Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/iy41oDhAFGJZRsJag2UNzSv6yi8.roa
File:                     iy41oDhAFGJZRsJag2UNzSv6yi8.roa (raw, json)
Hash identifier:          e2rmwO+MEkae/l4wRwhGhKnsfvlvZhFJi2sALuQmviM=
Subject key identifier:   8B:2E:35:A0:38:40:14:62:59:46:C2:5A:83:65:0D:CD:2B:FA:CA:2F
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018B04EB2F3765C1A3C7437FF36BC114AFCD
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/iy41oDhAFGJZRsJag2UNzSv6yi8.roa
Signing time:             Fri 06 Oct 2023 12:16:43 +0000
ROA not before:           Fri 06 Oct 2023 12:16:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        45.94.171.0/24 maxlen: 24
                          2.56.109.0/24 maxlen: 24
                          2.56.110.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          45.144.213.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          45.138.183.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:04:eb:2f:37:65:c1:a3:c7:43:7f:f3:6b:c1:14:af:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct  6 12:16:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b2e35a0384014625946c25a83650dcd2bfaca2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:6f:5d:80:d7:4e:2b:fa:6e:6d:e7:e9:a7:75:
                    47:e5:8f:10:0e:52:a2:4c:d7:59:a9:ae:98:c8:e4:
                    9d:74:85:aa:41:8b:38:a8:39:98:aa:f5:75:dd:e3:
                    83:5a:bc:1a:d9:75:0f:27:19:22:c8:43:21:2d:1f:
                    7b:c3:b8:dc:a4:86:e2:38:02:8c:ed:24:de:ff:04:
                    f7:f9:bb:64:c5:aa:c9:28:8e:d4:ff:34:40:b7:d8:
                    e4:fa:0c:7b:d2:69:75:39:e5:30:95:32:5d:50:a6:
                    5e:10:74:7b:c9:47:0f:58:1c:15:c5:1e:10:7a:70:
                    41:28:57:a0:38:26:72:45:e4:a9:79:8e:94:fb:e7:
                    b3:4f:b2:f8:17:f9:a3:45:47:8f:87:b7:2e:5d:b0:
                    8a:48:16:6e:85:65:31:01:8a:cb:d3:fd:47:ef:7e:
                    97:21:7b:1d:ba:b6:0a:7a:27:5e:7a:aa:c5:b4:01:
                    19:b5:a1:8b:2f:35:c2:fd:70:f2:e0:ed:65:8f:81:
                    17:51:08:94:fd:ef:28:c5:69:26:df:2b:b7:d9:fb:
                    10:90:d5:e3:8e:a3:91:d1:11:53:70:44:88:71:bd:
                    da:b6:7f:e2:fc:f2:80:1a:17:e7:ce:cd:d9:79:91:
                    8c:c6:45:2c:47:ab:cd:e2:03:00:82:74:68:d9:cf:
                    09:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:2E:35:A0:38:40:14:62:59:46:C2:5A:83:65:0D:CD:2B:FA:CA:2F
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/iy41oDhAFGJZRsJag2UNzSv6yi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.109.0-2.56.110.255
                  45.81.113.0/24
                  45.81.115.0/24
                  45.88.139.0/24
                  45.94.171.0/24
                  45.138.183.0/24
                  45.144.213.0/24
                  77.83.39.0/24
                  85.209.120.0/23
                  193.57.41.0/24
                  195.62.24.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:4c:ee:37:bd:99:c9:99:83:0d:ec:aa:29:32:9f:83:49:6d:
         05:be:c7:09:f8:ac:bb:35:9b:c3:e1:7a:c7:21:ae:df:04:88:
         27:7e:75:bd:18:e4:48:d9:dc:a2:99:9a:35:98:e2:16:11:5f:
         8a:f1:7d:af:4e:e5:d4:d8:8b:c4:38:cc:5e:df:66:08:6c:63:
         1f:c8:78:30:05:bb:2a:5e:b5:00:ee:93:6b:af:1f:a5:d1:1e:
         b8:60:4b:b1:70:26:fa:e2:c4:15:5c:d9:10:09:e2:ce:76:57:
         f7:3c:6e:ab:40:20:f1:be:a6:65:27:b8:84:53:67:03:20:00:
         d2:a2:8c:9c:c3:be:c7:68:bf:d4:0e:ee:05:b6:b3:99:45:74:
         62:0b:3d:58:f0:b5:28:6b:1f:46:96:6a:8d:35:5e:4f:8a:2c:
         d4:62:6f:f7:ea:3f:8e:95:ec:de:3e:2a:dc:9e:1d:0d:65:55:
         a8:4c:fa:f4:a0:68:15:c3:34:2b:46:ed:34:dc:17:be:cc:7f:
         9a:08:4a:96:36:4e:fe:d9:15:41:92:3b:1e:bc:65:31:38:fe:
         73:5b:5b:87:7d:be:a1:1b:a0:60:9d:63:3d:b6:0b:cf:02:9e:
         9e:7b:0a:cf:1d:40:ee:c0:0f:d8:f2:34:0a:04:ba:41:c2:b3:
         09:bb:3d:15
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYsE6y83ZcGjx0N/82vBFK/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMDA2MTIxNjQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjJlMzVhMDM4NDAxNDYyNTk0NmMyNWE4MzY1MGRjZDJiZmFjYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgG9dgNdOK/pubefpp3VH5Y8QDlKi
TNdZqa6YyOSddIWqQYs4qDmYqvV13eODWrwa2XUPJxkiyEMhLR97w7jcpIbiOAKM
7STe/wT3+btkxarJKI7U/zRAt9jk+gx70ml1OeUwlTJdUKZeEHR7yUcPWBwVxR4Q
enBBKFegOCZyReSpeY6U++ezT7L4F/mjRUePh7cuXbCKSBZuhWUxAYrL0/1H736X
IXsdurYKeideeqrFtAEZtaGLLzXC/XDy4O1lj4EXUQiU/e8oxWkm3yu32fsQkNXj
jqOR0RFTcESIcb3atn/i/PKAGhfnzs3ZeZGMxkUsR6vN4gMAgnRo2c8JCQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFIsuNaA4QBRiWUbCWoNlDc0r+sovMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvaXk0MW9EaEFGR0paUnNKYWcyVU56U3Y2eWk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQMAwDBAACOG0D
BAACOG4DBAAtUXEDBAAtUXMDBAAtWIsDBAAtXqsDBAAtircDBAAtkNUDBABNUycD
BAFV0XgDBADBOSkDBADDPhgDBADDsV8wDQYJKoZIhvcNAQELBQADggEBAK1M7je9
mcmZgw3sqikyn4NJbQW+xwn4rLs1m8Pheschrt8EiCd+db0Y5EjZ3KKZmjWY4hYR
X4rxfa9O5dTYi8Q4zF7fZghsYx/IeDAFuypetQDuk2uvH6XRHrhgS7FwJvrixBVc
2RAJ4s52V/c8bqtAIPG+pmUnuIRTZwMgANKijJzDvsdov9QO7gW2s5lFdGILPVjw
tShrH0aWao01Xk+KLNRib/fqP46V7N4+KtyeHQ1lVahM+vSgaBXDNCtG7TTcF77M
f5oISpY2Tv7ZFUGSOx68ZTE4/nNbW4d9vqEboGCdYz22C88Cnp57Cs8dQO7AD9jy
NAoEukHCswm7PRU=