Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MlCQS1JqmJTYlMeHEVA7KqZ1gLs.roa
File:                     MlCQS1JqmJTYlMeHEVA7KqZ1gLs.roa (raw, json)
Hash identifier:          qRQCfy0vj7UUt4H7YpRcDbAepw0EauW+uGBSvEZX+MI=
Subject key identifier:   32:50:90:4B:52:6A:98:94:D8:94:C7:87:11:50:3B:2A:A6:75:80:BB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018A855D2B8BE220BBFA54A68F4E46329B9E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MlCQS1JqmJTYlMeHEVA7KqZ1gLs.roa
Signing time:             Mon 11 Sep 2023 17:49:50 +0000
ROA not before:           Mon 11 Sep 2023 17:49:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49392
IP address blocks:        194.87.118.0/23 maxlen: 24
                          194.87.220.0/24 maxlen: 24
                          193.124.36.0/24 maxlen: 24
                          193.124.254.0/24 maxlen: 24
                          195.133.10.0/23 maxlen: 23
                          194.135.32.0/24 maxlen: 24
                          185.72.10.0/24 maxlen: 24
                          195.133.26.0/23 maxlen: 24
                          212.192.13.0/24 maxlen: 24
                          195.133.56.0/23 maxlen: 23
                          195.133.52.0/23 maxlen: 23

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:85:5d:2b:8b:e2:20:bb:fa:54:a6:8f:4e:46:32:9b:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 11 17:49:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3250904b526a9894d894c78711503b2aa67580bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:4c:88:63:4c:e5:65:c4:32:42:06:4f:50:3f:
                    65:9a:1b:10:ce:85:7c:87:7e:e6:9b:81:19:64:5b:
                    40:0d:fa:f6:8f:90:d9:c9:b9:ca:1f:df:ec:79:b4:
                    41:39:fb:c5:5f:1b:50:a8:d1:0e:e7:af:2d:f5:f8:
                    6d:78:ff:a8:c4:6b:99:55:d9:7e:33:9d:7e:d0:b0:
                    97:1b:bc:a1:95:f3:c3:2b:29:6e:ce:64:ec:78:e5:
                    05:d0:b3:ae:6b:ae:a9:9c:54:e4:a4:8d:b0:7e:5a:
                    0e:79:70:68:d9:ef:19:f5:c6:9d:a5:88:c3:09:09:
                    b0:42:c5:84:63:5a:80:12:d0:3b:c4:81:9f:40:6b:
                    be:27:ee:43:75:7a:07:1c:36:40:82:75:d4:18:f9:
                    14:68:ba:58:87:04:71:73:26:a2:8b:b9:92:f2:7d:
                    11:d3:24:a1:93:84:18:d2:89:08:f5:68:4e:11:a0:
                    1a:7d:0b:da:2f:f7:3a:17:43:f8:55:9a:71:83:a0:
                    4e:c2:56:bf:41:c8:62:c6:91:77:8c:89:35:4c:5d:
                    be:ef:92:1f:2c:cd:4a:d7:03:30:5d:d1:d6:7e:19:
                    31:a3:88:be:4b:f1:53:0e:ef:b8:45:51:59:3e:16:
                    d9:0d:77:8e:9c:51:9e:04:46:14:f2:26:1d:e2:7d:
                    cb:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:50:90:4B:52:6A:98:94:D8:94:C7:87:11:50:3B:2A:A6:75:80:BB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MlCQS1JqmJTYlMeHEVA7KqZ1gLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.10.0/24
                  193.124.36.0/24
                  193.124.254.0/24
                  194.87.118.0/23
                  194.87.220.0/24
                  194.135.32.0/24
                  195.133.10.0/23
                  195.133.26.0/23
                  195.133.52.0/23
                  195.133.56.0/23
                  212.192.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:97:7e:9b:63:2a:a6:6b:9e:6c:38:cf:6b:9b:ce:88:ee:de:
         29:cd:bd:b1:05:62:32:1d:ba:bd:e7:19:5f:01:61:41:15:cd:
         b2:04:ae:ea:3e:79:31:fb:44:98:4c:2e:9c:28:78:e2:99:5c:
         9e:a6:f1:cb:2b:40:3f:23:25:e6:ff:b2:18:81:3e:77:a6:d7:
         40:21:02:59:63:c4:1e:e3:bf:17:d4:51:1c:ff:fb:76:a6:dc:
         3d:c2:c8:52:d9:63:3a:2c:65:d4:8e:3e:d6:3f:85:b8:86:84:
         11:1f:b0:9c:e3:bb:9c:0b:18:4a:6e:71:8b:63:59:8f:87:77:
         f8:70:10:fa:f9:c8:9d:b6:85:2d:48:98:4d:d7:7d:2c:b7:78:
         4b:3e:2d:71:74:28:6b:07:d7:c2:70:3a:bc:3f:5b:80:a8:af:
         66:17:c2:75:3c:b8:2f:92:60:b5:24:53:b1:b5:07:a9:d7:62:
         e8:c5:b7:c5:59:ed:33:0e:ee:91:89:fd:45:d7:94:0a:7d:79:
         78:63:2d:93:75:20:b5:41:fd:80:a4:ec:53:e7:9b:ef:8d:c6:
         81:af:c9:bb:24:38:05:8b:dd:aa:b3:ae:f6:78:41:f1:18:85:
         e4:7e:65:d0:99:6c:78:24:70:32:e0:41:93:0d:69:c1:6e:18:
         4f:3a:85:4b
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYqFXSuL4iC7+lSmj05GMpueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwOTExMTc0OTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjUwOTA0YjUyNmE5ODk0ZDg5NGM3ODcxMTUwM2IyYWE2NzU4MGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkyIY0zlZcQyQgZPUD9lmhsQzoV8
h37mm4EZZFtADfr2j5DZybnKH9/sebRBOfvFXxtQqNEO568t9fhteP+oxGuZVdl+
M51+0LCXG7yhlfPDKyluzmTseOUF0LOua66pnFTkpI2wfloOeXBo2e8Z9cadpYjD
CQmwQsWEY1qAEtA7xIGfQGu+J+5DdXoHHDZAgnXUGPkUaLpYhwRxcyaii7mS8n0R
0yShk4QY0okI9WhOEaAafQvaL/c6F0P4VZpxg6BOwla/QchixpF3jIk1TF2+75If
LM1K1wMwXdHWfhkxo4i+S/FTDu+4RVFZPhbZDXeOnFGeBEYU8iYd4n3LbQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDJQkEtSapiU2JTHhxFQOyqmdYC7MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTWxDUVMxSnFtSlRZbE1lSEVWQTdLcVoxZ0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAuUgKAwQA
wXwkAwQAwXz+AwQBwld2AwQAwlfcAwQAwocgAwQBw4UKAwQBw4UaAwQBw4U0AwQB
w4U4AwQA1MANMA0GCSqGSIb3DQEBCwUAA4IBAQBkl36bYyqma55sOM9rm86I7t4p
zb2xBWIyHbq95xlfAWFBFc2yBK7qPnkx+0SYTC6cKHjimVyepvHLK0A/IyXm/7IY
gT53ptdAIQJZY8Qe478X1FEc//t2ptw9wshS2WM6LGXUjj7WP4W4hoQRH7Cc47uc
CxhKbnGLY1mPh3f4cBD6+cidtoUtSJhN130st3hLPi1xdChrB9fCcDq8P1uAqK9m
F8J1PLgvkmC1JFOxtQep12LoxbfFWe0zDu6Rif1F15QKfXl4Yy2TdSC1Qf2ApOxT
55vvjcaBr8m7JDgFi92qs672eEHxGIXkfmXQmWx4JHAy4EGTDWnBbhhPOoVL