Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/fJyqHStPLI_aXmyeV_E5bmJhdkA.roa
File:                     fJyqHStPLI_aXmyeV_E5bmJhdkA.roa (raw, json)
Hash identifier:          Ou71uvWWCVRyKmQl6Ez/VrnVlXv4ul+fPFarqxFmi1w=
Subject key identifier:   7C:9C:AA:1D:2B:4F:2C:8F:DA:5E:6C:9E:57:F1:39:6E:62:61:76:40
Certificate issuer:       /CN=9e55320077696944b1613c2e8c9c606a1e06eb79
Certificate serial:       018838AF7C869D31B7802DA63C5C749C7640
Authority key identifier: 9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/fJyqHStPLI_aXmyeV_E5bmJhdkA.roa
Signing time:             Sat 20 May 2023 10:23:24 +0000
ROA not before:           Sat 20 May 2023 10:23:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206119
IP address blocks:        5.182.245.0/24 maxlen: 24
                          5.182.244.0/24 maxlen: 24
                          5.182.246.0/24 maxlen: 24
                          185.195.255.0/24 maxlen: 24
                          185.195.254.0/24 maxlen: 24
                          185.233.246.0/24 maxlen: 24
                          185.233.247.0/24 maxlen: 24
                          89.200.217.0/24 maxlen: 24
                          185.107.132.0/24 maxlen: 24
                          185.93.53.0/24 maxlen: 24
                          185.93.52.0/24 maxlen: 24
                          185.93.54.0/24 maxlen: 24
                          185.93.55.0/24 maxlen: 24
                          185.195.253.0/24 maxlen: 24
                          2a0a:61c0::/29 maxlen: 29
                          2a05:f740::/29 maxlen: 29
                          2a0c:f700::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:38:af:7c:86:9d:31:b7:80:2d:a6:3c:5c:74:9c:76:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e55320077696944b1613c2e8c9c606a1e06eb79
        Validity
            Not Before: May 20 10:23:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7c9caa1d2b4f2c8fda5e6c9e57f1396e62617640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:3d:1b:1c:8a:12:6b:b7:3a:a9:66:a7:49:8a:
                    c6:88:47:04:a1:92:4d:da:8d:d8:09:2b:e7:47:bc:
                    78:01:3c:fa:48:4a:d4:8a:c1:2c:a7:5b:43:dc:fb:
                    b9:a5:8e:f6:5d:9f:32:28:a7:3a:c3:4f:ed:e3:c6:
                    0d:b1:e1:3c:03:e2:bf:80:33:2e:1c:0e:0b:e2:89:
                    21:6c:23:4e:8f:7a:c2:ce:4a:ed:e0:72:83:e6:99:
                    69:69:b5:c5:3e:d5:80:7d:e1:f6:ee:07:6e:eb:e1:
                    ab:9d:c8:22:50:f0:4b:1d:2d:8b:1e:5f:fa:13:0a:
                    b3:fa:a2:a4:24:b7:78:62:78:bc:8d:d2:0b:ce:f2:
                    6a:e9:78:1b:02:ac:71:7f:69:37:a0:3b:87:37:11:
                    67:7c:34:9f:f2:67:09:8c:ce:ed:8f:2e:86:64:66:
                    b3:ea:28:af:9f:b3:52:4c:58:58:01:ba:df:03:1d:
                    76:c8:f9:cb:66:a6:f4:eb:7e:1f:aa:08:66:6b:49:
                    c3:ac:8e:04:c7:ec:3c:1b:0a:a5:9b:5e:56:91:67:
                    db:d6:ea:39:bd:24:dc:df:9a:06:44:93:85:e7:c0:
                    42:af:61:51:94:36:7a:4d:32:e0:ed:a7:ab:e6:a5:
                    b4:75:e6:58:89:59:75:53:5e:26:33:ab:89:86:62:
                    63:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:9C:AA:1D:2B:4F:2C:8F:DA:5E:6C:9E:57:F1:39:6E:62:61:76:40
            X509v3 Authority Key Identifier:
                keyid:9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/fJyqHStPLI_aXmyeV_E5bmJhdkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.244.0-5.182.246.255
                  89.200.217.0/24
                  185.93.52.0/22
                  185.107.132.0/24
                  185.195.253.0-185.195.255.255
                  185.233.246.0/23
                IPv6:
                  2a05:f740::/29
                  2a0a:61c0::/29
                  2a0c:f700::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:73:04:9d:01:3f:6a:ee:06:6e:8c:f5:74:1b:d2:c7:f1:05:
         44:20:68:7d:37:b0:c1:ad:bd:c4:b8:c4:4c:05:e1:2a:45:70:
         e9:32:e8:ef:82:02:7b:5f:7b:5b:23:14:bd:20:3b:c9:e2:06:
         7a:17:17:e6:44:e1:fb:67:95:2a:51:10:fb:0e:01:f6:cb:f8:
         9a:dc:a6:e4:a3:be:22:1a:28:7a:e2:eb:eb:a0:49:22:7e:69:
         32:7f:b5:20:d9:09:7a:f5:91:20:4d:cb:a3:a1:f6:70:53:fd:
         ad:d5:4e:88:82:8f:5d:bf:f7:0a:99:6e:f9:a6:34:f9:f0:a8:
         4c:34:bf:ff:08:d2:b3:64:d8:cf:d3:41:3a:72:43:fa:31:76:
         91:92:88:cf:a2:8d:66:12:e0:4d:9a:8d:70:65:8f:7a:4a:60:
         4a:11:65:57:ba:dc:79:ca:05:9e:f2:7d:98:69:2a:f1:af:9e:
         3b:a7:38:df:3e:33:7d:0f:24:0c:fa:e5:e0:e0:93:73:c5:bd:
         61:75:47:f9:7f:3f:d4:fd:04:47:33:a3:14:8e:be:fd:89:22:
         17:b6:eb:61:f2:18:58:56:11:ba:fc:1e:5d:9d:13:62:fd:3f:
         75:9a:e5:32:bf:ef:c2:e2:24:1a:92:e1:d7:b9:af:d4:7b:41:
         33:d7:70:fa
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYg4r3yGnTG3gC2mPFx0nHZAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTUzMjAwNzc2OTY5NDRiMTYxM2MyZThjOWM2MDZhMWUw
NmViNzkwHhcNMjMwNTIwMTAyMzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzljYWExZDJiNGYyYzhmZGE1ZTZjOWU1N2YxMzk2ZTYyNjE3NjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgD0bHIoSa7c6qWanSYrGiEcEoZJN
2o3YCSvnR7x4ATz6SErUisEsp1tD3Pu5pY72XZ8yKKc6w0/t48YNseE8A+K/gDMu
HA4L4okhbCNOj3rCzkrt4HKD5plpabXFPtWAfeH27gdu6+GrncgiUPBLHS2LHl/6
Ewqz+qKkJLd4Yni8jdILzvJq6XgbAqxxf2k3oDuHNxFnfDSf8mcJjM7tjy6GZGaz
6iivn7NSTFhYAbrfAx12yPnLZqb0634fqghma0nDrI4Ex+w8Gwqlm15WkWfb1uo5
vSTc35oGRJOF58BCr2FRlDZ6TTLg7aer5qW0deZYiVl1U14mM6uJhmJjWQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFHycqh0rTyyP2l5snlfxOW5iYXZAMB8GA1UdIwQY
MBaAFJ5VMgB3aWlEsWE8LoycYGoeBut5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYt
MWUwZThiOTA5ZTM0LzEvZkp5cUhTdFBMSV9hWG15ZVZfRTVibUpoZGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYtMWUwZThiOTA5ZTM0
LzEvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDA5BAIAATAzMAwDBAIFtvQD
BAAFtvYDBABZyNkDBAK5XTQDBAC5a4QwCwMEALnD/QMDArnAAwQBuen2MBsEAgAC
MBUDBQMqBfdAAwUDKgphwAMFAyoM9wAwDQYJKoZIhvcNAQELBQADggEBADxzBJ0B
P2ruBm6M9XQb0sfxBUQgaH03sMGtvcS4xEwF4SpFcOky6O+CAntfe1sjFL0gO8ni
BnoXF+ZE4ftnlSpREPsOAfbL+JrcpuSjviIaKHri6+ugSSJ+aTJ/tSDZCXr1kSBN
y6Oh9nBT/a3VToiCj12/9wqZbvmmNPnwqEw0v/8I0rNk2M/TQTpyQ/oxdpGSiM+i
jWYS4E2ajXBlj3pKYEoRZVe63HnKBZ7yfZhpKvGvnjunON8+M30PJAz65eDgk3PF
vWF1R/l/P9T9BEczoxSOvv2JIhe262HyGFhWEbr8Hl2dE2L9P3Wa5TK/78LiJBqS
4de5r9R7QTPXcPo=
-----END CERTIFICATE-----