Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/Y2ahguipc_pTcyuYoQmrGK9XyHU.roa
File:                     Y2ahguipc_pTcyuYoQmrGK9XyHU.roa (raw, json)
Hash identifier:          A2iVEMtRVfq6dyG2yAwKWXFtxnl4sIMzr5o2bjYaM5w=
Subject key identifier:   63:66:A1:82:E8:A9:73:FA:53:73:2B:98:A1:09:AB:18:AF:57:C8:75
Certificate issuer:       /CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Certificate serial:       018735B347478D300EFAF4D824C63DBB5C61
Authority key identifier: 3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/Y2ahguipc_pTcyuYoQmrGK9XyHU.roa
Signing time:             Fri 31 Mar 2023 03:25:54 +0000
ROA not before:           Fri 31 Mar 2023 03:25:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     134433
IP address blocks:        185.71.229.0/24 maxlen: 24
                          185.71.230.0/24 maxlen: 24
                          185.71.231.0/24 maxlen: 24
                          185.71.228.0/24 maxlen: 24
                          185.125.84.0/24 maxlen: 24
                          185.125.85.0/24 maxlen: 24
                          193.0.180.0/24 maxlen: 24
                          185.125.86.0/24 maxlen: 24
                          193.0.181.0/24 maxlen: 24
                          185.125.87.0/24 maxlen: 24
                          193.0.182.0/24 maxlen: 24
                          193.0.183.0/24 maxlen: 24
                          2a05:3343:4::/48 maxlen: 48
                          2a05:3340:140::/42 maxlen: 48
                          2a05:3340::/42 maxlen: 42
                          2a05:3343:5::/48 maxlen: 48
                          2a05:3343:a::/48 maxlen: 48
                          2a05:3340::/29 maxlen: 64
                          2a05:3343:c::/48 maxlen: 48
                          2a05:3343:6::/48 maxlen: 48
                          2a05:3343:b::/48 maxlen: 48
                          2a05:3343:7::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:35:b3:47:47:8d:30:0e:fa:f4:d8:24:c6:3d:bb:5c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
        Validity
            Not Before: Mar 31 03:25:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6366a182e8a973fa53732b98a109ab18af57c875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:af:71:4e:27:79:94:18:81:9f:80:23:98:51:
                    94:e0:7e:df:7d:1d:39:62:7e:43:82:0b:7a:c5:5d:
                    7f:ef:8e:d2:51:a3:b1:6d:98:c5:dc:a7:b8:82:2c:
                    d2:c6:9e:ff:02:bf:c4:50:05:b7:b6:9a:c7:5d:9d:
                    e6:c5:85:e7:57:bf:5e:fb:a8:8e:e8:08:a7:9f:e2:
                    78:04:b6:ea:79:b8:38:0c:36:66:ed:98:71:3c:b2:
                    b0:17:8c:4b:df:24:0d:9b:f8:c5:2c:4f:92:b3:30:
                    90:9e:0f:5c:ae:60:d3:b7:1d:90:1e:d4:08:36:5b:
                    76:fd:fb:f6:f8:d9:82:dc:13:95:19:72:bd:71:df:
                    95:82:4d:0e:6a:a4:23:3f:94:0b:ef:3d:1e:5f:a8:
                    bf:1a:d1:20:68:34:00:ac:eb:48:03:d5:a5:15:5e:
                    22:40:d2:ff:8e:46:71:fc:3e:a4:79:c7:13:1b:0f:
                    79:d3:91:a0:40:d1:ed:1d:d5:64:2e:e1:f3:d4:47:
                    1e:a3:5a:2e:94:4a:f5:93:55:bb:5d:45:56:0f:20:
                    b7:f2:b5:68:d2:93:c4:47:68:31:38:60:e0:4a:52:
                    c9:36:ff:9e:e7:79:37:da:e9:b5:b5:ce:a5:bf:6a:
                    34:9c:1a:2f:4c:93:b8:8d:8d:ab:b9:32:4d:92:d4:
                    cb:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:66:A1:82:E8:A9:73:FA:53:73:2B:98:A1:09:AB:18:AF:57:C8:75
            X509v3 Authority Key Identifier:
                keyid:3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/Y2ahguipc_pTcyuYoQmrGK9XyHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.228.0/22
                  185.125.84.0/22
                  193.0.180.0/22
                IPv6:
                  2a05:3340::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:e9:09:5f:fb:1d:36:73:45:63:29:e2:84:f2:a2:aa:cf:e0:
         4a:48:36:20:b5:8c:92:d9:bb:e4:d3:02:9e:72:4d:aa:52:5b:
         76:1c:89:a9:7f:8f:e4:d7:4d:c6:b1:c8:c8:de:d7:a2:ec:96:
         3a:b5:e9:9f:5d:88:53:1f:4d:0e:3e:e5:2c:55:ad:37:6b:40:
         f0:fc:66:65:06:09:9d:1d:74:3a:d6:9e:5c:e2:7a:4b:f3:f0:
         11:e3:98:c0:45:fb:07:a2:55:42:59:8e:51:e1:73:05:90:17:
         51:99:3a:3c:d3:79:eb:8e:41:aa:12:f5:cd:0a:f8:d0:cf:5a:
         a6:4a:3a:85:39:6d:4d:d3:48:53:85:74:f6:84:b4:e8:16:8b:
         30:29:b8:5e:14:d6:ca:2e:53:47:f5:df:a5:74:f3:06:00:28:
         c9:fc:e1:c7:51:11:8e:f4:63:8e:59:8a:eb:e5:25:f0:43:ec:
         ee:97:5d:f5:6f:2d:03:6c:0b:1c:f7:f7:30:08:fe:fe:9c:97:
         2d:47:01:06:50:5a:95:5a:34:a9:03:e1:28:0e:53:28:ca:66:
         77:86:c0:75:ad:64:cc:24:34:55:23:63:9e:e2:a2:a4:3e:20:
         53:19:14:ea:5f:14:ad:09:82:ce:0c:ac:93:2c:15:8d:b6:1d:
         05:69:cf:76
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYc1s0dHjTAO+vTYJMY9u1xhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjRjN2VjZmEzN2QyNDg3MTUyZmI5YmJiYWI1MGJlNzlk
ZTI2MTkwHhcNMjMwMzMxMDMyNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzY2YTE4MmU4YTk3M2ZhNTM3MzJiOThhMTA5YWIxOGFmNTdjODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwq9xTid5lBiBn4AjmFGU4H7ffR05
Yn5Dggt6xV1/747SUaOxbZjF3Ke4gizSxp7/Ar/EUAW3tprHXZ3mxYXnV79e+6iO
6Ainn+J4BLbqebg4DDZm7ZhxPLKwF4xL3yQNm/jFLE+SszCQng9crmDTtx2QHtQI
Nlt2/fv2+NmC3BOVGXK9cd+Vgk0OaqQjP5QL7z0eX6i/GtEgaDQArOtIA9WlFV4i
QNL/jkZx/D6keccTGw9505GgQNHtHdVkLuHz1Eceo1oulEr1k1W7XUVWDyC38rVo
0pPER2gxOGDgSlLJNv+e53k32um1tc6lv2o0nBovTJO4jY2ruTJNktTLxQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGNmoYLoqXP6U3MrmKEJqxivV8h1MB8GA1UdIwQY
MBaAFD4kx+z6N9JIcVL7m7urUL553iYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMt
NDkzZDc3NGFhMWZmLzEvWTJhaGd1aXBjX3BUY3l1WW9RbXJHSzlYeUhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMtNDkzZDc3NGFhMWZm
LzEvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuUfkAwQC
uX1UAwQCwQC0MA0EAgACMAcDBQMqBTNAMA0GCSqGSIb3DQEBCwUAA4IBAQAo6Qlf
+x02c0VjKeKE8qKqz+BKSDYgtYyS2bvk0wKeck2qUlt2HImpf4/k103GscjI3tei
7JY6temfXYhTH00OPuUsVa03a0Dw/GZlBgmdHXQ61p5c4npL8/AR45jARfsHolVC
WY5R4XMFkBdRmTo803nrjkGqEvXNCvjQz1qmSjqFOW1N00hThXT2hLToFoswKbhe
FNbKLlNH9d+ldPMGACjJ/OHHURGO9GOOWYrr5SXwQ+zul131by0DbAsc9/cwCP7+
nJctRwEGUFqVWjSpA+EoDlMoymZ3hsB1rWTMJDRVI2Oe4qKkPiBTGRTqXxStCYLO
DKyTLBWNth0Fac92
-----END CERTIFICATE-----