Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/vkrkh-bfuyiF9kyFxrnmmgepz-0.roa
File:                     vkrkh-bfuyiF9kyFxrnmmgepz-0.roa (raw, json)
Hash identifier:          zNzE44jI5A+JOdBvGfk7MyajKZTq64FOGDg2EDtvh/8=
Subject key identifier:   BE:4A:E4:87:E6:DF:BB:28:85:F6:4C:85:C6:B9:E6:9A:07:A9:CF:ED
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       01856C53CE39EEE6874875C0C19CE828BE0A
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/vkrkh-bfuyiF9kyFxrnmmgepz-0.roa
Signing time:             Sun 01 Jan 2023 07:55:09 +0000
ROA not before:           Sun 01 Jan 2023 07:55:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6134
IP address blocks:        45.131.179.0/24 maxlen: 24
                          91.217.160.0/24 maxlen: 24
                          193.227.103.0/24 maxlen: 24
                          193.227.109.0/24 maxlen: 24
                          193.227.114.0/24 maxlen: 24
                          193.200.149.0/24 maxlen: 24
                          193.200.152.0/24 maxlen: 24
                          45.132.238.0/24 maxlen: 24
                          45.132.239.0/24 maxlen: 24
                          91.238.207.0/24 maxlen: 24
                          45.128.146.0/24 maxlen: 24
                          45.128.147.0/24 maxlen: 24
                          45.137.11.0/24 maxlen: 24
                          45.137.10.0/24 maxlen: 24
                          2a12:a380::/29 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:53:ce:39:ee:e6:87:48:75:c0:c1:9c:e8:28:be:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 07:55:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=be4ae487e6dfbb2885f64c85c6b9e69a07a9cfed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:72:8b:28:77:be:4c:a1:c0:c1:af:7b:ff:c3:
                    a3:76:d1:b5:aa:83:73:41:27:3e:af:04:22:de:1f:
                    c7:aa:96:e9:26:e5:73:46:0f:13:02:fa:8b:12:8b:
                    d7:52:98:dd:e7:2f:b8:66:4a:e1:46:84:02:55:f7:
                    8a:0f:61:de:ed:30:a2:fd:45:6e:e6:cd:91:58:9a:
                    1b:35:ea:f4:66:48:71:c7:0d:6f:9e:25:7a:d9:d8:
                    21:64:cf:21:b5:17:a3:aa:72:28:2e:93:04:ec:d8:
                    9d:2f:90:57:c2:49:11:7b:05:a0:0e:30:46:8a:1e:
                    63:96:d7:ee:96:65:4c:60:a4:48:f4:14:6b:65:38:
                    20:5f:f9:c2:d2:b8:cd:d3:c0:a1:92:11:54:70:35:
                    3d:1a:53:f8:5f:a2:52:67:5b:ad:80:26:3d:38:5e:
                    56:4f:71:15:8e:5a:4c:9d:f1:4e:17:96:0b:b3:d8:
                    99:fb:c1:15:49:c8:8d:f8:ba:4e:3d:bd:7d:36:6d:
                    b1:db:09:22:06:f0:f6:b5:f8:53:70:30:b1:a7:0d:
                    9a:18:cb:eb:fc:5d:6c:49:4e:c0:ce:28:c1:74:5d:
                    7e:e7:e3:7f:20:a6:e7:7c:07:75:f9:03:da:a1:aa:
                    ca:bf:66:2b:9c:6b:1d:39:0a:f7:84:4c:20:ad:6c:
                    a3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:4A:E4:87:E6:DF:BB:28:85:F6:4C:85:C6:B9:E6:9A:07:A9:CF:ED
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/vkrkh-bfuyiF9kyFxrnmmgepz-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.146.0/23
                  45.131.179.0/24
                  45.132.238.0/23
                  45.137.10.0/23
                  91.217.160.0/24
                  91.238.207.0/24
                  193.200.149.0/24
                  193.200.152.0/24
                  193.227.103.0/24
                  193.227.109.0/24
                  193.227.114.0/24
                IPv6:
                  2a12:a380::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:3f:74:41:df:72:4f:27:8a:50:fa:56:c6:c5:f7:04:61:68:
         96:d1:a9:9f:80:fe:92:db:b4:7d:7b:6e:61:46:77:4f:5f:c0:
         3d:ad:01:90:70:9c:44:56:63:f7:fa:84:f7:78:de:20:71:df:
         85:d9:c5:2c:43:34:3b:db:d7:33:56:4f:23:8c:17:29:9c:30:
         a0:67:af:01:66:20:50:d8:18:02:b6:94:87:fd:3c:bb:68:f5:
         41:b4:92:34:eb:72:01:b9:ca:77:05:72:9b:30:82:ab:84:52:
         22:7d:8b:12:c7:cd:1e:1d:e4:b8:9a:6c:cf:56:d6:5f:14:1e:
         36:ee:f9:d6:5b:9e:8b:43:7c:82:77:c5:76:d8:a3:5a:af:24:
         97:7b:1b:46:5c:e2:e2:da:1e:be:13:a7:c3:75:6b:5e:1e:08:
         66:f6:90:f9:58:bf:0a:d7:c1:9b:74:94:84:75:ca:30:6a:5f:
         e5:71:df:29:14:3c:bb:19:d2:a8:bd:bc:17:c8:5b:1c:fb:f4:
         4e:73:62:04:17:8e:a1:e3:5a:96:fd:a3:b5:30:91:d7:a4:ef:
         82:42:11:5f:d5:42:47:cb:aa:ed:ba:12:d8:e4:ea:3e:c6:e1:
         e9:5e:ac:72:b9:12:36:50:50:7c:7c:7d:1e:40:bc:0c:71:0c:
         81:b7:ec:f8
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVsU8457uaHSHXAwZzoKL4KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjMwMTAxMDc1NTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTRhZTQ4N2U2ZGZiYjI4ODVmNjRjODVjNmI5ZTY5YTA3YTljZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXKLKHe+TKHAwa97/8OjdtG1qoNz
QSc+rwQi3h/HqpbpJuVzRg8TAvqLEovXUpjd5y+4ZkrhRoQCVfeKD2He7TCi/UVu
5s2RWJobNer0Zkhxxw1vniV62dghZM8htRejqnIoLpME7NidL5BXwkkRewWgDjBG
ih5jltfulmVMYKRI9BRrZTggX/nC0rjN08ChkhFUcDU9GlP4X6JSZ1utgCY9OF5W
T3EVjlpMnfFOF5YLs9iZ+8EVSciN+LpOPb19Nm2x2wkiBvD2tfhTcDCxpw2aGMvr
/F1sSU7AzijBdF1+5+N/IKbnfAd1+QPaoarKv2YrnGsdOQr3hEwgrWyjQQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFL5K5Ifm37sohfZMhca55poHqc/tMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvdmtya2gtYmZ1eWlGOWt5Rnhybm1tZ2Vwei0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQBLYCSAwQA
LYOzAwQBLYTuAwQBLYkKAwQAW9mgAwQAW+7PAwQAwciVAwQAwciYAwQAweNnAwQA
weNtAwQAweNyMA0EAgACMAcDBQMqEqOAMA0GCSqGSIb3DQEBCwUAA4IBAQBLP3RB
33JPJ4pQ+lbGxfcEYWiW0amfgP6S27R9e25hRndPX8A9rQGQcJxEVmP3+oT3eN4g
cd+F2cUsQzQ729czVk8jjBcpnDCgZ68BZiBQ2BgCtpSH/Ty7aPVBtJI063IBucp3
BXKbMIKrhFIifYsSx80eHeS4mmzPVtZfFB427vnWW56LQ3yCd8V22KNarySXextG
XOLi2h6+E6fDdWteHghm9pD5WL8K18GbdJSEdcowal/lcd8pFDy7GdKovbwXyFsc
+/ROc2IEF46h41qW/aO1MJHXpO+CQhFf1UJHy6rtuhLY5Oo+xuHpXqxyuRI2UFB8
fH0eQLwMcQyBt+z4
-----END CERTIFICATE-----