Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/Zu94ZXo5cZz8rHMPQzgazx_1TKM.roa
File:                     Zu94ZXo5cZz8rHMPQzgazx_1TKM.roa (raw, json)
Hash identifier:          DuWkVYbKqrIwjN3QtRL2EDx3WtEYPjp1jug6nHByWXk=
Subject key identifier:   66:EF:78:65:7A:39:71:9C:FC:AC:73:0F:43:38:1A:CF:1F:F5:4C:A3
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       01857039AD1DA25968ECAAF1BFE3F2C6CE7D
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/Zu94ZXo5cZz8rHMPQzgazx_1TKM.roa
Signing time:             Mon 02 Jan 2023 02:05:06 +0000
ROA not before:           Mon 02 Jan 2023 02:05:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206092
IP address blocks:        185.118.78.0/24 maxlen: 24
                          213.21.229.0/24 maxlen: 24
                          213.21.233.0/24 maxlen: 24
                          213.21.246.0/24 maxlen: 24
                          213.21.250.0/24 maxlen: 24
                          213.21.251.0/24 maxlen: 24
                          213.21.247.0/24 maxlen: 24
                          193.68.85.0/24 maxlen: 24
                          213.21.254.0/24 maxlen: 24
                          193.68.91.0/24 maxlen: 24
                          193.68.95.0/24 maxlen: 24
                          193.68.92.0/24 maxlen: 24
                          213.21.226.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 16 Jan 2023 10:40:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:39:ad:1d:a2:59:68:ec:aa:f1:bf:e3:f2:c6:ce:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jan  2 02:05:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=66ef78657a39719cfcac730f43381acf1ff54ca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:8f:d7:42:79:45:73:de:57:a1:37:fe:c2:a7:
                    88:30:4e:81:f5:1b:71:0e:df:6c:dc:04:6a:b3:0f:
                    bf:e4:23:7e:6d:71:5f:d4:30:4f:7f:d6:bc:fa:58:
                    c2:05:cb:e4:af:1a:b0:24:a6:e9:fd:4d:e9:76:9e:
                    38:3d:5b:96:23:49:fd:77:3b:c4:88:e7:93:9d:38:
                    c4:40:45:43:af:63:67:11:7d:7a:b5:d4:4c:c2:86:
                    a9:74:4c:93:1e:96:5a:0a:b8:87:a8:39:cf:9b:5a:
                    d1:f9:19:95:d2:86:23:c9:df:50:1f:f9:79:13:a8:
                    3c:ed:c5:c2:7b:17:81:9e:a1:64:3c:93:da:e8:c9:
                    55:5b:6d:36:1b:1c:d6:b4:0f:80:2d:6d:2d:96:17:
                    f4:c0:bf:4c:de:a3:fc:62:ae:91:4c:08:32:87:0a:
                    54:57:ce:79:8f:ee:af:0c:a1:78:1f:b1:e0:6c:3f:
                    02:d5:9d:7c:71:eb:bb:54:33:86:1d:5f:b6:62:b5:
                    4a:f5:51:85:dc:e9:be:f2:27:b5:b7:65:64:4f:5e:
                    dd:71:23:97:37:31:93:8e:bd:4d:32:48:11:eb:dd:
                    6a:9d:7d:11:8a:81:cf:f4:ef:df:75:01:bc:7a:39:
                    0e:4c:cb:79:fe:75:2b:8a:5b:de:f5:6a:30:07:d7:
                    36:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:EF:78:65:7A:39:71:9C:FC:AC:73:0F:43:38:1A:CF:1F:F5:4C:A3
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/Zu94ZXo5cZz8rHMPQzgazx_1TKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.78.0/24
                  193.68.85.0/24
                  193.68.91.0-193.68.92.255
                  193.68.95.0/24
                  213.21.226.0/24
                  213.21.229.0/24
                  213.21.233.0/24
                  213.21.246.0/23
                  213.21.250.0/23
                  213.21.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:4b:17:d0:9c:7a:e7:9b:bc:de:9f:b2:d8:6b:56:6a:ef:f5:
         af:d9:89:53:8d:2b:c9:38:32:7d:43:f8:b6:ce:de:85:3c:fd:
         f3:54:c1:1a:77:c6:7e:f7:e8:5e:e4:76:36:96:ef:c4:b9:b0:
         81:14:cc:0b:6b:81:2f:73:76:45:2c:ad:eb:f5:f1:65:8b:e6:
         71:3b:72:25:77:2e:10:a8:81:95:7f:d3:d7:29:d0:91:65:eb:
         07:c3:76:8e:8f:bf:94:ec:bb:ba:82:86:a8:a1:ca:da:a0:52:
         6a:84:98:13:50:01:da:d2:25:34:50:85:b2:53:17:32:bf:18:
         a7:cf:19:99:47:aa:7c:17:fe:c3:49:e3:d7:f8:92:ce:88:a1:
         a0:c4:01:76:15:f9:eb:73:e2:5d:2d:94:5f:32:28:47:7f:4a:
         d9:b4:10:0f:1d:f6:8b:fb:7f:7e:93:c5:70:21:27:a2:97:87:
         d5:72:b2:3f:5c:61:53:f6:1e:25:14:9c:87:cc:96:f1:df:35:
         19:87:bb:aa:d0:25:09:2a:b9:a7:66:bd:ee:76:8b:eb:a7:62:
         a1:e3:25:43:4f:b1:18:dc:7a:9d:0f:15:32:fe:af:06:dd:5f:
         c4:97:11:82:22:22:7c:3a:1e:32:2e:a8:c0:e4:69:8a:4d:3f:
         46:0e:5b:f6
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYVwOa0dollo7Krxv+Pyxs59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjMwMTAyMDIwNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmVmNzg2NTdhMzk3MTljZmNhYzczMGY0MzM4MWFjZjFmZjU0Y2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4o/XQnlFc95XoTf+wqeIME6B9Rtx
Dt9s3ARqsw+/5CN+bXFf1DBPf9a8+ljCBcvkrxqwJKbp/U3pdp44PVuWI0n9dzvE
iOeTnTjEQEVDr2NnEX16tdRMwoapdEyTHpZaCriHqDnPm1rR+RmV0oYjyd9QH/l5
E6g87cXCexeBnqFkPJPa6MlVW202GxzWtA+ALW0tlhf0wL9M3qP8Yq6RTAgyhwpU
V855j+6vDKF4H7HgbD8C1Z18ceu7VDOGHV+2YrVK9VGF3Om+8ie1t2VkT17dcSOX
NzGTjr1NMkgR691qnX0RioHP9O/fdQG8ejkOTMt5/nUrilve9WowB9c2QQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFGbveGV6OXGc/KxzD0M4Gs8f9UyjMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvWnU5NFpYbzVjWno4ckhNUFF6Z2F6eF8xVEtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAuXZOAwQA
wURVMAwDBADBRFsDBADBRFwDBADBRF8DBADVFeIDBADVFeUDBADVFekDBAHVFfYD
BAHVFfoDBADVFf4wDQYJKoZIhvcNAQELBQADggEBAGVLF9CceuebvN6fsthrVmrv
9a/ZiVONK8k4Mn1D+LbO3oU8/fNUwRp3xn736F7kdjaW78S5sIEUzAtrgS9zdkUs
rev18WWL5nE7ciV3LhCogZV/09cp0JFl6wfDdo6Pv5Tsu7qChqihytqgUmqEmBNQ
AdrSJTRQhbJTFzK/GKfPGZlHqnwX/sNJ49f4ks6IoaDEAXYV+etz4l0tlF8yKEd/
Stm0EA8d9ov7f36TxXAhJ6KXh9Vysj9cYVP2HiUUnIfMlvHfNRmHu6rQJQkquadm
ve52i+unYqHjJUNPsRjcep0PFTL+rwbdX8SXEYIiInw6HjIuqMDkaYpNP0YOW/Y=
-----END CERTIFICATE-----