Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/82e656-14a3-4e3a-9d6e-af406086b89b/1/CPMp4mGigha_njzR61KCPrudTU8.roa
File:                     CPMp4mGigha_njzR61KCPrudTU8.roa (raw, json)
Hash identifier:          x8LK1q+d6ZcG1MtCxYN9krg7g+LWtqudGRb8qKqwnFk=
Subject key identifier:   08:F3:29:E2:61:A2:82:16:BF:9E:3C:D1:EB:52:82:3E:BB:9D:4D:4F
Certificate issuer:       /CN=3f7954d88c0ae3f6398697bfdfc1956a753e83d8
Certificate serial:       018597374224B3F9AE2F17421CA6F01B0154
Authority key identifier: 3F:79:54:D8:8C:0A:E3:F6:39:86:97:BF:DF:C1:95:6A:75:3E:83:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P3lU2IwK4_Y5hpe_38GVanU-g9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/82e656-14a3-4e3a-9d6e-af406086b89b/1/CPMp4mGigha_njzR61KCPrudTU8.roa
Signing time:             Mon 09 Jan 2023 15:47:39 +0000
ROA not before:           Mon 09 Jan 2023 15:47:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41765
IP address blocks:        193.33.46.0/23 maxlen: 23
                          31.172.164.0/22 maxlen: 22
                          185.4.63.0/24 maxlen: 24
                          185.233.48.0/24 maxlen: 24
                          185.233.48.0/22 maxlen: 22
                          185.233.50.0/23 maxlen: 23
                          188.65.168.0/21 maxlen: 21
                          45.8.233.0/24 maxlen: 24
                          45.8.234.0/24 maxlen: 24
                          45.8.235.0/24 maxlen: 24
                          193.37.150.0/24 maxlen: 24
                          2a02:2288::/29 maxlen: 29
                          2a02:2288::/32 maxlen: 32
                          2a0c:d500::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 09 Jan 2023 16:41:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:97:37:42:24:b3:f9:ae:2f:17:42:1c:a6:f0:1b:01:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f7954d88c0ae3f6398697bfdfc1956a753e83d8
        Validity
            Not Before: Jan  9 15:47:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=08f329e261a28216bf9e3cd1eb52823ebb9d4d4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:8e:0d:b0:78:9f:18:31:ff:be:30:6e:3f:2a:
                    52:d9:21:2c:b9:28:09:cc:c4:18:df:d7:e9:04:c1:
                    f9:67:50:66:09:f1:98:13:10:c4:3d:b6:b4:12:86:
                    f8:2b:9b:e5:dc:77:04:d8:c7:0a:81:5a:d9:94:56:
                    ca:89:81:8a:53:46:54:38:a0:32:36:e0:80:67:f1:
                    d0:4e:16:96:e1:38:ae:0f:54:40:37:81:75:a3:7d:
                    7f:72:b8:1c:c1:c9:7b:3b:f1:3b:bc:03:a7:c4:b2:
                    ec:4c:d9:15:17:57:07:25:84:98:de:a2:4b:65:39:
                    d8:d0:1f:06:5f:c7:a1:96:38:4a:58:89:7b:a7:f2:
                    35:9c:a3:54:26:8d:1a:23:3f:ce:16:fd:1f:d3:f1:
                    a2:f5:9d:18:eb:79:99:db:07:06:eb:88:f9:9d:d4:
                    e2:85:22:9b:2d:e3:6a:1e:9f:74:af:be:bc:12:49:
                    20:f2:26:10:b9:be:43:02:07:2d:39:5f:f2:bf:00:
                    ce:27:48:3d:3c:b1:b0:98:00:05:0f:a3:e0:b8:86:
                    1a:49:59:37:30:f7:a8:4e:3d:d3:19:7e:b1:28:22:
                    e0:00:89:7a:38:38:48:31:a3:89:43:a3:b8:d4:e2:
                    b4:8f:3c:bb:c6:5f:8c:40:8f:9f:58:10:b9:7b:99:
                    a2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F3:29:E2:61:A2:82:16:BF:9E:3C:D1:EB:52:82:3E:BB:9D:4D:4F
            X509v3 Authority Key Identifier:
                keyid:3F:79:54:D8:8C:0A:E3:F6:39:86:97:BF:DF:C1:95:6A:75:3E:83:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P3lU2IwK4_Y5hpe_38GVanU-g9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/82e656-14a3-4e3a-9d6e-af406086b89b/1/CPMp4mGigha_njzR61KCPrudTU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/82e656-14a3-4e3a-9d6e-af406086b89b/1/P3lU2IwK4_Y5hpe_38GVanU-g9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.172.164.0/22
                  45.8.233.0-45.8.235.255
                  185.4.63.0/24
                  185.233.48.0/22
                  188.65.168.0/21
                  193.33.46.0/23
                  193.37.150.0/24
                IPv6:
                  2a02:2288::/29
                  2a0c:d500::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:ac:06:79:3c:43:7a:4c:9e:06:a0:f0:c5:94:4d:9a:d8:be:
         e7:5f:c8:45:b1:17:98:31:2f:47:49:79:fa:b1:f1:34:f6:45:
         2d:8c:26:90:e9:dd:99:5d:d4:71:23:92:88:a0:91:96:ac:44:
         39:73:a4:31:79:82:2f:2d:42:96:aa:34:e0:14:0c:5e:7c:8d:
         d4:26:55:6c:ad:3c:90:76:00:32:5b:20:ab:5b:e0:a2:d8:6c:
         38:2b:2d:ff:35:7a:0d:3d:f4:5c:b6:e9:b8:84:d2:b9:8e:17:
         e8:86:9b:a7:88:70:69:86:92:1b:21:1f:85:d8:2b:d5:bd:dc:
         d7:69:65:0e:19:cc:75:18:7b:29:20:d9:19:22:fe:d4:24:db:
         26:32:7a:35:0e:f3:86:71:2e:95:08:e9:0d:c5:48:20:61:52:
         28:eb:60:a9:ee:24:85:96:ae:61:77:e8:57:12:c8:fd:35:68:
         e0:01:2f:46:7f:9f:80:c2:22:8b:9e:63:9d:68:62:d3:91:88:
         33:e6:e8:52:3a:19:32:1c:bc:cb:ba:7a:39:9e:e0:e7:36:a9:
         69:cb:41:24:35:39:f0:c8:21:3e:bb:af:b0:83:2a:3f:62:6e:
         24:5e:06:5b:86:12:bf:8d:01:f1:f2:38:b8:63:d1:b7:a1:67:
         ea:51:20:8c
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYWXN0Iks/muLxdCHKbwGwFUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNzk1NGQ4OGMwYWUzZjYzOTg2OTdiZmRmYzE5NTZhNzUz
ZTgzZDgwHhcNMjMwMTA5MTU0NzM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGYzMjllMjYxYTI4MjE2YmY5ZTNjZDFlYjUyODIzZWJiOWQ0ZDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgI4NsHifGDH/vjBuPypS2SEsuSgJ
zMQY39fpBMH5Z1BmCfGYExDEPba0Eob4K5vl3HcE2McKgVrZlFbKiYGKU0ZUOKAy
NuCAZ/HQThaW4TiuD1RAN4F1o31/crgcwcl7O/E7vAOnxLLsTNkVF1cHJYSY3qJL
ZTnY0B8GX8ehljhKWIl7p/I1nKNUJo0aIz/OFv0f0/Gi9Z0Y63mZ2wcG64j5ndTi
hSKbLeNqHp90r768Ekkg8iYQub5DAgctOV/yvwDOJ0g9PLGwmAAFD6PguIYaSVk3
MPeoTj3TGX6xKCLgAIl6ODhIMaOJQ6O41OK0jzy7xl+MQI+fWBC5e5miNQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAjzKeJhooIWv5480etSgj67nU1PMB8GA1UdIwQY
MBaAFD95VNiMCuP2OYaXv9/BlWp1PoPYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDNsVTJJd0s0X1k1aHBlXzM4R1ZhblUtZzlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84MmU2NTYtMTRhMy00ZTNhLTlkNmUt
YWY0MDYwODZiODliLzEvQ1BNcDRtR2lnaGFfbmp6UjYxS0NQcnVkVFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy84MmU2NTYtMTRhMy00ZTNhLTlkNmUtYWY0MDYwODZiODli
LzEvUDNsVTJJd0s0X1k1aHBlXzM4R1ZhblUtZzlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA4BAIAATAyAwQCH6ykMAwD
BAAtCOkDBAItCOgDBAC5BD8DBAK56TADBAO8QagDBAHBIS4DBADBJZYwFAQCAAIw
DgMFAyoCIogDBQMqDNUAMA0GCSqGSIb3DQEBCwUAA4IBAQAIrAZ5PEN6TJ4GoPDF
lE2a2L7nX8hFsReYMS9HSXn6sfE09kUtjCaQ6d2ZXdRxI5KIoJGWrEQ5c6QxeYIv
LUKWqjTgFAxefI3UJlVsrTyQdgAyWyCrW+Ci2Gw4Ky3/NXoNPfRctum4hNK5jhfo
hpuniHBphpIbIR+F2CvVvdzXaWUOGcx1GHspINkZIv7UJNsmMno1DvOGcS6VCOkN
xUggYVIo62Cp7iSFlq5hd+hXEsj9NWjgAS9Gf5+AwiKLnmOdaGLTkYgz5uhSOhky
HLzLuno5nuDnNqlpy0EkNTnwyCE+u6+wgyo/Ym4kXgZbhhK/jQHx8ji4Y9G3oWfq
USCM
-----END CERTIFICATE-----