Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N-AjS2PNAPmc9peaNYPUsGf5g6o.roa
File:                     N-AjS2PNAPmc9peaNYPUsGf5g6o.roa (raw, json)
Hash identifier:          PqvRhe0nTKtk5guIfRWp5R4pGzNzUhhxTzsOd7wT+4Y=
Subject key identifier:   37:E0:23:4B:63:CD:00:F9:9C:F6:97:9A:35:83:D4:B0:67:F9:83:AA
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01892AEF78BA3181E6D7F1232F0177A8296D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N-AjS2PNAPmc9peaNYPUsGf5g6o.roa
Signing time:             Thu 06 Jul 2023 11:21:24 +0000
ROA not before:           Thu 06 Jul 2023 11:21:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213035
IP address blocks:        212.193.31.0/24 maxlen: 24
                          212.193.29.0/24 maxlen: 24
                          212.193.28.0/24 maxlen: 24
                          195.133.16.0/24 maxlen: 24
                          212.192.218.0/24 maxlen: 24
                          212.192.216.0/24 maxlen: 24
                          195.133.17.0/24 maxlen: 24
                          212.192.219.0/24 maxlen: 24
                          212.192.217.0/24 maxlen: 24
                          212.192.240.0/24 maxlen: 24
                          192.124.188.0/24 maxlen: 24
                          212.192.243.0/24 maxlen: 24
                          195.133.42.0/24 maxlen: 24
                          195.133.43.0/24 maxlen: 24
                          194.87.84.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:2a:ef:78:ba:31:81:e6:d7:f1:23:2f:01:77:a8:29:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  6 11:21:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=37e0234b63cd00f99cf6979a3583d4b067f983aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ef:f9:21:65:fb:4b:57:16:f5:5a:04:04:0f:
                    fc:34:46:aa:bf:57:f4:e3:1b:61:3e:85:e3:5d:e5:
                    29:29:d1:14:9c:51:56:a4:ee:63:00:7c:7a:91:3b:
                    f1:31:04:57:9b:39:43:3d:1c:cd:ad:d4:67:a9:76:
                    fd:4d:26:92:7c:f4:9a:c7:bf:7e:95:be:66:94:22:
                    a7:35:59:44:f3:8a:61:0a:e3:06:67:e4:c7:7d:b5:
                    e6:13:32:3a:d8:0f:d5:10:eb:a6:1c:bb:ae:6e:0b:
                    40:da:6d:6e:d1:71:38:b1:43:0e:08:3a:0d:12:55:
                    fc:c8:9d:f2:43:6f:8e:ab:4a:a9:63:4f:5c:85:65:
                    62:33:74:58:1a:e5:f3:a7:33:c6:7c:50:bf:12:a9:
                    e5:dd:0f:a1:8d:fa:5f:d1:32:3a:bf:50:92:16:4f:
                    7b:65:4b:10:a9:3f:01:6d:2a:9a:83:da:0c:5c:33:
                    c3:ab:5d:22:b5:00:ad:91:65:10:e5:f2:01:39:7a:
                    85:bc:46:e8:0e:1f:4e:8a:7e:1d:71:8d:b0:ed:cd:
                    2a:03:f3:8a:74:ff:1f:5e:ca:9d:2a:93:dc:8e:95:
                    99:ee:13:e7:04:02:99:67:2e:3a:f1:9b:90:d2:8b:
                    ba:41:6f:0c:e0:14:07:0a:04:c0:86:99:5d:49:fb:
                    90:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E0:23:4B:63:CD:00:F9:9C:F6:97:9A:35:83:D4:B0:67:F9:83:AA
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/N-AjS2PNAPmc9peaNYPUsGf5g6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.188.0/24
                  194.87.84.0/24
                  195.133.16.0/23
                  195.133.42.0/23
                  212.192.216.0/22
                  212.192.240.0/24
                  212.192.243.0/24
                  212.193.28.0/23
                  212.193.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:95:07:e4:97:d8:41:47:68:1d:3b:1d:a3:ee:c5:20:3f:23:
         9d:71:a6:ff:29:bc:f5:c3:4c:03:1f:b7:a9:a4:f8:42:a7:b5:
         e7:11:2e:66:38:1c:8a:2e:3f:36:1a:f8:c7:6c:33:d0:56:43:
         51:e5:78:a7:04:ba:dc:c1:c7:4d:2d:ba:95:1f:6b:4e:b1:45:
         3c:c7:2f:23:3e:2b:90:c8:d2:41:47:68:05:62:69:41:69:49:
         89:a5:33:af:ef:fc:f0:b6:73:77:6b:cd:d7:81:f5:31:cb:da:
         6e:17:50:1d:7c:a7:a3:96:aa:ed:b1:e2:6f:21:64:d9:af:4b:
         d4:ba:a5:25:1e:73:d8:2f:29:e5:ce:69:15:02:3a:ec:dc:62:
         70:fc:08:81:ad:cf:e5:70:84:ae:e8:a1:7a:64:f6:88:25:17:
         fe:33:77:65:d3:b3:f3:62:21:5f:80:8e:f5:ad:82:83:09:e0:
         28:fa:a6:6d:f0:50:ef:1b:92:8d:2b:08:ed:ea:0e:2b:21:b6:
         5e:0d:55:75:36:d8:23:bb:7b:11:7e:4e:85:06:45:7f:0a:8f:
         dd:86:59:7c:24:f8:50:8e:9b:f7:9f:d0:a5:88:b8:1a:cf:bc:
         09:da:66:eb:2b:0b:ab:29:4e:e8:b1:77:1d:ef:9e:d4:71:28:
         c0:94:6c:f0
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYkq73i6MYHm1/EjLwF3qCltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNzA2MTEyMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2UwMjM0YjYzY2QwMGY5OWNmNjk3OWEzNTgzZDRiMDY3Zjk4M2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+/5IWX7S1cW9VoEBA/8NEaqv1f0
4xthPoXjXeUpKdEUnFFWpO5jAHx6kTvxMQRXmzlDPRzNrdRnqXb9TSaSfPSax79+
lb5mlCKnNVlE84phCuMGZ+THfbXmEzI62A/VEOumHLuubgtA2m1u0XE4sUMOCDoN
ElX8yJ3yQ2+Oq0qpY09chWViM3RYGuXzpzPGfFC/Eqnl3Q+hjfpf0TI6v1CSFk97
ZUsQqT8BbSqag9oMXDPDq10itQCtkWUQ5fIBOXqFvEboDh9Oin4dcY2w7c0qA/OK
dP8fXsqdKpPcjpWZ7hPnBAKZZy468ZuQ0ou6QW8M4BQHCgTAhpldSfuQBwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFDfgI0tjzQD5nPaXmjWD1LBn+YOqMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTi1BalMyUE5BUG1jOXBlYU5ZUFVzR2Y1ZzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwHy8AwQA
wldUAwQBw4UQAwQBw4UqAwQC1MDYAwQA1MDwAwQA1MDzAwQB1MEcAwQA1MEfMA0G
CSqGSIb3DQEBCwUAA4IBAQCBlQfkl9hBR2gdOx2j7sUgPyOdcab/Kbz1w0wDH7ep
pPhCp7XnES5mOByKLj82GvjHbDPQVkNR5XinBLrcwcdNLbqVH2tOsUU8xy8jPiuQ
yNJBR2gFYmlBaUmJpTOv7/zwtnN3a83XgfUxy9puF1AdfKejlqrtseJvIWTZr0vU
uqUlHnPYLynlzmkVAjrs3GJw/AiBrc/lcISu6KF6ZPaIJRf+M3dl07PzYiFfgI71
rYKDCeAo+qZt8FDvG5KNKwjt6g4rIbZeDVV1Ntgju3sRfk6FBkV/Co/dhll8JPhQ
jpv3n9CliLgaz7wJ2mbrKwurKU7osXcd757UcSjAlGzw
-----END CERTIFICATE-----