Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/xa7Ly7cgY0eUOavmTS74Kf8yZdU.roa
File:                     xa7Ly7cgY0eUOavmTS74Kf8yZdU.roa (raw, json)
Hash identifier:          yzRy0rXHZHyx9sFQ9ZoaOQu9lC+9T7+x2mao/79uEEk=
Subject key identifier:   C5:AE:CB:CB:B7:20:63:47:94:39:AB:E6:4D:2E:F8:29:FF:32:65:D5
Certificate issuer:       /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial:       0185728344F383D85DA94187751DF8324588
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/xa7Ly7cgY0eUOavmTS74Kf8yZdU.roa
Signing time:             Mon 02 Jan 2023 12:44:43 +0000
ROA not before:           Mon 02 Jan 2023 12:44:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        194.99.58.0/23 maxlen: 23
                          45.11.68.0/22 maxlen: 22
                          2.58.144.0/22 maxlen: 24
                          45.150.96.0/22 maxlen: 22
                          45.137.4.0/22 maxlen: 22

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:83:44:f3:83:d8:5d:a9:41:87:75:1d:f8:32:45:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
        Validity
            Not Before: Jan  2 12:44:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c5aecbcbb72063479439abe64d2ef829ff3265d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ef:57:8a:85:fb:0b:b2:ef:32:6f:a8:43:8e:
                    34:bc:60:95:6e:fd:ec:2c:46:80:78:6e:10:80:4b:
                    5a:0b:05:aa:d6:52:99:8a:d3:62:69:73:dd:4d:05:
                    d2:a7:ab:89:74:f3:25:24:37:83:1c:33:00:cc:08:
                    07:9d:6a:de:32:18:5e:e7:59:71:93:86:41:e5:96:
                    cc:f9:87:cb:5a:40:e6:69:39:96:4c:1e:1a:ef:a4:
                    c1:48:89:91:bf:a1:ee:dc:1e:8a:63:f8:a8:58:46:
                    df:0e:45:64:6e:bd:9d:28:1a:b5:d6:3d:5d:cb:2b:
                    1c:c5:ac:38:2a:b0:11:e1:51:99:58:20:2f:87:99:
                    65:73:25:7f:29:a3:cf:fb:dc:06:2c:1c:fe:24:e7:
                    74:7f:a9:43:19:af:6c:e3:9f:2a:6a:f7:74:90:59:
                    e5:a8:a8:25:ca:72:8e:6d:ce:21:3f:46:ff:2b:0b:
                    3a:13:80:b7:3d:98:ac:75:51:ce:0f:e9:6f:a8:97:
                    e3:d2:06:6e:ef:99:6d:53:e1:8a:45:16:6c:46:52:
                    89:3a:39:bb:06:61:9d:b2:b0:cd:62:7e:e2:96:de:
                    09:c5:71:72:72:5d:3e:53:39:07:df:00:e0:0a:62:
                    6f:bd:cf:d5:7f:fd:9b:64:5b:26:2c:b4:01:07:5b:
                    7d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:AE:CB:CB:B7:20:63:47:94:39:AB:E6:4D:2E:F8:29:FF:32:65:D5
            X509v3 Authority Key Identifier:
                keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/xa7Ly7cgY0eUOavmTS74Kf8yZdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.144.0/22
                  45.11.68.0/22
                  45.137.4.0/22
                  45.150.96.0/22
                  194.99.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:8e:c4:58:4a:2c:39:d0:a7:45:c9:f3:1c:6a:6a:b7:09:18:
         2c:37:30:22:a2:e4:6a:2a:53:74:c6:8c:e7:6f:b5:04:02:ab:
         92:d4:56:cd:dc:55:80:d3:c8:eb:26:33:d1:14:eb:21:64:63:
         41:52:65:43:fb:22:3d:20:f3:d0:30:3b:6f:44:fc:e1:1b:b4:
         a5:22:05:8c:49:06:8d:4e:d8:5b:36:08:b2:67:a0:85:02:17:
         e6:81:6c:98:e3:10:ad:c6:eb:f4:8a:7a:9b:d0:10:12:bd:fb:
         e6:4d:bb:ed:36:4e:28:ea:cf:98:09:75:56:66:33:55:cb:f5:
         49:93:5b:44:22:9b:1a:54:73:b1:36:18:0b:d6:48:f0:4f:d5:
         f5:0f:9d:8c:fd:95:19:65:cf:c8:0a:7d:5c:b3:09:a8:86:1c:
         02:ec:11:5a:81:97:42:fb:93:ba:66:1f:53:61:8d:c8:c4:83:
         2b:d6:d7:6f:18:a8:99:07:4a:69:c1:73:53:1d:18:f2:18:c3:
         fc:22:62:f8:cc:f1:c5:97:46:81:3b:14:66:9c:85:6a:98:08:
         1d:49:4d:a5:48:af:e5:2f:e0:b2:dd:16:9a:20:1a:ee:22:97:
         96:93:55:d2:14:e6:38:dd:48:2c:75:98:6b:d4:e3:0b:fd:83:
         a3:35:bc:62
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVyg0Tzg9hdqUGHdR34MkWIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjRiYjM0ZmI1ZDE2Y2E5ZDFmYTNmOTc5NGNiNDhkNGJl
ZDg0NzMwHhcNMjMwMTAyMTI0NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWFlY2JjYmI3MjA2MzQ3OTQzOWFiZTY0ZDJlZjgyOWZmMzI2NWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlu9XioX7C7LvMm+oQ440vGCVbv3s
LEaAeG4QgEtaCwWq1lKZitNiaXPdTQXSp6uJdPMlJDeDHDMAzAgHnWreMhhe51lx
k4ZB5ZbM+YfLWkDmaTmWTB4a76TBSImRv6Hu3B6KY/ioWEbfDkVkbr2dKBq11j1d
yyscxaw4KrAR4VGZWCAvh5llcyV/KaPP+9wGLBz+JOd0f6lDGa9s458qavd0kFnl
qKglynKObc4hP0b/Kws6E4C3PZisdVHOD+lvqJfj0gZu75ltU+GKRRZsRlKJOjm7
BmGdsrDNYn7ilt4JxXFycl0+UzkH3wDgCmJvvc/Vf/2bZFsmLLQBB1t9PwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMWuy8u3IGNHlDmr5k0u+Cn/MmXVMB8GA1UdIwQY
MBaAFChkuzT7XRbKnR+j+XlMtI1L7YRzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEt
NTkwMGE1OTQ3YjhkLzEveGE3THk3Y2dZMGVVT2F2bVRTNzRLZjh5WmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEtNTkwMGE1OTQ3Yjhk
LzEvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCAjqQAwQC
LQtEAwQCLYkEAwQCLZZgAwQBwmM6MA0GCSqGSIb3DQEBCwUAA4IBAQACjsRYSiw5
0KdFyfMcamq3CRgsNzAiouRqKlN0xoznb7UEAquS1FbN3FWA08jrJjPRFOshZGNB
UmVD+yI9IPPQMDtvRPzhG7SlIgWMSQaNTthbNgiyZ6CFAhfmgWyY4xCtxuv0inqb
0BASvfvmTbvtNk4o6s+YCXVWZjNVy/VJk1tEIpsaVHOxNhgL1kjwT9X1D52M/ZUZ
Zc/ICn1cswmohhwC7BFagZdC+5O6Zh9TYY3IxIMr1tdvGKiZB0ppwXNTHRjyGMP8
ImL4zPHFl0aBOxRmnIVqmAgdSU2lSK/lL+Cy3RaaIBruIpeWk1XSFOY43UgsdZhr
1OML/YOjNbxi
-----END CERTIFICATE-----
Generated at Sat Sep 9 09:35:02 2023 by rpki-client on console-ams.rpki-client.org