Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/ec2d89-44dd-4bab-ae7a-cf20e5b67fc8/1/HkXhyOD9ddvvN-tAj6x2eFxs78Q.roa
File:                     HkXhyOD9ddvvN-tAj6x2eFxs78Q.roa (raw, json)
Hash identifier:          tLvKBiqddwR9D1/kpJoABd52iIGSCnn21R7MSMW2NC0=
Subject key identifier:   1E:45:E1:C8:E0:FD:75:DB:EF:37:EB:40:8F:AC:76:78:5C:6C:EF:C4
Certificate issuer:       /CN=ff29e70af2f7e18cbc19f97cca8fd6c05099741d
Certificate serial:       01870F18F6FDA7E38E549A0B0B056BC9B8EA
Authority key identifier: FF:29:E7:0A:F2:F7:E1:8C:BC:19:F9:7C:CA:8F:D6:C0:50:99:74:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ynnCvL34Yy8Gfl8yo_WwFCZdB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/ec2d89-44dd-4bab-ae7a-cf20e5b67fc8/1/HkXhyOD9ddvvN-tAj6x2eFxs78Q.roa
Signing time:             Thu 23 Mar 2023 15:31:47 +0000
ROA not before:           Thu 23 Mar 2023 15:31:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15552
IP address blocks:        91.204.22.0/24 maxlen: 24
                          91.204.23.0/24 maxlen: 24
                          37.114.0.0/21 maxlen: 21
                          85.232.96.0/19 maxlen: 19
                          145.255.32.0/20 maxlen: 20
                          5.101.224.0/19 maxlen: 19
                          212.232.0.0/20 maxlen: 20
                          5.56.136.0/21 maxlen: 21
                          185.6.216.0/22 maxlen: 22
                          185.6.116.0/22 maxlen: 22
                          5.57.216.0/21 maxlen: 21
                          2a04:d2c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0f:18:f6:fd:a7:e3:8e:54:9a:0b:0b:05:6b:c9:b8:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff29e70af2f7e18cbc19f97cca8fd6c05099741d
        Validity
            Not Before: Mar 23 15:31:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1e45e1c8e0fd75dbef37eb408fac76785c6cefc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3b:83:4e:e1:89:3c:8f:18:f5:4e:2a:00:ed:
                    19:71:37:6d:e9:92:3a:d0:d3:a7:02:67:a3:05:8a:
                    67:20:7f:d7:50:3c:ba:dd:05:22:36:87:b6:ea:20:
                    c5:5a:f9:94:14:21:9d:04:df:96:04:d9:a7:09:4a:
                    1d:7e:8a:07:6e:22:91:55:b4:e0:ae:0b:aa:a9:58:
                    72:c9:50:f5:60:9e:b0:50:9a:14:67:4f:0a:5b:72:
                    13:dc:d3:92:3d:78:db:9c:4b:8d:82:7b:81:3c:65:
                    8a:32:d2:4b:53:8d:5e:b8:3a:17:29:fa:d2:28:bc:
                    6f:e3:42:2d:8a:69:6a:24:48:79:e0:3d:01:b2:af:
                    74:62:22:f5:9b:ae:86:cc:ba:6c:56:3d:d4:0a:8a:
                    cc:73:8f:f3:c7:49:aa:1a:04:5f:bf:2c:c0:12:6d:
                    4a:d2:53:70:50:bb:04:3d:66:2d:5b:58:47:20:7a:
                    e3:d4:cf:07:46:e6:d1:87:52:a1:9b:8c:db:21:19:
                    69:48:d6:9e:37:c0:c2:c8:c5:3c:59:1c:6d:3e:26:
                    b5:e8:0a:d6:83:cc:28:6c:89:ef:59:ce:6f:f2:d0:
                    90:af:74:15:3d:bc:cf:77:9c:cb:a4:f2:6e:09:88:
                    bc:56:9c:6b:dc:05:68:44:50:94:dd:71:c2:bb:19:
                    ac:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:45:E1:C8:E0:FD:75:DB:EF:37:EB:40:8F:AC:76:78:5C:6C:EF:C4
            X509v3 Authority Key Identifier:
                keyid:FF:29:E7:0A:F2:F7:E1:8C:BC:19:F9:7C:CA:8F:D6:C0:50:99:74:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ynnCvL34Yy8Gfl8yo_WwFCZdB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ec2d89-44dd-4bab-ae7a-cf20e5b67fc8/1/HkXhyOD9ddvvN-tAj6x2eFxs78Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ec2d89-44dd-4bab-ae7a-cf20e5b67fc8/1/_ynnCvL34Yy8Gfl8yo_WwFCZdB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.136.0/21
                  5.57.216.0/21
                  5.101.224.0/19
                  37.114.0.0/21
                  85.232.96.0/19
                  91.204.22.0/23
                  145.255.32.0/20
                  185.6.116.0/22
                  185.6.216.0/22
                  212.232.0.0/20
                IPv6:
                  2a04:d2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:d8:d5:59:2d:3b:b7:fe:5e:bb:28:ce:ce:7a:41:3a:05:1e:
         36:06:a2:82:e1:b9:66:89:57:a3:a2:bc:75:c5:5d:10:fd:59:
         65:6b:c8:12:46:d9:52:89:60:a7:a2:11:55:d1:35:9b:da:b2:
         86:8d:68:f3:17:de:79:f5:45:a8:b3:6e:e4:03:f8:38:a9:53:
         52:90:36:d1:51:db:1b:5a:c2:ca:f9:d6:b9:9a:06:07:4f:f2:
         d3:91:c7:0a:99:6f:94:7b:c8:74:7d:a0:1d:02:13:42:43:e2:
         68:ca:c7:16:83:cf:e4:43:e1:0b:f7:fd:8e:2d:b1:9b:3e:66:
         3d:fa:84:f1:46:9e:67:af:02:b1:18:d0:72:20:ec:79:f1:fd:
         09:71:af:eb:05:2d:21:0f:e2:2e:67:a6:cb:46:95:0a:d1:dd:
         60:9a:07:30:0b:a8:33:78:a8:57:7d:be:4a:49:c4:40:6b:2f:
         77:5d:b8:95:db:65:a2:d3:85:cd:08:c5:33:40:09:75:cb:1f:
         24:10:53:29:03:ac:1c:a3:87:07:2e:9a:e2:ee:7b:89:ec:9e:
         a5:08:64:d3:bf:2d:34:5b:c3:2e:8e:dd:46:e8:53:29:44:29:
         59:9e:42:f0:a7:ce:42:20:c5:1b:cf:92:04:26:9f:58:b2:d1:
         fa:67:92:76
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYcPGPb9p+OOVJoLCwVrybjqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMjllNzBhZjJmN2UxOGNiYzE5Zjk3Y2NhOGZkNmMwNTA5
OTc0MWQwHhcNMjMwMzIzMTUzMTQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTQ1ZTFjOGUwZmQ3NWRiZWYzN2ViNDA4ZmFjNzY3ODVjNmNlZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDuDTuGJPI8Y9U4qAO0ZcTdt6ZI6
0NOnAmejBYpnIH/XUDy63QUiNoe26iDFWvmUFCGdBN+WBNmnCUodfooHbiKRVbTg
rguqqVhyyVD1YJ6wUJoUZ08KW3IT3NOSPXjbnEuNgnuBPGWKMtJLU41euDoXKfrS
KLxv40ItimlqJEh54D0Bsq90YiL1m66GzLpsVj3UCorMc4/zx0mqGgRfvyzAEm1K
0lNwULsEPWYtW1hHIHrj1M8HRubRh1Khm4zbIRlpSNaeN8DCyMU8WRxtPia16ArW
g8wobInvWc5v8tCQr3QVPbzPd5zLpPJuCYi8Vpxr3AVoRFCU3XHCuxmsdQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFB5F4cjg/XXb7zfrQI+sdnhcbO/EMB8GA1UdIwQY
MBaAFP8p5wry9+GMvBn5fMqP1sBQmXQdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3lubkN2TDM0WXk4R2ZsOHlvX1d3RkNaZEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lYzJkODktNDRkZC00YmFiLWFlN2Et
Y2YyMGU1YjY3ZmM4LzEvSGtYaHlPRDlkZHZ2Ti10QWo2eDJlRnhzNzhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lYzJkODktNDRkZC00YmFiLWFlN2EtY2YyMGU1YjY3ZmM4
LzEvX3lubkN2TDM0WXk4R2ZsOHlvX1d3RkNaZEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDBTiIAwQD
BTnYAwQFBWXgAwQDJXIAAwQFVehgAwQBW8wWAwQEkf8gAwQCuQZ0AwQCuQbYAwQE
1OgAMA0EAgACMAcDBQMqBNLAMA0GCSqGSIb3DQEBCwUAA4IBAQB32NVZLTu3/l67
KM7OekE6BR42BqKC4blmiVejorx1xV0Q/Vlla8gSRtlSiWCnohFV0TWb2rKGjWjz
F9559UWos27kA/g4qVNSkDbRUdsbWsLK+da5mgYHT/LTkccKmW+Ue8h0faAdAhNC
Q+JoyscWg8/kQ+EL9/2OLbGbPmY9+oTxRp5nrwKxGNByIOx58f0Jca/rBS0hD+Iu
Z6bLRpUK0d1gmgcwC6gzeKhXfb5KScRAay93XbiV22Wi04XNCMUzQAl1yx8kEFMp
A6wco4cHLpri7nuJ7J6lCGTTvy00W8Mujt1G6FMpRClZnkLwp85CIMUbz5IEJp9Y
stH6Z5J2
-----END CERTIFICATE-----