Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/PyhZ-gmRNgwl1qo7suSVnokyZno.roa
File:                     PyhZ-gmRNgwl1qo7suSVnokyZno.roa (raw, json)
Hash identifier:          teQtvKfYAlewBSHOgZrHgZrI1aayapnJ0rzoMCTxtrk=
Subject key identifier:   3F:28:59:FA:09:91:36:0C:25:D6:AA:3B:B2:E4:95:9E:89:32:66:7A
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018ACC2D55931D3BDE90755D6CEDAC328410
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/PyhZ-gmRNgwl1qo7suSVnokyZno.roa
Signing time:             Mon 25 Sep 2023 11:50:37 +0000
ROA not before:           Mon 25 Sep 2023 11:50:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59993
IP address blocks:        159.148.121.0/24 maxlen: 24
                          159.148.129.0/24 maxlen: 24
                          159.148.143.0/24 maxlen: 24
                          159.148.149.0/24 maxlen: 24
                          159.148.159.0/24 maxlen: 24
                          159.148.77.0/24 maxlen: 24
                          159.148.73.0/24 maxlen: 24
                          159.148.74.0/24 maxlen: 24
                          159.148.98.0/24 maxlen: 24
                          159.148.226.0/24 maxlen: 24
                          159.148.243.0/24 maxlen: 24
                          159.148.242.0/24 maxlen: 24
                          159.148.182.0/24 maxlen: 24
                          159.148.183.0/24 maxlen: 24
                          159.148.185.0/24 maxlen: 24
                          159.148.204.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:cc:2d:55:93:1d:3b:de:90:75:5d:6c:ed:ac:32:84:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Sep 25 11:50:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f2859fa0991360c25d6aa3bb2e4959e8932667a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5c:11:5a:fa:ae:bf:a7:0b:96:de:75:ec:9a:
                    04:fe:ab:1b:19:c0:83:2b:b7:e8:30:d5:e3:aa:02:
                    eb:1a:77:db:50:95:f8:3e:e4:16:89:cc:2e:10:6e:
                    91:f6:51:35:42:91:8e:20:ed:26:5e:7b:13:dc:64:
                    1b:5f:ca:11:dc:3a:13:9b:95:9f:bd:c5:48:f9:3b:
                    52:5d:b0:89:55:96:84:d0:d5:d2:97:55:69:e7:cd:
                    9d:2d:fb:28:3b:c5:7c:c8:5b:ff:79:cb:e3:37:6c:
                    ea:08:af:a6:63:ac:b2:1d:3e:36:5f:83:86:ca:32:
                    20:16:6b:f1:84:6d:63:c0:57:19:5c:d1:d0:c4:1d:
                    14:35:7b:95:00:26:66:ef:fd:2f:ca:02:d1:da:e0:
                    58:b8:50:25:13:e7:7e:05:93:93:7a:e7:c3:92:a6:
                    72:9b:7e:cd:c6:0b:a6:4d:fe:49:eb:d5:98:96:48:
                    a4:be:16:ae:42:2c:04:3f:0f:1e:23:b8:24:7f:c8:
                    8b:02:90:bc:8a:9a:73:58:b5:13:ca:dd:64:14:0b:
                    21:7f:dd:62:c1:aa:60:2d:08:9c:0c:ba:57:df:c7:
                    7e:28:aa:8b:a2:59:83:ac:bc:6a:0a:0b:98:dd:62:
                    9d:e1:c8:45:1a:9c:0f:c3:e7:91:d7:03:cf:13:bd:
                    f1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:28:59:FA:09:91:36:0C:25:D6:AA:3B:B2:E4:95:9E:89:32:66:7A
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/PyhZ-gmRNgwl1qo7suSVnokyZno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.73.0-159.148.74.255
                  159.148.77.0/24
                  159.148.98.0/24
                  159.148.121.0/24
                  159.148.129.0/24
                  159.148.143.0/24
                  159.148.149.0/24
                  159.148.159.0/24
                  159.148.182.0/23
                  159.148.185.0/24
                  159.148.204.0/24
                  159.148.226.0/24
                  159.148.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:8d:b0:1d:33:88:88:cc:11:f1:32:43:85:88:78:9a:44:ea:
         01:82:e5:6c:f2:3d:3a:50:38:af:ae:ce:64:88:63:18:e3:13:
         a5:81:ab:de:dc:da:31:a0:5d:87:60:ae:36:bb:6c:fa:29:eb:
         d4:29:03:53:4f:90:f7:77:bc:df:92:8e:99:86:01:34:f3:11:
         05:6a:38:ef:69:18:ee:d6:30:02:36:51:fd:11:f2:24:e4:89:
         3d:23:db:86:aa:b3:c5:df:2f:ea:22:4a:cf:2e:f3:83:7b:4a:
         6d:39:dd:8e:27:ca:55:3e:d6:2b:78:b4:77:cb:70:92:33:bb:
         62:a0:d7:78:93:50:21:d3:b3:a3:8c:a9:d8:d6:de:e3:fb:ce:
         02:e0:bc:ae:62:df:5b:25:d2:74:3b:0e:e9:e3:11:3b:1d:4f:
         8d:86:31:3b:c0:a5:d6:0c:d0:c1:0e:55:a2:f3:0a:b0:14:62:
         e9:3f:9d:00:d5:e1:2f:07:48:c7:d4:9e:3a:76:09:6b:0e:67:
         e5:af:cf:73:0b:58:ce:70:cd:94:c8:f8:99:5f:f1:74:c1:4f:
         14:93:b4:68:09:f4:35:48:fd:3d:ca:50:f4:2d:7f:85:dc:b5:
         39:54:97:9c:09:1f:14:b8:51:c0:37:e5:60:81:5a:34:c5:23:
         17:cc:fc:f1
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYrMLVWTHTvekHVdbO2sMoQQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjMwOTI1MTE1MDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjI4NTlmYTA5OTEzNjBjMjVkNmFhM2JiMmU0OTU5ZTg5MzI2NjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1wRWvquv6cLlt517JoE/qsbGcCD
K7foMNXjqgLrGnfbUJX4PuQWicwuEG6R9lE1QpGOIO0mXnsT3GQbX8oR3DoTm5Wf
vcVI+TtSXbCJVZaE0NXSl1Vp582dLfsoO8V8yFv/ecvjN2zqCK+mY6yyHT42X4OG
yjIgFmvxhG1jwFcZXNHQxB0UNXuVACZm7/0vygLR2uBYuFAlE+d+BZOTeufDkqZy
m37NxgumTf5J69WYlkikvhauQiwEPw8eI7gkf8iLApC8ippzWLUTyt1kFAshf91i
wapgLQicDLpX38d+KKqLolmDrLxqCguY3WKd4chFGpwPw+eR1wPPE73xWwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFD8oWfoJkTYMJdaqO7LklZ6JMmZ6MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvUHloWi1nbVJOZ3dsMXFvN3N1U1Zub2t5Wm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWMAwDBACflEkD
BACflEoDBACflE0DBACflGIDBACflHkDBACflIEDBACflI8DBACflJUDBACflJ8D
BAGflLYDBACflLkDBACflMwDBACflOIDBAGflPIwDQYJKoZIhvcNAQELBQADggEB
AIuNsB0ziIjMEfEyQ4WIeJpE6gGC5WzyPTpQOK+uzmSIYxjjE6WBq97c2jGgXYdg
rja7bPop69QpA1NPkPd3vN+SjpmGATTzEQVqOO9pGO7WMAI2Uf0R8iTkiT0j24aq
s8XfL+oiSs8u84N7Sm053Y4nylU+1it4tHfLcJIzu2Kg13iTUCHTs6OMqdjW3uP7
zgLgvK5i31sl0nQ7DunjETsdT42GMTvApdYM0MEOVaLzCrAUYuk/nQDV4S8HSMfU
njp2CWsOZ+Wvz3MLWM5wzZTI+Jlf8XTBTxSTtGgJ9DVI/T3KUPQtf4XctTlUl5wJ
HxS4UcA35WCBWjTFIxfM/PE=
-----END CERTIFICATE-----