Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/YvEcfGJ_jDDWGSjwSMMT6W7FkJI.roa
File:                     YvEcfGJ_jDDWGSjwSMMT6W7FkJI.roa (raw, json)
Hash identifier:          I+G6xiLjEHZMq2Kjz0JHZpjM2lFFdCU+4mXjNIFqs88=
Subject key identifier:   62:F1:1C:7C:62:7F:8C:30:D6:19:28:F0:48:C3:13:E9:6E:C5:90:92
Certificate issuer:       /CN=06da1c6b1a65f7a3d97f9bd75e7cac3135246fa5
Certificate serial:       01856CEF22AE4A4E188CD8F2E43C7957E55F
Authority key identifier: 06:DA:1C:6B:1A:65:F7:A3:D9:7F:9B:D7:5E:7C:AC:31:35:24:6F:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Btocaxpl96PZf5vXXnysMTUkb6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/YvEcfGJ_jDDWGSjwSMMT6W7FkJI.roa
Signing time:             Sun 01 Jan 2023 10:44:49 +0000
ROA not before:           Sun 01 Jan 2023 10:44:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51395
IP address blocks:        176.10.96.0/19 maxlen: 19
                          185.85.108.0/22 maxlen: 22
                          91.192.100.0/22 maxlen: 22
                          185.32.220.0/22 maxlen: 22
                          185.32.221.0/24 maxlen: 24
                          185.32.223.0/24 maxlen: 24
                          185.189.148.0/22 maxlen: 22
                          185.195.68.0/23 maxlen: 23
                          91.201.56.0/22 maxlen: 22
                          176.10.104.240/32 maxlen: 32
                          195.225.117.0/24 maxlen: 24
                          195.225.118.0/23 maxlen: 23
                          2a00:bd80::/32 maxlen: 32
                          2a0b:ee80::/29 maxlen: 29
                          2a0a:5dc0::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ef:22:ae:4a:4e:18:8c:d8:f2:e4:3c:79:57:e5:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06da1c6b1a65f7a3d97f9bd75e7cac3135246fa5
        Validity
            Not Before: Jan  1 10:44:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=62f11c7c627f8c30d61928f048c313e96ec59092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0e:5f:ee:23:27:d3:dd:b4:26:02:ce:df:e9:
                    49:f1:ef:b4:e6:ae:f6:6b:e4:02:bb:bf:2d:2e:b1:
                    21:da:94:0f:bd:82:1b:a7:28:f7:26:9d:ed:e4:bd:
                    af:3e:9a:3c:4c:23:bc:8f:7a:5e:a6:40:7f:d8:bd:
                    52:9a:89:62:24:f7:1b:ae:00:ea:ce:7d:0f:57:f9:
                    5f:52:b3:61:0a:09:ff:38:d0:74:bb:14:4a:79:12:
                    10:3a:df:b8:c8:82:98:2c:98:9d:97:f8:aa:d7:b2:
                    db:67:e1:c6:42:73:54:b2:7b:88:f1:b4:c5:54:f6:
                    d5:af:5f:30:05:c9:cd:05:8a:02:72:4e:01:3c:ee:
                    37:95:eb:bb:c9:40:90:b4:85:33:97:8d:1d:c6:29:
                    03:ac:88:95:c7:a2:bb:04:85:97:bc:88:ea:96:53:
                    47:82:5b:1c:bb:f4:7a:67:79:22:9f:9c:b7:01:63:
                    00:6b:7d:92:c1:4f:a8:cf:84:9b:f7:7f:0e:c2:1f:
                    d1:93:9e:3d:fa:b5:1f:07:23:ad:19:64:7a:73:28:
                    82:52:5a:04:17:37:17:d8:bd:fa:0a:93:6a:1f:f8:
                    a5:c1:44:69:aa:94:65:8e:3b:bf:b1:f1:20:ca:28:
                    80:2b:88:32:4e:0f:9c:0a:75:fd:16:31:1e:ec:24:
                    09:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:F1:1C:7C:62:7F:8C:30:D6:19:28:F0:48:C3:13:E9:6E:C5:90:92
            X509v3 Authority Key Identifier:
                keyid:06:DA:1C:6B:1A:65:F7:A3:D9:7F:9B:D7:5E:7C:AC:31:35:24:6F:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Btocaxpl96PZf5vXXnysMTUkb6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/YvEcfGJ_jDDWGSjwSMMT6W7FkJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/62a3b1-117d-4b17-9662-45eb738cb9c8/1/Btocaxpl96PZf5vXXnysMTUkb6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.100.0/22
                  91.201.56.0/22
                  176.10.96.0/19
                  185.32.220.0/22
                  185.85.108.0/22
                  185.189.148.0/22
                  185.195.68.0/23
                  195.225.117.0-195.225.119.255
                IPv6:
                  2a00:bd80::/32
                  2a0a:5dc0::/29
                  2a0b:ee80::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:73:41:dd:89:b7:ae:40:d1:a8:dc:74:dd:37:82:a8:82:9d:
         36:e4:ca:70:a2:bd:b0:c3:3e:0e:2e:77:56:ec:24:15:6e:6e:
         7c:d4:54:a3:b2:c5:67:cd:07:6e:b7:8b:77:10:0e:af:50:44:
         81:54:65:25:37:76:43:b1:71:73:b9:79:f6:8b:f3:3a:0c:be:
         27:ac:1d:c6:84:a8:6a:8b:f0:5a:95:9a:27:00:34:41:8b:4d:
         d7:f0:e9:4c:73:0f:9c:85:59:93:e9:84:8d:4d:7f:9c:bb:5e:
         94:dc:64:65:5e:ac:50:02:bb:45:d9:5e:c3:73:e7:3a:2e:fe:
         c8:03:ec:d7:6d:f2:ad:5c:a6:89:39:3c:60:95:42:8b:2c:ee:
         2d:6b:f2:2d:3f:58:29:06:a6:33:bd:b2:e5:93:1b:94:12:7b:
         0f:3e:30:64:3c:f1:2a:8a:78:87:fa:89:f8:0a:63:32:38:52:
         36:72:30:aa:82:4a:82:e2:4e:64:5a:93:ba:51:e8:58:35:7e:
         ca:fc:d6:ca:a1:c1:ce:b4:85:db:92:14:b7:ac:61:27:ba:9c:
         cd:82:58:03:36:9c:fe:54:1a:4d:08:48:0b:61:09:65:0e:31:
         b3:43:3f:44:9a:ea:9b:8f:08:e2:71:11:8f:4b:38:42:ae:1b:
         66:61:32:12
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYVs7yKuSk4YjNjy5Dx5V+VfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ZGExYzZiMWE2NWY3YTNkOTdmOWJkNzVlN2NhYzMxMzUy
NDZmYTUwHhcNMjMwMTAxMTA0NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmYxMWM3YzYyN2Y4YzMwZDYxOTI4ZjA0OGMzMTNlOTZlYzU5MDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoA5f7iMn0920JgLO3+lJ8e+05q72
a+QCu78tLrEh2pQPvYIbpyj3Jp3t5L2vPpo8TCO8j3pepkB/2L1SmoliJPcbrgDq
zn0PV/lfUrNhCgn/ONB0uxRKeRIQOt+4yIKYLJidl/iq17LbZ+HGQnNUsnuI8bTF
VPbVr18wBcnNBYoCck4BPO43leu7yUCQtIUzl40dxikDrIiVx6K7BIWXvIjqllNH
glscu/R6Z3kin5y3AWMAa32SwU+oz4Sb938Owh/Rk549+rUfByOtGWR6cyiCUloE
FzcX2L36CpNqH/ilwURpqpRljju/sfEgyiiAK4gyTg+cCnX9FjEe7CQJ8wIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFGLxHHxif4ww1hko8EjDE+luxZCSMB8GA1UdIwQY
MBaAFAbaHGsaZfej2X+b1158rDE1JG+lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnRvY2F4cGw5NlBaZjV2WFhueXNNVFVrYjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS82MmEzYjEtMTE3ZC00YjE3LTk2NjIt
NDVlYjczOGNiOWM4LzEvWXZFY2ZHSl9qRERXR1Nqd1NNTVQ2VzdGa0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS82MmEzYjEtMTE3ZC00YjE3LTk2NjItNDVlYjczOGNiOWM4
LzEvQnRvY2F4cGw5NlBaZjV2WFhueXNNVFVrYjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTA+BAIAATA4AwQCW8BkAwQC
W8k4AwQFsApgAwQCuSDcAwQCuVVsAwQCub2UAwQBucNEMAwDBADD4XUDBAPD4XAw
GwQCAAIwFQMFACoAvYADBQMqCl3AAwUDKgvugDANBgkqhkiG9w0BAQsFAAOCAQEA
gnNB3Ym3rkDRqNx03TeCqIKdNuTKcKK9sMM+Di53VuwkFW5ufNRUo7LFZ80HbreL
dxAOr1BEgVRlJTd2Q7Fxc7l59ovzOgy+J6wdxoSoaovwWpWaJwA0QYtN1/DpTHMP
nIVZk+mEjU1/nLtelNxkZV6sUAK7Rdlew3PnOi7+yAPs123yrVymiTk8YJVCiyzu
LWvyLT9YKQamM72y5ZMblBJ7Dz4wZDzxKop4h/qJ+ApjMjhSNnIwqoJKguJOZFqT
ulHoWDV+yvzWyqHBzrSF25IUt6xhJ7qczYJYAzac/lQaTQhIC2EJZQ4xs0M/RJrq
m48I4nERj0s4Qq4bZmEyEg==
-----END CERTIFICATE-----