Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/122b2d-5d87-478c-8522-89d66ac72e02/1/RrxirPeV3QYQyj-Ijce6wB173Fo.roa
File:                     RrxirPeV3QYQyj-Ijce6wB173Fo.roa (raw, json)
Hash identifier:          AiNChpacyS9JXo9F+xdKIJ6mt7wl4DgnzD3Ns1CkEbo=
Subject key identifier:   46:BC:62:AC:F7:95:DD:06:10:CA:3F:88:8D:C7:BA:C0:1D:7B:DC:5A
Certificate issuer:       /CN=117f8c9a7fc7f13658d62afbeb6f39882da511cc
Certificate serial:       01856F1D8639A08D0306AF0EEB6335B4AC75
Authority key identifier: 11:7F:8C:9A:7F:C7:F1:36:58:D6:2A:FB:EB:6F:39:88:2D:A5:11:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-Mmn_H8TZY1ir76285iC2lEcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/122b2d-5d87-478c-8522-89d66ac72e02/1/RrxirPeV3QYQyj-Ijce6wB173Fo.roa
Signing time:             Sun 01 Jan 2023 20:54:43 +0000
ROA not before:           Sun 01 Jan 2023 20:54:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59432
IP address blocks:        185.47.131.0/24 maxlen: 24
                          185.47.128.0/24 maxlen: 24
                          185.47.128.0/22 maxlen: 22
                          185.47.130.0/24 maxlen: 24
                          185.47.129.0/24 maxlen: 24
                          188.213.4.0/24 maxlen: 24
                          188.213.4.0/22 maxlen: 22
                          188.213.7.0/24 maxlen: 24
                          188.213.6.0/24 maxlen: 24
                          188.213.5.0/24 maxlen: 24
                          5.134.112.0/24 maxlen: 24
                          5.134.113.0/24 maxlen: 24
                          5.134.112.0/21 maxlen: 21
                          5.134.114.0/24 maxlen: 24
                          5.134.116.0/24 maxlen: 24
                          5.134.115.0/24 maxlen: 24
                          5.134.118.0/24 maxlen: 24
                          5.134.117.0/24 maxlen: 24
                          5.134.119.0/24 maxlen: 24
                          2a03:c7c0::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:86:39:a0:8d:03:06:af:0e:eb:63:35:b4:ac:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f8c9a7fc7f13658d62afbeb6f39882da511cc
        Validity
            Not Before: Jan  1 20:54:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=46bc62acf795dd0610ca3f888dc7bac01d7bdc5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:01:7f:bb:de:e1:0d:a0:c0:3f:e2:94:8d:70:
                    1d:c1:25:a6:1a:82:c8:a8:4a:b7:d8:07:66:fc:e9:
                    7c:f6:56:35:94:9a:0e:ce:d8:cf:dd:58:d2:0c:3d:
                    a4:5b:f1:70:14:75:e7:06:4c:17:d6:4f:6d:1e:6a:
                    40:50:1b:b8:0a:3b:b2:1f:c8:66:d4:01:39:12:be:
                    0f:bd:c1:68:a7:f1:96:7f:66:9f:5d:fc:ab:1e:23:
                    4f:73:88:2d:77:73:27:3f:c2:01:15:86:d0:2f:98:
                    62:6a:3f:a3:c4:ad:d2:36:5f:4d:33:28:c7:19:a2:
                    1b:b3:fa:67:3c:dc:45:e7:0e:8c:b1:bd:6e:e8:be:
                    e0:cc:c5:f7:16:b4:c2:88:3a:d0:84:cb:b9:af:cf:
                    d8:22:fb:8d:f5:7b:ae:b1:6a:39:da:09:fa:f6:27:
                    2e:e4:03:e2:c5:07:99:61:f7:07:30:ac:f7:6b:f6:
                    73:b2:80:41:9b:46:7e:80:33:3b:84:7d:77:2f:ca:
                    00:ca:b5:66:e0:10:5f:35:e2:e4:86:7d:63:d2:55:
                    1d:2b:eb:73:bf:5c:93:a1:54:80:31:e5:aa:3a:2d:
                    02:67:cf:02:8b:df:21:c4:bd:fd:b8:55:11:c1:05:
                    39:66:a8:31:66:d8:a4:4f:53:c4:69:80:b8:6e:be:
                    e5:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:BC:62:AC:F7:95:DD:06:10:CA:3F:88:8D:C7:BA:C0:1D:7B:DC:5A
            X509v3 Authority Key Identifier:
                keyid:11:7F:8C:9A:7F:C7:F1:36:58:D6:2A:FB:EB:6F:39:88:2D:A5:11:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-Mmn_H8TZY1ir76285iC2lEcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/122b2d-5d87-478c-8522-89d66ac72e02/1/RrxirPeV3QYQyj-Ijce6wB173Fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/122b2d-5d87-478c-8522-89d66ac72e02/1/EX-Mmn_H8TZY1ir76285iC2lEcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.134.112.0/21
                  185.47.128.0/22
                  188.213.4.0/22
                IPv6:
                  2a03:c7c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:b3:bd:93:24:dc:1b:36:3d:62:ea:14:7d:d7:53:0c:7e:c4:
         eb:c9:f6:a1:36:0c:14:5a:15:bf:17:d0:56:c0:46:3e:dd:7b:
         5a:e8:fa:c3:d0:74:eb:1f:03:54:2e:4d:9b:7d:04:7d:75:ea:
         77:56:8b:ac:ea:aa:fa:4a:04:43:27:b1:2e:8b:e1:bd:41:ca:
         d2:43:1e:b0:64:8a:66:10:f3:37:cf:fe:ad:5c:de:e6:6d:9e:
         df:66:e7:85:d1:83:5a:86:4a:ff:6a:1b:52:8f:ad:3f:3c:f2:
         c4:8f:f5:60:b6:10:77:75:01:e2:34:d4:f2:bd:bf:70:b2:32:
         14:55:29:ad:2e:11:29:da:f2:d4:0b:af:68:4f:59:0f:3c:bb:
         90:ab:69:5d:4d:52:dd:bd:cc:08:c2:a0:39:ed:66:f6:28:39:
         23:ac:23:c8:6a:1c:cb:f8:f2:95:02:18:fa:fe:a9:97:d2:b9:
         07:64:e9:15:e0:3b:0a:05:a6:dd:0d:a2:c6:62:4a:72:50:aa:
         df:6a:e9:1b:42:8e:e1:b8:36:17:c4:15:0a:cb:2a:54:17:a0:
         35:21:f7:d1:72:ec:9a:8e:94:08:6a:66:6c:1c:03:19:3f:b4:
         57:8c:c8:3a:3a:b9:7c:6b:ee:64:cb:a5:d9:bc:5c:a4:e4:44:
         52:aa:a2:ac
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVvHYY5oI0DBq8O62M1tKx1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y4YzlhN2ZjN2YxMzY1OGQ2MmFmYmViNmYzOTg4MmRh
NTExY2MwHhcNMjMwMTAxMjA1NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmJjNjJhY2Y3OTVkZDA2MTBjYTNmODg4ZGM3YmFjMDFkN2JkYzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAF/u97hDaDAP+KUjXAdwSWmGoLI
qEq32Adm/Ol89lY1lJoOztjP3VjSDD2kW/FwFHXnBkwX1k9tHmpAUBu4CjuyH8hm
1AE5Er4PvcFop/GWf2afXfyrHiNPc4gtd3MnP8IBFYbQL5hiaj+jxK3SNl9NMyjH
GaIbs/pnPNxF5w6Msb1u6L7gzMX3FrTCiDrQhMu5r8/YIvuN9XuusWo52gn69icu
5APixQeZYfcHMKz3a/ZzsoBBm0Z+gDM7hH13L8oAyrVm4BBfNeLkhn1j0lUdK+tz
v1yToVSAMeWqOi0CZ88Ci98hxL39uFURwQU5ZqgxZtikT1PEaYC4br7llwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFEa8Yqz3ld0GEMo/iI3HusAde9xaMB8GA1UdIwQY
MBaAFBF/jJp/x/E2WNYq++tvOYgtpRHMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtTW1uX0g4VFpZMWlyNzYyODVpQzJsRWN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8xMjJiMmQtNWQ4Ny00NzhjLTg1MjIt
ODlkNjZhYzcyZTAyLzEvUnJ4aXJQZVYzUVlReWotSWpjZTZ3QjE3M0ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8xMjJiMmQtNWQ4Ny00NzhjLTg1MjItODlkNjZhYzcyZTAy
LzEvRVgtTW1uX0g4VFpZMWlyNzYyODVpQzJsRWN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBYZwAwQC
uS+AAwQCvNUEMA0EAgACMAcDBQAqA8fAMA0GCSqGSIb3DQEBCwUAA4IBAQCFs72T
JNwbNj1i6hR911MMfsTryfahNgwUWhW/F9BWwEY+3Xta6PrD0HTrHwNULk2bfQR9
dep3Vous6qr6SgRDJ7Eui+G9QcrSQx6wZIpmEPM3z/6tXN7mbZ7fZueF0YNahkr/
ahtSj60/PPLEj/VgthB3dQHiNNTyvb9wsjIUVSmtLhEp2vLUC69oT1kPPLuQq2ld
TVLdvcwIwqA57Wb2KDkjrCPIahzL+PKVAhj6/qmX0rkHZOkV4DsKBabdDaLGYkpy
UKrfaukbQo7huDYXxBUKyypUF6A1IffRcuyajpQIamZsHAMZP7RXjMg6Orl8a+5k
y6XZvFyk5ERSqqKs
-----END CERTIFICATE-----