Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/K0qv1n21tRTvpHviEJVi7E64kOM.roa
File:                     K0qv1n21tRTvpHviEJVi7E64kOM.roa (raw, json)
Hash identifier:          4HF57/zlYppHWnGWSB7RKc5ENGkFDvjUBDq/AQzLbH8=
Subject key identifier:   2B:4A:AF:D6:7D:B5:B5:14:EF:A4:7B:E2:10:95:62:EC:4E:B8:90:E3
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0188999F938E5C8A6D1A9B7F36C701B4D193
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/K0qv1n21tRTvpHviEJVi7E64kOM.roa
Signing time:             Thu 08 Jun 2023 06:09:12 +0000
ROA not before:           Thu 08 Jun 2023 06:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2118
IP address blocks:        194.87.208.0/23 maxlen: 24
                          194.87.222.0/23 maxlen: 24
                          194.87.27.0/24 maxlen: 24
                          212.192.0.0/23 maxlen: 24
                          194.58.46.0/23 maxlen: 24
                          194.58.45.0/24 maxlen: 24
                          195.58.56.0/21 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          195.133.55.0/24 maxlen: 24
                          193.124.203.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24
                          195.133.195.0/24 maxlen: 24
                          194.87.136.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:99:9f:93:8e:5c:8a:6d:1a:9b:7f:36:c7:01:b4:d1:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  8 06:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b4aafd67db5b514efa47be2109562ec4eb890e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e2:65:7e:97:68:18:50:77:cb:0d:a1:a0:e8:
                    fc:b9:d5:9f:50:fa:20:5a:86:89:14:a2:3c:44:a4:
                    12:c3:15:e1:8c:d0:f2:a1:cc:46:ae:c4:bf:87:f3:
                    99:2f:3e:db:ed:d5:61:94:78:9b:ba:61:9d:4a:bc:
                    71:ed:8e:ca:df:7c:59:34:b1:f0:67:22:2b:ff:5a:
                    ce:4e:06:72:98:c4:94:08:dc:de:0a:b5:e7:8c:f2:
                    5a:54:04:e8:36:a2:a6:77:5c:ba:78:f1:dc:f1:40:
                    88:99:fd:7a:c3:4a:2a:b6:91:b1:34:3f:92:7e:77:
                    5d:f8:b8:b1:7a:ed:7b:ab:25:48:ad:a4:db:46:37:
                    93:28:dd:c0:9a:e8:a0:e3:0c:5d:3d:9d:03:35:52:
                    bc:2a:3c:a0:ca:07:fb:0a:ca:da:2f:d3:a6:b8:57:
                    fe:9b:e4:97:85:4e:ea:99:f8:5b:c3:3f:f6:27:7b:
                    1b:6b:db:b3:11:4b:a0:11:42:a7:58:97:f9:0f:40:
                    ed:2c:a5:29:c0:50:6c:a1:02:23:48:35:9b:d2:15:
                    e0:89:5b:df:34:2a:1f:b0:17:33:a7:5d:26:36:7a:
                    36:a1:5f:ab:2b:df:ee:95:09:0a:4b:05:0a:33:a0:
                    88:16:ed:16:86:15:35:7a:7e:af:bd:2a:aa:a5:f2:
                    33:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:4A:AF:D6:7D:B5:B5:14:EF:A4:7B:E2:10:95:62:EC:4E:B8:90:E3
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/K0qv1n21tRTvpHviEJVi7E64kOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.203.0/24
                  194.58.45.0-194.58.47.255
                  194.87.27.0/24
                  194.87.136.0/24
                  194.87.198.0/24
                  194.87.208.0/23
                  194.87.222.0/23
                  195.58.56.0/21
                  195.133.55.0/24
                  195.133.195.0/24
                  212.192.0.0/23
                  212.193.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:7f:96:c3:6a:ce:df:ad:2b:c5:a0:ed:88:bb:e9:15:78:c8:
         57:fc:dd:ed:fa:9a:c4:cc:55:b6:b0:1b:4e:c7:ef:8d:2f:17:
         a0:9a:ee:ba:3b:60:e5:cd:7c:6f:3a:c2:ef:1f:ca:ce:dd:22:
         3b:9c:3f:77:b7:09:2f:83:0f:7a:1b:30:1b:75:5d:da:65:02:
         50:61:75:77:c1:95:85:e1:00:19:26:76:19:02:23:a9:e9:f5:
         15:b5:ac:b3:4a:c2:16:4a:b7:e2:6d:c6:78:5e:f4:1a:17:e0:
         76:df:11:74:14:d1:a9:56:a2:e7:22:55:bf:91:3e:bc:99:db:
         40:02:dd:42:90:04:3d:11:e6:23:2a:9f:b6:b8:8f:26:eb:70:
         aa:f4:5d:ba:a6:ed:af:1e:65:b0:8f:5d:db:40:c9:69:3b:30:
         38:f3:69:63:01:9e:f3:ad:6c:93:de:6b:da:ff:48:97:77:68:
         1e:21:fd:b3:f3:63:0b:4f:5c:ef:5d:9b:63:2a:2e:77:ac:79:
         75:f7:6e:a9:3f:26:28:87:3d:54:f6:10:24:dc:a2:54:6f:b6:
         44:83:04:4d:32:0b:43:16:9e:0a:c4:b4:85:50:76:74:39:31:
         29:93:2d:98:0f:82:57:4b:7c:25:79:4c:3d:c0:06:f7:40:6e:
         cb:ee:16:9c
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYiZn5OOXIptGpt/NscBtNGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNjA4MDYwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjRhYWZkNjdkYjViNTE0ZWZhNDdiZTIxMDk1NjJlYzRlYjg5MGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOJlfpdoGFB3yw2hoOj8udWfUPog
WoaJFKI8RKQSwxXhjNDyocxGrsS/h/OZLz7b7dVhlHibumGdSrxx7Y7K33xZNLHw
ZyIr/1rOTgZymMSUCNzeCrXnjPJaVAToNqKmd1y6ePHc8UCImf16w0oqtpGxND+S
fndd+Lixeu17qyVIraTbRjeTKN3Amuig4wxdPZ0DNVK8Kjygygf7CsraL9OmuFf+
m+SXhU7qmfhbwz/2J3sba9uzEUugEUKnWJf5D0DtLKUpwFBsoQIjSDWb0hXgiVvf
NCofsBczp10mNno2oV+rK9/ulQkKSwUKM6CIFu0WhhU1en6vvSqqpfIzMwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFCtKr9Z9tbUU76R74hCVYuxOuJDjMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSzBxdjFuMjF0UlR2cEh2aUVKVmk3RTY0a09NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAwXzLMAwD
BADCOi0DBATCOiADBADCVxsDBADCV4gDBADCV8YDBAHCV9ADBAHCV94DBAPDOjgD
BADDhTcDBADDhcMDBAHUwAADBADUwQAwDQYJKoZIhvcNAQELBQADggEBAEF/lsNq
zt+tK8Wg7Yi76RV4yFf83e36msTMVbawG07H740vF6Ca7ro7YOXNfG86wu8fys7d
IjucP3e3CS+DD3obMBt1XdplAlBhdXfBlYXhABkmdhkCI6np9RW1rLNKwhZKt+Jt
xnhe9BoX4HbfEXQU0alWouciVb+RPryZ20AC3UKQBD0R5iMqn7a4jybrcKr0Xbqm
7a8eZbCPXdtAyWk7MDjzaWMBnvOtbJPea9r/SJd3aB4h/bPzYwtPXO9dm2MqLnes
eXX3bqk/JiiHPVT2ECTcolRvtkSDBE0yC0MWngrEtIVQdnQ5MSmTLZgPgldLfCV5
TD3ABvdAbsvuFpw=
-----END CERTIFICATE-----