7:4d:6e:bd:c4:
         b0:b6:7e:bd:0b:c0:34:4a:0b:e3:88:7c:bf:f9:bf:66:e2:44:
         f0:02:34:5b:e8:f0:87:56:e2:ad:a6:47:6c:00:94:d7:1a:56:
         c5:99:f1:4c:00:f3:79:d9:13:b7:65:42:50:e8:82:c7:ee:b9:
         26:56:ff:65:a4:32:d9:8c:e8:35:ea:dc:db:84:a8:45:d3:25:
         e0:f9:b8:dd:36:b0:4a:95:82:5d:13:d8:23:17:be:f6:72:16:
         eb:b5:3d:5e:4a:18:41:3c:70:d1:5c:7a:f5:ad:81:79:6d:b6:
         c3:9b:1f:7c:7b:1c:e4:f7:de:68:17:67:10:41:b1:53:54:24:
         62:17:33:5f:8d:2f:47:32:03:fe:b3:e2:57:9d:42:4d:31:b6:
         71:a8:af:ef:ba:91:31:fb:b4:43:4c:27:98:29:bd:3c:d0:85:
         4d:ef:b6:ad:35:4c:44:9f:ed:07:2d:ec:e9:4a:30:93:42:f9:
         ad:df:ed:76:ca:9a:29:83:07:3d:ef:45:a6:32:87:01:7b:90:
         e5:b8:7a:8a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVsU7ahlTqN7u49S+9BH1F0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMDQyMzIxMWY0OWIxMzM1ZTk0YjhiZGJiYjExNjg2NjRm
NjgwNGYwHhcNMjMwMTAxMDc1NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzViMmYyMjBjM2I0MTA2Yjc0MTg2NTI4NjRhODE3ZjEyMzIzZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZ4o7ahAthRS4HrjdfiyTEWkBg81
n3b3tvzRyPKPRwOf1PVWo9z6stK1NWBorxSRswzJTzrQf8XOglL3KzBX5GzhCpaL
HuCtg6MiRuPOdPbS45I/DpjUUNfeSZlJeDEh45SJbQbepOirtW5T5KdycNHgTh9i
lSH3pAn0OUnCBZBpnbOjn8sJ0w2PR/QFOsFm7H75TwTI4pdgQNwPBMHckT3TWefc
9WxW/JHHVxUdx7W8hR9a7Pq1H2ZxT+/kz3i7Gl7fHn12frZu63GVgcwNuHM6BoAx
xpWgUhNtPNeBXRfYOx1Epmao3o+FqkGCE3Z18mUe8fFm2lvqE6srck69GQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKNbLyIMO0EGt0GGUoZKgX8SMj5hMB8GA1UdIwQY
MBaAFH4EIyEfSbEzXpS4vbuxFoZk9oBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmdRaklSOUpzVE5lbExpOXU3RVdobVQyZ0U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS83N2FjODYtMzFmNi00MzcwLWI0MzMt
YjBlN2Q0MWI1ZDM2LzEvbzFzdklndzdRUWEzUVlaU2hrcUJmeEl5UG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS83N2FjODYtMzFmNi00MzcwLWI0MzMtYjBlN2Q0MWI1ZDM2
LzEvZmdRaklSOUpzVE5lbExpOXU3RVdobVQyZ0U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAVmqOAwQC
WSD4AwQAWSfQAwQCWSrQAwQAWS1ZAwQCuV5gAwQAvNQWAwQC2ZBoMA0GCSqGSIb3
DQEBCwUAA4IBAQCwPPiWR33o12OBzhllqEtM6aPoHsztZEgt7j/hNNCoF/6t7CdF
e7S7IT0vTJqmnQQq501uvcSwtn69C8A0SgvjiHy/+b9m4kTwAjRb6PCHVuKtpkds
AJTXGlbFmfFMAPN52RO3ZUJQ6ILH7rkmVv9lpDLZjOg16tzbhKhF0yXg+bjdNrBK
lYJdE9gjF772chbrtT1eShhBPHDRXHr1rYF5bbbDmx98exzk995oF2cQQbFTVCRi
FzNfjS9HMgP+s+JXnUJNMbZxqK/vupEx+7RDTCeYKb080IVN77atNUxEn+0HLezp
SjCTQvmt3+12ypopgwc970WmMocBe5DluHqK
-----END CERTIFICATE-----