Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/L-jmus2ZRsvjcgYiyV-fBU-ZtD8.roa
File:                     L-jmus2ZRsvjcgYiyV-fBU-ZtD8.roa (raw, json)
Hash identifier:          F0Yeqz+aN4+inu0+mJHLnBuSW2IOpfgN29OeO9xhCE8=
Subject key identifier:   2F:E8:E6:BA:CD:99:46:CB:E3:72:06:22:C9:5F:9F:05:4F:99:B4:3F
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018895F18091DA369E950AAF72779860C0CD
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/L-jmus2ZRsvjcgYiyV-fBU-ZtD8.roa
Signing time:             Wed 07 Jun 2023 13:00:12 +0000
ROA not before:           Wed 07 Jun 2023 13:00:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35913
IP address blocks:        45.140.221.0/24 maxlen: 24
                          45.140.220.0/24 maxlen: 24
                          185.242.225.0/24 maxlen: 24
                          185.186.67.0/24 maxlen: 24
                          185.234.74.0/24 maxlen: 24
                          185.234.75.0/24 maxlen: 24
                          185.227.71.0/24 maxlen: 24
                          193.105.177.0/24 maxlen: 24
                          178.218.145.0/24 maxlen: 24
                          194.56.224.0/24 maxlen: 24
                          194.56.225.0/24 maxlen: 24
                          45.90.145.0/24 maxlen: 24
                          45.90.146.0/24 maxlen: 24
                          85.202.162.0/24 maxlen: 24
                          77.83.241.0/24 maxlen: 24
                          77.83.243.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:95:f1:80:91:da:36:9e:95:0a:af:72:77:98:60:c0:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jun  7 13:00:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2fe8e6bacd9946cbe3720622c95f9f054f99b43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6c:15:b1:a5:f2:0a:57:c1:44:71:e9:a2:45:
                    e0:61:13:2a:79:eb:4d:f0:f7:d1:ec:07:e3:be:05:
                    e1:63:0d:e3:c7:a3:5e:81:6e:d7:4f:7a:c5:01:50:
                    d5:63:de:76:fc:bf:bc:f4:41:d7:d6:73:43:83:f3:
                    85:93:42:56:0a:96:92:50:d0:f1:38:8e:81:98:36:
                    df:58:e4:50:3b:4a:4f:1e:d6:c4:66:c9:80:ce:e8:
                    a1:31:94:43:6a:80:cb:a7:ec:19:22:07:8d:33:95:
                    74:1d:53:36:a9:1f:03:c7:f1:ef:59:e6:c3:f4:59:
                    b6:90:28:d6:f9:bf:8d:5b:e4:c2:93:85:3f:19:99:
                    c3:86:d4:f0:91:a4:36:59:e8:16:3e:4f:f3:ec:54:
                    c9:11:f7:33:ec:bf:b4:41:a2:c7:76:08:a4:a8:9d:
                    88:c4:63:52:61:f3:3a:aa:e2:32:b1:38:e8:80:10:
                    b0:c8:e3:c4:0c:53:ea:bf:1d:b8:89:fb:d3:82:60:
                    2f:e6:5c:14:eb:e2:30:2e:21:7a:af:36:a9:bf:2d:
                    3c:96:28:f1:04:88:4d:f1:dd:de:e4:f6:c2:15:a8:
                    93:8c:09:48:bd:94:07:99:85:c3:7c:8a:db:00:00:
                    0f:8a:34:a5:95:d2:ff:e8:30:dd:26:76:5c:21:40:
                    36:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E8:E6:BA:CD:99:46:CB:E3:72:06:22:C9:5F:9F:05:4F:99:B4:3F
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/L-jmus2ZRsvjcgYiyV-fBU-ZtD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.145.0-45.90.146.255
                  45.140.220.0/23
                  77.83.241.0/24
                  77.83.243.0/24
                  85.202.162.0/24
                  178.218.145.0/24
                  185.186.67.0/24
                  185.227.71.0/24
                  185.234.74.0/23
                  185.242.225.0/24
                  193.105.177.0/24
                  194.56.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:6d:6f:b8:27:72:be:48:cb:1d:7d:bc:1e:e5:3e:d6:23:55:
         db:58:63:b0:cf:67:3c:7e:75:94:33:87:1d:13:24:07:38:8e:
         c5:03:4e:be:2d:6d:8d:ab:45:e5:2c:b0:5a:1d:70:72:48:69:
         38:22:de:93:8b:d0:07:79:e0:f1:c2:6f:dd:f9:c9:fe:0f:1b:
         7a:3a:99:64:e7:ce:28:b5:24:52:70:e7:14:e3:e9:f8:7f:83:
         c6:db:17:fd:1c:2a:1e:71:db:13:e1:27:3a:54:7d:ba:fd:45:
         f8:b3:e4:20:2a:27:86:0c:52:5c:2e:8a:b4:5d:ab:0c:2e:b5:
         61:98:6e:47:f3:3d:d8:62:ce:d8:8a:ef:1e:47:03:2d:7b:d5:
         26:13:54:e1:30:ed:31:ca:d9:49:9d:01:4e:5e:a7:39:73:df:
         c6:4d:4c:4f:f6:55:6e:ea:fb:54:b6:40:d1:10:4c:56:d5:c0:
         df:97:eb:ad:fc:5f:b1:08:d5:59:6a:87:70:27:0a:db:57:df:
         80:53:e1:b7:0f:35:13:c6:ad:83:e0:a6:a0:dd:e6:92:84:22:
         0d:db:4e:74:67:b6:54:62:b6:18:2c:ab:d8:18:cf:f5:2a:9d:
         6e:09:ea:a0:36:3c:14:b4:f1:b0:a0:25:8e:f4:09:84:6b:94:
         0d:4e:c9:e3
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYiV8YCR2jaelQqvcneYYMDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjMwNjA3MTMwMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmU4ZTZiYWNkOTk0NmNiZTM3MjA2MjJjOTVmOWYwNTRmOTliNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGwVsaXyClfBRHHpokXgYRMqeetN
8PfR7AfjvgXhYw3jx6NegW7XT3rFAVDVY952/L+89EHX1nNDg/OFk0JWCpaSUNDx
OI6BmDbfWORQO0pPHtbEZsmAzuihMZRDaoDLp+wZIgeNM5V0HVM2qR8Dx/HvWebD
9Fm2kCjW+b+NW+TCk4U/GZnDhtTwkaQ2WegWPk/z7FTJEfcz7L+0QaLHdgikqJ2I
xGNSYfM6quIysTjogBCwyOPEDFPqvx24ifvTgmAv5lwU6+IwLiF6rzapvy08lijx
BIhN8d3e5PbCFaiTjAlIvZQHmYXDfIrbAAAPijSlldL/6DDdJnZcIUA2BQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFC/o5rrNmUbL43IGIslfnwVPmbQ/MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvTC1qbXVzMlpSc3ZqY2dZaXlWLWZCVS1adEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQMAwDBAAtWpED
BAAtWpIDBAEtjNwDBABNU/EDBABNU/MDBABVyqIDBACy2pEDBAC5ukMDBAC540cD
BAG56koDBAC58uEDBADBabEDBAHCOOAwDQYJKoZIhvcNAQELBQADggEBAD9tb7gn
cr5Iyx19vB7lPtYjVdtYY7DPZzx+dZQzhx0TJAc4jsUDTr4tbY2rReUssFodcHJI
aTgi3pOL0Ad54PHCb935yf4PG3o6mWTnzii1JFJw5xTj6fh/g8bbF/0cKh5x2xPh
JzpUfbr9Rfiz5CAqJ4YMUlwuirRdqwwutWGYbkfzPdhiztiK7x5HAy171SYTVOEw
7THK2UmdAU5epzlz38ZNTE/2VW7q+1S2QNEQTFbVwN+X6638X7EI1Vlqh3AnCttX
34BT4bcPNRPGrYPgpqDd5pKEIg3bTnRntlRithgsq9gYz/UqnW4J6qA2PBS08bCg
JY70CYRrlA1OyeM=
-----END CERTIFICATE-----