Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-PF2ZjfhdB_bJGV1i84lo8VoAL4.roa
File:                     1-PF2ZjfhdB_bJGV1i84lo8VoAL4.roa (raw, json)
Hash identifier:          ARRReDDgM9VyLrzdSUrrVCNCZe7QBCLQ3Qk5VPWt698=
Subject key identifier:   F8:F1:76:66:37:E1:74:1F:DB:24:65:75:8B:CE:25:A3:C5:68:00:BE
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018912315E5F03339DF057893BB08A88D1BB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-PF2ZjfhdB_bJGV1i84lo8VoAL4.roa
Signing time:             Sat 01 Jul 2023 16:02:52 +0000
ROA not before:           Sat 01 Jul 2023 16:02:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     26383
IP address blocks:        193.124.22.0/24 maxlen: 24
                          62.76.234.0/24 maxlen: 24
                          193.124.41.0/24 maxlen: 24
                          194.58.34.0/24 maxlen: 24
                          212.192.12.0/24 maxlen: 24
                          212.192.15.0/24 maxlen: 24
                          192.124.176.0/24 maxlen: 24
                          212.193.2.0/24 maxlen: 24
                          194.58.68.0/24 maxlen: 24
                          194.87.189.0/24 maxlen: 24
                          194.87.39.0/24 maxlen: 24
                          194.87.47.0/24 maxlen: 24
                          185.72.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:12:31:5e:5f:03:33:9d:f0:57:89:3b:b0:8a:88:d1:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  1 16:02:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f8f1766637e1741fdb2465758bce25a3c56800be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d4:0d:86:52:58:f3:73:22:39:33:00:ee:9a:
                    cb:00:00:3c:13:a6:6a:66:d1:0b:6e:60:1b:eb:e7:
                    df:b6:d1:53:92:5e:2e:6a:59:b6:15:28:9f:83:43:
                    bf:32:6d:84:78:74:5f:41:c2:a1:b8:87:ab:f6:01:
                    b7:c1:c8:35:f0:47:8e:2a:c6:d2:fb:13:56:ec:70:
                    af:68:03:5c:42:ae:c8:78:f9:f8:0d:a0:d4:73:bd:
                    06:5a:96:f8:46:3e:2b:b0:90:33:e6:49:7b:10:a1:
                    70:89:0e:20:f6:1c:c9:a8:a6:84:44:6e:7c:fc:63:
                    3a:53:ec:5f:31:07:69:8a:82:77:14:4d:c8:24:bd:
                    66:89:87:23:ce:aa:e7:78:a6:2a:e9:7a:d5:1c:a2:
                    30:31:4d:54:03:09:28:e0:b7:9f:ad:50:0b:01:90:
                    74:22:05:8c:ed:1a:2a:fd:e2:bb:11:59:09:8c:40:
                    da:75:eb:5b:5e:e0:d3:df:72:9e:bc:6e:f0:55:21:
                    45:90:6d:3f:01:c5:dc:74:df:cd:fb:89:15:8e:3b:
                    dd:92:56:7c:17:49:b8:b8:7a:42:1f:fc:a6:bd:84:
                    84:4a:05:05:0b:37:22:ab:b1:7c:bc:3a:88:f2:3b:
                    6a:95:73:62:a1:a2:40:3e:6a:47:66:7b:ad:20:d8:
                    5e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F1:76:66:37:E1:74:1F:DB:24:65:75:8B:CE:25:A3:C5:68:00:BE
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-PF2ZjfhdB_bJGV1i84lo8VoAL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.234.0/24
                  185.72.8.0/24
                  192.124.176.0/24
                  193.124.22.0/24
                  193.124.41.0/24
                  194.58.34.0/24
                  194.58.68.0/24
                  194.87.39.0/24
                  194.87.47.0/24
                  194.87.189.0/24
                  212.192.12.0/24
                  212.192.15.0/24
                  212.193.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:97:95:b6:6f:77:bf:89:fa:08:81:8f:72:77:5e:a2:f3:b7:
         01:69:7a:e8:61:36:de:5f:70:ac:f8:64:a2:98:aa:12:0e:5c:
         37:e4:fd:35:c0:2e:a8:88:8d:81:3b:55:c7:33:32:36:cd:33:
         f2:a6:0a:ee:eb:08:e9:f3:f4:1a:e3:e2:b8:c8:cc:7e:97:26:
         a8:05:ff:ad:53:1b:15:bc:7b:1c:c0:cd:f0:e4:32:4e:7e:f4:
         01:a5:81:50:0d:65:4e:f4:72:3e:62:81:3d:3f:93:32:86:9f:
         a6:3e:9b:d8:4d:a0:89:04:5f:3f:5b:e7:75:59:de:69:92:9a:
         d9:ea:54:e3:c6:66:58:48:b5:5a:6f:84:ec:4a:7f:30:4f:43:
         3f:96:37:85:05:a3:fc:6b:dc:28:b7:09:6e:db:d3:c5:5d:e0:
         88:ad:85:dc:ea:d3:e2:6e:13:fc:5b:a9:31:23:63:43:2e:77:
         7e:12:bd:77:87:b5:e4:1c:d6:9c:f5:39:19:34:1e:5f:f1:c4:
         a9:16:a0:3a:8b:1c:6c:27:c2:81:db:30:94:b5:5f:bd:4e:d5:
         61:72:ee:16:29:5f:4c:84:ff:6d:25:ed:ad:31:75:7d:c1:f8:
         61:b9:4c:20:22:31:02:83:a9:22:e6:75:1a:b7:68:d6:0e:2d:
         33:07:26:2e
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYkSMV5fAzOd8FeJO7CKiNG7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNzAxMTYwMjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGYxNzY2NjM3ZTE3NDFmZGIyNDY1NzU4YmNlMjVhM2M1NjgwMGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdQNhlJY83MiOTMA7prLAAA8E6Zq
ZtELbmAb6+ffttFTkl4ualm2FSifg0O/Mm2EeHRfQcKhuIer9gG3wcg18EeOKsbS
+xNW7HCvaANcQq7IePn4DaDUc70GWpb4Rj4rsJAz5kl7EKFwiQ4g9hzJqKaERG58
/GM6U+xfMQdpioJ3FE3IJL1miYcjzqrneKYq6XrVHKIwMU1UAwko4LefrVALAZB0
IgWM7Roq/eK7EVkJjEDadetbXuDT33KevG7wVSFFkG0/AcXcdN/N+4kVjjvdklZ8
F0m4uHpCH/ymvYSESgUFCzciq7F8vDqI8jtqlXNioaJAPmpHZnutINheiQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFPjxdmY34XQf2yRldYvOJaPFaAC+MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMS1QRjJaamZoZEJfYkpHVjFpODRsbzhWb0FMNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDAvZTE0NDdhLThmMTgtNGE4MC1hNDIyLTVhNDI0MjhmMTE0
My8xL05Xa1BYakxWeUdyeDRUU2RfVTZNN3JjT0dzYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBnBggrBgEFBQcBBwEB/wRYMFYwVAQCAAEwTgMEAD5M6gME
ALlICAMEAMB8sAMEAMF8FgMEAMF8KQMEAMI6IgMEAMI6RAMEAMJXJwMEAMJXLwME
AMJXvQMEANTADAMEANTADwMEANTBAjANBgkqhkiG9w0BAQsFAAOCAQEAOpeVtm93
v4n6CIGPcndeovO3AWl66GE23l9wrPhkopiqEg5cN+T9NcAuqIiNgTtVxzMyNs0z
8qYK7usI6fP0GuPiuMjMfpcmqAX/rVMbFbx7HMDN8OQyTn70AaWBUA1lTvRyPmKB
PT+TMoafpj6b2E2giQRfP1vndVneaZKa2epU48ZmWEi1Wm+E7Ep/ME9DP5Y3hQWj
/GvcKLcJbtvTxV3giK2F3OrT4m4T/FupMSNjQy53fhK9d4e15BzWnPU5GTQeX/HE
qRagOoscbCfCgdswlLVfvU7VYXLuFilfTIT/bSXtrTF1fcH4YblMICIxAoOpIuZ1
Grdo1g4tMwcmLg==
-----END CERTIFICATE-----