Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/U2MWmCySPP8Ux6Ad9JS3jl-9K1s.roa
File:                     U2MWmCySPP8Ux6Ad9JS3jl-9K1s.roa (raw, json)
Hash identifier:          26lTfp4nNfnWsfQdyy0Ru40+JnWXq9R4BsiOi5VIOgc=
Subject key identifier:   53:63:16:98:2C:92:3C:FF:14:C7:A0:1D:F4:94:B7:8E:5F:BD:2B:5B
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018876CA577D7EA9D98C1D17B76AA1F303D4
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/U2MWmCySPP8Ux6Ad9JS3jl-9K1s.roa
Signing time:             Thu 01 Jun 2023 11:49:12 +0000
ROA not before:           Thu 01 Jun 2023 11:49:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59993
IP address blocks:        159.148.121.0/24 maxlen: 24
                          159.148.129.0/24 maxlen: 24
                          159.148.143.0/24 maxlen: 24
                          159.148.149.0/24 maxlen: 24
                          159.148.159.0/24 maxlen: 24
                          159.148.77.0/24 maxlen: 24
                          159.148.73.0/24 maxlen: 24
                          159.148.74.0/24 maxlen: 24
                          159.148.98.0/24 maxlen: 24
                          159.148.226.0/24 maxlen: 24
                          159.148.243.0/24 maxlen: 24
                          159.148.242.0/24 maxlen: 24
                          159.148.182.0/24 maxlen: 24
                          159.148.183.0/24 maxlen: 24
                          159.148.185.0/24 maxlen: 24
                          159.148.204.0/24 maxlen: 24
                          159.148.201.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:76:ca:57:7d:7e:a9:d9:8c:1d:17:b7:6a:a1:f3:03:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jun  1 11:49:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=536316982c923cff14c7a01df494b78e5fbd2b5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c6:18:e8:e2:44:49:2d:36:84:a8:1f:3f:cb:
                    c0:6a:26:53:32:90:3a:90:d4:5c:c0:2b:43:29:bd:
                    ca:3f:dc:14:86:f4:d9:a6:ea:93:21:78:ad:f0:38:
                    68:18:67:6c:aa:e4:a3:c5:f6:50:dd:9a:84:ea:83:
                    ae:6d:81:3a:fb:62:2d:12:e8:d1:19:04:11:ff:81:
                    92:16:00:c6:a7:e8:db:df:36:72:ef:dd:67:3f:7b:
                    67:af:a4:5e:0a:58:03:bc:09:63:64:44:81:4a:e1:
                    33:2b:c3:de:97:9c:2c:82:66:2e:20:00:e6:c1:20:
                    6c:1a:43:51:4e:0a:f7:99:97:6c:52:39:23:c0:b7:
                    14:47:3d:1a:ee:e5:26:9a:4e:64:34:e0:78:ff:43:
                    8c:80:72:d3:70:0c:24:e6:5c:3e:55:11:b8:a0:c2:
                    37:8f:65:68:89:a9:4e:e6:3b:dd:94:1d:c4:14:af:
                    61:e7:92:29:22:6b:12:b3:ae:c3:ae:72:58:e5:28:
                    dc:7e:e3:42:ac:d2:f8:0a:09:14:36:49:23:b7:dd:
                    f0:d9:ea:2f:b8:21:cf:dc:d7:e8:a2:01:c7:65:9c:
                    26:6d:f6:0f:0e:b0:d8:d7:6b:f8:ff:30:7a:f4:05:
                    4b:80:43:3b:c7:f3:65:32:02:eb:2f:1a:1b:9b:ea:
                    77:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:63:16:98:2C:92:3C:FF:14:C7:A0:1D:F4:94:B7:8E:5F:BD:2B:5B
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/U2MWmCySPP8Ux6Ad9JS3jl-9K1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.73.0-159.148.74.255
                  159.148.77.0/24
                  159.148.98.0/24
                  159.148.121.0/24
                  159.148.129.0/24
                  159.148.143.0/24
                  159.148.149.0/24
                  159.148.159.0/24
                  159.148.182.0/23
                  159.148.185.0/24
                  159.148.201.0/24
                  159.148.204.0/24
                  159.148.226.0/24
                  159.148.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:c8:42:7f:fc:bd:76:57:d8:13:71:ef:c5:22:3f:94:e5:f7:
         56:48:75:61:7b:48:9c:8b:f8:39:12:e0:eb:d1:36:5c:23:7a:
         59:57:06:b5:07:4a:6e:eb:49:c6:17:80:90:b0:a2:28:a5:c8:
         82:fa:d1:3f:03:d5:c7:23:46:9f:de:1c:64:64:94:b1:fd:12:
         9a:28:9c:40:a4:31:8c:76:8c:91:97:f7:d0:73:62:50:ab:99:
         ee:d0:2a:b7:3f:13:d3:37:aa:98:38:6f:9e:b4:c8:2e:52:db:
         45:16:9d:07:d1:ca:b6:6d:29:11:7d:8f:47:9d:ef:f6:4b:cf:
         61:7e:bd:ec:ba:0b:df:15:b2:50:6b:00:87:75:24:60:09:df:
         49:72:af:f6:47:e9:9c:71:9c:7e:1c:cc:37:26:2d:f3:c3:06:
         50:f4:25:51:95:af:cf:fc:12:5d:4a:9d:7c:ba:0d:2f:fe:52:
         20:19:22:f4:05:d1:71:f2:c4:a1:3f:2c:fc:2d:0b:ff:88:69:
         de:23:30:e9:05:81:36:5b:a8:31:fe:6d:5a:3e:72:a4:9a:3b:
         9f:f4:50:af:d4:e3:e1:6d:31:56:d7:1d:3c:ec:5f:46:98:38:
         e9:89:50:10:df:b3:d7:25:07:0b:ca:fb:59:79:c0:c7:2c:d3:
         c1:af:a4:21
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYh2yld9fqnZjB0Xt2qh8wPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjMwNjAxMTE0OTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzYzMTY5ODJjOTIzY2ZmMTRjN2EwMWRmNDk0Yjc4ZTVmYmQyYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMYY6OJESS02hKgfP8vAaiZTMpA6
kNRcwCtDKb3KP9wUhvTZpuqTIXit8DhoGGdsquSjxfZQ3ZqE6oOubYE6+2ItEujR
GQQR/4GSFgDGp+jb3zZy791nP3tnr6ReClgDvAljZESBSuEzK8Pel5wsgmYuIADm
wSBsGkNRTgr3mZdsUjkjwLcURz0a7uUmmk5kNOB4/0OMgHLTcAwk5lw+VRG4oMI3
j2VoialO5jvdlB3EFK9h55IpImsSs67DrnJY5SjcfuNCrNL4CgkUNkkjt93w2eov
uCHP3NfoogHHZZwmbfYPDrDY12v4/zB69AVLgEM7x/NlMgLrLxobm+p3TQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFFNjFpgskjz/FMegHfSUt45fvStbMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvVTJNV21DeVNQUDhVeDZBZDlKUzNqbC05SzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcMAwDBACflEkD
BACflEoDBACflE0DBACflGIDBACflHkDBACflIEDBACflI8DBACflJUDBACflJ8D
BAGflLYDBACflLkDBACflMkDBACflMwDBACflOIDBAGflPIwDQYJKoZIhvcNAQEL
BQADggEBAHzIQn/8vXZX2BNx78UiP5Tl91ZIdWF7SJyL+DkS4OvRNlwjellXBrUH
Sm7rScYXgJCwoiilyIL60T8D1ccjRp/eHGRklLH9EpoonECkMYx2jJGX99BzYlCr
me7QKrc/E9M3qpg4b560yC5S20UWnQfRyrZtKRF9j0ed7/ZLz2F+vey6C98VslBr
AId1JGAJ30lyr/ZH6ZxxnH4czDcmLfPDBlD0JVGVr8/8El1KnXy6DS/+UiAZIvQF
0XHyxKE/LPwtC/+Iad4jMOkFgTZbqDH+bVo+cqSaO5/0UK/U4+FtMVbXHTzsX0aY
OOmJUBDfs9clBwvK+1l5wMcs08GvpCE=
-----END CERTIFICATE-----