Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1GGR-lEV4vkuji7QsnD1yq6WDlI.roa
File:                     1GGR-lEV4vkuji7QsnD1yq6WDlI.roa (raw, json)
Hash identifier:          gg+ZZXRiwfh9PM6MSlkkxdfvdelMALQbdYiPTabrkCI=
Subject key identifier:   D4:61:91:FA:51:15:E2:F9:2E:8E:2E:D0:B2:70:F5:CA:AE:96:0E:52
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018A74EBACD8586FD8375D48C0A8C4C45816
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1GGR-lEV4vkuji7QsnD1yq6WDlI.roa
Signing time:             Fri 08 Sep 2023 13:11:56 +0000
ROA not before:           Fri 08 Sep 2023 13:11:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21082
IP address blocks:        193.124.4.0/24 maxlen: 24
                          195.133.78.0/24 maxlen: 24
                          194.87.2.0/24 maxlen: 24
                          194.87.221.0/24 maxlen: 24
                          195.133.94.0/24 maxlen: 24
                          194.87.20.0/24 maxlen: 24
                          194.87.30.0/24 maxlen: 24
                          212.192.8.0/24 maxlen: 24
                          195.58.34.0/24 maxlen: 24
                          192.124.183.0/24 maxlen: 24
                          212.192.248.0/24 maxlen: 24
                          194.135.105.0/24 maxlen: 24
                          194.87.44.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:74:eb:ac:d8:58:6f:d8:37:5d:48:c0:a8:c4:c4:58:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep  8 13:11:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d46191fa5115e2f92e8e2ed0b270f5caae960e52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f0:f4:b4:e9:19:aa:3b:bd:2b:16:bb:50:1e:
                    ee:4f:2d:e1:b6:1e:f8:c5:49:83:72:2d:08:c1:e0:
                    25:c3:8a:78:f0:30:a4:f5:68:ab:71:81:bc:7f:f9:
                    f8:43:85:38:2d:15:33:5a:43:56:76:3a:75:53:f2:
                    3a:11:5d:b8:72:6b:44:b9:fb:3d:26:c8:22:c2:c1:
                    d4:2f:f2:2d:1b:c5:af:16:25:eb:3f:cd:be:67:8d:
                    ac:8e:ab:d5:0f:40:83:1b:28:47:a2:6f:6c:32:5b:
                    50:d9:4a:55:03:fb:cd:77:0a:20:31:73:65:ca:40:
                    ef:47:44:6f:37:c0:1f:8f:68:eb:da:3a:05:0b:7b:
                    e7:21:e6:d6:b0:6d:f4:14:61:ce:7f:70:c9:ef:e0:
                    74:ec:99:cd:b1:69:a6:04:36:fe:6d:16:ac:1c:6f:
                    b4:22:a4:36:55:fe:97:fe:b5:42:a0:0d:26:43:da:
                    4e:f1:65:60:b1:ad:bb:d8:f7:45:3d:e0:4f:91:ef:
                    64:dd:e1:a5:21:4f:81:d5:76:2d:3c:ef:1f:01:87:
                    5b:aa:77:af:04:d0:04:a3:ce:9b:09:aa:5e:ea:78:
                    44:9a:0a:94:c7:ac:49:14:22:8c:d0:b9:b9:c6:72:
                    07:d3:9c:46:b4:3c:38:1b:c3:38:be:1d:90:d7:c7:
                    51:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:61:91:FA:51:15:E2:F9:2E:8E:2E:D0:B2:70:F5:CA:AE:96:0E:52
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1GGR-lEV4vkuji7QsnD1yq6WDlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.183.0/24
                  193.124.4.0/24
                  194.87.2.0/24
                  194.87.20.0/24
                  194.87.30.0/24
                  194.87.44.0/24
                  194.87.221.0/24
                  194.135.105.0/24
                  195.58.34.0/24
                  195.133.78.0/24
                  195.133.94.0/24
                  212.192.8.0/24
                  212.192.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:73:7b:db:08:aa:2a:6c:a4:23:e0:15:79:a3:8c:f2:27:62:
         9d:59:98:64:5c:87:49:4d:06:9e:58:c5:51:69:58:75:c5:f2:
         f7:68:f9:28:c6:a9:39:79:0e:7a:c9:e6:e8:d5:50:be:b9:f6:
         d8:10:fa:d0:3f:48:23:4f:50:14:34:02:0e:73:1e:ec:26:dd:
         a6:53:b9:f1:80:1d:89:32:f0:80:cb:87:0b:eb:37:4e:70:2a:
         63:8a:9d:01:a9:d7:17:35:05:b2:83:5e:51:72:1b:00:58:5d:
         3e:17:6f:b7:44:ac:20:e7:90:ad:c1:18:97:ca:64:23:78:25:
         95:ce:9d:7e:69:4c:8e:2c:85:64:0b:c5:48:10:aa:b6:d8:9b:
         a0:20:12:df:80:d3:d9:63:60:c7:0b:3a:e3:28:e2:8d:28:d6:
         18:f9:98:76:13:7c:5a:2f:6f:57:93:c8:1a:ee:5c:27:fd:23:
         90:c4:23:03:c8:38:01:b5:79:7a:37:61:99:c5:16:f8:c3:1d:
         58:21:b7:4f:55:13:00:5b:5e:3a:ae:57:4c:75:fb:56:dc:88:
         f5:fe:46:7d:d4:58:f4:99:8d:9f:d5:b1:e1:03:e1:53:a2:d8:
         2f:99:81:8d:3c:55:c2:c3:19:72:9f:b3:9f:2f:e3:bf:b3:4f:
         9d:bc:66:72
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYp066zYWG/YN11IwKjExFgWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwOTA4MTMxMTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDYxOTFmYTUxMTVlMmY5MmU4ZTJlZDBiMjcwZjVjYWFlOTYwZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfD0tOkZqju9Kxa7UB7uTy3hth74
xUmDci0IweAlw4p48DCk9WircYG8f/n4Q4U4LRUzWkNWdjp1U/I6EV24cmtEufs9
JsgiwsHUL/ItG8WvFiXrP82+Z42sjqvVD0CDGyhHom9sMltQ2UpVA/vNdwogMXNl
ykDvR0RvN8Afj2jr2joFC3vnIebWsG30FGHOf3DJ7+B07JnNsWmmBDb+bRasHG+0
IqQ2Vf6X/rVCoA0mQ9pO8WVgsa272PdFPeBPke9k3eGlIU+B1XYtPO8fAYdbqnev
BNAEo86bCape6nhEmgqUx6xJFCKM0Lm5xnIH05xGtDw4G8M4vh2Q18dRIQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFNRhkfpRFeL5Lo4u0LJw9cqulg5SMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMUdHUi1sRVY0dmt1amk3UXNuRDF5cTZXRGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAwHy3AwQA
wXwEAwQAwlcCAwQAwlcUAwQAwlceAwQAwlcsAwQAwlfdAwQAwodpAwQAwzoiAwQA
w4VOAwQAw4VeAwQA1MAIAwQA1MD4MA0GCSqGSIb3DQEBCwUAA4IBAQA3c3vbCKoq
bKQj4BV5o4zyJ2KdWZhkXIdJTQaeWMVRaVh1xfL3aPkoxqk5eQ56yebo1VC+ufbY
EPrQP0gjT1AUNAIOcx7sJt2mU7nxgB2JMvCAy4cL6zdOcCpjip0BqdcXNQWyg15R
chsAWF0+F2+3RKwg55CtwRiXymQjeCWVzp1+aUyOLIVkC8VIEKq22JugIBLfgNPZ
Y2DHCzrjKOKNKNYY+Zh2E3xaL29Xk8ga7lwn/SOQxCMDyDgBtXl6N2GZxRb4wx1Y
IbdPVRMAW146rldMdftW3Ij1/kZ91Fj0mY2f1bHhA+FTotgvmYGNPFXCwxlyn7Of
L+O/s0+dvGZy
-----END CERTIFICATE-----