Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/67703c-0ef9-465e-8a5a-314f729fa595/1/AD0dFhfQKoyxgPHHElviS7MO-uE.roa
File:                     AD0dFhfQKoyxgPHHElviS7MO-uE.roa (raw, json)
Hash identifier:          t1vvokbpP6mVXDi+wH9mRpPHIrwEJzMSeazMEO5ymg8=
Subject key identifier:   00:3D:1D:16:17:D0:2A:8C:B1:80:F1:C7:12:5B:E2:4B:B3:0E:FA:E1
Certificate issuer:       /CN=a28815e43926af7eb961de7b703aed6328953e30
Certificate serial:       01856DE66EC562BF5CD4D7E69F214EF832F4
Authority key identifier: A2:88:15:E4:39:26:AF:7E:B9:61:DE:7B:70:3A:ED:63:28:95:3E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oogV5Dkmr365Yd57cDrtYyiVPjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/67703c-0ef9-465e-8a5a-314f729fa595/1/AD0dFhfQKoyxgPHHElviS7MO-uE.roa
Signing time:             Sun 01 Jan 2023 15:14:56 +0000
ROA not before:           Sun 01 Jan 2023 15:14:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35625
IP address blocks:        195.90.116.0/22 maxlen: 22
                          109.197.240.0/21 maxlen: 21
                          185.39.168.0/22 maxlen: 22
                          195.190.27.0/24 maxlen: 24
                          45.15.204.0/22 maxlen: 22
                          91.212.236.0/24 maxlen: 24
                          185.218.212.0/22 maxlen: 22
                          185.181.4.0/22 maxlen: 22
                          185.31.148.0/22 maxlen: 22
                          91.229.136.0/24 maxlen: 24
                          2a00:ba60::/32 maxlen: 32
                          2a00:ba60::/31 maxlen: 31
                          2a00:ba62::/32 maxlen: 32
                          2a00:ba61::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:e6:6e:c5:62:bf:5c:d4:d7:e6:9f:21:4e:f8:32:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a28815e43926af7eb961de7b703aed6328953e30
        Validity
            Not Before: Jan  1 15:14:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=003d1d1617d02a8cb180f1c7125be24bb30efae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:33:af:e0:d4:c0:23:db:45:76:00:2e:52:f9:
                    b5:87:6b:51:ee:12:e1:36:a5:eb:b4:bb:37:50:14:
                    dd:b7:d0:7c:3c:0e:b9:ed:4a:35:8a:e6:cb:26:07:
                    fa:30:37:1d:e5:65:8e:6a:86:6a:ea:7f:97:49:0c:
                    e9:14:77:b9:13:1e:80:d4:85:cc:50:48:05:15:d1:
                    65:90:21:e1:48:47:7a:aa:7e:dd:8a:dc:16:01:a7:
                    67:df:79:d9:66:e6:b7:e2:90:e3:ab:46:92:c8:8d:
                    ff:21:73:c0:36:d3:46:c1:e8:6b:73:29:cd:7b:0e:
                    8f:a2:91:b4:04:87:5e:60:3c:ff:67:b3:4b:b3:fe:
                    96:35:a2:d8:95:f9:a6:c6:2e:55:ef:c3:31:20:b0:
                    11:91:3b:b4:1d:78:73:17:fc:37:95:7a:d1:9b:98:
                    d2:f1:4c:43:45:0c:d0:55:6d:5d:40:60:8a:b6:fb:
                    0a:d4:c9:c5:89:18:c0:27:11:2d:b4:f0:37:4f:a5:
                    2c:d1:55:e2:2f:f7:1d:44:2d:ec:52:1d:b3:57:aa:
                    06:e4:5d:8a:0c:d8:b8:99:c4:a1:b8:37:41:6a:ca:
                    7c:3d:ed:8c:a6:a2:99:30:f9:c6:c0:b8:f8:08:5c:
                    8c:da:8d:4b:6a:21:7f:dc:de:cb:19:b0:de:99:4e:
                    9a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:3D:1D:16:17:D0:2A:8C:B1:80:F1:C7:12:5B:E2:4B:B3:0E:FA:E1
            X509v3 Authority Key Identifier:
                keyid:A2:88:15:E4:39:26:AF:7E:B9:61:DE:7B:70:3A:ED:63:28:95:3E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oogV5Dkmr365Yd57cDrtYyiVPjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/67703c-0ef9-465e-8a5a-314f729fa595/1/AD0dFhfQKoyxgPHHElviS7MO-uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/67703c-0ef9-465e-8a5a-314f729fa595/1/oogV5Dkmr365Yd57cDrtYyiVPjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.204.0/22
                  91.212.236.0/24
                  91.229.136.0/24
                  109.197.240.0/21
                  185.31.148.0/22
                  185.39.168.0/22
                  185.181.4.0/22
                  185.218.212.0/22
                  195.90.116.0/22
                  195.190.27.0/24
                IPv6:
                  2a00:ba60::-2a00:ba62:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         4c:0e:af:2f:d6:ae:bf:98:88:10:db:4f:61:2f:6c:ae:90:f9:
         ca:53:75:29:29:db:60:2a:a4:f6:95:83:07:ed:21:e2:a3:b7:
         c3:9e:3b:c3:5b:35:c0:7e:dd:46:d0:85:04:22:3d:9f:4a:5f:
         ac:33:75:cf:fc:4d:3e:3f:6f:ff:76:c1:88:c9:0e:f9:16:71:
         6e:70:9a:df:06:cf:28:e7:fe:48:b0:c6:9d:62:2a:62:c0:88:
         36:29:06:76:6a:bd:0c:54:56:cc:29:07:2e:9c:ee:fd:26:68:
         2f:58:68:1a:62:27:25:9c:db:c3:ce:84:4f:1d:69:85:3e:c0:
         53:92:93:8d:8b:90:1a:d1:b9:54:27:a9:20:2f:29:20:4f:ee:
         76:11:e9:a1:55:79:83:ba:cb:ae:a8:1b:69:94:5c:20:90:ab:
         92:4c:6e:2d:2f:4e:21:64:2b:7a:58:74:bb:e8:38:66:13:bf:
         bf:80:4f:d0:5f:ff:70:4a:9f:d8:a1:11:c2:a1:0a:e9:28:bc:
         e8:df:41:7d:de:38:26:0b:ef:f6:86:30:6b:e0:b4:1b:eb:ad:
         b1:47:e6:b6:4a:ee:e2:b9:dd:9c:10:17:db:23:c1:d4:ad:d4:
         24:98:03:ec:73:ca:5d:03:e8:02:df:7f:a7:d4:4f:1a:3c:a5:
         9f:0c:30:82
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYVt5m7FYr9c1NfmnyFO+DL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyODgxNWU0MzkyNmFmN2ViOTYxZGU3YjcwM2FlZDYzMjg5
NTNlMzAwHhcNMjMwMTAxMTUxNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDNkMWQxNjE3ZDAyYThjYjE4MGYxYzcxMjViZTI0YmIzMGVmYWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzOv4NTAI9tFdgAuUvm1h2tR7hLh
NqXrtLs3UBTdt9B8PA657Uo1iubLJgf6MDcd5WWOaoZq6n+XSQzpFHe5Ex6A1IXM
UEgFFdFlkCHhSEd6qn7ditwWAadn33nZZua34pDjq0aSyI3/IXPANtNGwehrcynN
ew6PopG0BIdeYDz/Z7NLs/6WNaLYlfmmxi5V78MxILARkTu0HXhzF/w3lXrRm5jS
8UxDRQzQVW1dQGCKtvsK1MnFiRjAJxEttPA3T6Us0VXiL/cdRC3sUh2zV6oG5F2K
DNi4mcShuDdBasp8Pe2MpqKZMPnGwLj4CFyM2o1LaiF/3N7LGbDemU6aWQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFAA9HRYX0CqMsYDxxxJb4kuzDvrhMB8GA1UdIwQY
MBaAFKKIFeQ5Jq9+uWHee3A67WMolT4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb29nVjVEa21yMzY1WWQ1N2NEcnRZeWlWUGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS82NzcwM2MtMGVmOS00NjVlLThhNWEt
MzE0ZjcyOWZhNTk1LzEvQUQwZEZoZlFLb3l4Z1BISEVsdmlTN01PLXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS82NzcwM2MtMGVmOS00NjVlLThhNWEtMzE0ZjcyOWZhNTk1
LzEvb29nVjVEa21yMzY1WWQ1N2NEcnRZeWlWUGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBCBAIAATA8AwQCLQ/MAwQA
W9TsAwQAW+WIAwQDbcXwAwQCuR+UAwQCuSeoAwQCubUEAwQCudrUAwQCw1p0AwQA
w74bMBYEAgACMBAwDgMFBSoAumADBQAqALpiMA0GCSqGSIb3DQEBCwUAA4IBAQBM
Dq8v1q6/mIgQ209hL2yukPnKU3UpKdtgKqT2lYMH7SHio7fDnjvDWzXAft1G0IUE
Ij2fSl+sM3XP/E0+P2//dsGIyQ75FnFucJrfBs8o5/5IsMadYipiwIg2KQZ2ar0M
VFbMKQcunO79JmgvWGgaYiclnNvDzoRPHWmFPsBTkpONi5Aa0blUJ6kgLykgT+52
EemhVXmDusuuqBtplFwgkKuSTG4tL04hZCt6WHS76DhmE7+/gE/QX/9wSp/YoRHC
oQrpKLzo30F93jgmC+/2hjBr4LQb662xR+a2Su7iud2cEBfbI8HUrdQkmAPsc8pd
A+gC33+n1E8aPKWfDDCC
-----END CERTIFICATE-----