Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/W1fRzupNvqdVjEZpK5o9suwyrVc.roa
File:                     W1fRzupNvqdVjEZpK5o9suwyrVc.roa (raw, json)
Hash identifier:          n+xPCYeqNQ8WVyopfWbddNFsz6VCJRI2onzmV2z6k50=
Subject key identifier:   5B:57:D1:CE:EA:4D:BE:A7:55:8C:46:69:2B:9A:3D:B2:EC:32:AD:57
Certificate issuer:       /CN=a6f87cf4a15b9e7822455b3aa8af0b5ed3a299f7
Certificate serial:       0185C3CF955B92425564D9D40857A2865B68
Authority key identifier: A6:F8:7C:F4:A1:5B:9E:78:22:45:5B:3A:A8:AF:0B:5E:D3:A2:99:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pvh89KFbnngiRVs6qK8LXtOimfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/W1fRzupNvqdVjEZpK5o9suwyrVc.roa
Signing time:             Wed 18 Jan 2023 07:37:19 +0000
ROA not before:           Wed 18 Jan 2023 07:37:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42831
IP address blocks:        81.92.217.0/24 maxlen: 24
                          81.92.219.0/24 maxlen: 24
                          81.92.218.0/24 maxlen: 24
                          81.92.218.0/23 maxlen: 23
                          94.46.184.0/22 maxlen: 22
                          81.92.192.0/22 maxlen: 22
                          185.109.168.0/22 maxlen: 22
                          185.99.254.0/24 maxlen: 24
                          94.46.244.0/22 maxlen: 22
                          91.109.112.0/21 maxlen: 21
                          94.46.192.0/22 maxlen: 22
                          94.46.207.0/24 maxlen: 24
                          94.46.220.0/22 maxlen: 22
                          185.99.253.0/24 maxlen: 24
                          185.99.252.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c3:cf:95:5b:92:42:55:64:d9:d4:08:57:a2:86:5b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6f87cf4a15b9e7822455b3aa8af0b5ed3a299f7
        Validity
            Not Before: Jan 18 07:37:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5b57d1ceea4dbea7558c46692b9a3db2ec32ad57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:39:fd:16:12:53:99:79:bd:7a:1a:85:ab:c6:
                    8f:09:19:03:7a:61:f2:c2:86:b3:53:36:85:a5:6d:
                    8a:65:af:88:b4:66:c6:18:f3:8d:2e:65:3e:b0:1e:
                    67:01:8a:91:f2:8a:90:62:74:51:46:16:8d:bf:b7:
                    e0:db:51:d6:a0:bd:0c:fe:24:e4:ab:57:34:5e:27:
                    09:83:49:46:00:d2:8f:ff:ca:bc:ac:41:da:00:90:
                    d2:b9:eb:41:25:72:31:37:07:e6:28:1d:39:3d:4a:
                    b1:97:cf:74:cd:86:c9:dd:f6:48:79:78:b5:bd:cf:
                    98:a6:55:61:cc:e0:64:59:fe:74:da:cd:57:48:39:
                    af:11:23:84:94:0c:61:56:a7:ed:26:0b:60:94:f6:
                    e1:ec:60:d9:aa:9d:10:60:22:d2:50:c0:a8:66:25:
                    b0:7d:23:9d:90:92:73:45:b3:83:66:fe:ef:f9:dc:
                    77:b0:e2:8a:8d:48:e7:da:28:45:81:63:48:f4:a9:
                    97:7e:5f:14:52:06:bd:81:78:f1:95:72:4d:1b:17:
                    64:fe:43:9d:2f:b3:5e:5e:e5:b0:3a:50:02:38:17:
                    0d:67:b8:62:6f:0e:bf:77:74:6a:3f:93:65:b9:99:
                    6c:f6:53:e7:d4:fc:a8:d8:45:13:3f:53:0c:74:91:
                    cb:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:57:D1:CE:EA:4D:BE:A7:55:8C:46:69:2B:9A:3D:B2:EC:32:AD:57
            X509v3 Authority Key Identifier:
                keyid:A6:F8:7C:F4:A1:5B:9E:78:22:45:5B:3A:A8:AF:0B:5E:D3:A2:99:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pvh89KFbnngiRVs6qK8LXtOimfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/W1fRzupNvqdVjEZpK5o9suwyrVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/289b1d-08dd-4d53-b12d-7d4028a1bf59/1/pvh89KFbnngiRVs6qK8LXtOimfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.92.192.0/22
                  81.92.217.0-81.92.219.255
                  91.109.112.0/21
                  94.46.184.0/22
                  94.46.192.0/22
                  94.46.207.0/24
                  94.46.220.0/22
                  94.46.244.0/22
                  185.99.252.0-185.99.254.255
                  185.109.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:5e:57:81:53:0f:34:ee:f6:fc:ff:4b:7c:2f:9d:7e:37:21:
         63:f3:64:64:dd:34:d3:6f:73:45:6c:a6:4e:31:ae:f1:f3:75:
         bc:c9:4a:3e:0e:46:f7:ae:c4:86:a0:8d:87:87:d0:6f:ef:10:
         7e:50:cc:fa:99:64:57:5e:99:b1:27:6c:5e:a0:18:e3:23:a3:
         08:9c:13:dd:11:73:54:cb:13:0b:e5:65:97:e4:de:73:4f:21:
         af:02:1c:58:7c:51:b1:d0:c8:c1:88:58:1b:a2:f1:41:65:89:
         0f:97:87:64:23:48:3f:99:1f:e8:fa:dc:84:92:5e:0d:55:1f:
         1b:36:ef:2e:77:22:40:3c:6a:39:f2:7f:68:88:f8:ba:f4:47:
         ce:99:ba:0a:f5:5c:a9:86:1b:29:06:34:db:e5:ca:38:53:20:
         7f:ee:a1:02:ae:e8:08:d1:ba:d7:90:c6:83:04:6f:be:d9:b3:
         3b:5a:45:6e:dc:e6:35:7d:2d:82:7f:92:9f:81:2d:02:06:6d:
         1e:6f:cc:f1:87:ea:01:b1:93:9c:c9:e7:3e:00:87:eb:eb:81:
         2a:80:4d:70:fe:b7:20:0d:4b:8b:fb:77:db:cb:b2:22:6d:92:
         73:9e:e9:2b:ac:7e:ec:55:eb:29:96:5b:1e:30:fb:18:ec:67:
         56:83:e6:87
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYXDz5VbkkJVZNnUCFeihltoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Zjg3Y2Y0YTE1YjllNzgyMjQ1NWIzYWE4YWYwYjVlZDNh
Mjk5ZjcwHhcNMjMwMTE4MDczNzE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjU3ZDFjZWVhNGRiZWE3NTU4YzQ2NjkyYjlhM2RiMmVjMzJhZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDn9FhJTmXm9ehqFq8aPCRkDemHy
woazUzaFpW2KZa+ItGbGGPONLmU+sB5nAYqR8oqQYnRRRhaNv7fg21HWoL0M/iTk
q1c0XicJg0lGANKP/8q8rEHaAJDSuetBJXIxNwfmKB05PUqxl890zYbJ3fZIeXi1
vc+YplVhzOBkWf502s1XSDmvESOElAxhVqftJgtglPbh7GDZqp0QYCLSUMCoZiWw
fSOdkJJzRbODZv7v+dx3sOKKjUjn2ihFgWNI9KmXfl8UUga9gXjxlXJNGxdk/kOd
L7NeXuWwOlACOBcNZ7hibw6/d3RqP5NluZls9lPn1Pyo2EUTP1MMdJHLKwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFFtX0c7qTb6nVYxGaSuaPbLsMq1XMB8GA1UdIwQY
MBaAFKb4fPShW554IkVbOqivC17Topn3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHZoODlLRmJubmdpUlZzNnFLOExYdE9pbWZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8yODliMWQtMDhkZC00ZDUzLWIxMmQt
N2Q0MDI4YTFiZjU5LzEvVzFmUnp1cE52cWRWakVacEs1bzlzdXd5clZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8yODliMWQtMDhkZC00ZDUzLWIxMmQtN2Q0MDI4YTFiZjU5
LzEvcHZoODlLRmJubmdpUlZzNnFLOExYdE9pbWZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQCUVzAMAwD
BABRXNkDBAJRXNgDBANbbXADBAJeLrgDBAJeLsADBABeLs8DBAJeLtwDBAJeLvQw
DAMEArlj/AMEALlj/gMEArltqDANBgkqhkiG9w0BAQsFAAOCAQEAMl5XgVMPNO72
/P9LfC+dfjchY/NkZN00029zRWymTjGu8fN1vMlKPg5G967EhqCNh4fQb+8QflDM
+plkV16ZsSdsXqAY4yOjCJwT3RFzVMsTC+Vll+Tec08hrwIcWHxRsdDIwYhYG6Lx
QWWJD5eHZCNIP5kf6PrchJJeDVUfGzbvLnciQDxqOfJ/aIj4uvRHzpm6CvVcqYYb
KQY02+XKOFMgf+6hAq7oCNG615DGgwRvvtmzO1pFbtzmNX0tgn+Sn4EtAgZtHm/M
8YfqAbGTnMnnPgCH6+uBKoBNcP63IA1Li/t328uyIm2Sc57pK6x+7FXrKZZbHjD7
GOxnVoPmhw==
-----END CERTIFICATE-----