Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/c5fc54-74c2-4f3d-95c1-44023c3b784e/1/5-GaVJt9icULZea9wYeniuZWKqc.roa
File:                     5-GaVJt9icULZea9wYeniuZWKqc.roa (raw, json)
Hash identifier:          XqQ2Y/jOc+wU6eK2CFNvfrNfD6iyWrfUe30ZCpV9db8=
Subject key identifier:   E7:E1:9A:54:9B:7D:89:C5:0B:65:E6:BD:C1:87:A7:8A:E6:56:2A:A7
Certificate issuer:       /CN=26d9a16c2fa7d4c370b5325214be4420b611f1f9
Certificate serial:       01856E2FC005B1DFF1E3DFC3D3A58555B20F
Authority key identifier: 26:D9:A1:6C:2F:A7:D4:C3:70:B5:32:52:14:BE:44:20:B6:11:F1:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JtmhbC-n1MNwtTJSFL5EILYR8fk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/c5fc54-74c2-4f3d-95c1-44023c3b784e/1/5-GaVJt9icULZea9wYeniuZWKqc.roa
Signing time:             Sun 01 Jan 2023 16:35:01 +0000
ROA not before:           Sun 01 Jan 2023 16:35:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205202
IP address blocks:        185.225.97.0/24 maxlen: 24
                          185.225.98.0/24 maxlen: 24
                          185.225.99.0/24 maxlen: 24
                          2a0d:ac00:2::/48 maxlen: 48
                          2a0d:ac00:1002::/48 maxlen: 48
                          2a0d:ac00::/48 maxlen: 48
                          2a0d:ac00:1000::/48 maxlen: 48
                          2a0d:ac00:6::/48 maxlen: 48
                          2a0d:ac00:1006::/48 maxlen: 48
                          2a0d:ac00:dc01::/48 maxlen: 48
                          2a0d:ac00:1007::/48 maxlen: 48
                          2a0d:ac00:7::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:2f:c0:05:b1:df:f1:e3:df:c3:d3:a5:85:55:b2:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26d9a16c2fa7d4c370b5325214be4420b611f1f9
        Validity
            Not Before: Jan  1 16:35:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e7e19a549b7d89c50b65e6bdc187a78ae6562aa7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e2:66:dd:83:a5:7c:87:a4:80:54:e1:e6:39:
                    8d:12:04:1a:be:18:40:6c:b3:6f:50:9d:6a:33:67:
                    18:ec:57:11:59:cf:33:32:d1:49:71:da:8e:6d:d3:
                    ce:62:cd:78:0a:39:9a:70:75:e4:3a:d0:93:4d:c2:
                    26:78:c4:b4:10:22:e2:50:ef:97:36:fe:f5:7f:10:
                    c7:f4:e3:b4:90:a3:75:70:36:8c:56:cd:83:20:59:
                    3f:6a:8a:98:cd:47:1f:3e:0a:e1:5e:e5:bd:5e:93:
                    ef:50:f1:06:3b:89:47:fd:f3:3b:ec:e2:a7:43:9a:
                    79:9a:af:5e:cf:d6:b2:f2:3b:02:d0:6b:f4:0a:0a:
                    e7:be:16:fa:1a:8b:bc:19:05:0c:37:f5:00:52:a9:
                    65:32:5d:29:1e:56:06:b6:3f:aa:24:1d:e8:22:c8:
                    34:79:6d:f8:a3:19:12:e3:1b:f2:4e:e2:2a:ce:a3:
                    30:2a:4a:3a:5a:34:6f:69:5b:44:68:7d:1b:46:56:
                    a6:de:c1:e0:74:7d:33:66:f5:d2:6b:ee:7b:02:71:
                    21:fc:34:44:ab:e6:0a:1f:ed:ae:07:67:2a:ed:8b:
                    92:44:93:74:ee:0f:ad:5b:a0:6f:7a:54:41:e6:ba:
                    ff:92:cc:e9:a1:25:f4:e7:2c:00:7f:12:37:70:ac:
                    e3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E1:9A:54:9B:7D:89:C5:0B:65:E6:BD:C1:87:A7:8A:E6:56:2A:A7
            X509v3 Authority Key Identifier:
                keyid:26:D9:A1:6C:2F:A7:D4:C3:70:B5:32:52:14:BE:44:20:B6:11:F1:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JtmhbC-n1MNwtTJSFL5EILYR8fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/c5fc54-74c2-4f3d-95c1-44023c3b784e/1/5-GaVJt9icULZea9wYeniuZWKqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/c5fc54-74c2-4f3d-95c1-44023c3b784e/1/JtmhbC-n1MNwtTJSFL5EILYR8fk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.97.0-185.225.99.255
                IPv6:
                  2a0d:ac00::/48
                  2a0d:ac00:2::/48
                  2a0d:ac00:6::/47
                  2a0d:ac00:1000::/48
                  2a0d:ac00:1002::/48
                  2a0d:ac00:1006::/47
                  2a0d:ac00:dc01::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:a1:24:b7:5b:55:e3:7f:6b:70:4c:84:cf:ab:4c:3f:50:c0:
         1a:77:67:f2:d0:9d:25:98:41:38:64:7d:a2:b7:a4:8a:ff:77:
         e5:79:ea:5f:fc:13:bf:1e:67:0a:93:77:ca:dc:04:f7:2e:ea:
         b7:4d:7b:ad:6a:8b:eb:d5:b1:71:94:bc:56:ff:07:6e:0f:8f:
         03:1a:f7:cc:3f:48:54:96:fe:0e:61:b7:1c:ed:e4:7f:79:a5:
         a2:b0:80:fe:8c:7c:d7:8a:85:8f:e4:6d:78:ea:97:6b:49:b5:
         cb:8f:bf:2b:77:9e:bf:66:14:08:1f:dd:88:0c:e1:bd:c8:ef:
         c0:7c:08:dc:12:c1:77:fb:f6:db:59:66:c7:fe:60:82:a1:10:
         97:04:de:3f:a4:b1:ff:ce:88:ef:db:0c:18:8a:56:ce:a8:0c:
         3b:ef:b0:d3:67:69:ae:17:e2:12:35:77:1f:fb:b3:e0:eb:8e:
         a7:40:9e:1d:02:f6:61:83:50:d1:73:2f:43:53:a5:02:43:90:
         28:7c:68:d0:52:34:10:ae:ab:b6:bd:18:fd:f7:9a:08:da:72:
         38:22:cb:e9:e3:23:c4:76:14:80:a6:16:fe:ce:4f:35:9e:10:
         ff:ab:3c:67:34:75:27:e8:d7:20:73:f4:63:0b:9f:06:93:fe:
         88:ca:7c:2c
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYVuL8AFsd/x49/D06WFVbIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZDlhMTZjMmZhN2Q0YzM3MGI1MzI1MjE0YmU0NDIwYjYx
MWYxZjkwHhcNMjMwMTAxMTYzNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2UxOWE1NDliN2Q4OWM1MGI2NWU2YmRjMTg3YTc4YWU2NTYyYWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseJm3YOlfIekgFTh5jmNEgQavhhA
bLNvUJ1qM2cY7FcRWc8zMtFJcdqObdPOYs14CjmacHXkOtCTTcImeMS0ECLiUO+X
Nv71fxDH9OO0kKN1cDaMVs2DIFk/aoqYzUcfPgrhXuW9XpPvUPEGO4lH/fM77OKn
Q5p5mq9ez9ay8jsC0Gv0Cgrnvhb6Gou8GQUMN/UAUqllMl0pHlYGtj+qJB3oIsg0
eW34oxkS4xvyTuIqzqMwKko6WjRvaVtEaH0bRlam3sHgdH0zZvXSa+57AnEh/DRE
q+YKH+2uB2cq7YuSRJN07g+tW6BvelRB5rr/kszpoSX05ywAfxI3cKzjDwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFOfhmlSbfYnFC2XmvcGHp4rmViqnMB8GA1UdIwQY
MBaAFCbZoWwvp9TDcLUyUhS+RCC2EfH5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnRtaGJDLW4xTU53dFRKU0ZMNUVJTFlSOGZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9jNWZjNTQtNzRjMi00ZjNkLTk1YzEt
NDQwMjNjM2I3ODRlLzEvNS1HYVZKdDlpY1VMWmVhOXdZZW5pdVpXS3FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9jNWZjNTQtNzRjMi00ZjNkLTk1YzEtNDQwMjNjM2I3ODRl
LzEvSnRtaGJDLW4xTU53dFRKU0ZMNUVJTFlSOGZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTAUBAIAATAOMAwDBAC54WED
BAK54WAwRQQCAAIwPwMHACoNrAAAAAMHACoNrAAAAgMHASoNrAAABgMHACoNrAAQ
AAMHACoNrAAQAgMHASoNrAAQBgMHACoNrADcATANBgkqhkiG9w0BAQsFAAOCAQEA
eKEkt1tV439rcEyEz6tMP1DAGndn8tCdJZhBOGR9orekiv935XnqX/wTvx5nCpN3
ytwE9y7qt017rWqL69WxcZS8Vv8Hbg+PAxr3zD9IVJb+DmG3HO3kf3mlorCA/ox8
14qFj+RteOqXa0m1y4+/K3eev2YUCB/diAzhvcjvwHwI3BLBd/v221lmx/5ggqEQ
lwTeP6Sx/86I79sMGIpWzqgMO++w02dprhfiEjV3H/uz4OuOp0CeHQL2YYNQ0XMv
Q1OlAkOQKHxo0FI0EK6rtr0Y/feaCNpyOCLL6eMjxHYUgKYW/s5PNZ4Q/6s8ZzR1
J+jXIHP0YwufBpP+iMp8LA==
-----END CERTIFICATE-----