Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/zeBC-YlUjSuj7kPtS1KrAc-W6dc.roa
File:                     zeBC-YlUjSuj7kPtS1KrAc-W6dc.roa (raw, json)
Hash identifier:          V4N5bwqFXl2PLIXY+9OaO37fpIjkcif2Qep1wOZWal4=
Subject key identifier:   CD:E0:42:F9:89:54:8D:2B:A3:EE:43:ED:4B:52:AB:01:CF:96:E9:D7
Certificate issuer:       /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial:       0185721E8B8C0DAEDD1DE3EA19228AC9FDBE
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/zeBC-YlUjSuj7kPtS1KrAc-W6dc.roa
Signing time:             Mon 02 Jan 2023 10:54:42 +0000
ROA not before:           Mon 02 Jan 2023 10:54:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34343
IP address blocks:        91.148.224.0/22 maxlen: 24
                          91.148.228.0/22 maxlen: 24
                          195.200.84.0/24 maxlen: 24
                          195.200.85.0/24 maxlen: 24
                          193.138.220.0/24 maxlen: 24
                          85.12.56.0/24 maxlen: 24
                          176.124.71.0/24 maxlen: 24
                          91.148.192.0/24 maxlen: 24
                          185.91.29.0/24 maxlen: 24
                          2a01:788:aaac::/48 maxlen: 48
                          2a01:788:aaaa::/48 maxlen: 48
                          2a01:788:aaab::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:1e:8b:8c:0d:ae:dd:1d:e3:ea:19:22:8a:c9:fd:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
        Validity
            Not Before: Jan  2 10:54:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cde042f989548d2ba3ee43ed4b52ab01cf96e9d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fd:ee:e5:85:e4:7f:7a:ee:05:8b:68:4f:f8:
                    87:1d:14:71:70:60:96:a5:70:d4:9c:c1:9c:bc:23:
                    8b:e1:4d:61:48:6c:77:a1:3b:64:19:6f:cf:f2:d3:
                    1f:89:e0:94:a9:99:11:55:a1:a6:e7:c2:78:47:fe:
                    f4:e2:be:ed:72:38:3d:c3:7c:52:86:5a:54:a2:57:
                    90:9b:bc:6e:69:29:bc:e4:d8:36:32:3c:dc:ff:6b:
                    51:65:72:13:09:f7:aa:81:8a:34:80:39:15:89:98:
                    c7:50:08:44:5e:ad:f6:5f:0d:67:78:8b:fe:fa:cc:
                    f7:6b:c3:69:1e:58:d5:d1:45:d1:a9:a3:d2:74:4f:
                    4a:68:26:fc:da:e7:68:48:80:68:2f:99:88:a7:e2:
                    09:7d:45:f0:ec:c4:88:a4:08:ac:41:08:6c:3f:f8:
                    9e:3c:5d:f5:69:d4:ba:f1:17:e2:e7:44:a0:91:59:
                    ec:06:1a:05:a6:76:9b:11:e7:36:a9:90:bb:d0:89:
                    95:fe:1a:6f:91:aa:67:3d:c0:cf:d4:81:c3:8c:b4:
                    d6:16:93:6a:50:6a:49:d7:6e:44:73:03:7e:bf:88:
                    d9:63:57:c6:9a:38:68:9c:26:45:c3:bb:88:c6:01:
                    ef:e7:f7:ff:8b:7d:f5:4d:b2:ea:02:84:7e:44:36:
                    b1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:E0:42:F9:89:54:8D:2B:A3:EE:43:ED:4B:52:AB:01:CF:96:E9:D7
            X509v3 Authority Key Identifier:
                keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/zeBC-YlUjSuj7kPtS1KrAc-W6dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.12.56.0/24
                  91.148.192.0/24
                  91.148.224.0/21
                  176.124.71.0/24
                  185.91.29.0/24
                  193.138.220.0/24
                  195.200.84.0/23
                IPv6:
                  2a01:788:aaaa::-2a01:788:aaac:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         36:36:bb:9d:2b:5d:80:5c:51:f4:59:4b:1d:c2:c0:e8:04:49:
         2b:7c:00:f8:0a:b3:46:31:9e:a4:41:aa:86:9c:ee:ca:ab:12:
         89:20:02:96:ff:66:d4:b9:71:85:a0:22:45:7a:10:b2:00:c9:
         1b:8f:7c:a9:82:d5:df:01:7e:61:9f:4c:95:d6:7a:d9:a0:f4:
         bf:ec:01:7c:5f:ab:11:2c:60:14:34:52:7e:1c:b8:b9:88:b6:
         0d:aa:fc:e6:5a:57:79:1f:90:9a:f4:2b:b1:04:45:b6:be:58:
         c9:54:19:f3:2a:46:63:c8:c4:29:65:65:fa:8a:78:b0:b6:09:
         3f:9b:82:8d:76:86:2d:55:c5:fc:a9:a3:23:03:9a:cb:68:ac:
         94:04:dd:24:6c:a9:c9:d3:a0:fc:23:0a:ec:7e:f8:74:a3:f4:
         d6:bd:29:21:e9:3d:18:79:e5:25:f5:a2:2a:c4:c1:e6:a6:bd:
         cb:a9:d5:ed:85:2c:75:09:a1:c9:39:e4:38:bc:33:53:40:21:
         86:5f:21:6a:49:c1:bc:9e:c6:64:f8:11:cc:31:32:cb:f6:f7:
         f0:ee:db:28:c1:3a:c1:cd:a5:55:b4:ec:1e:9e:eb:38:42:af:
         37:44:43:1d:3e:c7:6b:a1:28:bc:18:80:b4:a3:ee:3e:f4:9d:
         80:26:09:3f
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVyHouMDa7dHePqGSKKyf2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDhjZjE0NmI0YzczZDI3NDA5NmQ3MDU3MDhkMjRiNzI5
MzI5ZjgwHhcNMjMwMTAyMTA1NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGUwNDJmOTg5NTQ4ZDJiYTNlZTQzZWQ0YjUyYWIwMWNmOTZlOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyP3u5YXkf3ruBYtoT/iHHRRxcGCW
pXDUnMGcvCOL4U1hSGx3oTtkGW/P8tMfieCUqZkRVaGm58J4R/704r7tcjg9w3xS
hlpUoleQm7xuaSm85Ng2Mjzc/2tRZXITCfeqgYo0gDkViZjHUAhEXq32Xw1neIv+
+sz3a8NpHljV0UXRqaPSdE9KaCb82udoSIBoL5mIp+IJfUXw7MSIpAisQQhsP/ie
PF31adS68Rfi50SgkVnsBhoFpnabEec2qZC70ImV/hpvkapnPcDP1IHDjLTWFpNq
UGpJ125EcwN+v4jZY1fGmjhonCZFw7uIxgHv5/f/i331TbLqAoR+RDaxowIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFM3gQvmJVI0ro+5D7UtSqwHPlunXMB8GA1UdIwQY
MBaAFEtIzxRrTHPSdAltcFcI0ktykyn4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMt
NjRhNmEwNWI5OTA1LzEvemVCQy1ZbFVqU3VqN2tQdFMxS3JBYy1XNmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMtNjRhNmEwNWI5OTA1
LzEvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAwBAIAATAqAwQAVQw4AwQA
W5TAAwQDW5TgAwQAsHxHAwQAuVsdAwQAwYrcAwQBw8hUMBoEAgACMBQwEgMHASoB
B4iqqgMHACoBB4iqrDANBgkqhkiG9w0BAQsFAAOCAQEANja7nStdgFxR9FlLHcLA
6ARJK3wA+AqzRjGepEGqhpzuyqsSiSAClv9m1LlxhaAiRXoQsgDJG498qYLV3wF+
YZ9MldZ62aD0v+wBfF+rESxgFDRSfhy4uYi2Dar85lpXeR+QmvQrsQRFtr5YyVQZ
8ypGY8jEKWVl+op4sLYJP5uCjXaGLVXF/KmjIwOay2islATdJGypydOg/CMK7H74
dKP01r0pIek9GHnlJfWiKsTB5qa9y6nV7YUsdQmhyTnkOLwzU0Ahhl8haknBvJ7G
ZPgRzDEyy/b38O7bKME6wc2lVbTsHp7rOEKvN0RDHT7Ha6EovBiAtKPuPvSdgCYJ
Pw==
-----END CERTIFICATE-----