Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/4zjQ9g79KjaztK3Lnl6TVI48Vqw.roa
File:                     4zjQ9g79KjaztK3Lnl6TVI48Vqw.roa (raw, json)
Hash identifier:          PjdoypFmO8hXrmIMUd2eHQOiUVIaILRTuvDR6TUEat0=
Subject key identifier:   E3:38:D0:F6:0E:FD:2A:36:B3:B4:AD:CB:9E:5E:93:54:8E:3C:56:AC
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       018AD079CAA3A0DD3EF1A342FBDD7256EEB2
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/4zjQ9g79KjaztK3Lnl6TVI48Vqw.roa
Signing time:             Tue 26 Sep 2023 07:52:37 +0000
ROA not before:           Tue 26 Sep 2023 07:52:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207137
IP address blocks:        2a13:240:5::/48 maxlen: 48
                          2a13:240:4700::/40 maxlen: 40
                          2a13:240:4600::/40 maxlen: 40
                          2a13:240:4500::/40 maxlen: 40
                          2a13:240:4400::/40 maxlen: 40
                          2a13:240:4300::/40 maxlen: 40
                          2a13:240:4200::/40 maxlen: 40
                          2a13:240::/48 maxlen: 48
                          2a13:240:9::/48 maxlen: 48
                          2a13:240:4::/48 maxlen: 48
                          2a13:240:2::/48 maxlen: 48
                          2a13:240:8::/48 maxlen: 48
                          2a13:240:3::/48 maxlen: 48
                          2a13:240:6::/48 maxlen: 48
                          2a13:240:1::/48 maxlen: 48
                          2a13:240:7::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d0:79:ca:a3:a0:dd:3e:f1:a3:42:fb:dd:72:56:ee:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: Sep 26 07:52:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e338d0f60efd2a36b3b4adcb9e5e93548e3c56ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:40:4f:1a:37:63:e8:cb:c4:04:c4:60:05:9a:
                    86:be:36:d0:73:1e:7b:98:1d:64:a2:8a:2b:82:54:
                    e2:5f:ed:d6:1e:58:7e:ae:2a:95:37:02:2b:3b:8a:
                    0e:d9:e5:3a:75:2d:ab:24:ab:0c:83:91:01:33:ac:
                    42:58:20:9c:d6:73:fc:d7:c5:dd:77:1d:65:07:a1:
                    c6:e3:ec:d5:f0:07:b4:5a:2b:0d:41:28:4b:f1:36:
                    69:6f:02:93:9e:9f:2c:df:0f:8e:71:e0:ca:10:ec:
                    b8:31:25:22:15:70:6f:8b:ec:48:3f:8b:bd:b7:38:
                    10:60:66:3e:8b:09:30:3b:b4:79:9c:ae:8c:2f:30:
                    bb:17:8d:3d:43:1d:15:b3:c5:55:50:6c:9d:8d:34:
                    d8:84:50:4d:72:e7:ab:6d:7e:26:4f:0f:18:da:5d:
                    54:f6:6e:5a:0b:94:9f:09:34:7b:1a:84:25:b5:2a:
                    d2:5b:87:6e:f8:82:13:52:47:de:f3:a3:2f:29:d5:
                    a5:d6:ef:79:be:d8:28:03:68:f6:b0:a5:88:cd:fd:
                    33:db:c9:2a:f0:31:da:e5:3b:b7:6c:ca:e3:9d:df:
                    ba:0b:18:f5:25:f1:dc:26:73:c3:21:dc:aa:bf:26:
                    fe:fb:2f:b2:c6:fb:27:9c:e2:75:b2:02:c1:98:59:
                    06:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:38:D0:F6:0E:FD:2A:36:B3:B4:AD:CB:9E:5E:93:54:8E:3C:56:AC
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/4zjQ9g79KjaztK3Lnl6TVI48Vqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:240::-2a13:240:9:ffff:ffff:ffff:ffff:ffff
                  2a13:240:4200::-2a13:240:47ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         4d:f0:db:cd:09:40:96:5b:93:d5:8a:73:b2:9c:3b:ba:60:59:
         34:75:69:d4:52:40:de:fb:da:8b:cc:c9:a9:80:39:e2:37:e8:
         9a:43:0e:0e:19:21:24:52:b3:48:ed:c8:9a:4a:3d:14:61:99:
         09:cc:66:da:aa:77:d5:01:f0:0f:a9:a8:f4:f1:18:23:ad:59:
         95:7f:e5:5e:44:e6:52:63:13:f5:81:b0:a6:89:30:fd:bf:37:
         49:55:75:e2:8a:e2:6b:f6:1c:4c:77:77:e6:0c:3c:82:21:f8:
         a6:bc:c2:d1:fd:5a:52:cc:a4:70:9d:77:46:7c:21:ad:6d:a5:
         5c:2d:f0:cb:ae:a8:6a:e7:3c:9f:5e:3d:57:92:76:e6:1e:c5:
         bd:5b:e2:f8:d8:5c:3b:e0:97:48:f0:42:ad:5b:bc:6c:28:a8:
         1d:c6:23:60:8e:53:07:df:c9:72:34:b6:89:4c:c1:21:36:fe:
         29:bb:81:3f:80:c5:a0:e2:09:ed:c1:83:f9:6e:88:f1:7d:77:
         48:0c:ad:f1:6b:17:1b:ae:d9:43:35:61:61:47:d2:58:59:19:
         8e:d5:5d:5f:33:77:9d:2f:62:3d:29:1e:57:51:25:77:6d:bb:
         4d:3d:84:1c:d0:cd:4d:1e:b7:b8:24:d2:0e:83:5b:e2:6f:98:
         26:39:76:8c
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYrQecqjoN0+8aNC+91yVu6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjMwOTI2MDc1MjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzM4ZDBmNjBlZmQyYTM2YjNiNGFkY2I5ZTVlOTM1NDhlM2M1NmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0BPGjdj6MvEBMRgBZqGvjbQcx57
mB1kooorglTiX+3WHlh+riqVNwIrO4oO2eU6dS2rJKsMg5EBM6xCWCCc1nP818Xd
dx1lB6HG4+zV8Ae0WisNQShL8TZpbwKTnp8s3w+OceDKEOy4MSUiFXBvi+xIP4u9
tzgQYGY+iwkwO7R5nK6MLzC7F409Qx0Vs8VVUGydjTTYhFBNcuerbX4mTw8Y2l1U
9m5aC5SfCTR7GoQltSrSW4du+IITUkfe86MvKdWl1u95vtgoA2j2sKWIzf0z28kq
8DHa5Tu3bMrjnd+6Cxj1JfHcJnPDIdyqvyb++y+yxvsnnOJ1sgLBmFkGvwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFOM40PYO/So2s7Sty55ek1SOPFasMB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvNHpqUTlnNzlLamF6dEszTG5sNlRWSTQ4VnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkMBADBQYqEwJA
AwcBKhMCQAAIMBADBgEqEwJAQgMGAyoTAkBAMA0GCSqGSIb3DQEBCwUAA4IBAQBN
8NvNCUCWW5PVinOynDu6YFk0dWnUUkDe+9qLzMmpgDniN+iaQw4OGSEkUrNI7cia
Sj0UYZkJzGbaqnfVAfAPqaj08RgjrVmVf+VeROZSYxP1gbCmiTD9vzdJVXXiiuJr
9hxMd3fmDDyCIfimvMLR/VpSzKRwnXdGfCGtbaVcLfDLrqhq5zyfXj1XknbmHsW9
W+L42Fw74JdI8EKtW7xsKKgdxiNgjlMH38lyNLaJTMEhNv4pu4E/gMWg4gntwYP5
bojxfXdIDK3xaxcbrtlDNWFhR9JYWRmO1V1fM3edL2I9KR5XUSV3bbtNPYQc0M1N
Hre4JNIOg1vib5gmOXaM
-----END CERTIFICATE-----