Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Q9UyJ3OOudr_7T2Gw3QEXFbAHWc.roa
File:                     Q9UyJ3OOudr_7T2Gw3QEXFbAHWc.roa (raw, json)
Hash identifier:          j3yocUKzi1u7M96cQhideGGm7BofG3UafLsv/vr1rYI=
Subject key identifier:   43:D5:32:27:73:8E:B9:DA:FF:ED:3D:86:C3:74:04:5C:56:C0:1D:67
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       0187F1E6278F21A1961DA7570B94CADF6733
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Q9UyJ3OOudr_7T2Gw3QEXFbAHWc.roa
Signing time:             Sat 06 May 2023 16:30:05 +0000
ROA not before:           Sat 06 May 2023 16:30:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35913
IP address blocks:        45.140.221.0/24 maxlen: 24
                          45.140.220.0/24 maxlen: 24
                          185.242.225.0/24 maxlen: 24
                          185.186.67.0/24 maxlen: 24
                          185.234.74.0/24 maxlen: 24
                          185.234.75.0/24 maxlen: 24
                          185.227.71.0/24 maxlen: 24
                          193.105.177.0/24 maxlen: 24
                          178.218.145.0/24 maxlen: 24
                          194.56.224.0/24 maxlen: 24
                          194.56.225.0/24 maxlen: 24
                          45.90.145.0/24 maxlen: 24
                          45.90.146.0/24 maxlen: 24
                          85.202.162.0/24 maxlen: 24
                          77.83.241.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f1:e6:27:8f:21:a1:96:1d:a7:57:0b:94:ca:df:67:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: May  6 16:30:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=43d53227738eb9daffed3d86c374045c56c01d67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:97:ba:3d:65:c1:0b:a7:79:f3:07:d5:77:7d:
                    1d:c3:ae:44:2b:3d:d3:f5:3e:63:9c:d8:a7:56:d5:
                    34:63:99:47:e6:b3:06:05:00:e3:c6:91:72:8f:d6:
                    2a:95:c6:36:d1:86:af:ae:0b:12:b6:c3:e4:f0:be:
                    46:d9:2b:b2:6b:09:89:29:f9:a2:2f:50:93:53:dc:
                    e3:7b:58:aa:91:99:b9:eb:a4:92:42:0a:3c:af:d1:
                    af:3e:3a:03:af:b6:07:6f:0c:7e:5b:5c:02:98:33:
                    91:78:f7:f5:10:90:c4:78:46:b6:67:4f:ef:e7:7a:
                    31:87:dd:62:1d:85:e0:f2:02:24:77:b7:20:fb:09:
                    e0:ba:e9:8d:0c:2f:3e:e5:98:1b:95:88:87:bd:1c:
                    6b:7d:28:1c:b9:d4:fa:45:b4:c1:bb:11:9d:4a:62:
                    e2:de:22:96:dc:fc:b8:6d:7d:17:a8:e6:fe:bd:7f:
                    d8:6a:59:9e:6d:c4:53:ba:94:a7:7c:95:9b:cb:2f:
                    2f:a6:95:dc:17:78:d3:fa:d3:00:1b:b6:63:37:45:
                    5e:36:a9:49:76:ea:31:70:5e:f9:07:d9:fa:10:75:
                    d6:ed:27:eb:c4:c2:d6:27:a8:99:cf:94:08:6f:f4:
                    cd:d5:34:ba:85:d6:b6:c5:c2:40:66:e5:52:3c:66:
                    11:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:D5:32:27:73:8E:B9:DA:FF:ED:3D:86:C3:74:04:5C:56:C0:1D:67
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Q9UyJ3OOudr_7T2Gw3QEXFbAHWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.145.0-45.90.146.255
                  45.140.220.0/23
                  77.83.241.0/24
                  85.202.162.0/24
                  178.218.145.0/24
                  185.186.67.0/24
                  185.227.71.0/24
                  185.234.74.0/23
                  185.242.225.0/24
                  193.105.177.0/24
                  194.56.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:59:16:c1:9d:51:e3:fe:f4:24:e8:be:dd:e9:46:f3:17:c7:
         24:65:6b:af:76:fa:09:a9:4d:04:c5:07:39:51:ce:e9:ae:3d:
         4a:f8:a0:a6:13:cb:46:a6:c7:cc:df:5a:38:00:12:10:1d:a3:
         a9:00:c8:6b:b4:64:39:66:96:b3:5b:6b:8d:4d:15:b0:20:5a:
         57:cb:55:c1:f1:95:e5:4a:78:e0:cf:00:24:e1:d8:fa:27:bf:
         a5:e6:41:e7:28:58:0c:8e:8c:ae:8a:10:a8:af:96:08:a7:42:
         63:b8:a5:b0:3f:80:44:7a:70:e6:7b:4d:26:be:81:71:97:99:
         69:20:30:fc:1d:4a:16:15:e8:5e:b4:d5:ce:d5:b7:83:36:de:
         e5:1d:c3:3c:13:e3:78:dc:dd:ab:dd:d1:7f:32:4f:74:60:d7:
         83:dc:60:01:d0:cd:29:6c:cd:e3:fc:3e:ac:fb:10:ed:91:4e:
         50:c6:76:9a:fd:d7:c3:34:6a:23:4f:8b:3d:b8:cb:44:2b:77:
         92:14:93:12:19:c4:4c:9a:2c:28:8d:d6:ed:37:5c:1e:a3:4b:
         a5:fe:77:ef:77:d8:34:12:21:9c:c6:8e:de:12:f2:f0:c7:2f:
         de:03:2e:a5:cc:33:bd:a4:01:cd:af:7d:15:00:8c:07:a9:f7:
         90:81:80:73
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYfx5iePIaGWHadXC5TK32czMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjMwNTA2MTYzMDA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Q1MzIyNzczOGViOWRhZmZlZDNkODZjMzc0MDQ1YzU2YzAxZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJe6PWXBC6d58wfVd30dw65EKz3T
9T5jnNinVtU0Y5lH5rMGBQDjxpFyj9YqlcY20YavrgsStsPk8L5G2SuyawmJKfmi
L1CTU9zje1iqkZm566SSQgo8r9GvPjoDr7YHbwx+W1wCmDORePf1EJDEeEa2Z0/v
53oxh91iHYXg8gIkd7cg+wnguumNDC8+5ZgblYiHvRxrfSgcudT6RbTBuxGdSmLi
3iKW3Py4bX0XqOb+vX/YalmebcRTupSnfJWbyy8vppXcF3jT+tMAG7ZjN0VeNqlJ
duoxcF75B9n6EHXW7SfrxMLWJ6iZz5QIb/TN1TS6hda2xcJAZuVSPGYRcwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFEPVMidzjrna/+09hsN0BFxWwB1nMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvUTlVeUozT091ZHJfN1QyR3czUUVYRmJBSFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKMAwDBAAtWpED
BAAtWpIDBAEtjNwDBABNU/EDBABVyqIDBACy2pEDBAC5ukMDBAC540cDBAG56koD
BAC58uEDBADBabEDBAHCOOAwDQYJKoZIhvcNAQELBQADggEBAE5ZFsGdUeP+9CTo
vt3pRvMXxyRla692+gmpTQTFBzlRzumuPUr4oKYTy0amx8zfWjgAEhAdo6kAyGu0
ZDlmlrNba41NFbAgWlfLVcHxleVKeODPACTh2Ponv6XmQecoWAyOjK6KEKivlgin
QmO4pbA/gER6cOZ7TSa+gXGXmWkgMPwdShYV6F601c7Vt4M23uUdwzwT43jc3avd
0X8yT3Rg14PcYAHQzSlszeP8Pqz7EO2RTlDGdpr918M0aiNPiz24y0Qrd5IUkxIZ
xEyaLCiN1u03XB6jS6X+d+932DQSIZzGjt4S8vDHL94DLqXMM72kAc2vfRUAjAep
95CBgHM=
-----END CERTIFICATE-----