Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/45cf37-afa5-4994-aedb-485b20952d93/1/LfxFAoTcnPsolxjpGL1Oj_yVWjA.roa
File:                     LfxFAoTcnPsolxjpGL1Oj_yVWjA.roa (raw, json)
Hash identifier:          N/YlYtZw9q+DEB7xzrD56hauySZx+D87n3AC55EXU+E=
Subject key identifier:   2D:FC:45:02:84:DC:9C:FB:28:97:18:E9:18:BD:4E:8F:FC:95:5A:30
Certificate issuer:       /CN=06ce5b28466b92742526031392d94bf1a558e844
Certificate serial:       01856D2F360072994F661C38589264C7B124
Authority key identifier: 06:CE:5B:28:46:6B:92:74:25:26:03:13:92:D9:4B:F1:A5:58:E8:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bs5bKEZrknQlJgMTktlL8aVY6EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/45cf37-afa5-4994-aedb-485b20952d93/1/LfxFAoTcnPsolxjpGL1Oj_yVWjA.roa
Signing time:             Sun 01 Jan 2023 11:54:48 +0000
ROA not before:           Sun 01 Jan 2023 11:54:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44128
IP address blocks:        213.189.218.0/23 maxlen: 23
                          213.189.216.0/23 maxlen: 23
                          185.41.162.0/23 maxlen: 23
                          185.41.160.0/23 maxlen: 23
                          213.189.223.0/24 maxlen: 24
                          213.189.222.0/24 maxlen: 24
                          213.189.220.0/23 maxlen: 23
                          193.107.236.0/23 maxlen: 23
                          193.107.238.0/23 maxlen: 23
                          91.226.82.0/23 maxlen: 23
                          91.226.80.0/23 maxlen: 23
                          91.201.52.0/24 maxlen: 24
                          185.93.110.0/23 maxlen: 23
                          185.93.109.0/24 maxlen: 24
                          185.93.108.0/24 maxlen: 24
                          91.201.54.0/23 maxlen: 23
                          91.201.53.0/24 maxlen: 24
                          2a01:5560:8000::/33 maxlen: 33
                          2a01:5560::/33 maxlen: 33

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:2f:36:00:72:99:4f:66:1c:38:58:92:64:c7:b1:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06ce5b28466b92742526031392d94bf1a558e844
        Validity
            Not Before: Jan  1 11:54:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2dfc450284dc9cfb289718e918bd4e8ffc955a30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:99:87:69:97:38:eb:77:27:46:9b:6d:21:eb:
                    da:50:6a:dd:26:c5:09:f1:8a:d8:6b:c2:d9:28:98:
                    11:e1:2f:a2:0c:57:35:2f:2f:35:3f:be:72:25:30:
                    f4:25:0e:44:55:55:d3:91:7b:45:bf:cf:5a:ce:43:
                    42:ac:3a:1b:b2:0d:64:ef:d3:cc:30:49:84:85:ef:
                    e4:38:2f:9e:23:52:b1:ed:eb:79:d2:57:1c:d0:35:
                    7e:d0:ab:b1:62:77:ee:21:34:af:d7:7c:2c:3a:f9:
                    b9:56:2c:2c:21:00:23:27:a5:f8:ed:d3:a4:52:c0:
                    11:71:88:a4:cc:83:aa:77:6f:a7:50:2a:b8:63:1e:
                    dd:bf:af:de:1b:68:b6:1d:17:a7:5e:48:10:5a:70:
                    4b:6a:e2:fa:14:65:74:b7:c2:8e:03:95:dd:f0:cc:
                    ad:b4:31:8f:8b:37:24:14:21:14:10:4a:e7:9d:b2:
                    06:b7:39:98:e1:37:cc:44:1f:e6:99:77:88:13:bd:
                    a1:92:e6:18:cd:61:14:16:60:40:29:ea:86:d6:1e:
                    11:9d:c9:de:39:c0:2b:d9:d6:b0:69:28:66:b9:bb:
                    fa:d7:d8:80:0e:33:79:d2:00:6b:d5:bf:3c:66:ad:
                    77:fd:b8:0b:7b:06:63:33:9c:6f:50:6f:a4:a7:db:
                    be:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:FC:45:02:84:DC:9C:FB:28:97:18:E9:18:BD:4E:8F:FC:95:5A:30
            X509v3 Authority Key Identifier:
                keyid:06:CE:5B:28:46:6B:92:74:25:26:03:13:92:D9:4B:F1:A5:58:E8:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bs5bKEZrknQlJgMTktlL8aVY6EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/45cf37-afa5-4994-aedb-485b20952d93/1/LfxFAoTcnPsolxjpGL1Oj_yVWjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/45cf37-afa5-4994-aedb-485b20952d93/1/Bs5bKEZrknQlJgMTktlL8aVY6EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.52.0/22
                  91.226.80.0/22
                  185.41.160.0/22
                  185.93.108.0/22
                  193.107.236.0/22
                  213.189.216.0/21
                IPv6:
                  2a01:5560::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:fe:ec:16:96:fe:1a:41:47:35:9b:45:1c:57:b5:70:a6:90:
         ec:58:f1:d5:79:50:a3:ba:91:bd:61:d4:f7:70:13:12:44:f5:
         01:36:60:d3:2f:4a:4d:ef:d6:c0:2f:b6:46:35:fc:4b:92:3f:
         74:cf:4f:82:1b:64:18:3b:14:a1:b9:d1:cd:20:83:12:ee:58:
         51:1d:2a:f4:66:20:40:cd:64:03:d6:04:6f:58:62:b6:ff:e7:
         fe:48:ac:e5:f1:36:10:b9:72:09:8a:f7:3d:63:80:32:e6:ac:
         cb:bb:56:78:fb:1f:d1:54:05:9b:4a:1d:bf:78:c2:e1:01:3b:
         3b:d5:a0:96:76:7a:7e:0d:cc:6e:97:8b:2e:1d:0d:bb:52:a3:
         ff:70:d0:94:7c:9a:e7:60:1c:98:7f:4f:d8:20:26:71:9f:a5:
         c0:a6:85:a1:c2:8e:60:fe:87:4b:8c:30:e2:ec:d3:d1:58:38:
         62:4c:3b:64:a4:54:b7:61:66:70:47:b1:a2:ed:8e:c7:e9:cd:
         a5:e6:2e:99:fd:aa:83:84:31:0c:24:d0:59:19:ec:58:e4:8a:
         8d:55:3d:ea:f1:4c:2e:a8:c5:79:e4:02:30:24:3d:9d:c4:19:
         d3:c2:e5:41:4b:56:2d:15:6b:22:9c:c4:96:77:46:57:76:fe:
         3a:cc:f9:a4
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVtLzYAcplPZhw4WJJkx7EkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2Y2U1YjI4NDY2YjkyNzQyNTI2MDMxMzkyZDk0YmYxYTU1
OGU4NDQwHhcNMjMwMTAxMTE1NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGZjNDUwMjg0ZGM5Y2ZiMjg5NzE4ZTkxOGJkNGU4ZmZjOTU1YTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJmHaZc463cnRpttIevaUGrdJsUJ
8YrYa8LZKJgR4S+iDFc1Ly81P75yJTD0JQ5EVVXTkXtFv89azkNCrDobsg1k79PM
MEmEhe/kOC+eI1Kx7et50lcc0DV+0KuxYnfuITSv13wsOvm5ViwsIQAjJ6X47dOk
UsARcYikzIOqd2+nUCq4Yx7dv6/eG2i2HRenXkgQWnBLauL6FGV0t8KOA5Xd8Myt
tDGPizckFCEUEErnnbIGtzmY4TfMRB/mmXeIE72hkuYYzWEUFmBAKeqG1h4Rncne
OcAr2dawaShmubv619iADjN50gBr1b88Zq13/bgLewZjM5xvUG+kp9u+PwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFC38RQKE3Jz7KJcY6Ri9To/8lVowMB8GA1UdIwQY
MBaAFAbOWyhGa5J0JSYDE5LZS/GlWOhEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnM1YktFWnJrblFsSmdNVGt0bEw4YVZZNkVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS80NWNmMzctYWZhNS00OTk0LWFlZGIt
NDg1YjIwOTUyZDkzLzEvTGZ4RkFvVGNuUHNvbHhqcEdMMU9qX3lWV2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS80NWNmMzctYWZhNS00OTk0LWFlZGItNDg1YjIwOTUyZDkz
LzEvQnM1YktFWnJrblFsSmdNVGt0bEw4YVZZNkVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCW8k0AwQC
W+JQAwQCuSmgAwQCuV1sAwQCwWvsAwQD1b3YMA0EAgACMAcDBQAqAVVgMA0GCSqG
SIb3DQEBCwUAA4IBAQAy/uwWlv4aQUc1m0UcV7VwppDsWPHVeVCjupG9YdT3cBMS
RPUBNmDTL0pN79bAL7ZGNfxLkj90z0+CG2QYOxShudHNIIMS7lhRHSr0ZiBAzWQD
1gRvWGK2/+f+SKzl8TYQuXIJivc9Y4Ay5qzLu1Z4+x/RVAWbSh2/eMLhATs71aCW
dnp+Dcxul4suHQ27UqP/cNCUfJrnYByYf0/YICZxn6XApoWhwo5g/odLjDDi7NPR
WDhiTDtkpFS3YWZwR7Gi7Y7H6c2l5i6Z/aqDhDEMJNBZGexY5IqNVT3q8UwuqMV5
5AIwJD2dxBnTwuVBS1YtFWsinMSWd0ZXdv46zPmk
-----END CERTIFICATE-----