Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/y325oUedNLkqIFs_Pl02g5dn1aw.roa
File:                     y325oUedNLkqIFs_Pl02g5dn1aw.roa (raw, json)
Hash identifier:          FHkiFFdbmuZa75fHpY71aJqZ97gtwOly96pZHo3GQ2g=
Subject key identifier:   CB:7D:B9:A1:47:9D:34:B9:2A:20:5B:3F:3E:5D:36:83:97:67:D5:AC
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018ADB7D78C6DB91AF81E86B836AA9F28FCF
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/y325oUedNLkqIFs_Pl02g5dn1aw.roa
Signing time:             Thu 28 Sep 2023 11:12:27 +0000
ROA not before:           Thu 28 Sep 2023 11:12:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49581
IP address blocks:        45.131.111.0/24 maxlen: 24
                          45.131.108.0/24 maxlen: 24
                          92.118.207.0/24 maxlen: 24
                          45.142.104.0/24 maxlen: 24
                          45.142.107.0/24 maxlen: 24
                          37.221.92.0/24 maxlen: 24
                          185.117.3.0/24 maxlen: 24
                          45.13.227.0/24 maxlen: 24
                          45.151.56.0/24 maxlen: 24
                          5.253.246.0/24 maxlen: 24
                          45.147.7.0/24 maxlen: 24
                          45.137.203.0/24 maxlen: 24
                          45.137.201.0/24 maxlen: 24
                          45.84.196.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:db:7d:78:c6:db:91:af:81:e8:6b:83:6a:a9:f2:8f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Sep 28 11:12:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb7db9a1479d34b92a205b3f3e5d36839767d5ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b4:2e:9b:01:8d:19:dc:20:b4:ec:9d:41:29:
                    dc:e4:46:19:e5:bb:8a:e3:1b:6a:e3:8f:1f:37:75:
                    a7:c3:89:6e:2f:fb:99:e7:b2:35:6f:bb:60:d1:63:
                    1e:a5:a6:d2:a2:28:2a:b0:c2:a1:f5:cd:da:52:af:
                    db:ed:d2:a7:75:13:17:86:8b:75:50:3e:9c:0f:5e:
                    62:ab:f8:6a:24:b2:d3:63:1a:95:e0:20:0a:ad:54:
                    8c:b1:74:ec:77:e7:c6:ad:0e:ee:5b:c1:81:ad:e4:
                    30:00:2a:4b:32:16:2e:6b:65:24:f4:c1:0e:86:b6:
                    ff:1b:50:fb:3a:4f:b0:f6:b4:b9:8c:6f:39:65:e2:
                    c4:6f:45:ed:b0:9d:b5:83:f1:9c:45:bf:8b:bd:4d:
                    62:0b:8a:fd:d4:22:49:5d:ae:e9:93:c7:b1:17:75:
                    2e:f4:5a:0d:a5:02:21:6a:d1:7c:e0:a1:4d:e5:de:
                    4e:e8:ab:a8:1c:ee:0b:01:92:29:3f:c1:c3:c2:a6:
                    a3:f2:b2:d2:83:04:82:99:8e:3a:87:74:3b:df:d0:
                    9b:b0:1d:56:d3:30:fb:50:8b:d5:21:36:f8:fa:ea:
                    53:05:dc:66:da:7d:57:ff:8f:57:4a:6e:d7:e3:dc:
                    ff:62:5e:dd:6f:0a:1a:47:8c:3a:63:71:80:2b:db:
                    3a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:7D:B9:A1:47:9D:34:B9:2A:20:5B:3F:3E:5D:36:83:97:67:D5:AC
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/y325oUedNLkqIFs_Pl02g5dn1aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.246.0/24
                  37.221.92.0/24
                  45.13.227.0/24
                  45.84.196.0/24
                  45.131.108.0/24
                  45.131.111.0/24
                  45.137.201.0/24
                  45.137.203.0/24
                  45.142.104.0/24
                  45.142.107.0/24
                  45.147.7.0/24
                  45.151.56.0/24
                  92.118.207.0/24
                  185.117.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:eb:97:70:73:e5:72:85:e9:57:1c:87:9f:ab:e6:81:39:49:
         44:66:b9:b9:93:94:87:e6:87:b9:0f:1e:27:71:ba:1b:7e:40:
         f9:ca:e7:3a:ba:f9:72:01:de:17:42:17:48:8e:70:d5:8b:3d:
         5c:04:e5:3f:17:02:9c:b3:f8:90:14:04:79:73:7e:4c:c7:d4:
         21:cb:35:4a:87:00:09:1b:77:c4:04:bb:fe:c0:f7:5d:3b:89:
         1e:db:42:1d:15:ab:9b:1b:c5:d6:fc:d7:67:d1:be:1e:20:37:
         8f:64:38:61:a1:45:8c:3f:72:54:0f:fa:63:53:9e:2d:c6:ca:
         75:06:72:da:51:4a:3f:b6:1f:51:af:d3:7c:4b:08:6c:a5:74:
         d7:ea:5e:89:9f:74:ed:2a:a4:54:5f:b5:05:a1:e6:e7:a4:bf:
         4a:b5:b6:6e:bb:07:bf:b0:90:ff:22:8c:8a:08:5a:ce:16:56:
         c7:dc:b8:b5:71:b5:f1:62:72:f7:b2:8c:50:18:fc:8d:82:06:
         13:9f:cb:d2:59:b7:14:6e:7d:ae:0e:26:8b:0d:44:73:4b:98:
         f9:37:29:dd:7e:f4:b8:22:5e:ad:15:e2:56:5d:9a:3b:61:5f:
         5d:7b:09:59:50:40:de:4d:d5:7a:1d:79:84:1c:8a:00:a7:1c:
         62:c6:08:e4
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYrbfXjG25Gvgehrg2qp8o/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjMwOTI4MTExMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjdkYjlhMTQ3OWQzNGI5MmEyMDViM2YzZTVkMzY4Mzk3NjdkNWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLQumwGNGdwgtOydQSnc5EYZ5buK
4xtq448fN3Wnw4luL/uZ57I1b7tg0WMepabSoigqsMKh9c3aUq/b7dKndRMXhot1
UD6cD15iq/hqJLLTYxqV4CAKrVSMsXTsd+fGrQ7uW8GBreQwACpLMhYua2Uk9MEO
hrb/G1D7Ok+w9rS5jG85ZeLEb0XtsJ21g/GcRb+LvU1iC4r91CJJXa7pk8exF3Uu
9FoNpQIhatF84KFN5d5O6KuoHO4LAZIpP8HDwqaj8rLSgwSCmY46h3Q739CbsB1W
0zD7UIvVITb4+upTBdxm2n1X/49XSm7X49z/Yl7dbwoaR4w6Y3GAK9s61QIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFMt9uaFHnTS5KiBbPz5dNoOXZ9WsMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEveTMyNW9VZWROTGtxSUZzX1BsMDJnNWRuMWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQABf32AwQA
Jd1cAwQALQ3jAwQALVTEAwQALYNsAwQALYNvAwQALYnJAwQALYnLAwQALY5oAwQA
LY5rAwQALZMHAwQALZc4AwQAXHbPAwQAuXUDMA0GCSqGSIb3DQEBCwUAA4IBAQBc
65dwc+VyhelXHIefq+aBOUlEZrm5k5SH5oe5Dx4ncbobfkD5yuc6uvlyAd4XQhdI
jnDViz1cBOU/FwKcs/iQFAR5c35Mx9QhyzVKhwAJG3fEBLv+wPddO4ke20IdFaub
G8XW/Ndn0b4eIDePZDhhoUWMP3JUD/pjU54txsp1BnLaUUo/th9Rr9N8SwhspXTX
6l6Jn3TtKqRUX7UFoebnpL9KtbZuuwe/sJD/IoyKCFrOFlbH3Li1cbXxYnL3soxQ
GPyNggYTn8vSWbcUbn2uDiaLDURzS5j5NyndfvS4Il6tFeJWXZo7YV9dewlZUEDe
TdV6HXmEHIoApxxixgjk
-----END CERTIFICATE-----