Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nyjBXgk8zHqnohBPuin1wXmZHnA.roa
File:                     nyjBXgk8zHqnohBPuin1wXmZHnA.roa (raw, json)
Hash identifier:          xYNJ67ea2AImq3u3/oxviZje7IdYgFZEids/CTT8OcU=
Subject key identifier:   9F:28:C1:5E:09:3C:CC:7A:A7:A2:10:4F:BA:29:F5:C1:79:99:1E:70
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01878E91061D91099CED9C9B7078EA8C9074
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nyjBXgk8zHqnohBPuin1wXmZHnA.roa
Signing time:             Mon 17 Apr 2023 09:34:41 +0000
ROA not before:           Mon 17 Apr 2023 09:34:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49392
IP address blocks:        193.124.254.0/24 maxlen: 24
                          194.135.32.0/24 maxlen: 24
                          195.133.26.0/23 maxlen: 24
                          192.124.176.0/24 maxlen: 24
                          212.192.13.0/24 maxlen: 24
                          195.133.52.0/23 maxlen: 23
                          195.133.56.0/22 maxlen: 22
                          195.133.59.0/24 maxlen: 24
                          194.87.118.0/23 maxlen: 24
                          195.133.10.0/23 maxlen: 23
                          195.133.6.0/23 maxlen: 23
                          194.87.40.0/24 maxlen: 24
                          185.72.10.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8e:91:06:1d:91:09:9c:ed:9c:9b:70:78:ea:8c:90:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 17 09:34:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9f28c15e093ccc7aa7a2104fba29f5c179991e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0e:e8:31:a0:a0:4c:25:53:e5:d4:bf:18:90:
                    a2:0b:fa:91:6b:9b:92:bc:2b:85:e9:ca:9d:01:2f:
                    e6:59:12:63:93:a9:de:aa:1f:79:d2:40:02:b5:2d:
                    6c:1b:f1:8e:70:43:14:69:7e:5d:24:ee:bc:34:ee:
                    99:3b:77:33:ce:0e:8e:2f:d6:a0:b6:b6:19:66:c7:
                    2f:fd:37:7c:98:d2:31:77:46:08:1a:c3:12:a9:08:
                    8b:05:10:ef:e7:ae:0e:bb:d9:d0:fa:4d:fa:85:8f:
                    a5:c7:66:82:11:18:ea:70:e1:a3:0f:48:fb:75:21:
                    af:59:67:10:07:51:fe:84:85:fa:73:66:08:63:f4:
                    20:18:12:96:f6:ff:7e:fa:7e:37:a0:f5:34:4e:3a:
                    e9:36:6d:11:c8:3d:6f:d1:99:e9:bb:13:6b:39:0e:
                    db:2d:81:3c:fc:8a:7e:20:98:d7:e8:52:36:10:b6:
                    bf:53:bf:f7:a2:86:0c:22:fe:74:a8:ad:29:ab:bf:
                    4b:78:8e:d2:d5:6c:ed:d9:49:19:fa:be:95:da:ef:
                    65:4f:1c:73:bf:98:56:3b:ce:6c:9d:a6:db:ba:96:
                    8a:0e:73:2c:e9:83:05:98:0f:da:d9:1d:5f:cf:2b:
                    6a:f6:80:1e:70:ae:b3:13:34:3a:09:26:41:4a:92:
                    30:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:28:C1:5E:09:3C:CC:7A:A7:A2:10:4F:BA:29:F5:C1:79:99:1E:70
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nyjBXgk8zHqnohBPuin1wXmZHnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.10.0/24
                  192.124.176.0/24
                  193.124.254.0/24
                  194.87.40.0/24
                  194.87.118.0/23
                  194.135.32.0/24
                  195.133.6.0/23
                  195.133.10.0/23
                  195.133.26.0/23
                  195.133.52.0/23
                  195.133.56.0/22
                  212.192.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:82:36:af:8e:8d:20:7f:d2:aa:b0:94:19:1c:27:03:9b:ca:
         e6:d4:55:cf:55:3f:45:5b:b0:ec:e1:06:20:c4:a4:61:7a:43:
         39:55:db:a2:1a:cc:8a:b1:5c:90:ad:4b:57:ce:c4:f2:a9:69:
         39:3a:61:a1:94:ab:05:22:24:a4:d0:fb:4f:ab:87:87:7d:3c:
         6c:3c:56:ac:b4:5b:5b:0f:5b:19:35:97:c1:21:e0:09:40:ea:
         84:51:74:5f:39:7b:a8:c1:e6:05:26:70:84:49:ef:ff:57:cb:
         71:dd:ee:8f:c1:39:43:61:c7:fb:3f:47:ae:5b:8d:4b:3f:1d:
         46:f1:ed:26:2b:e7:69:79:2c:17:31:2e:09:45:12:c8:52:c5:
         8c:af:80:7a:70:9c:79:8a:4a:08:7a:80:51:6b:46:1f:11:9b:
         2d:14:b5:fd:48:87:27:22:2b:6d:d9:b2:1a:71:04:16:40:85:
         6c:c5:78:3d:00:f1:4f:40:db:09:48:ad:dd:e5:0d:17:09:7c:
         58:b0:ac:d4:f3:1b:3b:44:c5:9b:b7:14:04:81:d2:87:80:45:
         4b:43:cc:d6:d9:2f:a7:fb:73:f3:38:68:a6:08:ec:1e:dc:ec:
         93:f7:18:9d:78:f0:da:71:47:9c:d9:f3:77:03:db:a5:75:f7:
         73:f6:20:36
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYeOkQYdkQmc7ZybcHjqjJB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNDE3MDkzNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjI4YzE1ZTA5M2NjYzdhYTdhMjEwNGZiYTI5ZjVjMTc5OTkxZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQ7oMaCgTCVT5dS/GJCiC/qRa5uS
vCuF6cqdAS/mWRJjk6neqh950kACtS1sG/GOcEMUaX5dJO68NO6ZO3czzg6OL9ag
trYZZscv/Td8mNIxd0YIGsMSqQiLBRDv564Ou9nQ+k36hY+lx2aCERjqcOGjD0j7
dSGvWWcQB1H+hIX6c2YIY/QgGBKW9v9++n43oPU0TjrpNm0RyD1v0ZnpuxNrOQ7b
LYE8/Ip+IJjX6FI2ELa/U7/3ooYMIv50qK0pq79LeI7S1Wzt2UkZ+r6V2u9lTxxz
v5hWO85snabbupaKDnMs6YMFmA/a2R1fzytq9oAecK6zEzQ6CSZBSpIwxwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJ8owV4JPMx6p6IQT7op9cF5mR5wMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbnlqQlhnazh6SHFub2hCUHVpbjF3WG1aSG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAuUgKAwQA
wHywAwQAwXz+AwQAwlcoAwQBwld2AwQAwocgAwQBw4UGAwQBw4UKAwQBw4UaAwQB
w4U0AwQCw4U4AwQA1MANMA0GCSqGSIb3DQEBCwUAA4IBAQCXgjavjo0gf9KqsJQZ
HCcDm8rm1FXPVT9FW7Ds4QYgxKRhekM5VduiGsyKsVyQrUtXzsTyqWk5OmGhlKsF
IiSk0PtPq4eHfTxsPFastFtbD1sZNZfBIeAJQOqEUXRfOXuoweYFJnCESe//V8tx
3e6PwTlDYcf7P0euW41LPx1G8e0mK+dpeSwXMS4JRRLIUsWMr4B6cJx5ikoIeoBR
a0YfEZstFLX9SIcnIitt2bIacQQWQIVsxXg9APFPQNsJSK3d5Q0XCXxYsKzU8xs7
RMWbtxQEgdKHgEVLQ8zW2S+n+3PzOGimCOwe3OyT9xidePDacUec2fN3A9uldfdz
9iA2
-----END CERTIFICATE-----