Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VVH9k8ib6h5fmujgSn2rr17M3Yw.roa
File:                     VVH9k8ib6h5fmujgSn2rr17M3Yw.roa (raw, json)
Hash identifier:          tSLusc9juaclN6SygWf/uZTatKrfKTHQYPi/E6xqSkM=
Subject key identifier:   55:51:FD:93:C8:9B:EA:1E:5F:9A:E8:E0:4A:7D:AB:AF:5E:CC:DD:8C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0185C437F61598AC6BFC5B6320A9A0DFEB4D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VVH9k8ib6h5fmujgSn2rr17M3Yw.roa
Signing time:             Wed 18 Jan 2023 09:31:19 +0000
ROA not before:           Wed 18 Jan 2023 09:31:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        212.193.15.0/24 maxlen: 24
                          212.193.13.0/24 maxlen: 24
                          212.193.12.0/24 maxlen: 24
                          195.133.82.0/24 maxlen: 24
                          185.72.9.0/24 maxlen: 24
                          194.87.181.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24
                          212.193.1.0/24 maxlen: 24
                          212.193.2.0/24 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          194.87.90.0/24 maxlen: 24
                          194.87.198.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c4:37:f6:15:98:ac:6b:fc:5b:63:20:a9:a0:df:eb:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 18 09:31:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5551fd93c89bea1e5f9ae8e04a7dabaf5eccdd8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:70:76:c8:d7:a6:b4:37:d1:7d:9b:b0:1a:bb:
                    dd:de:3a:b8:65:e4:9b:91:b9:1c:bd:14:45:91:09:
                    b0:0c:a8:d8:16:4d:57:ee:b0:5a:fd:18:f9:ba:78:
                    58:5c:30:96:e4:c7:26:40:e9:a1:0f:42:d8:07:ae:
                    ac:b0:3b:1f:d9:cb:fc:d9:a0:bd:18:25:ed:55:c2:
                    c8:06:cf:26:ab:b8:9a:7c:99:e7:1d:11:9e:0a:54:
                    51:1c:8d:50:64:ff:44:11:50:b6:bd:e4:46:03:08:
                    ba:6b:8d:fe:19:27:7f:13:cf:fd:21:17:66:52:b0:
                    54:a1:99:ac:58:5c:11:30:d7:25:94:16:3f:d1:87:
                    c7:a8:d0:84:25:00:ff:70:c9:93:7e:48:3a:f1:08:
                    ee:cb:62:b3:a2:30:56:6e:3d:c8:45:cc:5a:e8:d4:
                    ed:7a:33:c8:f8:2d:5c:b9:d1:c5:fb:cf:04:84:f3:
                    b0:14:4a:43:d2:2a:22:9d:04:f2:23:77:e3:32:96:
                    87:5a:9b:bb:89:06:3a:ff:95:de:48:13:23:ac:d7:
                    a4:fc:ce:40:ee:64:13:66:df:bd:06:c5:01:60:55:
                    7f:8e:b3:68:64:c9:88:81:dd:54:22:f2:18:5a:fb:
                    06:63:be:dc:3d:f7:44:76:56:3c:a9:7f:b8:ee:84:
                    ce:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:51:FD:93:C8:9B:EA:1E:5F:9A:E8:E0:4A:7D:AB:AF:5E:CC:DD:8C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VVH9k8ib6h5fmujgSn2rr17M3Yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.9.0/24
                  194.87.73.0/24
                  194.87.90.0/24
                  194.87.181.0/24
                  194.87.198.0/24
                  195.133.82.0/24
                  212.193.0.0-212.193.2.255
                  212.193.12.0/23
                  212.193.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:64:6e:54:27:f6:15:2a:31:23:ca:6a:e4:d7:73:6f:35:3b:
         8e:60:99:83:dc:c2:a8:c7:f4:1a:4f:a5:9f:1a:57:4d:7c:1c:
         81:e8:4f:3b:4e:df:9f:92:84:08:f0:bf:5f:3b:4f:43:c2:e7:
         5c:59:a6:56:34:f9:21:d5:51:42:55:1e:69:29:47:97:db:fc:
         79:c7:67:06:1b:33:5b:09:f3:9b:3e:86:2a:79:26:f4:cb:ce:
         0c:39:3f:1a:f2:d7:eb:66:4c:6c:db:5f:75:1e:51:5a:7f:df:
         7d:d7:ae:40:78:6b:06:92:9e:c6:3e:46:a0:0e:7d:0f:63:06:
         77:7a:0e:a3:d2:c4:e3:f3:ee:4c:34:8a:09:d9:d0:4d:ae:21:
         3d:ee:7d:45:86:35:51:37:ac:12:1d:da:07:b3:13:9c:ec:d4:
         22:dd:e3:36:bf:31:66:02:68:3d:2d:79:54:8c:4f:ca:7e:4f:
         0d:35:5b:d6:57:d4:6f:bb:1f:3d:ca:87:c6:26:bc:ca:38:f6:
         86:06:ee:b4:c7:2d:bd:d7:c4:58:15:70:72:0f:b8:f8:6a:d5:
         ef:62:13:92:d8:29:ea:47:7f:8d:0d:46:57:09:40:9d:e2:d5:
         fa:cc:1a:20:73:86:28:b0:cf:b8:55:06:79:35:32:61:06:ec:
         f0:b2:a0:ed
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYXEN/YVmKxr/FtjIKmg3+tNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMTE4MDkzMTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTUxZmQ5M2M4OWJlYTFlNWY5YWU4ZTA0YTdkYWJhZjVlY2NkZDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3B2yNemtDfRfZuwGrvd3jq4ZeSb
kbkcvRRFkQmwDKjYFk1X7rBa/Rj5unhYXDCW5McmQOmhD0LYB66ssDsf2cv82aC9
GCXtVcLIBs8mq7iafJnnHRGeClRRHI1QZP9EEVC2veRGAwi6a43+GSd/E8/9IRdm
UrBUoZmsWFwRMNcllBY/0YfHqNCEJQD/cMmTfkg68Qjuy2KzojBWbj3IRcxa6NTt
ejPI+C1cudHF+88EhPOwFEpD0ioinQTyI3fjMpaHWpu7iQY6/5XeSBMjrNek/M5A
7mQTZt+9BsUBYFV/jrNoZMmIgd1UIvIYWvsGY77cPfdEdlY8qX+47oTOOQIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFFVR/ZPIm+oeX5ro4Ep9q69ezN2MMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVlZIOWs4aWI2aDVmbXVqZ1NuMnJyMTdNM1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTBDBAIAATA9AwQAuUgJAwQA
wldJAwQAwldaAwQAwle1AwQAwlfGAwQAw4VSMAsDAwDUwQMEANTBAgMEAdTBDAME
ANTBDzANBgkqhkiG9w0BAQsFAAOCAQEAKmRuVCf2FSoxI8pq5NdzbzU7jmCZg9zC
qMf0Gk+lnxpXTXwcgehPO07fn5KECPC/XztPQ8LnXFmmVjT5IdVRQlUeaSlHl9v8
ecdnBhszWwnzmz6GKnkm9MvODDk/GvLX62ZMbNtfdR5RWn/ffdeuQHhrBpKexj5G
oA59D2MGd3oOo9LE4/PuTDSKCdnQTa4hPe59RYY1UTesEh3aB7MTnOzUIt3jNr8x
ZgJoPS15VIxPyn5PDTVb1lfUb7sfPcqHxia8yjj2hgbutMctvdfEWBVwcg+4+GrV
72ITktgp6kd/jQ1GVwlAneLV+swaIHOGKLDPuFUGeTUyYQbs8LKg7Q==
-----END CERTIFICATE-----