Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lY0_-NnvcUysRMZs5We1d-Ach9s.roa
File:                     lY0_-NnvcUysRMZs5We1d-Ach9s.roa (raw, json)
Hash identifier:          HvEgIZwLW1EHnNFMdu3cZxtkwZ5B5P5o0amNfmQKWXE=
Subject key identifier:   95:8D:3F:F8:D9:EF:71:4C:AC:44:C6:6C:E5:67:B5:77:E0:1C:87:DB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01856F671CF470C46172DE636C51FF841631
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lY0_-NnvcUysRMZs5We1d-Ach9s.roa
Signing time:             Sun 01 Jan 2023 22:15:06 +0000
ROA not before:           Sun 01 Jan 2023 22:15:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     398343
IP address blocks:        194.135.104.0/24 maxlen: 24
                          212.193.24.0/22 maxlen: 24
                          62.76.233.0/24 maxlen: 24
                          194.87.225.0/24 maxlen: 24
                          194.87.120.0/23 maxlen: 24
                          195.133.9.0/24 maxlen: 24
                          194.135.38.0/24 maxlen: 24
                          194.135.32.0/24 maxlen: 24
                          195.133.21.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.26.0/23 maxlen: 23
                          195.133.59.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:67:1c:f4:70:c4:61:72:de:63:6c:51:ff:84:16:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  1 22:15:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=958d3ff8d9ef714cac44c66ce567b577e01c87db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c2:c3:9d:02:3d:47:d3:b2:25:17:71:46:89:
                    19:27:fc:1f:52:7b:d5:b1:6d:e9:d9:8a:3f:c5:58:
                    e3:bd:1a:5a:c5:9c:4f:e5:b3:97:d2:7a:ca:cf:50:
                    11:c3:fe:d0:3e:34:95:8b:af:4b:23:6a:cc:76:f0:
                    44:84:3e:74:ba:04:3b:d7:44:83:c2:50:7d:61:35:
                    33:bb:66:35:99:1b:1f:58:33:d8:42:c7:a6:01:4a:
                    4c:da:a2:96:c0:6c:26:a5:a3:c2:29:49:2e:b1:18:
                    7d:b3:3e:e6:c1:96:7a:f6:53:33:fd:48:55:0c:c8:
                    40:81:62:d1:bf:85:29:87:af:c1:5f:87:e8:07:56:
                    f5:8d:e5:51:79:b5:f3:a7:44:d2:c9:1c:81:e3:f2:
                    fb:8f:43:88:96:67:57:2e:ed:94:be:75:be:3f:51:
                    fa:d6:6e:4f:fd:c2:95:ff:81:75:2b:86:76:e1:81:
                    86:42:13:00:5a:e1:79:6f:b4:9f:d0:e4:1d:21:fe:
                    ce:45:46:54:ef:02:c3:52:62:66:47:83:85:51:6f:
                    0b:64:6e:c5:d5:77:5d:dd:49:bc:b1:d4:9c:a8:b0:
                    4b:8e:50:0c:b0:2b:f6:da:5a:0d:5f:df:3a:a0:e8:
                    e5:5a:57:fd:d2:de:fe:72:30:00:10:bb:e6:7d:bf:
                    69:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:8D:3F:F8:D9:EF:71:4C:AC:44:C6:6C:E5:67:B5:77:E0:1C:87:DB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lY0_-NnvcUysRMZs5We1d-Ach9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.233.0/24
                  194.87.120.0/23
                  194.87.225.0/24
                  194.135.32.0/24
                  194.135.38.0/24
                  194.135.104.0/24
                  195.133.9.0/24
                  195.133.21.0/24
                  195.133.25.0-195.133.27.255
                  195.133.59.0/24
                  212.193.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:18:9d:6d:d2:90:21:5a:94:51:04:c9:33:80:b6:c7:29:16:
         0f:e7:0d:6b:f9:3f:a9:0d:d8:74:21:cb:46:93:73:8c:72:87:
         d1:d0:ca:fe:5b:ba:43:8f:d5:31:27:c1:1e:63:24:18:5a:86:
         a8:9f:3c:5a:8b:78:c5:0a:36:4c:d9:27:40:74:51:79:80:f3:
         f6:ac:41:1d:d0:55:1b:51:05:d0:23:6d:75:52:70:67:85:c3:
         22:4e:02:32:e3:b4:e5:9d:6a:45:88:2f:d8:c6:53:f1:23:89:
         6a:1a:ff:fa:ea:69:e4:3f:41:ee:8c:a6:61:fb:78:0c:b4:d8:
         91:79:b9:17:80:b4:30:70:29:15:f7:f3:80:11:91:ff:99:e7:
         2b:7f:4d:1e:87:56:4c:bb:68:6a:a9:2d:ba:04:d1:6c:7a:0a:
         24:6a:31:0c:da:7c:74:32:79:30:76:e4:53:79:91:74:72:27:
         1a:25:f1:bc:c5:9c:7b:f4:d7:8f:7f:27:ad:7e:bc:d0:e4:e1:
         ac:75:ac:a9:c0:de:cd:32:8d:3c:15:fd:15:d1:35:a2:35:a6:
         d5:ff:82:3e:bd:2d:d4:93:f2:b9:99:28:45:fc:6d:69:e6:8c:
         3a:7f:1d:a3:0e:41:78:5b:79:54:22:d0:77:d1:f8:96:27:0f:
         d2:49:6d:61
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVvZxz0cMRhct5jbFH/hBYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMTAxMjIxNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NThkM2ZmOGQ5ZWY3MTRjYWM0NGM2NmNlNTY3YjU3N2UwMWM4N2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMLDnQI9R9OyJRdxRokZJ/wfUnvV
sW3p2Yo/xVjjvRpaxZxP5bOX0nrKz1ARw/7QPjSVi69LI2rMdvBEhD50ugQ710SD
wlB9YTUzu2Y1mRsfWDPYQsemAUpM2qKWwGwmpaPCKUkusRh9sz7mwZZ69lMz/UhV
DMhAgWLRv4Uph6/BX4foB1b1jeVRebXzp0TSyRyB4/L7j0OIlmdXLu2UvnW+P1H6
1m5P/cKV/4F1K4Z24YGGQhMAWuF5b7Sf0OQdIf7ORUZU7wLDUmJmR4OFUW8LZG7F
1Xdd3Um8sdScqLBLjlAMsCv22loNX986oOjlWlf90t7+cjAAELvmfb9pNQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFJWNP/jZ73FMrETGbOVntXfgHIfbMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbFkwXy1ObnZjVXlzUk1aczVXZTFkLUFjaDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAPkzpAwQB
wld4AwQAwlfhAwQAwocgAwQAwocmAwQAwodoAwQAw4UJAwQAw4UVMAwDBADDhRkD
BALDhRgDBADDhTsDBALUwRgwDQYJKoZIhvcNAQELBQADggEBADEYnW3SkCFalFEE
yTOAtscpFg/nDWv5P6kN2HQhy0aTc4xyh9HQyv5bukOP1TEnwR5jJBhahqifPFqL
eMUKNkzZJ0B0UXmA8/asQR3QVRtRBdAjbXVScGeFwyJOAjLjtOWdakWIL9jGU/Ej
iWoa//rqaeQ/Qe6MpmH7eAy02JF5uReAtDBwKRX384ARkf+Z5yt/TR6HVky7aGqp
LboE0Wx6CiRqMQzafHQyeTB25FN5kXRyJxol8bzFnHv0149/J61+vNDk4ax1rKnA
3s0yjTwV/RXRNaI1ptX/gj69LdST8rmZKEX8bWnmjDp/HaMOQXhbeVQi0HfR+JYn
D9JJbWE=
-----END CERTIFICATE-----