Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/rHI_i-1vXfVnqlgWQFhWwQ609Ok.roa
File:                     rHI_i-1vXfVnqlgWQFhWwQ609Ok.roa (raw, json)
Hash identifier:          uIGVy+J/A9HKGOW4yn3OxT7jaxv+F7nyjOz/enmU/mo=
Subject key identifier:   AC:72:3F:8B:ED:6F:5D:F5:67:AA:58:16:40:58:56:C1:0E:B4:F4:E9
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       01856FB12BF3E9C88061DA0D061D32491EAE
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/rHI_i-1vXfVnqlgWQFhWwQ609Ok.roa
Signing time:             Sun 01 Jan 2023 23:36:00 +0000
ROA not before:           Sun 01 Jan 2023 23:36:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201206
IP address blocks:        185.82.21.0/24 maxlen: 24
                          185.82.20.0/24 maxlen: 24
                          185.82.23.0/24 maxlen: 24
                          185.82.22.0/24 maxlen: 24
                          83.171.236.0/24 maxlen: 24
                          83.171.238.0/24 maxlen: 24
                          83.171.237.0/24 maxlen: 24
                          83.171.239.0/24 maxlen: 24
                          185.185.24.0/24 maxlen: 24
                          185.185.25.0/24 maxlen: 24
                          185.185.26.0/24 maxlen: 24
                          185.185.27.0/24 maxlen: 24
                          193.57.61.0/24 maxlen: 24
                          193.57.60.0/24 maxlen: 24
                          193.57.63.0/24 maxlen: 24
                          193.57.62.0/24 maxlen: 24
                          2a05:8b80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 05 May 2023 16:32:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:b1:2b:f3:e9:c8:80:61:da:0d:06:1d:32:49:1e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Jan  1 23:36:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac723f8bed6f5df567aa5816405856c10eb4f4e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:47:32:f6:11:34:f1:48:c8:b9:f2:69:cf:36:
                    65:0d:a4:f7:ce:89:32:3f:06:66:c4:68:45:02:5c:
                    37:1d:fa:2e:ee:1d:ba:eb:ca:95:d4:02:c4:be:aa:
                    db:34:5f:94:1a:a4:a2:f7:ce:ca:2f:b8:30:3c:c0:
                    24:0b:14:9c:de:6b:4a:5b:7a:7a:2f:66:18:5f:75:
                    3c:86:38:a4:12:54:ea:dc:95:16:9c:3e:2b:d1:2f:
                    c0:c6:3f:f2:fa:d7:ed:90:72:15:a3:20:9e:b0:c1:
                    c4:53:40:7b:72:2f:51:5a:e2:1b:33:21:59:5e:49:
                    01:78:dd:8b:17:3b:28:0b:dd:bd:dd:f9:fc:c0:06:
                    58:6a:bd:2f:57:63:f5:0f:85:76:a5:ee:24:1b:1d:
                    59:67:70:b7:ee:a7:ff:24:c0:8e:3c:99:9d:ca:64:
                    5f:01:1a:23:4b:2a:e4:05:84:25:67:fa:56:04:f6:
                    a1:1c:8f:88:c5:19:60:f9:20:0d:f2:c0:1d:2f:97:
                    46:48:6e:ea:4e:c5:38:b6:bf:3b:b9:a6:c2:b0:d2:
                    6f:1f:1a:b5:d7:3d:17:f3:10:92:83:6c:a8:f9:35:
                    40:a4:cd:27:76:f6:7f:a5:4f:85:a5:d5:55:21:58:
                    09:7c:b1:f3:a6:13:94:ad:d5:c9:8e:67:98:20:ec:
                    7f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:72:3F:8B:ED:6F:5D:F5:67:AA:58:16:40:58:56:C1:0E:B4:F4:E9
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/rHI_i-1vXfVnqlgWQFhWwQ609Ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.171.236.0/22
                  185.82.20.0/22
                  185.185.24.0/22
                  193.57.60.0/22
                IPv6:
                  2a05:8b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:93:29:d5:68:14:37:e1:55:e9:6c:be:4f:67:6f:4b:9b:f7:
         af:59:5a:50:43:44:7f:7f:67:ba:56:c7:71:4f:e1:e0:54:d7:
         29:9b:df:35:f1:91:96:fa:d7:39:d0:04:5f:b6:8d:30:ea:f8:
         87:eb:7c:03:d7:b7:bb:38:0f:f1:9a:b9:42:6d:d3:61:aa:82:
         fa:77:0f:72:cd:fb:6e:f2:5a:3f:ad:d5:9f:48:68:ac:39:28:
         58:d9:78:dc:56:86:7d:a1:c9:75:e5:fb:e9:05:bf:5a:b3:f6:
         96:4e:9d:fd:34:dc:08:d6:2c:39:d5:da:97:13:2a:60:e3:2a:
         ab:0c:5b:fb:06:5d:e1:e1:ec:a8:23:68:fb:30:10:cc:34:81:
         ce:a2:73:fc:45:57:49:31:21:27:b1:e4:fd:20:94:d8:f3:18:
         93:35:e0:7e:51:5d:63:aa:66:0d:cb:da:98:ce:49:64:58:06:
         1b:4b:88:8c:a0:59:7d:54:ef:79:12:e7:4e:70:b1:2b:5d:bf:
         e1:f4:88:f0:e6:1c:16:ea:8d:70:b8:47:65:8d:f4:7b:0d:79:
         5a:28:2c:e2:c3:2d:98:d8:df:19:c9:b7:ab:14:85:3e:0e:44:
         62:ab:9f:b3:bc:01:9f:5f:ad:c8:bc:19:8d:da:a0:4c:4f:89:
         bb:5a:b9:9c
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVvsSvz6ciAYdoNBh0ySR6uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjMwMTAxMjMzNjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzcyM2Y4YmVkNmY1ZGY1NjdhYTU4MTY0MDU4NTZjMTBlYjRmNGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkcy9hE08UjIufJpzzZlDaT3zoky
PwZmxGhFAlw3Hfou7h2668qV1ALEvqrbNF+UGqSi987KL7gwPMAkCxSc3mtKW3p6
L2YYX3U8hjikElTq3JUWnD4r0S/Axj/y+tftkHIVoyCesMHEU0B7ci9RWuIbMyFZ
XkkBeN2LFzsoC9293fn8wAZYar0vV2P1D4V2pe4kGx1ZZ3C37qf/JMCOPJmdymRf
ARojSyrkBYQlZ/pWBPahHI+IxRlg+SAN8sAdL5dGSG7qTsU4tr87uabCsNJvHxq1
1z0X8xCSg2yo+TVApM0ndvZ/pU+FpdVVIVgJfLHzphOUrdXJjmeYIOx/ewIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKxyP4vtb131Z6pYFkBYVsEOtPTpMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvckhJX2ktMXZYZlZucWxnV1FGaFd3UTYwOU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCU6vsAwQC
uVIUAwQCubkYAwQCwTk8MA0EAgACMAcDBQMqBYuAMA0GCSqGSIb3DQEBCwUAA4IB
AQBnkynVaBQ34VXpbL5PZ29Lm/evWVpQQ0R/f2e6VsdxT+HgVNcpm9818ZGW+tc5
0ARfto0w6viH63wD17e7OA/xmrlCbdNhqoL6dw9yzftu8lo/rdWfSGisOShY2Xjc
VoZ9ocl15fvpBb9as/aWTp39NNwI1iw51dqXEypg4yqrDFv7Bl3h4eyoI2j7MBDM
NIHOonP8RVdJMSEnseT9IJTY8xiTNeB+UV1jqmYNy9qYzklkWAYbS4iMoFl9VO95
EudOcLErXb/h9Ijw5hwW6o1wuEdljfR7DXlaKCziwy2Y2N8ZyberFIU+DkRiq5+z
vAGfX63IvBmN2qBMT4m7Wrmc
-----END CERTIFICATE-----