Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/ff7UrotMItqPQn-apn3EWKXgtdI.roa
File:                     ff7UrotMItqPQn-apn3EWKXgtdI.roa (raw, json)
Hash identifier:          9jbtpNdOB2z461FJDDWLEGOBIxYKGmjUEDYDApuACuE=
Subject key identifier:   7D:FE:D4:AE:8B:4C:22:DA:8F:42:7F:9A:A6:7D:C4:58:A5:E0:B5:D2
Certificate issuer:       /CN=2b9efb5878d3b3634dc1ccb90ac48e0b89d1c879
Certificate serial:       01856DA632C894884D525D4C1E96D92BF372
Authority key identifier: 2B:9E:FB:58:78:D3:B3:63:4D:C1:CC:B9:0A:C4:8E:0B:89:D1:C8:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K577WHjTs2NNwcy5CsSOC4nRyHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/ff7UrotMItqPQn-apn3EWKXgtdI.roa
Signing time:             Sun 01 Jan 2023 14:04:46 +0000
ROA not before:           Sun 01 Jan 2023 14:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202090
IP address blocks:        178.159.44.0/24 maxlen: 24
                          178.159.44.0/22 maxlen: 22
                          178.159.46.0/24 maxlen: 24
                          178.159.47.0/24 maxlen: 24
                          178.159.45.0/24 maxlen: 24
                          185.99.142.0/23 maxlen: 24
                          185.99.142.0/24 maxlen: 24
                          185.99.143.0/24 maxlen: 24
                          185.65.137.0/24 maxlen: 24
                          193.176.180.0/24 maxlen: 24
                          193.176.181.0/24 maxlen: 24
                          193.176.180.0/22 maxlen: 22
                          193.176.183.0/24 maxlen: 24
                          193.176.182.0/24 maxlen: 24
                          81.91.191.0/24 maxlen: 24
                          81.91.190.0/24 maxlen: 24
                          185.47.152.0/23 maxlen: 23
                          2a0c:b1c0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:29:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:a6:32:c8:94:88:4d:52:5d:4c:1e:96:d9:2b:f3:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b9efb5878d3b3634dc1ccb90ac48e0b89d1c879
        Validity
            Not Before: Jan  1 14:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7dfed4ae8b4c22da8f427f9aa67dc458a5e0b5d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c7:81:83:64:8d:ae:f0:1a:b5:3f:9e:bf:b8:
                    a7:70:ae:43:17:ce:79:2a:43:ec:40:fa:8b:2a:55:
                    f2:bd:2d:8b:7c:17:b3:63:78:97:5c:af:1c:04:ea:
                    a5:5c:2d:24:3c:49:b4:ed:c2:56:0f:9f:c2:85:0b:
                    cb:9e:78:87:4b:8f:46:b9:84:d3:14:88:f7:ec:49:
                    a9:7c:a7:9e:b3:3d:70:24:58:1b:fe:a0:12:4b:b4:
                    f3:2e:0c:1c:62:99:2c:d5:a3:42:b5:72:fb:64:d4:
                    37:4d:b9:ea:ad:ff:34:38:5e:d3:18:da:eb:b4:14:
                    03:0f:b6:3e:b0:b5:85:29:44:32:15:99:d2:4e:6e:
                    ca:ef:43:8f:41:70:34:47:74:b0:77:52:41:0c:ce:
                    d2:22:fd:af:ca:e8:53:5c:6e:d3:0c:df:b2:da:3d:
                    4b:00:e9:99:d4:ff:c9:e9:c7:22:02:57:88:51:b8:
                    e1:1c:8a:54:04:89:27:71:9d:8c:27:4f:07:a7:71:
                    8b:80:a9:0a:9e:af:0f:5c:4c:ee:28:25:af:5d:de:
                    cb:22:8f:04:b2:9b:71:4d:a8:35:1f:5a:e2:28:8b:
                    be:c5:d6:7a:c6:aa:fb:9f:e2:9a:bb:1d:8f:76:ec:
                    6f:6f:31:50:0f:2c:0a:80:3d:87:a5:0e:f1:6a:c2:
                    35:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:FE:D4:AE:8B:4C:22:DA:8F:42:7F:9A:A6:7D:C4:58:A5:E0:B5:D2
            X509v3 Authority Key Identifier:
                keyid:2B:9E:FB:58:78:D3:B3:63:4D:C1:CC:B9:0A:C4:8E:0B:89:D1:C8:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K577WHjTs2NNwcy5CsSOC4nRyHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/ff7UrotMItqPQn-apn3EWKXgtdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/K577WHjTs2NNwcy5CsSOC4nRyHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.91.190.0/23
                  178.159.44.0/22
                  185.47.152.0/23
                  185.65.137.0/24
                  185.99.142.0/23
                  193.176.180.0/22
                IPv6:
                  2a0c:b1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:ef:19:86:57:04:4c:0e:76:fe:3a:05:7b:e9:fc:ac:45:4a:
         53:ff:ae:2a:9f:fc:5b:03:f2:15:b5:63:e8:d2:35:a7:1d:c8:
         53:fe:2a:ef:54:ee:15:fb:01:d4:0c:95:f3:b1:62:45:9f:71:
         f0:5e:50:ac:a8:01:dd:cb:ad:15:33:6e:cf:03:0f:44:d9:b5:
         fe:95:6b:3f:ab:11:3c:d3:1d:b1:c8:45:ce:7a:0c:92:ee:14:
         4a:42:12:7a:b6:01:51:cd:04:68:b0:bd:6b:e9:73:64:15:79:
         f1:01:16:9a:81:50:23:68:62:cb:a3:ab:9a:5f:a3:7c:96:78:
         df:a0:34:51:c9:5b:72:55:53:53:15:6f:e6:98:25:d8:0f:48:
         51:86:27:e4:d4:be:7a:59:50:96:ca:dd:e9:04:ce:42:9d:cd:
         f8:fc:ac:56:eb:72:46:01:b1:b7:7a:9a:84:3d:12:21:86:b0:
         91:f8:19:42:4c:1a:69:d0:54:e4:29:a4:5f:2e:66:ea:f6:9b:
         9d:fa:c6:db:dc:3e:a9:27:b1:c3:b3:89:a9:6a:d3:0f:6e:82:
         b5:f5:a5:64:2c:46:1a:65:fa:dc:0e:dc:ac:bb:1e:b0:13:25:
         43:34:a5:c5:cf:5e:43:59:26:89:6a:36:57:cf:fd:95:00:2d:
         0b:0e:c9:e1
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVtpjLIlIhNUl1MHpbZK/NyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOWVmYjU4NzhkM2IzNjM0ZGMxY2NiOTBhYzQ4ZTBiODlk
MWM4NzkwHhcNMjMwMTAxMTQwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGZlZDRhZThiNGMyMmRhOGY0MjdmOWFhNjdkYzQ1OGE1ZTBiNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnseBg2SNrvAatT+ev7incK5DF855
KkPsQPqLKlXyvS2LfBezY3iXXK8cBOqlXC0kPEm07cJWD5/ChQvLnniHS49GuYTT
FIj37EmpfKeesz1wJFgb/qASS7TzLgwcYpks1aNCtXL7ZNQ3Tbnqrf80OF7TGNrr
tBQDD7Y+sLWFKUQyFZnSTm7K70OPQXA0R3Swd1JBDM7SIv2vyuhTXG7TDN+y2j1L
AOmZ1P/J6cciAleIUbjhHIpUBIkncZ2MJ08Hp3GLgKkKnq8PXEzuKCWvXd7LIo8E
sptxTag1H1riKIu+xdZ6xqr7n+Kaux2PduxvbzFQDywKgD2HpQ7xasI1BwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFH3+1K6LTCLaj0J/mqZ9xFil4LXSMB8GA1UdIwQY
MBaAFCue+1h407NjTcHMuQrEjguJ0ch5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzU3N1dIalRzMk5Od2N5NUNzU09DNG5SeUhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9kMDM2MDgtM2M2Ny00MjNkLWIxOGQt
NGJjZDNkNTg0NjNhLzEvZmY3VXJvdE1JdHFQUW4tYXBuM0VXS1hndGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9kMDM2MDgtM2M2Ny00MjNkLWIxOGQtNGJjZDNkNTg0NjNh
LzEvSzU3N1dIalRzMk5Od2N5NUNzU09DNG5SeUhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQBUVu+AwQC
sp8sAwQBuS+YAwQAuUGJAwQBuWOOAwQCwbC0MA0EAgACMAcDBQAqDLHAMA0GCSqG
SIb3DQEBCwUAA4IBAQBS7xmGVwRMDnb+OgV76fysRUpT/64qn/xbA/IVtWPo0jWn
HchT/irvVO4V+wHUDJXzsWJFn3HwXlCsqAHdy60VM27PAw9E2bX+lWs/qxE80x2x
yEXOegyS7hRKQhJ6tgFRzQRosL1r6XNkFXnxARaagVAjaGLLo6uaX6N8lnjfoDRR
yVtyVVNTFW/mmCXYD0hRhifk1L56WVCWyt3pBM5Cnc34/KxW63JGAbG3epqEPRIh
hrCR+BlCTBpp0FTkKaRfLmbq9pud+sbb3D6pJ7HDs4mpatMPboK19aVkLEYaZfrc
Dtysux6wEyVDNKXFz15DWSaJajZXz/2VAC0LDsnh
-----END CERTIFICATE-----