Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uW1952BUN9ETnQGjQbzRCsQ4WhE.roa
File:                     uW1952BUN9ETnQGjQbzRCsQ4WhE.roa (raw, json)
Hash identifier:          01qcCaDnYuftlhY1RhXQS6yZBNLZiZr61hAteQJF0o8=
Subject key identifier:   B9:6D:7D:E7:60:54:37:D1:13:9D:01:A3:41:BC:D1:0A:C4:38:5A:11
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018A2248A4FFC1F43E7BD8FB0D29CE499DC7
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uW1952BUN9ETnQGjQbzRCsQ4WhE.roa
Signing time:             Wed 23 Aug 2023 12:05:00 +0000
ROA not before:           Wed 23 Aug 2023 12:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51722
IP address blocks:        194.87.21.0/24 maxlen: 24
                          194.135.18.0/24 maxlen: 24
                          194.87.33.0/24 maxlen: 24
                          195.133.22.0/24 maxlen: 24
                          194.87.166.0/24 maxlen: 24
                          194.87.170.0/24 maxlen: 24
                          195.58.55.0/24 maxlen: 24
                          212.192.251.0/24 maxlen: 24
                          194.87.181.0/24 maxlen: 24
                          212.192.250.0/24 maxlen: 24
                          195.58.59.0/24 maxlen: 24
                          212.192.248.0/24 maxlen: 24
                          193.124.201.0/24 maxlen: 24
                          194.87.187.0/24 maxlen: 24
                          193.124.95.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:22:48:a4:ff:c1:f4:3e:7b:d8:fb:0d:29:ce:49:9d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 23 12:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b96d7de7605437d1139d01a341bcd10ac4385a11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b5:e7:85:f7:ce:d6:d0:b4:f5:23:af:fb:db:
                    3a:f1:e6:f5:43:da:78:d0:aa:e2:e5:5b:6a:80:43:
                    0d:59:6d:59:7b:79:5c:dd:d6:28:63:77:54:ce:a7:
                    d2:f8:c3:37:6a:a2:65:3d:8f:8b:c4:ad:1d:ac:44:
                    2a:a9:48:58:52:8d:70:12:5c:21:72:21:5b:32:66:
                    d3:2c:10:0c:26:33:b8:3b:c9:60:71:52:29:69:b6:
                    64:3b:90:39:5c:bc:10:33:47:66:61:e2:d8:3d:a2:
                    3f:95:11:0e:a0:18:6e:d3:e0:f4:62:73:af:11:34:
                    ce:28:88:a5:bb:b2:c5:9c:7e:eb:46:d8:93:4f:9d:
                    16:61:bc:68:d7:88:a4:25:f1:6e:de:99:d9:1b:79:
                    e4:76:43:33:94:8b:89:bc:ad:3e:19:c7:84:7f:78:
                    e8:d6:d5:d7:a8:7b:d6:74:2f:8a:b1:ef:bc:71:79:
                    8e:b4:40:4d:93:c2:46:00:f9:85:7b:4a:8e:c0:d8:
                    6f:02:45:9f:84:70:1c:bd:26:aa:2d:de:92:5a:68:
                    74:67:10:45:a1:cb:29:7f:9b:f0:c4:fc:c8:05:fb:
                    70:60:78:52:38:4a:3d:66:7b:82:2a:96:82:f4:3e:
                    a7:ba:92:ab:fa:02:4e:00:8a:23:c7:68:a7:2d:b3:
                    e6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:6D:7D:E7:60:54:37:D1:13:9D:01:A3:41:BC:D1:0A:C4:38:5A:11
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uW1952BUN9ETnQGjQbzRCsQ4WhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.95.0/24
                  193.124.201.0/24
                  194.87.21.0/24
                  194.87.33.0/24
                  194.87.166.0/24
                  194.87.170.0/24
                  194.87.181.0/24
                  194.87.187.0/24
                  194.135.18.0/24
                  195.58.55.0/24
                  195.58.59.0/24
                  195.133.22.0/24
                  212.192.248.0/24
                  212.192.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:e4:bc:33:46:1e:a1:8d:d1:8f:30:0f:1c:b6:07:67:fb:7a:
         8a:1e:ad:97:f6:99:78:24:b1:58:f6:12:02:05:81:c1:8d:0e:
         b9:a1:a2:a0:b8:d2:f3:e3:d3:26:f0:c0:c3:94:2b:2b:c9:67:
         e9:24:ae:ae:4d:08:bd:c9:cc:b3:32:54:bf:27:22:5e:01:5e:
         44:32:c0:6f:0d:c8:eb:21:73:ed:78:3f:98:1b:be:ce:74:32:
         23:91:18:29:df:52:44:30:90:d4:36:09:2a:00:65:e0:57:05:
         96:0e:d3:35:1a:62:b3:22:de:e8:1f:d6:36:78:d5:75:a0:34:
         ce:00:f0:9b:1e:50:9c:4e:7f:d8:d7:9c:de:ba:ef:73:c2:c5:
         d2:1a:25:aa:61:d9:60:17:24:2a:9f:44:28:35:61:b2:e8:90:
         a8:17:69:81:21:2a:04:80:b4:00:84:d8:b4:13:d4:2e:0a:99:
         e3:48:a6:64:06:03:ad:6d:6f:4e:79:a6:1f:6c:0c:ac:73:52:
         bb:ae:bb:3b:c2:37:df:23:3d:bc:37:e2:6d:79:cb:c4:dc:84:
         02:55:f3:4f:a0:62:7e:9e:97:b2:31:1f:bb:fb:65:fb:98:89:
         9f:e9:a5:8f:be:85:12:20:3f:61:08:91:1a:16:e2:49:ab:b2:
         cc:d2:c3:3b
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYoiSKT/wfQ+e9j7DSnOSZ3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwODIzMTIwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTZkN2RlNzYwNTQzN2QxMTM5ZDAxYTM0MWJjZDEwYWM0Mzg1YTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrXnhffO1tC09SOv+9s68eb1Q9p4
0Kri5VtqgEMNWW1Ze3lc3dYoY3dUzqfS+MM3aqJlPY+LxK0drEQqqUhYUo1wElwh
ciFbMmbTLBAMJjO4O8lgcVIpabZkO5A5XLwQM0dmYeLYPaI/lREOoBhu0+D0YnOv
ETTOKIilu7LFnH7rRtiTT50WYbxo14ikJfFu3pnZG3nkdkMzlIuJvK0+GceEf3jo
1tXXqHvWdC+Kse+8cXmOtEBNk8JGAPmFe0qOwNhvAkWfhHAcvSaqLd6SWmh0ZxBF
ocspf5vwxPzIBftwYHhSOEo9ZnuCKpaC9D6nupKr+gJOAIojx2inLbPmLwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFLltfedgVDfRE50Bo0G80QrEOFoRMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdVcxOTUyQlVOOUVUblFHalFielJDc1E0V2hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAwXxfAwQA
wXzJAwQAwlcVAwQAwlchAwQAwlemAwQAwleqAwQAwle1AwQAwle7AwQAwocSAwQA
wzo3AwQAwzo7AwQAw4UWAwQA1MD4AwQB1MD6MA0GCSqGSIb3DQEBCwUAA4IBAQAE
5LwzRh6hjdGPMA8ctgdn+3qKHq2X9pl4JLFY9hICBYHBjQ65oaKguNLz49Mm8MDD
lCsryWfpJK6uTQi9ycyzMlS/JyJeAV5EMsBvDcjrIXPteD+YG77OdDIjkRgp31JE
MJDUNgkqAGXgVwWWDtM1GmKzIt7oH9Y2eNV1oDTOAPCbHlCcTn/Y15zeuu9zwsXS
GiWqYdlgFyQqn0QoNWGy6JCoF2mBISoEgLQAhNi0E9QuCpnjSKZkBgOtbW9OeaYf
bAysc1K7rrs7wjffIz28N+JtecvE3IQCVfNPoGJ+npeyMR+7+2X7mImf6aWPvoUS
ID9hCJEaFuJJq7LM0sM7
-----END CERTIFICATE-----