Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/Vxf3vMsGjNq_PWlLMKEGj7pM18A.roa
File:                     Vxf3vMsGjNq_PWlLMKEGj7pM18A.roa (raw, json)
Hash identifier:          QEFoJ/bnTtq1BPzP450Prepwv0e01yrE1yML9Q471S8=
Subject key identifier:   57:17:F7:BC:CB:06:8C:DA:BF:3D:69:4B:30:A1:06:8F:BA:4C:D7:C0
Certificate issuer:       /CN=5a141c5090824d0a17c29ec4050e21007113fbda
Certificate serial:       0189BB6E0AA90633FBFF7428A397E62E5584
Authority key identifier: 5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/Vxf3vMsGjNq_PWlLMKEGj7pM18A.roa
Signing time:             Thu 03 Aug 2023 12:44:58 +0000
ROA not before:           Thu 03 Aug 2023 12:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        185.85.78.0/24 maxlen: 24
                          185.85.79.0/24 maxlen: 24
                          91.190.168.0/24 maxlen: 24
                          91.190.169.0/24 maxlen: 24
                          91.190.171.0/24 maxlen: 24
                          91.190.172.0/24 maxlen: 24
                          91.190.174.64/26 maxlen: 26
                          91.190.174.0/26 maxlen: 26
                          91.190.174.192/26 maxlen: 26
                          91.190.174.128/26 maxlen: 26
                          91.190.173.0/24 maxlen: 24
                          91.190.175.0/24 maxlen: 24
                          5.63.24.0/24 maxlen: 24
                          5.63.25.0/24 maxlen: 24
                          5.63.26.0/24 maxlen: 24
                          5.63.28.0/24 maxlen: 24
                          5.63.27.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 25 Aug 2023 12:59:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:bb:6e:0a:a9:06:33:fb:ff:74:28:a3:97:e6:2e:55:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a141c5090824d0a17c29ec4050e21007113fbda
        Validity
            Not Before: Aug  3 12:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5717f7bccb068cdabf3d694b30a1068fba4cd7c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:36:d0:fb:d4:50:b3:86:96:ba:a7:3b:9f:b5:
                    6f:cb:86:53:65:71:6e:c0:25:b7:7a:45:74:75:89:
                    ba:7e:8e:85:d3:af:49:23:b4:f9:ec:a9:5a:62:f3:
                    20:d0:54:2e:96:41:4b:c1:c1:89:6f:c1:15:ca:39:
                    a3:b2:55:1d:2f:02:07:5d:92:dd:58:af:8b:eb:70:
                    11:ab:93:05:7c:39:48:18:69:d9:24:f2:93:67:ef:
                    31:82:3f:99:af:20:a3:0a:57:29:f1:7b:47:6a:32:
                    c0:fd:ad:b1:c1:d3:42:84:ed:9a:3a:01:9b:5b:18:
                    e4:df:77:43:39:e1:32:74:6f:8a:41:7c:2e:a1:28:
                    e1:a7:4e:68:bc:87:80:73:d2:dd:83:09:04:94:82:
                    c7:09:91:9d:ac:b2:e9:ee:13:8b:89:1f:0a:1f:c5:
                    fc:4e:c0:af:cd:6e:f1:30:a0:34:af:40:d0:af:9f:
                    31:5b:6e:01:28:a7:f1:1e:27:0c:30:38:2b:8f:56:
                    d1:76:1b:ea:52:61:10:be:f8:49:33:71:a7:6b:cf:
                    5c:bb:33:2e:ec:8a:31:bc:22:d0:47:4f:e3:fc:6e:
                    19:34:d9:fc:55:f0:6b:66:31:a8:e2:7a:f3:fb:f3:
                    dd:44:8b:e8:37:86:c6:c1:7e:9c:2f:33:92:ee:5f:
                    dc:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:17:F7:BC:CB:06:8C:DA:BF:3D:69:4B:30:A1:06:8F:BA:4C:D7:C0
            X509v3 Authority Key Identifier:
                keyid:5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/Vxf3vMsGjNq_PWlLMKEGj7pM18A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.24.0-5.63.28.255
                  91.190.168.0/23
                  91.190.171.0-91.190.175.255
                  185.85.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:b8:6d:fe:1e:8f:9c:c9:b8:76:0e:7f:d1:23:05:4b:f8:d3:
         55:ed:5f:1c:dc:d5:f7:bf:75:59:ac:9b:0d:10:9d:78:09:80:
         95:8e:c9:25:96:ce:fa:a7:03:e9:33:57:1d:ba:98:fd:72:4f:
         26:76:7c:1f:3f:ed:5e:30:89:58:d5:d0:cf:80:35:50:e8:45:
         85:15:64:83:42:91:28:b2:7f:a5:fb:25:28:00:0f:28:69:2e:
         e5:a3:ff:8f:d5:89:b8:18:d3:ed:13:5c:9a:db:81:c1:06:d3:
         95:f2:0c:2b:0c:70:78:9c:30:14:8c:55:ae:a2:32:b0:26:2f:
         47:cb:34:82:b9:05:7d:b2:25:bf:0a:47:14:25:8b:35:ac:8e:
         ca:40:e9:53:94:6d:b6:41:49:79:3e:14:8b:28:54:7c:3f:50:
         06:79:f8:92:67:0f:1f:21:55:36:cb:e0:03:7d:25:55:68:b0:
         75:2e:08:79:a0:1f:00:42:b5:dd:97:40:7c:e2:a8:0a:67:2b:
         cb:83:75:cc:07:6c:2d:33:5a:96:db:e3:c0:5a:ce:1c:f7:63:
         9e:b4:d8:61:bd:3d:83:18:7f:f4:19:c5:5f:aa:f1:6b:a5:23:
         c5:a7:9c:76:37:ad:2e:a4:62:ec:70:7a:05:33:c7:d1:1c:69:
         1f:8d:4b:26
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYm7bgqpBjP7/3Qoo5fmLlWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTQxYzUwOTA4MjRkMGExN2MyOWVjNDA1MGUyMTAwNzEx
M2ZiZGEwHhcNMjMwODAzMTI0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzE3ZjdiY2NiMDY4Y2RhYmYzZDY5NGIzMGExMDY4ZmJhNGNkN2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTbQ+9RQs4aWuqc7n7Vvy4ZTZXFu
wCW3ekV0dYm6fo6F069JI7T57KlaYvMg0FQulkFLwcGJb8EVyjmjslUdLwIHXZLd
WK+L63ARq5MFfDlIGGnZJPKTZ+8xgj+ZryCjClcp8XtHajLA/a2xwdNChO2aOgGb
Wxjk33dDOeEydG+KQXwuoSjhp05ovIeAc9LdgwkElILHCZGdrLLp7hOLiR8KH8X8
TsCvzW7xMKA0r0DQr58xW24BKKfxHicMMDgrj1bRdhvqUmEQvvhJM3Gna89cuzMu
7IoxvCLQR0/j/G4ZNNn8VfBrZjGo4nrz+/PdRIvoN4bGwX6cLzOS7l/cjQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFFcX97zLBozavz1pSzChBo+6TNfAMB8GA1UdIwQY
MBaAFFoUHFCQgk0KF8KexAUOIQBxE/vaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUt
ZWNlZWZmOGU4NGUwLzEvVnhmM3ZNc0dqTnFfUFdsTE1LRUdqN3BNMThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUtZWNlZWZmOGU4NGUw
LzEvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAMFPxgD
BAAFPxwDBAFbvqgwDAMEAFu+qwMEBFu+oAMEAblVTjANBgkqhkiG9w0BAQsFAAOC
AQEAJLht/h6PnMm4dg5/0SMFS/jTVe1fHNzV9791WaybDRCdeAmAlY7JJZbO+qcD
6TNXHbqY/XJPJnZ8Hz/tXjCJWNXQz4A1UOhFhRVkg0KRKLJ/pfslKAAPKGku5aP/
j9WJuBjT7RNcmtuBwQbTlfIMKwxweJwwFIxVrqIysCYvR8s0grkFfbIlvwpHFCWL
NayOykDpU5RttkFJeT4UiyhUfD9QBnn4kmcPHyFVNsvgA30lVWiwdS4IeaAfAEK1
3ZdAfOKoCmcry4N1zAdsLTNaltvjwFrOHPdjnrTYYb09gxh/9BnFX6rxa6Ujxaec
djetLqRi7HB6BTPH0RxpH41LJg==
-----END CERTIFICATE-----