Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/gMAfOtHtryWzmPwvXsyg4xesczs.roa
File:                     gMAfOtHtryWzmPwvXsyg4xesczs.roa (raw, json)
Hash identifier:          KJa4WhpmJZIKgUZ2gW2+VasSvOyC9mM5vVoL77skkgw=
Subject key identifier:   80:C0:1F:3A:D1:ED:AF:25:B3:98:FC:2F:5E:CC:A0:E3:17:AC:73:3B
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018A61DA33D4027F5E314965266DD92BA9AE
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/gMAfOtHtryWzmPwvXsyg4xesczs.roa
Signing time:             Mon 04 Sep 2023 20:20:04 +0000
ROA not before:           Mon 04 Sep 2023 20:20:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35913
IP address blocks:        45.140.221.0/24 maxlen: 24
                          45.140.220.0/24 maxlen: 24
                          185.242.225.0/24 maxlen: 24
                          185.186.67.0/24 maxlen: 24
                          185.234.75.0/24 maxlen: 24
                          45.154.196.0/22 maxlen: 24
                          185.227.71.0/24 maxlen: 24
                          193.105.177.0/24 maxlen: 24
                          178.218.145.0/24 maxlen: 24
                          194.56.224.0/24 maxlen: 24
                          194.56.225.0/24 maxlen: 24
                          45.90.145.0/24 maxlen: 24
                          45.90.146.0/24 maxlen: 24
                          85.202.162.0/24 maxlen: 24
                          77.83.241.0/24 maxlen: 24
                          77.83.243.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:61:da:33:d4:02:7f:5e:31:49:65:26:6d:d9:2b:a9:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Sep  4 20:20:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=80c01f3ad1edaf25b398fc2f5ecca0e317ac733b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d2:0a:b4:c3:11:71:e3:65:1e:df:70:5a:2f:
                    0d:85:85:b8:0a:e3:8d:eb:03:5d:d9:cc:45:5a:f4:
                    86:f5:0b:a6:05:b3:5d:eb:6e:13:a5:7d:8e:15:3d:
                    d0:90:b6:13:9f:4c:ad:d1:52:01:e2:7f:e9:63:9e:
                    e9:37:43:66:67:38:16:ba:a1:cb:9d:c6:e9:f9:2c:
                    fe:4c:56:9f:52:8b:1b:8f:22:09:dd:a1:aa:b0:3b:
                    fb:3f:c4:a4:87:0c:ad:b5:d0:4e:50:35:bc:1b:09:
                    4a:20:9b:e6:d9:dd:65:2a:bb:ac:9b:b5:88:09:cb:
                    c8:08:37:52:95:0e:3a:ac:64:a3:a3:2e:6c:41:f7:
                    37:8e:ff:28:e7:c2:40:f7:e6:59:d7:9e:85:08:73:
                    b4:f9:02:6b:82:cc:fc:93:94:ed:70:62:fd:c6:9d:
                    47:4f:74:f4:2d:b6:88:31:89:b5:10:a4:5f:fe:c3:
                    f2:bc:8b:a5:2d:97:91:ec:88:45:d6:48:ae:57:b0:
                    97:de:84:6f:35:e6:50:39:6b:7a:e1:fe:b3:53:cd:
                    d0:53:9e:a0:2e:42:d5:7d:4b:ae:fd:91:80:18:ad:
                    a1:94:f2:58:c0:8b:30:48:0f:91:75:7c:7d:13:b8:
                    29:fe:13:bf:f5:6d:4b:a7:03:ea:9f:dd:10:55:4f:
                    93:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C0:1F:3A:D1:ED:AF:25:B3:98:FC:2F:5E:CC:A0:E3:17:AC:73:3B
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/gMAfOtHtryWzmPwvXsyg4xesczs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.145.0-45.90.146.255
                  45.140.220.0/23
                  45.154.196.0/22
                  77.83.241.0/24
                  77.83.243.0/24
                  85.202.162.0/24
                  178.218.145.0/24
                  185.186.67.0/24
                  185.227.71.0/24
                  185.234.75.0/24
                  185.242.225.0/24
                  193.105.177.0/24
                  194.56.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:a6:2a:b4:f5:93:dc:9f:4d:6d:dd:fc:f9:ce:88:bc:d5:9c:
         b7:ff:78:06:b8:d8:08:8f:48:bb:e4:69:91:4c:4d:06:d0:03:
         85:2a:c5:dd:21:b8:f5:6f:33:dd:cf:3d:12:a9:57:c9:da:70:
         92:dc:9b:5e:e0:cf:af:a3:36:e3:86:44:79:87:67:14:ab:1a:
         e4:6d:2d:13:c4:cb:d2:12:fd:9c:7b:26:97:cd:c4:6d:52:b4:
         be:49:14:b5:4e:76:cd:c0:62:a0:a7:3e:b6:7a:37:4b:4e:ec:
         12:a1:a9:e7:d0:dc:64:99:9d:f4:eb:55:be:bb:dd:1c:79:fe:
         85:9c:d8:f1:29:0a:0a:15:50:ca:ae:94:17:51:40:8b:e6:76:
         0f:2e:02:8d:87:39:87:c7:56:d5:a1:df:f7:e4:78:a8:cc:39:
         aa:11:76:7c:71:a8:fd:9f:19:b5:0f:cb:0c:bb:85:de:d3:8d:
         6c:f8:b4:66:ac:03:14:d9:80:1a:ce:98:b8:7c:c3:17:94:bf:
         00:95:b8:99:5b:7a:ea:54:44:7c:0d:ef:b5:91:82:1c:b9:4d:
         89:fc:6b:92:a2:65:aa:cd:d9:e7:d3:fd:05:ba:58:a6:8f:3b:
         4b:13:d4:49:5a:4c:a9:94:b6:05:70:a1:7d:7f:80:0d:22:5d:
         a9:ca:cd:23
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYph2jPUAn9eMUllJm3ZK6muMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjMwOTA0MjAyMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGMwMWYzYWQxZWRhZjI1YjM5OGZjMmY1ZWNjYTBlMzE3YWM3MzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNIKtMMRceNlHt9wWi8NhYW4CuON
6wNd2cxFWvSG9QumBbNd624TpX2OFT3QkLYTn0yt0VIB4n/pY57pN0NmZzgWuqHL
ncbp+Sz+TFafUosbjyIJ3aGqsDv7P8SkhwyttdBOUDW8GwlKIJvm2d1lKrusm7WI
CcvICDdSlQ46rGSjoy5sQfc3jv8o58JA9+ZZ156FCHO0+QJrgsz8k5TtcGL9xp1H
T3T0LbaIMYm1EKRf/sPyvIulLZeR7IhF1kiuV7CX3oRvNeZQOWt64f6zU83QU56g
LkLVfUuu/ZGAGK2hlPJYwIswSA+RdXx9E7gp/hO/9W1LpwPqn90QVU+TnwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFIDAHzrR7a8ls5j8L17MoOMXrHM7MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvZ01BZk90SHRyeVd6bVB3dlhzeWc0eGVzY3pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWMAwDBAAtWpED
BAAtWpIDBAEtjNwDBAItmsQDBABNU/EDBABNU/MDBABVyqIDBACy2pEDBAC5ukMD
BAC540cDBAC56ksDBAC58uEDBADBabEDBAHCOOAwDQYJKoZIhvcNAQELBQADggEB
AEemKrT1k9yfTW3d/PnOiLzVnLf/eAa42AiPSLvkaZFMTQbQA4Uqxd0huPVvM93P
PRKpV8nacJLcm17gz6+jNuOGRHmHZxSrGuRtLRPEy9IS/Zx7JpfNxG1StL5JFLVO
ds3AYqCnPrZ6N0tO7BKhqefQ3GSZnfTrVb673Rx5/oWc2PEpCgoVUMqulBdRQIvm
dg8uAo2HOYfHVtWh3/fkeKjMOaoRdnxxqP2fGbUPywy7hd7TjWz4tGasAxTZgBrO
mLh8wxeUvwCVuJlbeupURHwN77WRghy5TYn8a5KiZarN2efT/QW6WKaPO0sT1Ela
TKmUtgVwoX1/gA0iXanKzSM=
-----END CERTIFICATE-----