Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-MinwXCoJODnBC6f25PPZ-Z3OQo.roa
File:                     1-MinwXCoJODnBC6f25PPZ-Z3OQo.roa (raw, json)
Hash identifier:          uY9MXNDgU+3tk1eKwoYoPEDXJzkj1kdAqjrDWfKCtGw=
Subject key identifier:   F8:C8:A7:C1:70:A8:24:E0:E7:04:2E:9F:DB:93:CF:67:E6:77:39:0A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0185E2D17CD6962A6464A9C60F17735BDA5B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-MinwXCoJODnBC6f25PPZ-Z3OQo.roa
Signing time:             Tue 24 Jan 2023 08:07:37 +0000
ROA not before:           Tue 24 Jan 2023 08:07:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58212
IP address blocks:        194.87.207.0/24 maxlen: 24
                          193.124.18.0/24 maxlen: 24
                          195.133.94.0/24 maxlen: 24
                          193.124.41.0/24 maxlen: 24
                          194.87.30.0/24 maxlen: 24
                          193.124.47.0/24 maxlen: 24
                          212.192.7.0/24 maxlen: 24
                          194.58.43.0/24 maxlen: 24
                          194.87.163.0/24 maxlen: 24
                          194.87.161.0/24 maxlen: 24
                          194.58.46.0/24 maxlen: 24
                          212.192.30.0/24 maxlen: 24
                          193.124.205.0/24 maxlen: 24
                          194.87.108.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.64.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:e2:d1:7c:d6:96:2a:64:64:a9:c6:0f:17:73:5b:da:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 24 08:07:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f8c8a7c170a824e0e7042e9fdb93cf67e677390a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:0e:70:34:aa:44:90:80:02:0f:34:9b:4f:91:
                    07:f9:c3:31:dd:67:ff:fc:7d:2a:1e:27:ac:de:36:
                    a4:18:eb:8f:3d:ab:3d:e7:c9:ca:53:bf:16:43:c2:
                    24:10:17:44:08:d6:0f:76:ec:8f:43:28:4c:f6:9a:
                    d5:74:15:0c:85:10:20:84:dc:fe:2f:0e:d2:f4:c1:
                    6b:a0:8d:8e:83:65:67:77:13:88:9f:4c:49:d6:cb:
                    31:d3:56:2c:1b:80:c0:00:1d:37:67:03:98:6c:94:
                    23:03:fe:d4:ec:cb:b1:27:85:6f:51:73:c3:9a:0b:
                    0a:ef:92:9b:43:04:1d:3f:ac:bf:fc:95:09:b2:2b:
                    ff:cb:a7:23:5b:2b:6f:09:86:25:bf:7c:03:f6:e9:
                    6d:72:b2:2d:3e:e1:51:bf:1a:ef:11:26:b6:90:b0:
                    4e:19:dd:bd:40:9f:f2:b7:4e:f7:3e:8e:b8:03:13:
                    3b:e2:7f:bb:2a:8b:77:b3:7e:67:df:7b:db:8c:f7:
                    9d:16:e3:d7:83:29:21:bc:18:ad:6d:12:a3:ad:0f:
                    75:4a:49:77:83:cd:40:9f:f3:86:2c:48:01:a3:89:
                    56:c1:58:f5:d8:64:38:83:6c:a1:59:b8:aa:6f:29:
                    6c:2c:59:6a:ad:4a:85:19:eb:3b:d0:e3:6c:27:80:
                    01:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:C8:A7:C1:70:A8:24:E0:E7:04:2E:9F:DB:93:CF:67:E6:77:39:0A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-MinwXCoJODnBC6f25PPZ-Z3OQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.18.0/24
                  193.124.41.0/24
                  193.124.47.0/24
                  193.124.205.0/24
                  194.58.43.0/24
                  194.58.46.0/24
                  194.58.155.0/24
                  194.87.30.0/24
                  194.87.64.0/24
                  194.87.108.0/24
                  194.87.161.0/24
                  194.87.163.0/24
                  194.87.207.0/24
                  195.133.94.0/24
                  212.192.7.0/24
                  212.192.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:af:e9:f2:df:e5:15:2c:f9:b9:68:57:42:36:1e:30:67:45:
         0d:f6:25:75:44:76:04:50:52:38:27:27:4b:66:65:02:44:36:
         0d:3d:12:3f:6f:8f:38:92:c6:17:2c:83:77:35:bd:c6:b8:27:
         b6:61:7f:6c:91:0a:2a:66:26:80:76:47:bf:76:88:b1:00:90:
         0f:44:d3:44:80:19:61:7d:88:78:62:29:00:6e:72:35:fc:a0:
         3a:c3:ec:61:e1:81:9d:6a:29:dc:e2:80:bb:38:00:c5:03:94:
         cf:82:aa:85:8e:7c:8d:72:b6:60:69:4e:8b:1e:98:04:39:74:
         8c:e7:a5:e7:81:2e:bc:c4:81:02:12:40:64:dc:f2:f0:bb:25:
         3d:30:83:fe:b1:89:63:cd:47:97:4b:e2:80:39:f9:d0:f3:40:
         a9:61:58:3e:09:ad:08:ec:69:7a:17:e2:56:81:1f:2c:2f:0f:
         38:7e:0d:03:90:ba:3a:0f:09:99:1b:c2:63:06:e1:3f:58:ad:
         59:a0:52:6a:cc:da:47:6d:01:f1:2e:f1:1a:1d:b0:ca:70:5d:
         ef:4e:05:48:b7:e6:e4:a4:33:16:7c:c1:47:84:7d:bf:5b:a4:
         9e:4d:7a:c5:c1:46:3f:00:47:10:35:a0:79:83:f7:77:2f:71:
         3b:e4:df:c8
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAYXi0XzWlipkZKnGDxdzW9pbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMTI0MDgwNzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGM4YTdjMTcwYTgyNGUwZTcwNDJlOWZkYjkzY2Y2N2U2NzczOTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQ5wNKpEkIACDzSbT5EH+cMx3Wf/
/H0qHies3jakGOuPPas958nKU78WQ8IkEBdECNYPduyPQyhM9prVdBUMhRAghNz+
Lw7S9MFroI2Og2VndxOIn0xJ1ssx01YsG4DAAB03ZwOYbJQjA/7U7MuxJ4VvUXPD
mgsK75KbQwQdP6y//JUJsiv/y6cjWytvCYYlv3wD9ultcrItPuFRvxrvESa2kLBO
Gd29QJ/yt073Po64AxM74n+7Kot3s35n33vbjPedFuPXgykhvBitbRKjrQ91Skl3
g81An/OGLEgBo4lWwVj12GQ4g2yhWbiqbylsLFlqrUqFGes70ONsJ4AB0wIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFPjIp8FwqCTg5wQun9uTz2fmdzkKMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMS1NaW53WENvSk9EbkJDNmYyNVBQWi1aM09Rby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDAvZTE0NDdhLThmMTgtNGE4MC1hNDIyLTVhNDI0MjhmMTE0
My8xL05Xa1BYakxWeUdyeDRUU2RfVTZNN3JjT0dzYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjB5BggrBgEFBQcBBwEB/wRqMGgwZgQCAAEwYAMEAMF8EgME
AMF8KQMEAMF8LwMEAMF8zQMEAMI6KwMEAMI6LgMEAMI6mwMEAMJXHgMEAMJXQAME
AMJXbAMEAMJXoQMEAMJXowMEAMJXzwMEAMOFXgMEANTABwMEANTAHjANBgkqhkiG
9w0BAQsFAAOCAQEAY6/p8t/lFSz5uWhXQjYeMGdFDfYldUR2BFBSOCcnS2ZlAkQ2
DT0SP2+POJLGFyyDdzW9xrgntmF/bJEKKmYmgHZHv3aIsQCQD0TTRIAZYX2IeGIp
AG5yNfygOsPsYeGBnWop3OKAuzgAxQOUz4KqhY58jXK2YGlOix6YBDl0jOel54Eu
vMSBAhJAZNzy8LslPTCD/rGJY81Hl0vigDn50PNAqWFYPgmtCOxpehfiVoEfLC8P
OH4NA5C6Og8JmRvCYwbhP1itWaBSaszaR20B8S7xGh2wynBd704FSLfm5KQzFnzB
R4R9v1uknk16xcFGPwBHEDWgeYP3dy9xO+TfyA==
-----END CERTIFICATE-----