Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/bihpQmJ-j2QqX1imJG8PyeXvl6k.roa
File:                     bihpQmJ-j2QqX1imJG8PyeXvl6k.roa (raw, json)
Hash identifier:          LheEDcCJz7Qp7nbLg5j1fNYx5Ay2pctM1aMH7Zes11M=
Subject key identifier:   6E:28:69:42:62:7E:8F:64:2A:5F:58:A6:24:6F:0F:C9:E5:EF:97:A9
Certificate issuer:       /CN=61b534437503668815add93cd17d0ad3e1b1a877
Certificate serial:       01857169C9C3266A1C70B48445176E09B3FC
Authority key identifier: 61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/bihpQmJ-j2QqX1imJG8PyeXvl6k.roa
Signing time:             Mon 02 Jan 2023 07:37:16 +0000
ROA not before:           Mon 02 Jan 2023 07:37:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20507
IP address blocks:        85.223.101.0/24 maxlen: 24
                          82.215.0.0/18 maxlen: 24
                          82.215.17.0/24 maxlen: 24
                          82.215.19.0/24 maxlen: 24
                          85.223.126.0/24 maxlen: 24
                          85.223.0.0/17 maxlen: 24
                          217.149.192.0/24 maxlen: 24
                          217.149.192.0/19 maxlen: 24
                          31.184.64.0/18 maxlen: 24
                          217.149.202.0/24 maxlen: 24
                          217.149.201.0/24 maxlen: 24
                          217.149.203.0/24 maxlen: 24
                          217.149.219.0/24 maxlen: 24
                          217.149.217.0/24 maxlen: 24
                          217.149.218.0/24 maxlen: 24
                          92.254.0.0/17 maxlen: 24
                          2a01:3a8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 07 Sep 2023 10:12:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:69:c9:c3:26:6a:1c:70:b4:84:45:17:6e:09:b3:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b534437503668815add93cd17d0ad3e1b1a877
        Validity
            Not Before: Jan  2 07:37:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6e286942627e8f642a5f58a6246f0fc9e5ef97a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:91:12:ca:50:f3:82:1a:a8:8b:a5:61:f5:a2:
                    3f:68:fe:ba:36:0c:cb:59:77:96:6e:85:d9:2e:3e:
                    e0:d4:68:bc:06:b8:22:80:ab:1f:79:b5:50:fc:f6:
                    2d:01:54:c7:dd:65:05:02:ad:e9:5c:17:57:d2:a1:
                    00:8f:6e:b1:2a:75:39:70:21:32:8a:e1:4a:a7:60:
                    dc:3a:09:3c:c1:5c:00:ec:a0:6c:b6:3f:93:83:f2:
                    99:2b:a6:98:f6:cc:f5:90:3e:c2:a0:3d:13:80:a4:
                    51:b9:97:95:5d:37:10:68:ca:c3:1d:da:aa:b9:cd:
                    a4:fd:c6:c7:a4:d4:ad:04:18:12:07:32:bb:2e:6b:
                    c6:3a:2e:ef:50:66:6f:01:64:18:e4:02:1d:3c:d4:
                    b1:1e:80:9c:eb:4d:2e:e0:e2:71:6e:a8:ee:c7:5f:
                    55:5a:67:5b:cd:e3:2b:91:52:eb:ea:8c:65:88:9f:
                    d2:ce:69:94:62:23:5c:8e:bb:59:ad:f6:e5:ba:10:
                    3d:f2:a3:e3:56:dc:18:97:1a:74:56:10:c9:cb:4b:
                    94:37:a4:85:b6:5a:2d:37:55:13:b4:b9:b1:b8:20:
                    56:e4:bd:d5:e5:8d:31:97:f7:22:a2:4a:ed:4c:5e:
                    77:af:d8:64:90:f8:99:b5:13:38:21:52:70:fa:94:
                    d5:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:28:69:42:62:7E:8F:64:2A:5F:58:A6:24:6F:0F:C9:E5:EF:97:A9
            X509v3 Authority Key Identifier:
                keyid:61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/bihpQmJ-j2QqX1imJG8PyeXvl6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/YbU0Q3UDZogVrdk80X0K0-GxqHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.184.64.0/18
                  82.215.0.0/18
                  85.223.0.0/17
                  92.254.0.0/17
                  217.149.192.0/19
                IPv6:
                  2a01:3a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:71:e1:31:00:98:e6:96:27:94:d0:98:ee:35:05:64:cc:32:
         ed:77:08:f2:8e:04:65:d9:86:a5:74:0b:ef:8b:44:4f:20:eb:
         3c:ae:94:3b:1b:87:13:bb:44:9c:50:ac:90:d3:b1:d9:74:b1:
         c9:ef:ea:64:b7:ce:7b:6b:dc:d0:2b:0a:4f:04:de:ce:50:15:
         c6:26:6f:cc:6d:a1:9c:62:d2:d2:de:2d:22:0b:57:41:6c:8c:
         bd:91:1a:2f:48:dd:1f:2d:e6:f6:74:75:6a:8c:37:f3:13:86:
         72:aa:13:cd:e4:88:4d:e0:5d:d6:66:4e:01:07:70:29:35:af:
         f9:c2:5d:47:cd:77:45:bf:fc:d4:32:be:4e:5d:3d:eb:e9:16:
         12:bf:f8:9b:34:32:21:e1:b4:cb:69:fe:28:65:81:06:ab:6c:
         f0:57:ec:8b:60:1a:55:46:eb:87:7f:0b:e2:ca:98:28:53:ba:
         49:a3:ff:f9:36:f1:ca:e6:9e:ce:c6:46:d7:17:d6:b0:dc:59:
         b9:53:38:fc:16:79:0c:95:a5:20:7e:b3:18:8e:eb:07:4c:ef:
         98:87:b7:1d:32:9f:04:80:bb:bc:d2:18:1b:8c:d2:ce:e8:71:
         b5:a6:8a:fb:22:1f:8a:17:40:06:6b:82:23:78:0d:13:7b:b0:
         40:ab:30:73
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVxacnDJmoccLSERRduCbP8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjUzNDQzNzUwMzY2ODgxNWFkZDkzY2QxN2QwYWQzZTFi
MWE4NzcwHhcNMjMwMTAyMDczNzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTI4Njk0MjYyN2U4ZjY0MmE1ZjU4YTYyNDZmMGZjOWU1ZWY5N2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJESylDzghqoi6Vh9aI/aP66NgzL
WXeWboXZLj7g1Gi8BrgigKsfebVQ/PYtAVTH3WUFAq3pXBdX0qEAj26xKnU5cCEy
iuFKp2DcOgk8wVwA7KBstj+Tg/KZK6aY9sz1kD7CoD0TgKRRuZeVXTcQaMrDHdqq
uc2k/cbHpNStBBgSBzK7LmvGOi7vUGZvAWQY5AIdPNSxHoCc600u4OJxbqjux19V
WmdbzeMrkVLr6oxliJ/SzmmUYiNcjrtZrfbluhA98qPjVtwYlxp0VhDJy0uUN6SF
tlotN1UTtLmxuCBW5L3V5Y0xl/ciokrtTF53r9hkkPiZtRM4IVJw+pTVQwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFG4oaUJifo9kKl9YpiRvD8nl75epMB8GA1UdIwQY
MBaAFGG1NEN1A2aIFa3ZPNF9CtPhsah3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYt
ZjU1NWUyZTY4YTEwLzEvYmlocFFtSi1qMlFxWDFpbUpHOFB5ZVh2bDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYtZjU1NWUyZTY4YTEw
LzEvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQGH7hAAwQG
UtcAAwQHVd8AAwQHXP4AAwQF2ZXAMA0EAgACMAcDBQAqAQOoMA0GCSqGSIb3DQEB
CwUAA4IBAQAiceExAJjmlieU0JjuNQVkzDLtdwjyjgRl2YaldAvvi0RPIOs8rpQ7
G4cTu0ScUKyQ07HZdLHJ7+pkt857a9zQKwpPBN7OUBXGJm/MbaGcYtLS3i0iC1dB
bIy9kRovSN0fLeb2dHVqjDfzE4ZyqhPN5IhN4F3WZk4BB3ApNa/5wl1HzXdFv/zU
Mr5OXT3r6RYSv/ibNDIh4bTLaf4oZYEGq2zwV+yLYBpVRuuHfwviypgoU7pJo//5
NvHK5p7OxkbXF9aw3Fm5Uzj8FnkMlaUgfrMYjusHTO+Yh7cdMp8EgLu80hgbjNLO
6HG1por7Ih+KF0AGa4IjeA0Te7BAqzBz
-----END CERTIFICATE-----