Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/sIkrM06WLVrOwh1PcvJMUsN4UNE.roa
File:                     sIkrM06WLVrOwh1PcvJMUsN4UNE.roa (raw, json)
Hash identifier:          UY+Jld7EqwQ4CAymBMqrR2kSXmePAGVYP9HgYnFTuks=
Subject key identifier:   B0:89:2B:33:4E:96:2D:5A:CE:C2:1D:4F:72:F2:4C:52:C3:78:50:D1
Certificate issuer:       /CN=09e5518e68467b4290c3509268b6d6d664962c86
Certificate serial:       0185C4D2F9ADE3A7FCC0E6E9C4EF87EADC09
Authority key identifier: 09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/sIkrM06WLVrOwh1PcvJMUsN4UNE.roa
Signing time:             Wed 18 Jan 2023 12:20:38 +0000
ROA not before:           Wed 18 Jan 2023 12:20:38 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31515
IP address blocks:        161.30.33.0/24 maxlen: 24
                          161.30.40.0/23 maxlen: 23
                          161.30.8.0/24 maxlen: 24
                          161.30.9.0/24 maxlen: 24
                          161.30.7.0/24 maxlen: 24
                          161.30.5.0/24 maxlen: 24
                          161.30.16.0/22 maxlen: 22
                          161.30.12.0/22 maxlen: 22
                          161.30.237.0/24 maxlen: 24
                          161.30.22.0/23 maxlen: 23
                          161.30.238.0/24 maxlen: 24
                          161.30.236.0/22 maxlen: 24
                          2a11:ae00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 06 Feb 2023 11:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c4:d2:f9:ad:e3:a7:fc:c0:e6:e9:c4:ef:87:ea:dc:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09e5518e68467b4290c3509268b6d6d664962c86
        Validity
            Not Before: Jan 18 12:20:38 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b0892b334e962d5acec21d4f72f24c52c37850d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:79:51:53:cd:27:65:8e:e5:d9:dc:cd:6a:37:
                    10:db:40:31:f7:ed:d1:54:38:a3:73:fc:dc:0c:c2:
                    34:8c:bb:85:52:76:bf:89:50:76:82:3e:2b:4d:e7:
                    9b:eb:25:8e:07:64:94:fb:6c:80:e2:82:42:64:a1:
                    e0:f0:a5:2e:cd:d1:de:98:cf:34:9c:36:a2:bf:63:
                    c4:24:e1:df:01:a0:f6:f0:f3:5e:86:b9:ee:d4:42:
                    12:47:1f:ba:5e:97:3c:1f:46:5b:bc:58:1f:4d:39:
                    fd:83:a5:b1:ea:46:1a:43:b8:b8:58:b8:16:16:52:
                    6a:f4:3f:f5:1f:f0:66:f1:c5:0e:66:3d:c6:e7:bf:
                    c4:d4:ed:5b:20:7e:98:5c:b1:78:8a:cc:2d:ce:fb:
                    61:3c:e1:54:d9:86:f7:2b:84:99:d1:fd:c2:05:ab:
                    a4:4c:e8:6b:b1:69:8b:ff:f2:ce:b3:64:c5:a2:8c:
                    fe:fa:f8:94:38:26:0d:df:b7:09:14:bd:16:c7:ed:
                    f0:46:7f:2f:f3:3b:9b:31:32:43:d8:b0:bc:30:8a:
                    fe:d7:a5:d8:83:43:54:37:07:18:cf:53:18:5b:eb:
                    42:02:8a:75:0a:fa:cf:e5:2c:dd:a1:d6:49:96:f1:
                    8e:10:b2:7d:3f:87:c8:3b:b4:a9:17:6e:0c:de:39:
                    36:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:89:2B:33:4E:96:2D:5A:CE:C2:1D:4F:72:F2:4C:52:C3:78:50:D1
            X509v3 Authority Key Identifier:
                keyid:09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/sIkrM06WLVrOwh1PcvJMUsN4UNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.30.5.0/24
                  161.30.7.0-161.30.9.255
                  161.30.12.0-161.30.19.255
                  161.30.22.0/23
                  161.30.33.0/24
                  161.30.40.0/23
                  161.30.236.0/22
                IPv6:
                  2a11:ae00::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:8d:b1:76:d5:30:b4:3a:9a:18:3c:b5:08:e6:17:ec:92:10:
         1d:5d:92:33:dc:92:49:a1:ef:f8:b7:f0:2a:ae:83:79:bb:30:
         55:2a:4e:1e:d8:f9:93:4c:97:de:89:e5:92:4f:29:b7:8b:10:
         9d:2a:6f:b9:3a:19:74:a3:44:e5:f3:34:da:e3:23:73:75:a9:
         e4:ab:ff:81:73:a8:83:34:3f:9e:e9:64:36:71:34:d8:2b:fb:
         18:b7:a1:54:bc:43:a3:78:5c:7f:f3:bf:62:06:e3:5c:c4:6f:
         c5:8d:1c:e8:52:7b:a9:d5:cd:5f:4a:a4:8b:02:d0:d9:80:b9:
         e3:b9:a0:75:5e:da:d1:a2:cd:33:74:b3:09:16:7e:ff:5d:62:
         7b:ee:bb:f9:22:2a:ed:82:f2:9e:b9:e5:eb:ab:50:8f:be:42:
         ab:a2:32:e4:9b:6e:0d:54:38:74:34:f5:f8:18:bb:7a:76:d5:
         c4:72:28:04:0e:8a:cc:9d:b2:e2:8a:71:8c:fa:34:a9:92:f6:
         e6:c6:42:42:cf:db:d2:06:1b:ae:fb:23:7f:e8:fa:be:9c:63:
         a6:dc:9b:5b:4f:7b:96:4e:65:26:66:4b:a8:7f:08:86:e2:6c:
         47:89:49:b4:f9:d3:67:fa:b7:8c:1e:ad:a1:28:dd:54:38:e6:
         c4:0e:ae:1c
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYXE0vmt46f8wObpxO+H6twJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZTU1MThlNjg0NjdiNDI5MGMzNTA5MjY4YjZkNmQ2NjQ5
NjJjODYwHhcNMjMwMTE4MTIyMDM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDg5MmIzMzRlOTYyZDVhY2VjMjFkNGY3MmYyNGM1MmMzNzg1MGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXlRU80nZY7l2dzNajcQ20Ax9+3R
VDijc/zcDMI0jLuFUna/iVB2gj4rTeeb6yWOB2SU+2yA4oJCZKHg8KUuzdHemM80
nDaiv2PEJOHfAaD28PNehrnu1EISRx+6Xpc8H0ZbvFgfTTn9g6Wx6kYaQ7i4WLgW
FlJq9D/1H/Bm8cUOZj3G57/E1O1bIH6YXLF4iswtzvthPOFU2Yb3K4SZ0f3CBauk
TOhrsWmL//LOs2TFooz++viUOCYN37cJFL0Wx+3wRn8v8zubMTJD2LC8MIr+16XY
g0NUNwcYz1MYW+tCAop1CvrP5SzdodZJlvGOELJ9P4fIO7SpF24M3jk2IQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFLCJKzNOli1azsIdT3LyTFLDeFDRMB8GA1UdIwQY
MBaAFAnlUY5oRntCkMNQkmi21tZkliyGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUt
ZTc0NTk0ODk4M2VkLzEvc0lrck0wNldMVnJPd2gxUGN2Sk1Vc040VU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUtZTc0NTk0ODk4M2Vk
LzEvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTBABAIAATA6AwQAoR4FMAwD
BAChHgcDBAGhHggwDAMEAqEeDAMEAqEeEAMEAaEeFgMEAKEeIQMEAaEeKAMEAqEe
7DANBAIAAjAHAwUAKhGuADANBgkqhkiG9w0BAQsFAAOCAQEAhY2xdtUwtDqaGDy1
COYX7JIQHV2SM9ySSaHv+LfwKq6DebswVSpOHtj5k0yX3onlkk8pt4sQnSpvuToZ
dKNE5fM02uMjc3Wp5Kv/gXOogzQ/nulkNnE02Cv7GLehVLxDo3hcf/O/YgbjXMRv
xY0c6FJ7qdXNX0qkiwLQ2YC547mgdV7a0aLNM3SzCRZ+/11ie+67+SIq7YLynrnl
66tQj75Cq6Iy5JtuDVQ4dDT1+Bi7enbVxHIoBA6KzJ2y4opxjPo0qZL25sZCQs/b
0gYbrvsjf+j6vpxjptybW097lk5lJmZLqH8IhuJsR4lJtPnTZ/q3jB6toSjdVDjm
xA6uHA==
-----END CERTIFICATE-----