Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/p2K0CKJXRz2OyFv9ecnCE-0oPkM.roa
File:                     p2K0CKJXRz2OyFv9ecnCE-0oPkM.roa (raw, json)
Hash identifier:          dGoPvORV/uoWww1BYA/0x70RzhcAq8bV748sMtGIoeU=
Subject key identifier:   A7:62:B4:08:A2:57:47:3D:8E:C8:5B:FD:79:C9:C2:13:ED:28:3E:43
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018B056D31905CED65828B584F197EC63A69
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/p2K0CKJXRz2OyFv9ecnCE-0oPkM.roa
Signing time:             Fri 06 Oct 2023 14:38:44 +0000
ROA not before:           Fri 06 Oct 2023 14:38:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51659
IP address blocks:        193.124.7.0/24 maxlen: 24
                          194.87.215.0/24 maxlen: 24
                          195.58.37.0/24 maxlen: 24
                          195.133.23.0/24 maxlen: 24
                          195.58.48.0/23 maxlen: 23
                          194.87.196.0/23 maxlen: 23
                          194.87.106.0/24 maxlen: 24
                          195.133.8.0/24 maxlen: 24
                          195.133.5.0/24 maxlen: 24
                          195.133.9.0/24 maxlen: 24
                          194.87.48.0/24 maxlen: 24
                          194.87.49.0/24 maxlen: 24
                          194.87.70.0/24 maxlen: 24
                          194.87.68.0/23 maxlen: 23

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:05:6d:31:90:5c:ed:65:82:8b:58:4f:19:7e:c6:3a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct  6 14:38:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a762b408a257473d8ec85bfd79c9c213ed283e43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:72:e2:b1:77:4f:55:7b:89:6e:86:f2:1a:db:
                    a4:78:63:b3:61:99:f6:11:98:ba:3e:ac:c1:55:e2:
                    12:6b:1c:e7:5a:26:b1:d8:5f:50:f9:fb:80:fe:c8:
                    bd:e1:ef:c7:5c:9e:c5:55:fe:5e:41:2a:b1:5d:10:
                    a6:f7:e6:ca:05:31:ff:2b:34:73:54:65:f6:08:84:
                    2b:9a:45:2e:55:9b:6e:8e:b3:24:04:0e:e4:d0:ad:
                    1d:59:99:23:36:09:79:fa:c6:13:e4:05:35:57:62:
                    28:53:a8:02:ca:84:e6:06:a8:64:4b:b8:09:a3:8d:
                    a5:4c:be:38:d6:d2:e9:e3:0a:a8:a8:ae:19:e8:d3:
                    23:9e:8b:05:2d:93:8d:e7:26:de:03:44:45:c3:09:
                    b4:77:99:07:3c:eb:47:04:a5:de:55:61:c5:36:63:
                    1f:31:6d:b5:79:08:26:1e:dd:a5:4e:2c:05:72:2d:
                    3c:c4:bf:a6:ee:21:92:69:cb:6c:68:2d:27:b0:52:
                    26:5c:a5:50:85:f0:9d:ee:31:b4:c0:cc:67:1e:b2:
                    9a:c3:44:a3:ec:14:23:de:df:67:b1:7c:9e:6d:12:
                    18:2c:1f:0e:f2:26:26:81:b0:d6:e2:fb:2d:61:55:
                    83:d9:06:2c:2f:f3:d1:20:08:06:51:c1:8b:1c:82:
                    44:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:62:B4:08:A2:57:47:3D:8E:C8:5B:FD:79:C9:C2:13:ED:28:3E:43
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/p2K0CKJXRz2OyFv9ecnCE-0oPkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.7.0/24
                  194.87.48.0/23
                  194.87.68.0-194.87.70.255
                  194.87.106.0/24
                  194.87.196.0/23
                  194.87.215.0/24
                  195.58.37.0/24
                  195.58.48.0/23
                  195.133.5.0/24
                  195.133.8.0/23
                  195.133.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:69:e2:f9:da:40:c9:30:2e:d2:3a:07:3a:93:6f:95:b6:31:
         5a:2f:b3:8a:b2:b2:c4:e0:82:37:ab:50:7a:01:5b:a4:22:17:
         4b:65:da:28:07:9a:e8:4e:de:4c:0a:2a:95:66:35:dc:2f:dc:
         a2:6f:4f:e0:05:d0:fa:38:d2:93:e6:b1:e3:fe:1c:1b:63:c6:
         f0:03:9b:79:b9:d1:1b:ca:c0:4c:23:fc:98:bd:e8:d3:08:3d:
         81:72:3c:08:76:8b:01:69:6c:fb:88:ac:a2:73:27:56:bc:22:
         43:89:d9:84:80:0a:89:3a:e2:9b:f7:b9:00:27:46:41:16:66:
         8f:b7:91:1f:c5:95:a2:42:c1:20:49:44:3e:53:4b:e4:a2:94:
         c2:c2:8d:b3:20:0d:3b:29:7c:8c:e6:1f:62:4f:87:62:1d:61:
         70:c1:3d:79:92:b2:ed:06:53:1c:2a:d3:a8:28:9f:6b:f8:9b:
         5f:bc:c9:15:49:d0:77:a9:7a:a1:30:d4:2b:03:f6:68:7f:41:
         bb:53:4b:89:e9:a1:f7:0f:a0:ee:0b:f2:6a:7e:48:43:d9:73:
         5e:94:5c:ad:f7:fd:1c:ab:6a:53:88:ec:5f:95:37:81:34:17:
         8c:96:d3:67:f2:46:8c:8c:64:e3:77:09:9e:21:ff:54:90:2c:
         4d:43:62:70
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYsFbTGQXO1lgotYTxl+xjppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMDA2MTQzODQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzYyYjQwOGEyNTc0NzNkOGVjODViZmQ3OWM5YzIxM2VkMjgzZTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nLisXdPVXuJbobyGtukeGOzYZn2
EZi6PqzBVeISaxznWiax2F9Q+fuA/si94e/HXJ7FVf5eQSqxXRCm9+bKBTH/KzRz
VGX2CIQrmkUuVZtujrMkBA7k0K0dWZkjNgl5+sYT5AU1V2IoU6gCyoTmBqhkS7gJ
o42lTL441tLp4wqoqK4Z6NMjnosFLZON5ybeA0RFwwm0d5kHPOtHBKXeVWHFNmMf
MW21eQgmHt2lTiwFci08xL+m7iGSactsaC0nsFImXKVQhfCd7jG0wMxnHrKaw0Sj
7BQj3t9nsXyebRIYLB8O8iYmgbDW4vstYVWD2QYsL/PRIAgGUcGLHIJEEwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFKditAiiV0c9jshb/XnJwhPtKD5DMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcDJLMENLSlhSejJPeUZ2OWVjbkNFLTBvUGtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAwXwHAwQB
wlcwMAwDBALCV0QDBADCV0YDBADCV2oDBAHCV8QDBADCV9cDBADDOiUDBAHDOjAD
BADDhQUDBAHDhQgDBADDhRcwDQYJKoZIhvcNAQELBQADggEBAEBp4vnaQMkwLtI6
BzqTb5W2MVovs4qyssTggjerUHoBW6QiF0tl2igHmuhO3kwKKpVmNdwv3KJvT+AF
0Po40pPmseP+HBtjxvADm3m50RvKwEwj/Ji96NMIPYFyPAh2iwFpbPuIrKJzJ1a8
IkOJ2YSACok64pv3uQAnRkEWZo+3kR/FlaJCwSBJRD5TS+SilMLCjbMgDTspfIzm
H2JPh2IdYXDBPXmSsu0GUxwq06gon2v4m1+8yRVJ0HepeqEw1CsD9mh/QbtTS4np
ofcPoO4L8mp+SEPZc16UXK33/RyralOI7F+VN4E0F4yW02fyRoyMZON3CZ4h/1SQ
LE1DYnA=
-----END CERTIFICATE-----