Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/HMaSdj0HfJL4NS7-wZ2aaFmajBQ.roa
File:                     HMaSdj0HfJL4NS7-wZ2aaFmajBQ.roa (raw, json)
Hash identifier:          FFj6AGpePB7kvaJ8KZPdghCP/gfF1rQ3wRvdbQq8QjM=
Subject key identifier:   1C:C6:92:76:3D:07:7C:92:F8:35:2E:FE:C1:9D:9A:68:59:9A:8C:14
Certificate issuer:       /CN=9d5138e1facf7b65dbb575fa7d47240c278b34df
Certificate serial:       01857039841CC9BB2C5D51930598A3489797
Authority key identifier: 9D:51:38:E1:FA:CF:7B:65:DB:B5:75:FA:7D:47:24:0C:27:8B:34:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nVE44frPe2XbtXX6fUckDCeLNN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/HMaSdj0HfJL4NS7-wZ2aaFmajBQ.roa
Signing time:             Mon 02 Jan 2023 02:04:55 +0000
ROA not before:           Mon 02 Jan 2023 02:04:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51559
IP address blocks:        185.83.147.0/24 maxlen: 24
                          185.83.146.0/24 maxlen: 24
                          185.83.144.0/24 maxlen: 24
                          185.83.145.0/24 maxlen: 24
                          185.174.30.0/24 maxlen: 24
                          185.174.29.0/24 maxlen: 24
                          185.174.28.0/24 maxlen: 24
                          2a0b:8100:9::/48 maxlen: 48
                          2a0b:8100:4::/48 maxlen: 48
                          2a0b:8100:f::/48 maxlen: 48
                          2a0b:8100:a::/48 maxlen: 48
                          2a0b:8100:d::/48 maxlen: 48
                          2a0b:8100:8::/48 maxlen: 48
                          2a0b:8100:3::/48 maxlen: 48
                          2a0b:8100:e::/48 maxlen: 48
                          2a0b:8100:1::/48 maxlen: 48
                          2a0b:8100:c::/48 maxlen: 48
                          2a0b:8100:7::/48 maxlen: 48
                          2a0b:8100::/29 maxlen: 29
                          2a0b:8100:2::/48 maxlen: 48
                          2a0b:8100:5::/48 maxlen: 48
                          2a0b:8100::/48 maxlen: 48
                          2a0b:8100:b::/48 maxlen: 48
                          2a0b:8100:6::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:39:84:1c:c9:bb:2c:5d:51:93:05:98:a3:48:97:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5138e1facf7b65dbb575fa7d47240c278b34df
        Validity
            Not Before: Jan  2 02:04:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1cc692763d077c92f8352efec19d9a68599a8c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8f:29:5c:60:2e:fc:22:d1:e2:70:a2:1b:30:
                    4d:44:6c:f2:fa:52:39:0f:f6:eb:7a:25:e1:76:75:
                    5e:ad:09:e9:ba:ed:e4:79:9c:3d:ca:af:c0:fd:fb:
                    37:58:7c:bd:4b:71:02:7d:44:3b:40:94:e0:fc:97:
                    fa:77:82:9e:c7:3b:0e:61:51:8d:75:06:8f:78:02:
                    42:93:8f:50:e5:d2:28:f4:bf:cc:e2:47:45:88:f2:
                    23:47:31:a1:9b:9f:ae:18:17:fa:03:bd:ac:11:96:
                    1f:9f:8a:a2:66:87:a9:cb:94:af:ae:04:03:c1:25:
                    3b:f2:99:29:5c:a1:90:25:9c:77:42:59:ae:c0:c7:
                    6c:6d:ba:83:d7:06:46:fd:0f:c1:b6:b3:0b:9a:ae:
                    fc:a1:0c:25:b2:06:2e:91:68:5e:81:7b:1d:0f:45:
                    b2:c7:4d:c6:d4:5a:c7:2b:76:7c:61:b4:cd:9d:c0:
                    21:cb:cd:18:92:50:c0:90:10:b7:fe:aa:6f:7f:b7:
                    29:86:3d:d4:e7:e1:cb:3d:35:05:b4:a6:fd:9b:bb:
                    ea:7b:06:e9:4d:d7:67:fc:9e:24:2e:00:1d:9c:27:
                    28:21:b5:f4:dd:62:2d:36:f6:e8:17:e1:77:44:e5:
                    16:62:17:2d:19:58:7b:77:c5:ec:eb:4f:78:b2:0c:
                    67:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:C6:92:76:3D:07:7C:92:F8:35:2E:FE:C1:9D:9A:68:59:9A:8C:14
            X509v3 Authority Key Identifier:
                keyid:9D:51:38:E1:FA:CF:7B:65:DB:B5:75:FA:7D:47:24:0C:27:8B:34:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nVE44frPe2XbtXX6fUckDCeLNN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/HMaSdj0HfJL4NS7-wZ2aaFmajBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d001ff-8323-4b89-be3d-c2efeb3b32a5/1/nVE44frPe2XbtXX6fUckDCeLNN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.144.0/22
                  185.174.28.0-185.174.30.255
                IPv6:
                  2a0b:8100::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:d4:75:e8:5e:8e:29:37:6e:a6:ef:99:12:f3:23:c5:cd:3e:
         1e:31:33:fa:2a:47:9d:87:03:bb:c1:41:37:b1:34:6d:ea:19:
         b4:2a:a1:2a:e9:7e:de:4b:c2:09:8a:dc:a9:dd:ab:5a:05:03:
         f2:35:82:4e:bc:df:68:13:20:68:a7:a0:47:7c:c6:80:20:4a:
         1a:b9:ce:03:48:da:ab:b5:87:1d:a1:78:d5:cb:0d:8f:46:b4:
         84:5a:10:5f:a0:f3:46:98:29:02:45:06:9d:bc:e4:c4:83:6d:
         cc:c5:7b:3b:4d:12:61:05:f8:6d:7d:fa:35:0e:1e:3b:d9:e6:
         44:cb:53:eb:91:45:74:02:d0:57:18:9b:31:6c:56:db:66:af:
         00:8d:15:37:61:82:cb:33:a1:2c:bc:51:15:1d:34:10:89:97:
         c8:a3:72:51:f8:be:9b:ec:52:ec:e8:03:08:5b:c8:ae:69:aa:
         15:0b:ac:e1:86:a0:4b:71:bf:65:a8:54:5f:c9:8b:85:a5:34:
         f3:76:90:b8:02:3a:b2:46:1f:38:ec:0d:d9:04:ec:85:3e:dd:
         ea:cb:31:6b:04:8e:07:32:c6:ea:53:9b:e5:50:68:13:51:e0:
         84:1b:ed:23:9f:ca:f8:53:1d:d1:aa:9c:93:16:be:77:c0:87:
         90:14:ac:11
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYVwOYQcybssXVGTBZijSJeXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNTEzOGUxZmFjZjdiNjVkYmI1NzVmYTdkNDcyNDBjMjc4
YjM0ZGYwHhcNMjMwMTAyMDIwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2M2OTI3NjNkMDc3YzkyZjgzNTJlZmVjMTlkOWE2ODU5OWE4YzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj48pXGAu/CLR4nCiGzBNRGzy+lI5
D/breiXhdnVerQnpuu3keZw9yq/A/fs3WHy9S3ECfUQ7QJTg/Jf6d4KexzsOYVGN
dQaPeAJCk49Q5dIo9L/M4kdFiPIjRzGhm5+uGBf6A72sEZYfn4qiZoepy5SvrgQD
wSU78pkpXKGQJZx3QlmuwMdsbbqD1wZG/Q/BtrMLmq78oQwlsgYukWhegXsdD0Wy
x03G1FrHK3Z8YbTNncAhy80YklDAkBC3/qpvf7cphj3U5+HLPTUFtKb9m7vqewbp
Tddn/J4kLgAdnCcoIbX03WItNvboF+F3ROUWYhctGVh7d8Xs6094sgxnlQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFBzGknY9B3yS+DUu/sGdmmhZmowUMB8GA1UdIwQY
MBaAFJ1ROOH6z3tl27V1+n1HJAwnizTfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblZFNDRmclBlMlhidFhYNmZVY2tEQ2VMTk44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDAxZmYtODMyMy00Yjg5LWJlM2Qt
YzJlZmViM2IzMmE1LzEvSE1hU2RqMEhmSkw0TlM3LXdaMmFhRm1hakJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDAxZmYtODMyMy00Yjg5LWJlM2QtYzJlZmViM2IzMmE1
LzEvblZFNDRmclBlMlhidFhYNmZVY2tEQ2VMTk44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQCuVOQMAwD
BAK5rhwDBAC5rh4wDQQCAAIwBwMFAyoLgQAwDQYJKoZIhvcNAQELBQADggEBABHU
dehejik3bqbvmRLzI8XNPh4xM/oqR52HA7vBQTexNG3qGbQqoSrpft5LwgmK3Knd
q1oFA/I1gk6832gTIGinoEd8xoAgShq5zgNI2qu1hx2heNXLDY9GtIRaEF+g80aY
KQJFBp285MSDbczFeztNEmEF+G19+jUOHjvZ5kTLU+uRRXQC0FcYmzFsVttmrwCN
FTdhgsszoSy8URUdNBCJl8ijclH4vpvsUuzoAwhbyK5pqhULrOGGoEtxv2WoVF/J
i4WlNPN2kLgCOrJGHzjsDdkE7IU+3erLMWsEjgcyxupTm+VQaBNR4IQb7SOfyvhT
HdGqnJMWvnfAh5AUrBE=
-----END CERTIFICATE-----