Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rERlfAFG5U8JY2kRqQqu8ypChZY.roa
File:                     rERlfAFG5U8JY2kRqQqu8ypChZY.roa (raw, json)
Hash identifier:          x8y1GcHEiM1kv2QCq9k9GAmKfgwDquueBZUbH5GJS/o=
Subject key identifier:   AC:44:65:7C:01:46:E5:4F:09:63:69:11:A9:0A:AE:F3:2A:42:85:96
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01856D81DCEA78435F409CBA55B8EB545F82
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rERlfAFG5U8JY2kRqQqu8ypChZY.roa
Signing time:             Sun 01 Jan 2023 13:25:05 +0000
ROA not before:           Sun 01 Jan 2023 13:25:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29030
IP address blocks:        94.156.20.0/22 maxlen: 22
                          87.121.152.0/21 maxlen: 21
                          31.13.200.0/21 maxlen: 21
                          94.156.244.0/24 maxlen: 24
                          87.121.65.0/24 maxlen: 24
                          94.156.199.0/24 maxlen: 24
                          94.156.197.0/24 maxlen: 24
                          94.156.195.0/24 maxlen: 24
                          94.156.196.0/24 maxlen: 24
                          94.156.198.0/24 maxlen: 24
                          94.156.194.0/24 maxlen: 24
                          94.156.208.0/21 maxlen: 21
                          87.121.24.0/22 maxlen: 24
                          31.13.242.0/23 maxlen: 23
                          87.121.8.0/21 maxlen: 21

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:81:dc:ea:78:43:5f:40:9c:ba:55:b8:eb:54:5f:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 13:25:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac44657c0146e54f09636911a90aaef32a428596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9e:c1:bc:5b:5e:8c:72:fd:5a:92:9b:e1:52:
                    65:22:51:04:a4:8b:6f:8e:b3:07:2c:48:e6:8e:53:
                    0f:e3:aa:6b:67:ed:4a:69:eb:0e:52:9e:f6:31:51:
                    ce:17:0f:c6:05:b3:f2:f1:1a:70:c5:ce:51:84:ff:
                    1d:86:d5:ab:d4:8d:5b:be:a3:6e:57:9a:94:78:46:
                    fc:d5:8f:2b:1f:d4:8e:71:81:21:e7:9b:9a:dc:1b:
                    9d:97:78:e8:4a:31:a8:fc:58:6d:46:6b:8b:c0:43:
                    b5:b3:70:90:66:a2:6e:6c:f5:c5:99:0b:34:5e:75:
                    1f:46:e6:ab:c9:c2:f0:fa:ca:e2:4a:2a:a0:16:06:
                    ce:f6:72:37:cf:14:7c:23:17:45:bb:52:49:58:bd:
                    7c:57:a5:a7:6d:e4:5e:d4:9c:89:ed:24:12:fb:95:
                    a8:dc:3f:ca:b6:46:25:c5:5c:f5:b3:5c:c9:21:e8:
                    3b:90:d9:e0:77:d4:20:c3:88:3c:92:7b:28:86:c5:
                    4d:93:c9:c9:89:3e:99:d2:01:e0:51:a4:f3:e3:54:
                    0d:80:24:82:32:9b:ce:8c:69:9d:b2:96:b6:f0:3b:
                    71:2d:41:f4:bc:29:f0:5a:cc:3d:0c:d2:52:40:b4:
                    2b:d9:7b:bd:ea:8e:47:7a:44:36:65:49:f9:44:d5:
                    76:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:44:65:7C:01:46:E5:4F:09:63:69:11:A9:0A:AE:F3:2A:42:85:96
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rERlfAFG5U8JY2kRqQqu8ypChZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.200.0/21
                  31.13.242.0/23
                  87.121.8.0/21
                  87.121.24.0/22
                  87.121.65.0/24
                  87.121.152.0/21
                  94.156.20.0/22
                  94.156.194.0-94.156.199.255
                  94.156.208.0/21
                  94.156.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:4b:41:ae:30:df:c2:c7:15:61:a9:72:17:3e:cb:1e:41:08:
         ef:cd:ce:72:fb:ad:34:b8:8b:3e:70:48:39:08:28:a9:c0:6f:
         bd:15:45:62:4e:f3:32:0e:f1:66:45:6c:c9:1a:df:12:ef:be:
         6a:3e:ca:d6:07:c8:cb:8c:94:b1:6c:1b:cb:75:3f:29:d9:f7:
         ab:df:0c:0e:d5:0c:c0:88:c3:86:b5:99:cc:98:3f:f1:dc:4d:
         99:ec:3b:2c:0d:8d:45:40:a2:2e:27:9e:af:2d:e3:22:ef:32:
         7b:de:c4:0a:cd:b3:62:70:d4:92:b0:6e:14:94:28:f5:b7:78:
         20:f6:78:c4:8e:63:c6:0d:26:7b:18:f2:ab:e0:f7:35:42:d2:
         a3:1d:e2:80:1a:f9:e7:ea:15:3b:07:46:17:64:fa:db:40:25:
         ae:d5:f1:5c:62:35:55:8a:e1:90:8b:8e:8e:aa:dd:00:28:2e:
         78:59:28:60:f0:6f:92:25:6b:e8:94:7a:19:f8:19:a7:17:3a:
         2d:ae:63:11:b5:e6:11:a8:65:69:da:94:4b:33:ce:b5:f9:eb:
         aa:c4:ad:38:40:aa:17:c8:5d:14:f9:05:28:24:09:e6:23:5c:
         87:54:56:a0:9d:a8:5d:26:36:11:bf:b4:27:49:89:30:31:45:
         76:d3:0c:12
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYVtgdzqeENfQJy6VbjrVF+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTAxMTMyNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ0NjU3YzAxNDZlNTRmMDk2MzY5MTFhOTBhYWVmMzJhNDI4NTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZ7BvFtejHL9WpKb4VJlIlEEpItv
jrMHLEjmjlMP46prZ+1KaesOUp72MVHOFw/GBbPy8Rpwxc5RhP8dhtWr1I1bvqNu
V5qUeEb81Y8rH9SOcYEh55ua3Budl3joSjGo/FhtRmuLwEO1s3CQZqJubPXFmQs0
XnUfRuarycLw+sriSiqgFgbO9nI3zxR8IxdFu1JJWL18V6WnbeRe1JyJ7SQS+5Wo
3D/KtkYlxVz1s1zJIeg7kNngd9Qgw4g8knsohsVNk8nJiT6Z0gHgUaTz41QNgCSC
MpvOjGmdspa28DtxLUH0vCnwWsw9DNJSQLQr2Xu96o5HekQ2ZUn5RNV2pQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFKxEZXwBRuVPCWNpEakKrvMqQoWWMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvckVSbGZBRkc1VThKWTJrUnFRcXU4eXBDaFpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDHw3IAwQB
Hw3yAwQDV3kIAwQCV3kYAwQAV3lBAwQDV3mYAwQCXpwUMAwDBAFenMIDBANenMAD
BANenNADBABenPQwDQYJKoZIhvcNAQELBQADggEBAAtLQa4w38LHFWGpchc+yx5B
CO/NznL7rTS4iz5wSDkIKKnAb70VRWJO8zIO8WZFbMka3xLvvmo+ytYHyMuMlLFs
G8t1PynZ96vfDA7VDMCIw4a1mcyYP/HcTZnsOywNjUVAoi4nnq8t4yLvMnvexArN
s2Jw1JKwbhSUKPW3eCD2eMSOY8YNJnsY8qvg9zVC0qMd4oAa+efqFTsHRhdk+ttA
Ja7V8VxiNVWK4ZCLjo6q3QAoLnhZKGDwb5Ila+iUehn4GacXOi2uYxG15hGoZWna
lEszzrX566rErThAqhfIXRT5BSgkCeYjXIdUVqCdqF0mNhG/tCdJiTAxRXbTDBI=
-----END CERTIFICATE-----
Generated at Fri Sep 29 12:54:52 2023 by rpki-client on console-ams.rpki-client.org