Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/lqHUMUjiwujNsXOeMJqv68-83lw.roa
File:                     lqHUMUjiwujNsXOeMJqv68-83lw.roa (raw, json)
Hash identifier:          AeWSAWEiEeqmJ4C7M2MZQy004lu+emi37tOZWL2KBLE=
Subject key identifier:   96:A1:D4:31:48:E2:C2:E8:CD:B1:73:9E:30:9A:AF:EB:CF:BC:DE:5C
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       018C7C293CFD5C836CBF2B4531A18C079C0C
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/lqHUMUjiwujNsXOeMJqv68-83lw.roa
Signing time:             Mon 18 Dec 2023 09:02:06 +0000
ROA not before:           Mon 18 Dec 2023 09:02:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        185.55.4.0/22 maxlen: 23
                          176.96.88.0/22 maxlen: 22
                          176.103.240.0/21 maxlen: 22
                          176.116.232.0/22 maxlen: 22
                          185.55.140.0/22 maxlen: 22
                          185.55.140.0/23 maxlen: 23
                          185.55.142.0/23 maxlen: 23
                          64.43.112.0/22 maxlen: 22
                          178.212.184.0/22 maxlen: 22
                          178.212.184.0/21 maxlen: 21
                          64.43.124.0/22 maxlen: 22
                          178.212.188.0/22 maxlen: 22
                          176.102.120.0/21 maxlen: 21
                          176.102.120.0/22 maxlen: 22
                          176.102.124.0/22 maxlen: 22
                          193.36.204.0/22 maxlen: 22

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:7c:29:3c:fd:5c:83:6c:bf:2b:45:31:a1:8c:07:9c:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Dec 18 09:02:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=96a1d43148e2c2e8cdb1739e309aafebcfbcde5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:60:25:fd:55:cb:ad:1b:a7:44:54:17:56:52:
                    41:4e:72:e4:ad:ea:d5:47:95:99:1d:f9:41:b7:9f:
                    7d:82:d6:ef:fd:0f:f9:75:b1:b6:bf:86:0b:d7:0a:
                    0e:3d:79:1c:ee:fa:a0:35:82:b5:60:9e:e4:54:11:
                    19:da:1e:64:d6:71:e1:69:c1:38:ec:6e:96:21:2d:
                    c7:86:cc:0a:9c:09:a3:b6:47:48:17:68:a2:f3:47:
                    d7:8e:b9:09:25:3a:3a:62:d4:8b:17:72:36:9e:46:
                    ea:78:20:de:4b:af:25:ce:38:7d:ea:e0:0f:1b:42:
                    42:5a:5a:68:ef:8f:17:ba:30:22:a5:75:1f:ce:25:
                    7f:89:da:5d:aa:ba:e9:9b:87:d1:e6:a7:f7:6b:a6:
                    2d:7a:47:b3:d2:e3:c8:d5:94:4c:87:dd:a2:8f:fe:
                    6e:c9:dd:94:58:d8:e8:90:8d:99:2d:5f:ec:c2:4b:
                    bb:e3:b3:92:9c:4d:65:9d:de:0d:c8:73:da:f5:f5:
                    27:3d:99:a3:31:f0:7a:d0:29:fe:0c:31:6d:a7:e2:
                    62:a3:15:7e:a6:73:9d:98:7d:1c:5e:b7:7a:03:9f:
                    16:94:a8:1e:46:82:0d:de:0b:e9:95:56:18:f2:a3:
                    ec:d1:fc:1d:56:34:f6:0d:b2:47:fa:ed:9e:ad:b7:
                    b2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:A1:D4:31:48:E2:C2:E8:CD:B1:73:9E:30:9A:AF:EB:CF:BC:DE:5C
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/lqHUMUjiwujNsXOeMJqv68-83lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.43.112.0/22
                  64.43.124.0/22
                  176.96.88.0/22
                  176.102.120.0/21
                  176.103.240.0/21
                  176.116.232.0/22
                  178.212.184.0/21
                  185.55.4.0/22
                  185.55.140.0/22
                  193.36.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:a3:7f:e0:61:9d:b9:84:da:04:92:f3:36:b1:51:85:88:d7:
         e8:f8:84:c8:a2:e4:35:d9:4a:62:a7:7f:b8:59:94:d2:c3:54:
         a6:42:c1:12:f3:32:7e:77:3e:09:26:bc:46:ec:2e:6a:49:26:
         64:c2:ed:2c:db:28:e3:1d:75:cb:40:77:73:87:7d:e2:35:2d:
         55:04:13:d1:56:57:3a:f7:6e:1a:33:3a:97:e2:f1:c9:9a:59:
         26:e6:d4:16:6e:45:4d:5f:92:52:92:7b:fd:0e:b6:e5:6e:e6:
         b0:a3:da:91:57:2b:a6:36:f6:60:9e:c8:86:24:d1:a9:d5:ad:
         79:b1:54:73:ce:a6:11:1c:25:93:30:38:4a:ec:3e:a6:3f:48:
         ab:7a:7c:c9:62:1a:be:1e:de:9c:2c:fd:72:c1:e1:c0:53:05:
         f5:68:2c:e5:97:89:3d:29:69:d2:d4:c3:e6:85:f5:1c:3c:bb:
         82:5c:77:00:f3:28:0a:be:0a:be:ce:73:0c:49:52:fa:d2:3c:
         f0:34:5d:23:90:dd:ed:be:a8:07:aa:86:f6:1f:02:3f:6f:00:
         c8:0f:3a:9d:75:ec:7c:10:7b:b5:9c:d0:b0:78:14:8b:e7:86:
         2b:9b:ca:66:b1:5e:5a:6c:66:dc:ec:06:50:ce:00:8a:25:38:
         65:1d:fa:52
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYx8KTz9XINsvytFMaGMB5wMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjMxMjE4MDkwMjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmExZDQzMTQ4ZTJjMmU4Y2RiMTczOWUzMDlhYWZlYmNmYmNkZTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWAl/VXLrRunRFQXVlJBTnLkrerV
R5WZHflBt599gtbv/Q/5dbG2v4YL1woOPXkc7vqgNYK1YJ7kVBEZ2h5k1nHhacE4
7G6WIS3HhswKnAmjtkdIF2ii80fXjrkJJTo6YtSLF3I2nkbqeCDeS68lzjh96uAP
G0JCWlpo748XujAipXUfziV/idpdqrrpm4fR5qf3a6Ytekez0uPI1ZRMh92ij/5u
yd2UWNjokI2ZLV/swku747OSnE1lnd4NyHPa9fUnPZmjMfB60Cn+DDFtp+JioxV+
pnOdmH0cXrd6A58WlKgeRoIN3gvplVYY8qPs0fwdVjT2DbJH+u2erbey0wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJah1DFI4sLozbFznjCar+vPvN5cMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvbHFIVU1Vaml3dWpOc1hPZU1KcXY2OC04M2x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCQCtwAwQC
QCt8AwQCsGBYAwQDsGZ4AwQDsGfwAwQCsHToAwQDstS4AwQCuTcEAwQCuTeMAwQC
wSTMMA0GCSqGSIb3DQEBCwUAA4IBAQCmo3/gYZ25hNoEkvM2sVGFiNfo+ITIouQ1
2Upip3+4WZTSw1SmQsES8zJ+dz4JJrxG7C5qSSZkwu0s2yjjHXXLQHdzh33iNS1V
BBPRVlc6924aMzqX4vHJmlkm5tQWbkVNX5JSknv9Drblbuawo9qRVyumNvZgnsiG
JNGp1a15sVRzzqYRHCWTMDhK7D6mP0irenzJYhq+Ht6cLP1yweHAUwX1aCzll4k9
KWnS1MPmhfUcPLuCXHcA8ygKvgq+znMMSVL60jzwNF0jkN3tvqgHqob2HwI/bwDI
Dzqddex8EHu1nNCweBSL54Yrm8pmsV5abGbc7AZQzgCKJThlHfpS
-----END CERTIFICATE-----