Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/GBYQG6R--7O-HQnRiI3nmuy4j2Y.roa
File:                     GBYQG6R--7O-HQnRiI3nmuy4j2Y.roa (raw, json)
Hash identifier:          IMCif5vNE0IVywvJ4+BILxj4KIj45U2Az7BDrW7xYPQ=
Subject key identifier:   18:16:10:1B:A4:7E:FB:B3:BE:1D:09:D1:88:8D:E7:9A:EC:B8:8F:66
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       018AA7B5E49ED6D861B58A35C2AFDE195642
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/GBYQG6R--7O-HQnRiI3nmuy4j2Y.roa
Signing time:             Mon 18 Sep 2023 09:53:50 +0000
ROA not before:           Mon 18 Sep 2023 09:53:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199636
IP address blocks:        185.146.220.0/22 maxlen: 24
                          141.255.128.0/21 maxlen: 24
                          212.114.16.0/20 maxlen: 24
                          88.212.152.0/22 maxlen: 24
                          45.80.8.0/22 maxlen: 24
                          45.80.20.0/22 maxlen: 24
                          185.91.220.0/22 maxlen: 24
                          45.80.24.0/22 maxlen: 24
                          45.80.32.0/22 maxlen: 24
                          95.178.88.0/22 maxlen: 24
                          88.202.236.0/22 maxlen: 24
                          91.203.92.0/22 maxlen: 24
                          82.96.128.0/18 maxlen: 24
                          185.44.88.0/22 maxlen: 24
                          130.180.208.0/20 maxlen: 24
                          2a05:6e00::/29 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:a7:b5:e4:9e:d6:d8:61:b5:8a:35:c2:af:de:19:56:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Sep 18 09:53:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1816101ba47efbb3be1d09d1888de79aecb88f66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b1:bc:d5:ac:6f:b6:78:42:59:1b:70:c3:65:
                    bb:cc:e8:3c:74:a6:4b:ef:32:64:6e:ab:44:3c:46:
                    a0:fa:9e:0b:bb:5f:d4:b0:ec:11:ff:ac:f7:d6:55:
                    04:8c:41:30:4d:6d:31:1b:ed:b2:07:0c:c7:50:43:
                    f2:73:18:85:74:04:1d:cd:c6:d7:89:f7:fc:ce:80:
                    e4:55:6a:62:9e:ee:27:fe:08:3c:30:d0:1c:67:5b:
                    4a:d6:90:6e:ae:04:2f:b5:54:45:7c:26:aa:06:23:
                    f5:9d:9a:86:b3:bc:1d:49:8b:db:e1:17:46:6d:5c:
                    46:da:50:e1:dc:5a:91:b5:84:82:6a:02:19:c6:19:
                    b1:fa:c4:f3:16:38:f2:a8:99:b4:bc:d4:3e:48:16:
                    b4:2b:77:42:45:72:6e:47:cf:19:a3:79:e5:a8:dc:
                    ef:dd:d2:01:17:48:ef:76:7f:75:3d:f6:49:4c:fd:
                    04:40:44:2f:44:d2:77:9d:08:08:e6:f5:1f:c3:6d:
                    42:28:e7:e2:b4:24:28:b1:8a:a7:fc:1c:a7:ea:11:
                    48:78:53:a4:1c:51:f7:a6:cb:ae:03:a3:70:26:d2:
                    45:7f:84:85:39:83:ee:7f:44:0b:e2:a6:60:c4:04:
                    f6:85:98:a0:99:61:e2:87:cd:1d:f9:e1:77:a5:0a:
                    0b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:16:10:1B:A4:7E:FB:B3:BE:1D:09:D1:88:8D:E7:9A:EC:B8:8F:66
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/GBYQG6R--7O-HQnRiI3nmuy4j2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.8.0/22
                  45.80.20.0-45.80.27.255
                  45.80.32.0/22
                  82.96.128.0/18
                  88.202.236.0/22
                  88.212.152.0/22
                  91.203.92.0/22
                  95.178.88.0/22
                  130.180.208.0/20
                  141.255.128.0/21
                  185.44.88.0/22
                  185.91.220.0/22
                  185.146.220.0/22
                  212.114.16.0/20
                IPv6:
                  2a05:6e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:25:a8:49:22:79:c3:5a:a3:4b:4d:aa:54:86:f0:32:0e:7e:
         00:af:9d:55:55:3f:2f:d2:df:eb:f3:fc:6f:cb:93:88:44:00:
         9e:5e:a6:91:c3:78:83:fb:73:d4:de:3c:58:83:5e:03:51:72:
         eb:a2:86:9f:d8:af:36:fd:5c:43:7a:36:9c:0c:7b:db:f5:2c:
         94:52:c2:03:06:70:ac:28:7b:f7:d6:d7:cc:f9:89:52:57:9a:
         86:f8:fe:16:76:96:4f:6c:75:da:c3:a4:c3:7c:90:8a:a7:22:
         6a:ac:4c:e4:03:35:80:bb:44:4d:7b:4b:c2:14:d1:57:2e:e2:
         be:e0:11:2b:34:67:b5:89:dd:01:32:f7:1d:84:65:c3:a1:53:
         79:fb:f0:30:78:e3:24:8e:b7:fc:8c:e6:e3:4e:56:8d:28:84:
         cf:3b:50:c3:a3:b8:26:28:bb:19:f0:56:eb:3a:c8:64:42:5a:
         3d:29:48:a0:bf:e3:0c:03:d3:71:3f:9e:8f:95:0a:3a:15:70:
         d9:39:d0:1b:a5:30:59:3d:54:fc:b0:24:be:e1:27:86:27:95:
         82:90:1c:8d:f9:06:e0:a5:f7:c4:b0:14:2d:9b:a7:12:8f:5c:
         b6:51:31:1a:9f:15:5c:4e:40:2c:13:8c:60:27:8d:d2:d6:80:
         7e:93:ac:85
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAYqnteSe1thhtYo1wq/eGVZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjMwOTE4MDk1MzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODE2MTAxYmE0N2VmYmIzYmUxZDA5ZDE4ODhkZTc5YWVjYjg4ZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrG81axvtnhCWRtww2W7zOg8dKZL
7zJkbqtEPEag+p4Lu1/UsOwR/6z31lUEjEEwTW0xG+2yBwzHUEPycxiFdAQdzcbX
iff8zoDkVWpinu4n/gg8MNAcZ1tK1pBurgQvtVRFfCaqBiP1nZqGs7wdSYvb4RdG
bVxG2lDh3FqRtYSCagIZxhmx+sTzFjjyqJm0vNQ+SBa0K3dCRXJuR88Zo3nlqNzv
3dIBF0jvdn91PfZJTP0EQEQvRNJ3nQgI5vUfw21CKOfitCQosYqn/Byn6hFIeFOk
HFH3psuuA6NwJtJFf4SFOYPuf0QL4qZgxAT2hZigmWHih80d+eF3pQoLtQIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFBgWEBukfvuzvh0J0YiN55rsuI9mMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvR0JZUUc2Ui0tN08tSFFuUmlJM25tdXk0ajJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwYgQCAAEwXAMEAi1QCDAM
AwQCLVAUAwQCLVAYAwQCLVAgAwQGUmCAAwQCWMrsAwQCWNSYAwQCW8tcAwQCX7JY
AwQEgrTQAwQDjf+AAwQCuSxYAwQCuVvcAwQCuZLcAwQE1HIQMA0EAgACMAcDBQMq
BW4AMA0GCSqGSIb3DQEBCwUAA4IBAQCpJahJInnDWqNLTapUhvAyDn4Ar51VVT8v
0t/r8/xvy5OIRACeXqaRw3iD+3PU3jxYg14DUXLrooaf2K82/VxDejacDHvb9SyU
UsIDBnCsKHv31tfM+YlSV5qG+P4WdpZPbHXaw6TDfJCKpyJqrEzkAzWAu0RNe0vC
FNFXLuK+4BErNGe1id0BMvcdhGXDoVN5+/AweOMkjrf8jObjTlaNKITPO1DDo7gm
KLsZ8FbrOshkQlo9KUigv+MMA9NxP56PlQo6FXDZOdAbpTBZPVT8sCS+4SeGJ5WC
kByN+QbgpffEsBQtm6cSj1y2UTEanxVcTkAsE4xgJ43S1oB+k6yF
-----END CERTIFICATE-----