Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/z2rt-NMY67DfSxwhA-1auSefNFk.roa
File:                     z2rt-NMY67DfSxwhA-1auSefNFk.roa (raw, json)
Hash identifier:          nFpV7wmswWiQnYra9VqB+jWzB7WGRkTyxPoxAxnK+jU=
Subject key identifier:   CF:6A:ED:F8:D3:18:EB:B0:DF:4B:1C:21:03:ED:5A:B9:27:9F:34:59
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01890BBB67ABC5D1D54F0C451DCA893A4697
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/z2rt-NMY67DfSxwhA-1auSefNFk.roa
Signing time:             Fri 30 Jun 2023 09:56:18 +0000
ROA not before:           Fri 30 Jun 2023 09:56:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203639
IP address blocks:        212.193.14.0/24 maxlen: 24
                          194.87.208.0/24 maxlen: 24
                          194.87.226.0/24 maxlen: 24
                          194.87.231.0/24 maxlen: 24
                          212.192.4.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.27.0/24 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          194.87.76.0/24 maxlen: 24
                          193.124.90.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:0b:bb:67:ab:c5:d1:d5:4f:0c:45:1d:ca:89:3a:46:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun 30 09:56:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf6aedf8d318ebb0df4b1c2103ed5ab9279f3459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:ef:32:6d:73:29:77:29:b8:e9:56:d9:94:
                    f4:2c:ca:f2:47:02:60:5e:4d:13:34:98:31:67:2f:
                    cf:64:f8:83:ec:87:66:06:16:f1:11:2d:9a:e5:a0:
                    bb:f4:9c:58:3e:e3:5f:61:11:7f:c1:a2:e9:e4:27:
                    93:ea:33:22:1b:de:8d:f3:1d:72:4b:14:cf:7d:9b:
                    42:39:be:86:c8:42:49:81:c5:89:e6:da:3f:56:7a:
                    77:95:7b:ab:17:f3:73:49:24:09:c7:79:4b:85:5d:
                    19:b3:60:b9:ef:ae:5e:1b:d1:8e:ee:97:2f:3e:32:
                    e3:33:5e:88:32:b4:73:8d:30:97:9e:9d:8c:79:61:
                    1d:7f:fb:65:68:54:17:46:c0:c0:a3:22:d2:79:18:
                    ed:99:22:54:79:28:2f:47:9a:ec:c0:50:66:9b:d3:
                    89:b7:09:fc:7a:4e:64:2c:d3:df:96:61:9e:71:92:
                    0a:ed:3a:88:35:d2:4a:4d:dd:2e:93:70:bf:db:aa:
                    3d:dc:45:de:0e:ec:1e:fd:df:62:fc:54:11:11:98:
                    d9:b5:8f:90:fb:0d:36:7b:98:b2:ab:c4:d1:82:d8:
                    7b:76:2e:69:8c:d4:36:bf:22:d1:b2:f0:6a:8d:90:
                    d1:92:80:a1:f3:cc:9c:ae:51:63:a4:48:a2:d3:e0:
                    0d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:6A:ED:F8:D3:18:EB:B0:DF:4B:1C:21:03:ED:5A:B9:27:9F:34:59
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/z2rt-NMY67DfSxwhA-1auSefNFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.180.0/24
                  193.124.90.0/24
                  194.87.76.0/24
                  194.87.208.0/24
                  194.87.226.0/24
                  194.87.231.0/24
                  195.133.15.0/24
                  195.133.25.0/24
                  195.133.27.0/24
                  212.192.4.0/24
                  212.193.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:3d:a4:c8:95:79:4a:d4:f9:93:47:dc:91:24:13:5c:8a:a7:
         bf:dd:4a:94:2b:08:bc:76:db:da:ce:22:e1:bb:c7:5d:9b:b7:
         b7:5a:27:96:02:af:4f:7c:0f:d7:51:27:49:68:75:b3:ce:bd:
         71:13:b3:f9:43:51:78:ee:93:bb:f8:82:0e:1d:f6:b1:c9:64:
         0b:9f:22:9f:02:6e:db:f8:23:82:02:62:dd:6e:f5:f0:05:59:
         ed:95:a9:92:17:5e:14:ab:9f:42:a1:95:a8:d4:ec:07:e0:a2:
         72:50:cf:76:74:86:f4:aa:bc:f5:c3:dd:60:64:c4:71:f8:ee:
         3e:4e:5a:f5:b4:88:44:ae:5c:cc:4e:96:63:26:67:7f:5a:62:
         85:b8:67:33:4c:c4:14:e7:87:8c:52:54:f4:3e:65:12:f9:c8:
         0d:c4:54:6f:be:47:1c:db:cb:9f:dc:58:c0:dd:71:ff:d6:08:
         55:61:97:a2:74:1b:88:81:0c:1d:d0:fd:dd:ac:21:07:8b:42:
         7c:14:04:fb:0d:fd:cc:5b:99:7d:5e:c0:75:86:b6:cb:bd:45:
         00:6f:20:56:6f:41:eb:19:fd:e7:1b:a2:b0:95:14:97:7a:a4:
         8b:6a:87:a5:6e:f2:1a:77:a5:3e:b8:b0:bf:e7:60:c0:cc:6a:
         ba:88:7f:13
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYkLu2erxdHVTwxFHcqJOkaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNjMwMDk1NjE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjZhZWRmOGQzMThlYmIwZGY0YjFjMjEwM2VkNWFiOTI3OWYzNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRPvMm1zKXcpuOlW2ZT0LMryRwJg
Xk0TNJgxZy/PZPiD7IdmBhbxES2a5aC79JxYPuNfYRF/waLp5CeT6jMiG96N8x1y
SxTPfZtCOb6GyEJJgcWJ5to/Vnp3lXurF/NzSSQJx3lLhV0Zs2C5765eG9GO7pcv
PjLjM16IMrRzjTCXnp2MeWEdf/tlaFQXRsDAoyLSeRjtmSJUeSgvR5rswFBmm9OJ
twn8ek5kLNPflmGecZIK7TqINdJKTd0uk3C/26o93EXeDuwe/d9i/FQREZjZtY+Q
+w02e5iyq8TRgth7di5pjNQ2vyLRsvBqjZDRkoCh88ycrlFjpEii0+ANkwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFM9q7fjTGOuw30scIQPtWrknnzRZMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvejJydC1OTVk2N0RmU3h3aEEtMWF1U2VmTkZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAwHy0AwQA
wXxaAwQAwldMAwQAwlfQAwQAwlfiAwQAwlfnAwQAw4UPAwQAw4UZAwQAw4UbAwQA
1MAEAwQA1MEOMA0GCSqGSIb3DQEBCwUAA4IBAQBtPaTIlXlK1PmTR9yRJBNciqe/
3UqUKwi8dtvaziLhu8ddm7e3WieWAq9PfA/XUSdJaHWzzr1xE7P5Q1F47pO7+IIO
HfaxyWQLnyKfAm7b+COCAmLdbvXwBVntlamSF14Uq59CoZWo1OwH4KJyUM92dIb0
qrz1w91gZMRx+O4+Tlr1tIhErlzMTpZjJmd/WmKFuGczTMQU54eMUlT0PmUS+cgN
xFRvvkcc28uf3FjA3XH/1ghVYZeidBuIgQwd0P3drCEHi0J8FAT7Df3MW5l9XsB1
hrbLvUUAbyBWb0HrGf3nG6KwlRSXeqSLaoelbvIad6U+uLC/52DAzGq6iH8T
-----END CERTIFICATE-----