Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/2V3fK5oE_V9jCHwA4gorSrA_ZCk.roa
File:                     2V3fK5oE_V9jCHwA4gorSrA_ZCk.roa (raw, json)
Hash identifier:          xIDGxyvJDbTwyVSY7hAPwc1/AyMMuzkiIW7bcLXRKdU=
Subject key identifier:   D9:5D:DF:2B:9A:04:FD:5F:63:08:7C:00:E2:0A:2B:4A:B0:3F:64:29
Certificate issuer:       /CN=9d5138e1facf7b65dbb575fa7d47240c278b34df
Certificate serial:       01892147560A176CBA9192F33B541E8211D3
Authority key identifier: 9D:51:38:E1:FA:CF:7B:65:DB:B5:75:FA:7D:47:24:0C:27:8B:34:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nVE44frPe2XbtXX6fUckDCeLNN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/2V3fK5oE_V9jCHwA4gorSrA_ZCk.roa
Signing time:             Tue 04 Jul 2023 14:21:10 +0000
ROA not before:           Tue 04 Jul 2023 14:21:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51559
IP address blocks:        185.83.147.0/24 maxlen: 24
                          185.83.146.0/24 maxlen: 24
                          185.83.144.0/24 maxlen: 24
                          185.83.145.0/24 maxlen: 24
                          185.174.30.0/24 maxlen: 24
                          185.174.29.0/24 maxlen: 24
                          185.174.28.0/24 maxlen: 24
                          2a0b:8100:9::/48 maxlen: 48
                          2a0b:8100:4::/48 maxlen: 48
                          2a0b:8100:f::/48 maxlen: 48
                          2a0b:8100:a::/48 maxlen: 48
                          2a0b:8100:d::/48 maxlen: 48
                          2a0b:8100:8::/48 maxlen: 48
                          2a0b:8100:3::/48 maxlen: 48
                          2a0b:8100:e::/48 maxlen: 48
                          2a0b:8100:1::/48 maxlen: 48
                          2a0b:8100:c::/48 maxlen: 48
                          2a0b:8100:7::/48 maxlen: 48
                          2a0b:8100:2::/48 maxlen: 48
                          2a0b:8100:5::/48 maxlen: 48
                          2a0b:8100::/48 maxlen: 48
                          2a0b:8100:b::/48 maxlen: 48
                          2a0b:8100:6::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:21:47:56:0a:17:6c:ba:91:92:f3:3b:54:1e:82:11:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5138e1facf7b65dbb575fa7d47240c278b34df
        Validity
            Not Before: Jul  4 14:21:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d95ddf2b9a04fd5f63087c00e20a2b4ab03f6429
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:06:b3:cd:86:65:fc:4d:37:b0:75:70:3b:05:
                    07:30:b7:04:80:ae:7f:20:e0:d8:b3:dd:d4:61:ba:
                    12:54:05:a8:d8:75:e3:47:5d:14:30:d4:d8:28:5f:
                    de:96:34:90:f1:41:1b:5f:c7:24:99:a9:0e:10:e7:
                    f4:94:b8:a2:54:fa:09:16:af:d8:95:ac:51:d4:70:
                    4b:ad:bf:14:b4:d2:df:f9:7f:14:2f:c7:90:32:03:
                    c6:d0:c5:96:97:91:8d:65:55:a9:11:e6:fc:46:7d:
                    97:b6:97:a0:b4:29:eb:39:a8:7c:85:72:f1:14:d6:
                    d6:83:e8:f2:44:5b:87:79:41:01:ad:ab:1b:8d:53:
                    99:ff:44:17:b9:d4:26:a5:a7:cc:8c:de:54:a3:e3:
                    0a:e5:75:8f:4d:eb:71:bb:49:b0:81:80:c8:22:e5:
                    71:70:22:4e:f8:b7:f3:f0:66:6c:9d:c7:8b:62:4c:
                    95:53:f0:d3:5e:c2:ee:f4:ab:62:f0:13:82:8c:79:
                    29:05:1d:1f:04:13:91:24:19:5f:cb:fd:7b:1c:4b:
                    11:e9:0a:23:e7:73:9e:f7:8a:8f:60:0e:07:78:c8:
                    54:7a:59:d0:47:4b:e6:25:4a:43:1a:e3:63:14:ff:
                    45:4b:93:e4:b5:67:c5:2a:43:dc:b5:97:5c:2c:19:
                    1f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:5D:DF:2B:9A:04:FD:5F:63:08:7C:00:E2:0A:2B:4A:B0:3F:64:29
            X509v3 Authority Key Identifier:
                keyid:9D:51:38:E1:FA:CF:7B:65:DB:B5:75:FA:7D:47:24:0C:27:8B:34:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nVE44frPe2XbtXX6fUckDCeLNN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/2V3fK5oE_V9jCHwA4gorSrA_ZCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/nVE44frPe2XbtXX6fUckDCeLNN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.144.0/22
                  185.174.28.0-185.174.30.255
                IPv6:
                  2a0b:8100::/44

    Signature Algorithm: sha256WithRSAEncryption
         40:e7:02:fb:a2:8f:cd:c1:ad:cc:7a:b5:fc:3f:2b:cf:44:f0:
         d9:85:98:34:ea:b6:5a:59:59:d9:81:bb:38:14:e6:00:53:d4:
         cc:0c:a2:e5:1a:c2:11:36:bf:96:a3:3d:d6:40:ba:47:19:d8:
         d0:eb:75:08:4b:10:74:94:98:45:9c:da:7d:ae:9f:6b:95:41:
         21:6b:68:9c:7d:cd:d1:60:6c:52:55:f5:35:a1:d4:f8:cf:89:
         cc:21:56:26:14:1b:60:b3:fd:bf:fe:f8:41:ac:e9:99:a5:af:
         b1:54:10:7e:49:13:c5:54:06:05:08:ce:22:ea:9f:32:d9:56:
         2c:94:3a:67:5d:15:b2:22:36:8b:ed:85:97:1b:1b:93:48:5b:
         07:f0:00:fb:7e:09:b0:c8:15:2a:8a:64:d6:40:bc:fc:5e:8a:
         3d:51:ac:35:61:f8:fe:09:fa:b4:17:7e:a4:ca:99:b8:6c:51:
         aa:c4:1c:7e:83:2a:20:be:38:1f:f4:e1:2a:65:ab:2a:1c:0d:
         38:12:cf:d1:fc:58:9a:a9:ce:33:66:f8:f5:d8:8a:65:99:58:
         67:c8:fe:07:0e:a8:66:54:93:3d:f8:44:42:be:73:82:76:14:
         ae:03:6f:56:2c:39:9f:eb:06:4b:aa:9d:0c:e4:ed:d8:ff:f5:
         91:a1:5f:a1
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYkhR1YKF2y6kZLzO1QeghHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNTEzOGUxZmFjZjdiNjVkYmI1NzVmYTdkNDcyNDBjMjc4
YjM0ZGYwHhcNMjMwNzA0MTQyMTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTVkZGYyYjlhMDRmZDVmNjMwODdjMDBlMjBhMmI0YWIwM2Y2NDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgazzYZl/E03sHVwOwUHMLcEgK5/
IODYs93UYboSVAWo2HXjR10UMNTYKF/eljSQ8UEbX8ckmakOEOf0lLiiVPoJFq/Y
laxR1HBLrb8UtNLf+X8UL8eQMgPG0MWWl5GNZVWpEeb8Rn2XtpegtCnrOah8hXLx
FNbWg+jyRFuHeUEBrasbjVOZ/0QXudQmpafMjN5Uo+MK5XWPTetxu0mwgYDIIuVx
cCJO+Lfz8GZsnceLYkyVU/DTXsLu9Kti8BOCjHkpBR0fBBORJBlfy/17HEsR6Qoj
53Oe94qPYA4HeMhUelnQR0vmJUpDGuNjFP9FS5PktWfFKkPctZdcLBkfmQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFNld3yuaBP1fYwh8AOIKK0qwP2QpMB8GA1UdIwQY
MBaAFJ1ROOH6z3tl27V1+n1HJAwnizTfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblZFNDRmclBlMlhidFhYNmZVY2tEQ2VMTk44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDAxZmYtODMyMy00Yjg5LWJlM2Qt
YzJlZmViM2IzMmE1LzEvMlYzZks1b0VfVjlqQ0h3QTRnb3JTckFfWkNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDAxZmYtODMyMy00Yjg5LWJlM2QtYzJlZmViM2IzMmE1
LzEvblZFNDRmclBlMlhidFhYNmZVY2tEQ2VMTk44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUAwQCuVOQMAwD
BAK5rhwDBAC5rh4wDwQCAAIwCQMHBCoLgQAAADANBgkqhkiG9w0BAQsFAAOCAQEA
QOcC+6KPzcGtzHq1/D8rz0Tw2YWYNOq2WllZ2YG7OBTmAFPUzAyi5RrCETa/lqM9
1kC6RxnY0Ot1CEsQdJSYRZzafa6fa5VBIWtonH3N0WBsUlX1NaHU+M+JzCFWJhQb
YLP9v/74QazpmaWvsVQQfkkTxVQGBQjOIuqfMtlWLJQ6Z10VsiI2i+2Flxsbk0hb
B/AA+34JsMgVKopk1kC8/F6KPVGsNWH4/gn6tBd+pMqZuGxRqsQcfoMqIL44H/Th
KmWrKhwNOBLP0fxYmqnOM2b49diKZZlYZ8j+Bw6oZlSTPfhEQr5zgnYUrgNvViw5
n+sGS6qdDOTt2P/1kaFfoQ==
-----END CERTIFICATE-----