Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/UJBwezXx3OkKeB3toM-i7odp3bU.roa
File:                     UJBwezXx3OkKeB3toM-i7odp3bU.roa (raw, json)
Hash identifier:          BcgM/TvPGRnb7AOOZEKuYzVFkKBGDpUfFhOwlXV9XEc=
Subject key identifier:   50:90:70:7B:35:F1:DC:E9:0A:78:1D:ED:A0:CF:A2:EE:87:69:DD:B5
Certificate issuer:       /CN=9295b1f1dcd8fa6ac1ef788278c489e15eacae70
Certificate serial:       0185DEDA010EE5B9B0500983331FDC9CDCBA
Authority key identifier: 92:95:B1:F1:DC:D8:FA:6A:C1:EF:78:82:78:C4:89:E1:5E:AC:AE:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kpWx8dzY-mrB73iCeMSJ4V6srnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/UJBwezXx3OkKeB3toM-i7odp3bU.roa
Signing time:             Mon 23 Jan 2023 13:38:27 +0000
ROA not before:           Mon 23 Jan 2023 13:38:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8560
IP address blocks:        217.72.192.0/20 maxlen: 24
                          217.160.0.0/16 maxlen: 24
                          213.165.64.0/19 maxlen: 24
                          195.20.224.0/19 maxlen: 24
                          87.106.0.0/16 maxlen: 24
                          81.173.112.0/22 maxlen: 24
                          82.165.0.0/16 maxlen: 24
                          212.227.0.0/16 maxlen: 24
                          157.97.104.0/21 maxlen: 24
                          157.97.105.0/24 maxlen: 32
                          157.97.104.0/24 maxlen: 32
                          217.160.150.0/23 maxlen: 32
                          2001:8d8::/32 maxlen: 48
                          2a02:2478::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 24 Jan 2023 13:50:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:de:da:01:0e:e5:b9:b0:50:09:83:33:1f:dc:9c:dc:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9295b1f1dcd8fa6ac1ef788278c489e15eacae70
        Validity
            Not Before: Jan 23 13:38:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5090707b35f1dce90a781deda0cfa2ee8769ddb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:8a:4f:23:64:93:23:3b:c7:45:ae:09:4e:4a:
                    7b:06:cf:20:e1:90:dd:76:ae:f5:2a:33:bb:65:c8:
                    a0:e3:2f:d9:85:8e:81:9d:b8:07:de:b4:88:e0:34:
                    ee:16:c0:6c:be:e3:13:16:e0:02:f6:8c:d6:96:ce:
                    d5:3e:ab:5c:5b:f6:8f:c3:bf:05:37:7c:cd:7f:e9:
                    03:f6:34:ae:06:2f:ee:7d:b6:fe:23:4b:e4:c0:c6:
                    55:86:88:37:48:6d:fc:17:14:18:59:64:bb:45:51:
                    d3:26:35:49:7f:cb:3e:d6:2c:d5:f9:ce:14:dd:5a:
                    e0:34:47:23:00:17:68:8a:3d:9e:6e:87:61:59:9e:
                    14:6e:03:15:65:9a:0a:25:57:7f:75:db:5d:69:cb:
                    49:c8:a6:79:0a:0c:6b:76:29:1f:cd:45:4a:7c:b2:
                    3a:93:30:96:29:f0:46:3b:1d:46:2c:34:76:de:ea:
                    c1:62:14:30:44:3f:fa:a1:65:0f:93:25:33:d2:0c:
                    f8:9b:bc:4b:72:12:e5:1d:7a:79:05:6e:d2:aa:a0:
                    b0:cc:bb:33:d4:25:4a:a2:3e:f7:f8:3e:3b:8a:ef:
                    fb:f4:f6:83:60:bc:87:d9:80:f5:77:0f:29:c8:d8:
                    98:0a:5c:9f:09:5f:17:76:13:7c:05:91:1a:0b:c8:
                    da:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:90:70:7B:35:F1:DC:E9:0A:78:1D:ED:A0:CF:A2:EE:87:69:DD:B5
            X509v3 Authority Key Identifier:
                keyid:92:95:B1:F1:DC:D8:FA:6A:C1:EF:78:82:78:C4:89:E1:5E:AC:AE:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpWx8dzY-mrB73iCeMSJ4V6srnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/UJBwezXx3OkKeB3toM-i7odp3bU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/kpWx8dzY-mrB73iCeMSJ4V6srnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.173.112.0/22
                  82.165.0.0/16
                  87.106.0.0/16
                  157.97.104.0/21
                  195.20.224.0/19
                  212.227.0.0/16
                  213.165.64.0/19
                  217.72.192.0/20
                  217.160.0.0/16
                IPv6:
                  2001:8d8::/32
                  2a02:2478::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:a2:93:a9:dd:90:11:23:d4:07:21:bd:51:e4:69:ef:4d:4a:
         5d:31:1a:a8:eb:50:30:fa:b8:f8:8b:8b:65:49:fe:dc:7d:2c:
         f1:bd:ef:25:23:67:12:3c:ff:76:51:33:75:eb:ef:28:bd:57:
         ac:8c:9e:86:50:e7:3c:b4:f8:94:00:18:2e:0b:6a:c4:3e:98:
         00:30:cc:f1:06:fb:e7:41:47:74:fa:52:bf:ea:e5:89:81:c6:
         13:72:c4:7a:e8:58:b3:85:d8:a5:1b:a9:cf:6e:e8:97:7a:f5:
         7e:ee:4c:37:04:ca:c1:a1:4a:2b:07:d3:cc:dc:a9:34:1c:0b:
         39:c0:fc:65:3b:30:8a:2f:d9:c9:67:17:93:3f:93:cb:be:fe:
         9e:c0:a2:bb:7a:8d:fa:f4:31:85:46:9f:a4:bc:fe:29:64:d9:
         10:04:f9:8e:70:7f:58:d6:e4:e7:b6:bf:e1:da:80:72:1f:b2:
         41:1b:35:8f:de:e3:94:60:2c:9d:0e:cb:f6:ce:1e:c1:bd:d2:
         c2:56:e1:67:9a:34:81:de:de:18:0c:f4:da:d9:bf:ce:36:e6:
         44:c5:fa:3b:7e:d9:81:21:78:a7:83:cb:56:a9:b9:12:75:2c:
         6b:89:d6:22:b0:36:10:23:5f:7f:95:67:29:a3:a4:c5:65:39:
         b9:3a:d1:3f
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYXe2gEO5bmwUAmDMx/cnNy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyOTViMWYxZGNkOGZhNmFjMWVmNzg4Mjc4YzQ4OWUxNWVh
Y2FlNzAwHhcNMjMwMTIzMTMzODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDkwNzA3YjM1ZjFkY2U5MGE3ODFkZWRhMGNmYTJlZTg3NjlkZGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YpPI2STIzvHRa4JTkp7Bs8g4ZDd
dq71KjO7Zcig4y/ZhY6BnbgH3rSI4DTuFsBsvuMTFuAC9ozWls7VPqtcW/aPw78F
N3zNf+kD9jSuBi/ufbb+I0vkwMZVhog3SG38FxQYWWS7RVHTJjVJf8s+1izV+c4U
3VrgNEcjABdoij2ebodhWZ4UbgMVZZoKJVd/ddtdactJyKZ5CgxrdikfzUVKfLI6
kzCWKfBGOx1GLDR23urBYhQwRD/6oWUPkyUz0gz4m7xLchLlHXp5BW7SqqCwzLsz
1CVKoj73+D47iu/79PaDYLyH2YD1dw8pyNiYClyfCV8XdhN8BZEaC8jaQwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFFCQcHs18dzpCngd7aDPou6Had21MB8GA1UdIwQY
MBaAFJKVsfHc2Ppqwe94gnjEieFerK5wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3BXeDhkelktbXJCNzNpQ2VNU0o0VjZzcm5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wZmJjMmUtZmQ4OC00ZGYyLWFhZTMt
OWViNDBjYzVmNjhiLzEvVUpCd2V6WHgzT2tLZUIzdG9NLWk3b2RwM2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wZmJjMmUtZmQ4OC00ZGYyLWFhZTMtOWViNDBjYzVmNjhi
LzEva3BXeDhkelktbXJCNzNpQ2VNU0o0VjZzcm5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA4BAIAATAyAwQCUa1wAwMA
UqUDAwBXagMEA51haAMEBcMU4AMDANTjAwQF1aVAAwQE2UjAAwMA2aAwFAQCAAIw
DgMFACABCNgDBQMqAiR4MA0GCSqGSIb3DQEBCwUAA4IBAQALopOp3ZARI9QHIb1R
5GnvTUpdMRqo61Aw+rj4i4tlSf7cfSzxve8lI2cSPP92UTN16+8ovVesjJ6GUOc8
tPiUABguC2rEPpgAMMzxBvvnQUd0+lK/6uWJgcYTcsR66FizhdilG6nPbuiXevV+
7kw3BMrBoUorB9PM3Kk0HAs5wPxlOzCKL9nJZxeTP5PLvv6ewKK7eo369DGFRp+k
vP4pZNkQBPmOcH9Y1uTntr/h2oByH7JBGzWP3uOUYCydDsv2zh7BvdLCVuFnmjSB
3t4YDPTa2b/ONuZExfo7ftmBIXing8tWqbkSdSxridYisDYQI19/lWcpo6TFZTm5
OtE/
-----END CERTIFICATE-----