Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/yEo9WGA-cgJ0qMFCk1hmveRTutE.roa
File:                     yEo9WGA-cgJ0qMFCk1hmveRTutE.roa (raw, json)
Hash identifier:          xnGo84cDtgRPZMfcp8CCTL7/wqlUtlzK330qbfXIebE=
Subject key identifier:   C8:4A:3D:58:60:3E:72:02:74:A8:C1:42:93:58:66:BD:E4:53:BA:D1
Certificate issuer:       /CN=543e20bf5f252b1bdbd21dc99d94cd97ea7f0fe6
Certificate serial:       01856EA6993317AEB0FBC7601FC50B3A7DEC
Authority key identifier: 54:3E:20:BF:5F:25:2B:1B:DB:D2:1D:C9:9D:94:CD:97:EA:7F:0F:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VD4gv18lKxvb0h3JnZTNl-p_D-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/yEo9WGA-cgJ0qMFCk1hmveRTutE.roa
Signing time:             Sun 01 Jan 2023 18:44:50 +0000
ROA not before:           Sun 01 Jan 2023 18:44:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43872
IP address blocks:        185.253.176.0/22 maxlen: 22
                          185.187.61.0/24 maxlen: 24
                          185.183.20.0/22 maxlen: 22
                          193.247.165.0/24 maxlen: 24
                          193.247.94.0/24 maxlen: 24
                          193.247.103.0/24 maxlen: 24
                          193.247.101.0/24 maxlen: 24
                          193.105.189.0/24 maxlen: 24
                          5.253.252.0/22 maxlen: 22
                          92.118.111.0/24 maxlen: 24
                          176.101.169.0/24 maxlen: 24
                          2a10:c9c0::/29 maxlen: 29
                          2a10:cac0::/29 maxlen: 29
                          2a0b:180::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:a6:99:33:17:ae:b0:fb:c7:60:1f:c5:0b:3a:7d:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543e20bf5f252b1bdbd21dc99d94cd97ea7f0fe6
        Validity
            Not Before: Jan  1 18:44:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c84a3d58603e720274a8c142935866bde453bad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:05:72:71:bb:ee:2a:03:7b:9f:e8:08:e5:d9:
                    e3:8c:98:30:bc:f7:dc:4d:28:b1:18:22:5d:36:6f:
                    ed:29:4e:16:5c:95:a7:78:b4:28:f9:81:b2:e2:98:
                    3f:02:be:ba:9e:59:1b:17:11:0a:74:4b:e0:8e:b5:
                    81:e2:ab:47:73:33:ae:74:32:0e:0e:ce:b7:27:9d:
                    97:30:a0:8e:89:a6:25:5d:ac:cd:ac:d8:bd:d4:b7:
                    0f:a0:db:75:a4:79:fd:03:de:e4:86:1f:fb:8c:3b:
                    4b:e2:fd:ed:a6:42:c1:6f:94:d0:f9:13:f4:7a:fe:
                    87:62:db:c5:f6:2a:61:c6:4d:90:65:d2:41:54:0f:
                    8e:15:5d:c5:33:45:a3:b6:3e:b0:06:7a:1b:d9:8a:
                    25:df:b8:87:a5:ce:96:1e:f9:40:7a:98:46:b6:29:
                    27:22:bc:84:54:9c:76:c6:db:01:c7:a0:96:75:79:
                    b3:d6:66:e9:e8:c6:d8:12:ef:6f:b0:fd:3a:11:45:
                    da:c1:8b:ee:2c:9b:d5:83:bb:1d:20:b6:d4:0d:7b:
                    2c:f5:70:b1:e8:08:95:87:19:d9:66:df:c6:39:26:
                    57:e8:d7:e1:a3:47:91:b6:b8:40:dd:32:ed:b5:04:
                    ff:b6:f3:f0:bb:49:d8:0e:fa:de:5d:08:e9:a9:ed:
                    60:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:4A:3D:58:60:3E:72:02:74:A8:C1:42:93:58:66:BD:E4:53:BA:D1
            X509v3 Authority Key Identifier:
                keyid:54:3E:20:BF:5F:25:2B:1B:DB:D2:1D:C9:9D:94:CD:97:EA:7F:0F:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VD4gv18lKxvb0h3JnZTNl-p_D-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/yEo9WGA-cgJ0qMFCk1hmveRTutE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4e87a6-6536-454a-a59e-d5ad996a1ac8/1/VD4gv18lKxvb0h3JnZTNl-p_D-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.252.0/22
                  92.118.111.0/24
                  176.101.169.0/24
                  185.183.20.0/22
                  185.187.61.0/24
                  185.253.176.0/22
                  193.105.189.0/24
                  193.247.94.0/24
                  193.247.101.0/24
                  193.247.103.0/24
                  193.247.165.0/24
                IPv6:
                  2a0b:180::/29
                  2a10:c9c0::/29
                  2a10:cac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:56:f0:c0:25:60:e8:88:cf:1c:9a:a5:18:12:45:4f:9d:2c:
         37:30:01:80:b9:c1:13:d1:97:25:a5:2a:ac:c2:a8:14:24:1e:
         24:2f:b7:ba:33:69:0a:45:04:60:85:08:4e:69:2c:bc:9b:a9:
         e8:e7:98:89:eb:30:33:f1:c3:93:83:74:c0:0c:79:c6:40:a8:
         55:55:e6:2a:6f:7a:8b:1e:55:29:f0:bd:17:af:86:a9:10:13:
         2b:81:0e:80:e8:39:7b:84:66:b7:da:74:84:1c:43:ef:7f:ea:
         b1:05:96:3d:5b:9c:66:84:e2:45:80:d7:31:fd:7b:3e:8a:7b:
         03:14:b3:6e:48:bf:cd:b0:af:0a:e5:bb:f0:fd:70:af:7a:9b:
         ce:d9:92:7e:9b:fa:9c:27:c5:97:72:ff:aa:f2:8c:f3:d1:8b:
         14:2b:a5:3c:b2:42:ed:ee:92:b4:a0:59:d0:13:70:3f:fd:14:
         af:31:c0:be:1b:a5:ad:6f:c6:48:b2:1e:59:3b:49:be:27:17:
         d7:df:90:81:ac:b7:20:1d:50:14:ad:1b:fa:82:45:31:97:12:
         d6:19:39:62:00:b0:d0:94:c6:f7:d1:06:89:e3:58:ee:84:36:
         b9:f5:cc:2e:96:d0:4c:e7:d5:43:42:67:ce:37:89:8d:e7:0a:
         3f:da:7c:88
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYVuppkzF66w+8dgH8ULOn3sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2UyMGJmNWYyNTJiMWJkYmQyMWRjOTlkOTRjZDk3ZWE3
ZjBmZTYwHhcNMjMwMTAxMTg0NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODRhM2Q1ODYwM2U3MjAyNzRhOGMxNDI5MzU4NjZiZGU0NTNiYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QVycbvuKgN7n+gI5dnjjJgwvPfc
TSixGCJdNm/tKU4WXJWneLQo+YGy4pg/Ar66nlkbFxEKdEvgjrWB4qtHczOudDIO
Ds63J52XMKCOiaYlXazNrNi91LcPoNt1pHn9A97khh/7jDtL4v3tpkLBb5TQ+RP0
ev6HYtvF9iphxk2QZdJBVA+OFV3FM0Wjtj6wBnob2Yol37iHpc6WHvlAephGtikn
IryEVJx2xtsBx6CWdXmz1mbp6MbYEu9vsP06EUXawYvuLJvVg7sdILbUDXss9XCx
6AiVhxnZZt/GOSZX6Nfho0eRtrhA3TLttQT/tvPwu0nYDvreXQjpqe1gpQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFMhKPVhgPnICdKjBQpNYZr3kU7rRMB8GA1UdIwQY
MBaAFFQ+IL9fJSsb29IdyZ2UzZfqfw/mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkQ0Z3YxOGxLeHZiMGgzSm5aVE5sLXBfRC1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS80ZTg3YTYtNjUzNi00NTRhLWE1OWUt
ZDVhZDk5NmExYWM4LzEveUVvOVdHQS1jZ0owcU1GQ2sxaG12ZVJUdXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS80ZTg3YTYtNjUzNi00NTRhLWE1OWUtZDVhZDk5NmExYWM4
LzEvVkQ0Z3YxOGxLeHZiMGgzSm5aVE5sLXBfRC1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBIBAIAATBCAwQCBf38AwQA
XHZvAwQAsGWpAwQCubcUAwQAubs9AwQCuf2wAwQAwWm9AwQAwfdeAwQAwfdlAwQA
wfdnAwQAwfelMBsEAgACMBUDBQMqCwGAAwUDKhDJwAMFAyoQysAwDQYJKoZIhvcN
AQELBQADggEBAEVW8MAlYOiIzxyapRgSRU+dLDcwAYC5wRPRlyWlKqzCqBQkHiQv
t7ozaQpFBGCFCE5pLLybqejnmInrMDPxw5ODdMAMecZAqFVV5ipveoseVSnwvRev
hqkQEyuBDoDoOXuEZrfadIQcQ+9/6rEFlj1bnGaE4kWA1zH9ez6KewMUs25Iv82w
rwrlu/D9cK96m87Zkn6b+pwnxZdy/6ryjPPRixQrpTyyQu3ukrSgWdATcD/9FK8x
wL4bpa1vxkiyHlk7Sb4nF9ffkIGstyAdUBStG/qCRTGXEtYZOWIAsNCUxvfRBonj
WO6ENrn1zC6W0Ezn1UNCZ843iY3nCj/afIg=
-----END CERTIFICATE-----