Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/G-4ya5DnKSWhnz7ruroPCu7PAnA.roa
File:                     G-4ya5DnKSWhnz7ruroPCu7PAnA.roa (raw, json)
Hash identifier:          TFF5JSR70+6Oa9oOeuNCABcOeRRbH1qGUwAL2QemyjE=
Subject key identifier:   1B:EE:32:6B:90:E7:29:25:A1:9F:3E:EB:BA:BA:0F:0A:EE:CF:02:70
Certificate issuer:       /CN=dc44e19e2bb4e7023cc1ba10d49b74ede4bf865c
Certificate serial:       018AB81D380882B9EF28723FAC7E17FC21A8
Authority key identifier: DC:44:E1:9E:2B:B4:E7:02:3C:C1:BA:10:D4:9B:74:ED:E4:BF:86:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EThniu05wI8wboQ1Jt07eS_hlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/G-4ya5DnKSWhnz7ruroPCu7PAnA.roa
Signing time:             Thu 21 Sep 2023 14:20:37 +0000
ROA not before:           Thu 21 Sep 2023 14:20:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206747
IP address blocks:        25.129.198.0/23 maxlen: 23
                          25.129.196.0/23 maxlen: 23
                          25.25.25.0/24 maxlen: 24
                          195.130.30.0/24 maxlen: 24
                          195.130.31.0/24 maxlen: 24
                          195.130.28.0/24 maxlen: 24
                          195.130.29.0/24 maxlen: 24
                          2a08:600:ee::/47 maxlen: 47
                          2a08:600:99::/48 maxlen: 48
                          2a08:600:4::/48 maxlen: 48
                          2a08:600:2::/48 maxlen: 48
                          2a08:600:3::/48 maxlen: 48
                          2a08:600:1::/48 maxlen: 48
                          2a08:600::/48 maxlen: 48
                          2a08:600:e0::/47 maxlen: 47

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b8:1d:38:08:82:b9:ef:28:72:3f:ac:7e:17:fc:21:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc44e19e2bb4e7023cc1ba10d49b74ede4bf865c
        Validity
            Not Before: Sep 21 14:20:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1bee326b90e72925a19f3eebbaba0f0aeecf0270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a9:5c:09:a4:6a:c5:83:a8:09:d3:5c:d5:2c:
                    9d:3d:fe:40:cd:2d:77:95:d1:e1:a7:bb:54:b6:73:
                    48:b2:4d:de:86:19:b1:fa:46:6d:7a:9f:12:c6:a5:
                    5d:91:3a:72:0e:96:be:6b:74:e9:14:b4:84:5d:27:
                    fa:9c:73:95:94:fa:d9:12:be:80:96:6c:a0:d3:99:
                    79:45:a8:90:df:3d:30:e8:a9:ef:46:a4:2d:44:dc:
                    94:07:44:47:ef:ae:83:7c:60:61:9d:81:2c:b9:45:
                    ad:da:c6:43:a7:98:90:f7:72:ba:7c:d7:eb:3f:d0:
                    3f:42:57:0c:1f:76:8d:16:fd:fd:20:46:bb:b7:d1:
                    85:5d:69:4b:33:e4:17:09:8f:1b:51:18:45:03:76:
                    28:ae:0d:e4:3c:85:19:4d:25:76:90:99:38:1d:c3:
                    b6:3c:67:b9:eb:a4:17:48:10:ef:fa:44:14:39:59:
                    5e:c9:bb:33:24:d4:07:58:dc:76:8a:94:bc:94:21:
                    ce:7f:c6:9f:e3:31:a5:3a:02:1d:ca:c2:00:59:7c:
                    58:f0:83:cb:b9:55:a5:97:7d:13:c2:02:07:9d:c1:
                    a5:db:65:7e:9b:47:92:bc:d8:cc:21:5d:93:0a:8a:
                    18:8b:04:2e:43:1f:f6:e6:e4:e9:b4:30:74:c3:b2:
                    7e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:EE:32:6B:90:E7:29:25:A1:9F:3E:EB:BA:BA:0F:0A:EE:CF:02:70
            X509v3 Authority Key Identifier:
                keyid:DC:44:E1:9E:2B:B4:E7:02:3C:C1:BA:10:D4:9B:74:ED:E4:BF:86:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EThniu05wI8wboQ1Jt07eS_hlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/G-4ya5DnKSWhnz7ruroPCu7PAnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/46f5b9-6000-4072-89f2-4c82ace72c85/1/3EThniu05wI8wboQ1Jt07eS_hlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  25.25.25.0/24
                  25.129.196.0/22
                  195.130.28.0/22
                IPv6:
                  2a08:600::-2a08:600:4:ffff:ffff:ffff:ffff:ffff
                  2a08:600:99::/48
                  2a08:600:e0::/47
                  2a08:600:ee::/47

    Signature Algorithm: sha256WithRSAEncryption
         e4:7f:9d:49:16:5d:1c:de:32:c2:aa:34:1b:b6:0e:50:3b:fb:
         80:3e:b0:ec:10:30:af:fa:7c:dc:73:3b:d2:69:c6:11:8f:23:
         6b:c1:f4:ea:7c:09:18:ee:4c:c4:18:1d:a1:84:ea:2b:b8:b7:
         8b:0d:89:0f:2c:c5:a5:9e:2d:2f:8c:1d:88:af:6c:05:dd:e9:
         7c:8c:fe:18:5d:97:de:ef:57:21:41:61:96:25:32:8a:86:7a:
         3d:31:2f:0b:a0:80:c0:10:32:af:83:bf:7f:fe:95:07:65:a8:
         f8:9a:de:d7:77:38:9d:21:04:d7:70:79:90:a4:1b:a4:72:fa:
         12:d5:ad:ed:80:d7:01:7f:1f:14:22:c2:50:61:84:3e:1c:50:
         e5:6e:eb:af:7e:a2:9e:e2:7f:15:81:f2:8e:0c:ba:ef:a7:1c:
         1b:85:fd:e2:71:05:1e:bb:e6:4d:9d:37:f2:52:68:a5:32:2c:
         ce:26:0f:9a:f9:9e:f6:dd:d9:bd:95:75:e1:93:be:67:17:52:
         b5:43:5a:4a:61:8a:02:69:82:48:f3:57:da:fc:71:68:37:74:
         de:a0:87:04:67:23:b1:49:d2:63:49:dc:4c:aa:7c:94:cd:6c:
         ae:28:4c:b4:77:70:01:fc:96:98:b8:c6:b5:55:ae:76:ef:e2:
         fb:bb:53:9b
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYq4HTgIgrnvKHI/rH4X/CGoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDRlMTllMmJiNGU3MDIzY2MxYmExMGQ0OWI3NGVkZTRi
Zjg2NWMwHhcNMjMwOTIxMTQyMDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmVlMzI2YjkwZTcyOTI1YTE5ZjNlZWJiYWJhMGYwYWVlY2YwMjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqlcCaRqxYOoCdNc1SydPf5AzS13
ldHhp7tUtnNIsk3ehhmx+kZtep8SxqVdkTpyDpa+a3TpFLSEXSf6nHOVlPrZEr6A
lmyg05l5RaiQ3z0w6KnvRqQtRNyUB0RH766DfGBhnYEsuUWt2sZDp5iQ93K6fNfr
P9A/QlcMH3aNFv39IEa7t9GFXWlLM+QXCY8bURhFA3Yorg3kPIUZTSV2kJk4HcO2
PGe566QXSBDv+kQUOVleybszJNQHWNx2ipS8lCHOf8af4zGlOgIdysIAWXxY8IPL
uVWll30TwgIHncGl22V+m0eSvNjMIV2TCooYiwQuQx/25uTptDB0w7J+3QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFBvuMmuQ5ykloZ8+67q6DwruzwJwMB8GA1UdIwQY
MBaAFNxE4Z4rtOcCPMG6ENSbdO3kv4ZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VUaG5pdTA1d0k4d2JvUTFKdDA3ZVNfaGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS80NmY1YjktNjAwMC00MDcyLTg5ZjIt
NGM4MmFjZTcyYzg1LzEvRy00eWE1RG5LU1dobno3cnVyb1BDdTdQQW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS80NmY1YjktNjAwMC00MDcyLTg5ZjItNGM4MmFjZTcyYzg1
LzEvM0VUaG5pdTA1d0k4d2JvUTFKdDA3ZVNfaGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAYBAIAATASAwQAGRkZAwQC
GYHEAwQCw4IcMDIEAgACMCwwDwMEASoIBgMHACoIBgAABAMHACoIBgAAmQMHASoI
BgAA4AMHASoIBgAA7jANBgkqhkiG9w0BAQsFAAOCAQEA5H+dSRZdHN4ywqo0G7YO
UDv7gD6w7BAwr/p83HM70mnGEY8ja8H06nwJGO5MxBgdoYTqK7i3iw2JDyzFpZ4t
L4wdiK9sBd3pfIz+GF2X3u9XIUFhliUyioZ6PTEvC6CAwBAyr4O/f/6VB2Wo+Jre
13c4nSEE13B5kKQbpHL6EtWt7YDXAX8fFCLCUGGEPhxQ5W7rr36inuJ/FYHyjgy6
76ccG4X94nEFHrvmTZ038lJopTIsziYPmvme9t3ZvZV14ZO+ZxdStUNaSmGKAmmC
SPNX2vxxaDd03qCHBGcjsUnSY0ncTKp8lM1srihMtHdwAfyWmLjGtVWudu/i+7tT
mw==
-----END CERTIFICATE-----