Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Jnv1UNhB_rN6AV31S_K0jx8-ijc.roa
File:                     Jnv1UNhB_rN6AV31S_K0jx8-ijc.roa (raw, json)
Hash identifier:          3o3W3Crn9/JxKQfueq61nDdLWYA2B02tvt/YS/IxFto=
Subject key identifier:   26:7B:F5:50:D8:41:FE:B3:7A:01:5D:F5:4B:F2:B4:8F:1F:3E:8A:37
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01857C5549B8E9B6D950A08DD1F04292D4E6
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Jnv1UNhB_rN6AV31S_K0jx8-ijc.roa
Signing time:             Wed 04 Jan 2023 10:30:42 +0000
ROA not before:           Wed 04 Jan 2023 10:30:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        194.5.67.0/24 maxlen: 24
                          185.230.52.0/23 maxlen: 24
                          185.255.124.0/24 maxlen: 24
                          185.223.76.0/24 maxlen: 24
                          185.121.12.0/22 maxlen: 24
                          185.206.251.0/24 maxlen: 24
                          185.206.248.0/24 maxlen: 24
                          185.226.105.0/24 maxlen: 24
                          185.226.107.0/24 maxlen: 24
                          185.234.20.0/22 maxlen: 24
                          185.234.23.0/24 maxlen: 24
                          185.240.120.0/23 maxlen: 24
                          45.8.20.0/22 maxlen: 24
                          185.214.108.0/24 maxlen: 24
                          185.238.228.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Sun 08 Jan 2023 11:26:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:7c:55:49:b8:e9:b6:d9:50:a0:8d:d1:f0:42:92:d4:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  4 10:30:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=267bf550d841feb37a015df54bf2b48f1f3e8a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:3d:bb:fb:bc:95:c7:d0:6d:76:8b:7b:59:e7:
                    ad:fc:80:64:03:3f:c1:bc:75:15:34:97:54:ab:b0:
                    e7:69:54:48:9d:45:27:b8:b8:4b:5e:25:4a:57:df:
                    a1:2c:13:04:2b:98:b2:ea:57:5b:a5:ca:e3:fd:4e:
                    54:9e:f9:ce:1a:5a:e8:85:82:f2:3f:8a:69:37:26:
                    87:26:81:a7:2d:2d:ea:4d:43:08:a6:13:0b:4c:21:
                    6d:ea:4f:5a:16:a1:21:cf:da:7b:c0:02:17:16:62:
                    b2:6d:83:c2:66:a6:4a:a3:2e:9f:28:45:fb:01:7e:
                    0d:ce:73:ca:b0:18:53:56:71:d7:41:7e:e5:05:82:
                    82:6f:b9:a4:d3:60:73:91:97:8a:67:b1:ea:2c:de:
                    57:f7:3d:0f:d7:19:b2:14:d8:e7:7d:92:ba:cc:07:
                    c9:d5:75:c5:2a:bf:19:27:45:67:56:19:0e:df:ff:
                    40:01:2d:1c:a6:7d:d7:6c:2d:d2:f5:9c:c5:d4:3b:
                    19:d6:c2:30:2c:46:98:26:61:59:07:f6:3a:88:20:
                    96:d6:f3:1d:77:02:cc:1c:81:ea:2a:bd:71:ab:88:
                    b7:97:c0:2b:fa:9c:c3:41:b1:37:91:4c:6d:51:b4:
                    14:8d:7c:84:32:ee:d1:08:59:d0:72:24:1d:89:39:
                    31:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7B:F5:50:D8:41:FE:B3:7A:01:5D:F5:4B:F2:B4:8F:1F:3E:8A:37
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Jnv1UNhB_rN6AV31S_K0jx8-ijc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.20.0/22
                  185.121.12.0/22
                  185.206.248.0/24
                  185.206.251.0/24
                  185.214.108.0/24
                  185.223.76.0/24
                  185.226.105.0/24
                  185.226.107.0/24
                  185.230.52.0/23
                  185.234.20.0/22
                  185.238.228.0/22
                  185.240.120.0/23
                  185.255.124.0/24
                  194.5.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:14:db:45:5f:07:7d:6c:0a:3c:28:12:54:c3:8b:16:84:7f:
         06:09:7a:97:a1:51:9e:b1:f9:dd:86:63:26:03:cd:82:9f:fe:
         a3:d1:e1:47:6e:97:de:56:41:3d:fa:cb:d3:32:09:37:b5:92:
         55:70:6a:ab:7f:62:a9:4c:d1:8a:17:a9:2d:74:16:c0:b2:c8:
         09:f2:12:13:52:b4:e4:88:50:17:25:50:71:7a:58:bf:2a:be:
         dc:ee:62:46:ed:91:9f:6a:e5:d5:3e:94:e9:32:2c:c1:59:70:
         3d:07:30:f7:c8:ad:03:ae:40:66:27:59:b1:a1:39:3e:40:ec:
         7e:58:03:a2:f1:3c:c9:3a:13:97:ca:4e:b0:21:e4:f0:a3:4f:
         ff:91:40:7d:64:21:38:ee:6c:3e:28:fc:fb:6a:dc:d5:1f:ee:
         e7:19:ad:9a:6b:c5:c9:87:01:67:77:2b:6e:73:87:95:27:99:
         a2:9f:eb:de:35:6e:c5:3b:56:0d:f3:25:b4:9e:cb:f0:5d:76:
         85:92:de:1a:e0:31:62:c4:11:6d:34:86:a3:19:1f:38:0e:c8:
         25:fa:d2:cb:0b:b2:95:99:e5:80:16:39:28:ab:c2:f4:18:26:
         4b:31:96:7e:16:77:1a:f7:66:12:f0:91:58:e4:03:c3:38:d3:
         22:fe:a6:cd
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYV8VUm46bbZUKCN0fBCktTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwMTA0MTAzMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjdiZjU1MGQ4NDFmZWIzN2EwMTVkZjU0YmYyYjQ4ZjFmM2U4YTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhD27+7yVx9Btdot7Weet/IBkAz/B
vHUVNJdUq7DnaVRInUUnuLhLXiVKV9+hLBMEK5iy6ldbpcrj/U5UnvnOGlrohYLy
P4ppNyaHJoGnLS3qTUMIphMLTCFt6k9aFqEhz9p7wAIXFmKybYPCZqZKoy6fKEX7
AX4NznPKsBhTVnHXQX7lBYKCb7mk02BzkZeKZ7HqLN5X9z0P1xmyFNjnfZK6zAfJ
1XXFKr8ZJ0VnVhkO3/9AAS0cpn3XbC3S9ZzF1DsZ1sIwLEaYJmFZB/Y6iCCW1vMd
dwLMHIHqKr1xq4i3l8Ar+pzDQbE3kUxtUbQUjXyEMu7RCFnQciQdiTkxfwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFCZ79VDYQf6zegFd9UvytI8fPoo3MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSm52MVVOaEJfck42QVYzMVNfSzBqeDgtaWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQCLQgUAwQC
uXkMAwQAuc74AwQAuc77AwQAudZsAwQAud9MAwQAueJpAwQAueJrAwQBueY0AwQC
ueoUAwQCue7kAwQBufB4AwQAuf98AwQAwgVDMA0GCSqGSIb3DQEBCwUAA4IBAQBP
FNtFXwd9bAo8KBJUw4sWhH8GCXqXoVGesfndhmMmA82Cn/6j0eFHbpfeVkE9+svT
Mgk3tZJVcGqrf2KpTNGKF6ktdBbAssgJ8hITUrTkiFAXJVBxeli/Kr7c7mJG7ZGf
auXVPpTpMizBWXA9BzD3yK0DrkBmJ1mxoTk+QOx+WAOi8TzJOhOXyk6wIeTwo0//
kUB9ZCE47mw+KPz7atzVH+7nGa2aa8XJhwFndytuc4eVJ5min+veNW7FO1YN8yW0
nsvwXXaFkt4a4DFixBFtNIajGR84Dsgl+tLLC7KVmeWAFjkoq8L0GCZLMZZ+Fnca
92YS8JFY5APDONMi/qbN
-----END CERTIFICATE-----