Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cSZW9iX7avU2KLRsXIMjy4uEwNk.roa
File:                     cSZW9iX7avU2KLRsXIMjy4uEwNk.roa (raw, json)
Hash identifier:          QSx3HszvL3DV9qfsgBfTWE4U9C8XSj0XofhTX4cTuy0=
Subject key identifier:   71:26:56:F6:25:FB:6A:F5:36:28:B4:6C:5C:83:23:CB:8B:84:C0:D9
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018B8A30CEB5641BB36038ECFB37C02D8BFA
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cSZW9iX7avU2KLRsXIMjy4uEwNk.roa
Signing time:             Wed 01 Nov 2023 09:22:16 +0000
ROA not before:           Wed 01 Nov 2023 09:22:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49581
IP address blocks:        45.131.111.0/24 maxlen: 24
                          45.131.108.0/24 maxlen: 24
                          92.118.207.0/24 maxlen: 24
                          45.142.104.0/24 maxlen: 24
                          45.142.107.0/24 maxlen: 24
                          37.221.92.0/24 maxlen: 24
                          185.117.3.0/24 maxlen: 24
                          45.13.227.0/24 maxlen: 24
                          5.253.246.0/24 maxlen: 24
                          45.151.56.0/24 maxlen: 24
                          45.147.7.0/24 maxlen: 24
                          45.137.203.0/24 maxlen: 24
                          45.137.201.0/24 maxlen: 24
                          45.84.198.0/24 maxlen: 24
                          45.84.196.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:8a:30:ce:b5:64:1b:b3:60:38:ec:fb:37:c0:2d:8b:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Nov  1 09:22:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=712656f625fb6af53628b46c5c8323cb8b84c0d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ed:9d:61:c3:e2:64:33:75:0c:0a:b0:74:7c:
                    7f:af:ba:69:2c:58:f5:ca:2b:d6:fc:74:63:2d:ff:
                    9a:c6:bc:4d:fa:f3:0b:66:eb:8b:f7:2d:85:06:90:
                    02:c5:07:2d:9a:da:56:b5:6f:b8:6a:be:57:8f:26:
                    60:57:a3:c5:90:43:ec:df:06:6b:1f:4e:97:8c:33:
                    18:4c:a7:6d:14:03:49:c4:7b:d2:7f:71:6a:a1:7a:
                    de:e4:f1:ff:b4:70:f2:3c:e5:cb:e7:a2:9e:99:51:
                    43:1e:32:33:37:93:be:48:bd:4f:ab:da:e6:6b:11:
                    5b:22:b9:52:e2:94:9d:39:c9:4f:8b:2d:e7:e0:2d:
                    a7:e2:80:83:ab:a8:d7:cb:21:01:eb:47:81:fb:f8:
                    c7:3f:b9:42:cf:c7:c8:4d:59:1d:9a:e6:27:4a:d4:
                    f8:58:31:19:a4:fb:ac:19:99:99:61:e0:2b:5d:32:
                    16:2b:05:3b:b6:17:3d:b2:8b:47:11:ef:73:b7:6e:
                    19:17:b1:db:13:c5:fa:5a:13:30:b0:fd:e6:34:3f:
                    ba:c5:05:8b:99:69:9a:57:3a:fb:54:af:0e:be:76:
                    df:cd:31:a6:29:4b:5a:a7:23:00:a4:28:e3:e4:86:
                    c3:b3:a1:7f:f4:3d:56:3f:38:b6:7b:17:d8:dd:6f:
                    61:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:26:56:F6:25:FB:6A:F5:36:28:B4:6C:5C:83:23:CB:8B:84:C0:D9
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cSZW9iX7avU2KLRsXIMjy4uEwNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.246.0/24
                  37.221.92.0/24
                  45.13.227.0/24
                  45.84.196.0/24
                  45.84.198.0/24
                  45.131.108.0/24
                  45.131.111.0/24
                  45.137.201.0/24
                  45.137.203.0/24
                  45.142.104.0/24
                  45.142.107.0/24
                  45.147.7.0/24
                  45.151.56.0/24
                  92.118.207.0/24
                  185.117.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:2d:13:5a:8d:3f:83:15:6b:ed:20:ba:8e:cf:94:a3:4e:18:
         49:36:69:e1:67:7a:e5:c5:67:c5:1e:4a:56:51:0a:0a:98:42:
         45:95:af:eb:ba:26:5c:3f:36:56:f6:2f:97:8b:36:31:ff:32:
         21:bd:92:47:2c:62:dd:9c:cb:27:a5:b8:66:04:a2:31:b5:77:
         70:ab:32:39:26:2c:d0:3c:01:a9:40:33:85:18:fc:ce:df:f2:
         2a:b9:6b:0d:d0:01:2f:57:fa:1a:1c:df:51:29:d5:02:cd:33:
         c5:d5:e1:10:02:d9:29:95:40:f7:81:41:20:98:a4:9f:5c:c7:
         65:28:49:b2:4b:a7:bf:50:fe:1f:07:d9:a8:87:8c:49:23:0f:
         1b:21:3a:e9:4d:0e:6e:6f:c4:ae:1c:ac:ba:4f:4d:a1:98:c7:
         9e:75:72:05:66:3a:1b:2c:43:d8:dc:e7:5a:46:7f:b1:f0:0f:
         c2:4c:63:52:a3:ac:72:b8:bf:97:9f:23:92:04:38:3d:94:29:
         a8:a6:38:c2:ce:64:c0:a2:5e:2f:80:59:5a:05:55:66:fc:9a:
         df:07:8c:ea:5f:01:22:36:cb:59:a8:75:2e:bd:34:f1:bb:18:
         f5:7f:0b:68:04:96:a4:b6:c7:00:38:86:a8:2a:09:6e:57:e2:
         33:ed:83:6d
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYuKMM61ZBuzYDjs+zfALYv6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjMxMTAxMDkyMjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI2NTZmNjI1ZmI2YWY1MzYyOGI0NmM1YzgzMjNjYjhiODRjMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmu2dYcPiZDN1DAqwdHx/r7ppLFj1
yivW/HRjLf+axrxN+vMLZuuL9y2FBpACxQctmtpWtW+4ar5XjyZgV6PFkEPs3wZr
H06XjDMYTKdtFANJxHvSf3FqoXre5PH/tHDyPOXL56KemVFDHjIzN5O+SL1Pq9rm
axFbIrlS4pSdOclPiy3n4C2n4oCDq6jXyyEB60eB+/jHP7lCz8fITVkdmuYnStT4
WDEZpPusGZmZYeArXTIWKwU7thc9sotHEe9zt24ZF7HbE8X6WhMwsP3mND+6xQWL
mWmaVzr7VK8OvnbfzTGmKUtapyMApCjj5IbDs6F/9D1WPzi2exfY3W9h8wIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFHEmVvYl+2r1Nii0bFyDI8uLhMDZMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvY1NaVzlpWDdhdlUyS0xSc1hJTWp5NHVFd05rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQABf32AwQA
Jd1cAwQALQ3jAwQALVTEAwQALVTGAwQALYNsAwQALYNvAwQALYnJAwQALYnLAwQA
LY5oAwQALY5rAwQALZMHAwQALZc4AwQAXHbPAwQAuXUDMA0GCSqGSIb3DQEBCwUA
A4IBAQATLRNajT+DFWvtILqOz5SjThhJNmnhZ3rlxWfFHkpWUQoKmEJFla/ruiZc
PzZW9i+XizYx/zIhvZJHLGLdnMsnpbhmBKIxtXdwqzI5JizQPAGpQDOFGPzO3/Iq
uWsN0AEvV/oaHN9RKdUCzTPF1eEQAtkplUD3gUEgmKSfXMdlKEmyS6e/UP4fB9mo
h4xJIw8bITrpTQ5ub8SuHKy6T02hmMeedXIFZjobLEPY3OdaRn+x8A/CTGNSo6xy
uL+XnyOSBDg9lCmopjjCzmTAol4vgFlaBVVm/JrfB4zqXwEiNstZqHUuvTTxuxj1
fwtoBJaktscAOIaoKgluV+Iz7YNt
-----END CERTIFICATE-----