Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/BNreWjedDI8aX78F78PjQ7glQ1I.roa
File:                     BNreWjedDI8aX78F78PjQ7glQ1I.roa (raw, json)
Hash identifier:          P8lzHYm5Vpsh8+1/8+EVtsdxWMT70E3kW/UEBKbv0lM=
Subject key identifier:   04:DA:DE:5A:37:9D:0C:8F:1A:5F:BF:05:EF:C3:E3:43:B8:25:43:52
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       0185737ACE03D8CFC7B3A8FB654D5357F02C
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/BNreWjedDI8aX78F78PjQ7glQ1I.roa
Signing time:             Mon 02 Jan 2023 17:15:05 +0000
ROA not before:           Mon 02 Jan 2023 17:15:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201337
IP address blocks:        185.75.200.0/22 maxlen: 24
                          185.77.168.0/22 maxlen: 24
                          86.105.31.0/24 maxlen: 24
                          86.105.28.0/22 maxlen: 24
                          86.105.28.0/24 maxlen: 24
                          89.47.4.0/22 maxlen: 24
                          89.47.6.0/23 maxlen: 24
                          188.240.205.0/24 maxlen: 24
                          195.82.122.0/24 maxlen: 24
                          195.82.120.0/24 maxlen: 24
                          188.240.204.0/24 maxlen: 24
                          188.240.206.0/24 maxlen: 24
                          195.82.121.0/24 maxlen: 24
                          188.240.206.0/23 maxlen: 24
                          195.82.120.0/22 maxlen: 24
                          86.106.184.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:7a:ce:03:d8:cf:c7:b3:a8:fb:65:4d:53:57:f0:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  2 17:15:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=04dade5a379d0c8f1a5fbf05efc3e343b8254352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b5:f4:8b:eb:bb:05:7b:83:f3:ec:a6:b2:5a:
                    86:4b:f0:7b:6c:4d:f1:c3:be:83:1e:f7:26:71:fe:
                    dc:64:fd:91:14:37:0f:37:a5:72:1e:fc:91:0c:ae:
                    8f:ed:f9:36:83:71:ac:44:68:89:d6:25:86:d1:41:
                    fa:44:f0:58:1b:be:54:4d:f4:bb:06:b3:2e:98:11:
                    d6:0b:ef:e1:fb:a0:bd:2a:b9:eb:42:f3:54:87:46:
                    5e:be:dd:7e:c5:f9:2c:bb:6b:bc:54:8e:87:31:cf:
                    87:86:80:d4:2d:da:e4:77:2c:3d:a9:aa:f0:92:d2:
                    8c:0b:28:c0:a0:7a:e2:b4:65:be:8d:d5:9e:2c:09:
                    a6:1f:77:47:2b:e3:a3:e5:35:0e:18:bb:7c:6b:f1:
                    fa:f8:9a:30:e2:3f:0b:bd:1a:b0:76:a7:c9:e0:96:
                    6f:84:d1:6b:1a:24:54:d0:85:f7:35:2c:f3:3d:f4:
                    ae:b3:c3:f9:e1:b6:59:e8:e8:bf:97:ed:69:2f:84:
                    7a:c1:4f:bb:7a:48:41:b8:2a:e6:88:6c:73:7e:69:
                    9f:70:f1:c7:a4:a3:ee:ac:be:72:ec:b8:1d:c5:8f:
                    09:7b:b2:3d:e7:e4:15:04:38:4b:b4:ea:75:63:48:
                    37:91:01:d6:bd:eb:5b:46:21:cd:4c:53:7e:ad:b3:
                    ea:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:DA:DE:5A:37:9D:0C:8F:1A:5F:BF:05:EF:C3:E3:43:B8:25:43:52
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/BNreWjedDI8aX78F78PjQ7glQ1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.28.0/22
                  86.106.184.0/22
                  89.47.4.0/22
                  185.75.200.0/22
                  185.77.168.0/22
                  188.240.204.0/22
                  195.82.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:50:7d:41:f6:92:60:4a:f7:7a:9d:52:a9:c1:0d:26:f3:8c:
         48:14:47:37:b2:5d:9c:0b:9e:b4:c9:2a:b4:ec:87:b9:fb:47:
         17:32:d5:4f:8d:c2:d2:18:e1:8e:b7:09:45:f9:ba:f4:2e:49:
         5d:0d:d4:a7:6a:2a:02:17:ec:5a:02:fd:2d:e6:87:df:88:3c:
         28:1f:74:90:4d:a0:04:25:b6:a6:04:51:a3:c2:08:e3:12:2f:
         be:2d:b9:65:91:ac:78:30:4c:78:f1:6f:14:4c:ab:c9:84:9f:
         97:41:0e:45:22:3c:ee:95:2e:e0:b1:46:e1:61:97:f6:f3:41:
         79:17:55:6b:02:c1:ad:29:0e:28:f6:d8:d6:73:4c:74:63:6f:
         c1:9e:a4:2f:b6:4d:e7:35:bd:29:12:1d:02:99:c1:fd:dc:79:
         7f:6a:34:da:36:58:07:88:51:36:33:15:59:68:e1:dd:20:da:
         dd:d3:bd:0d:68:cb:c9:2b:94:f8:40:bc:af:5a:f7:8b:e5:d0:
         7f:99:fd:f1:be:49:74:29:60:09:29:2f:c9:60:74:af:f2:fb:
         b6:e1:98:4e:ea:60:9e:e4:6a:ff:30:4e:2d:99:f8:8d:12:da:
         e7:74:31:25:e8:34:64:bd:d3:bf:97:00:6f:96:ec:7e:69:f3:
         9b:3a:ba:e7
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVzes4D2M/Hs6j7ZU1TV/AsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjMwMTAyMTcxNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGRhZGU1YTM3OWQwYzhmMWE1ZmJmMDVlZmMzZTM0M2I4MjU0MzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rX0i+u7BXuD8+ymslqGS/B7bE3x
w76DHvcmcf7cZP2RFDcPN6VyHvyRDK6P7fk2g3GsRGiJ1iWG0UH6RPBYG75UTfS7
BrMumBHWC+/h+6C9KrnrQvNUh0Zevt1+xfksu2u8VI6HMc+HhoDULdrkdyw9qarw
ktKMCyjAoHritGW+jdWeLAmmH3dHK+Oj5TUOGLt8a/H6+Jow4j8LvRqwdqfJ4JZv
hNFrGiRU0IX3NSzzPfSus8P54bZZ6Oi/l+1pL4R6wU+7ekhBuCrmiGxzfmmfcPHH
pKPurL5y7LgdxY8Je7I95+QVBDhLtOp1Y0g3kQHWvetbRiHNTFN+rbPqcQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFATa3lo3nQyPGl+/Be/D40O4JUNSMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvQk5yZVdqZWRESThhWDc4Rjc4UGpRN2dsUTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCVmkcAwQC
Vmq4AwQCWS8EAwQCuUvIAwQCuU2oAwQCvPDMAwQCw1J4MA0GCSqGSIb3DQEBCwUA
A4IBAQAXUH1B9pJgSvd6nVKpwQ0m84xIFEc3sl2cC560ySq07Ie5+0cXMtVPjcLS
GOGOtwlF+br0LkldDdSnaioCF+xaAv0t5offiDwoH3SQTaAEJbamBFGjwgjjEi++
Lbllkax4MEx48W8UTKvJhJ+XQQ5FIjzulS7gsUbhYZf280F5F1VrAsGtKQ4o9tjW
c0x0Y2/BnqQvtk3nNb0pEh0CmcH93Hl/ajTaNlgHiFE2MxVZaOHdINrd070NaMvJ
K5T4QLyvWveL5dB/mf3xvkl0KWAJKS/JYHSv8vu24ZhO6mCe5Gr/ME4tmfiNEtrn
dDEl6DRkvdO/lwBvlux+afObOrrn
-----END CERTIFICATE-----