Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/_f_v4Pb8lkIGePiUiW_mdIi-Jkw.roa
File:                     _f_v4Pb8lkIGePiUiW_mdIi-Jkw.roa (raw, json)
Hash identifier:          kdIMM6w24dbfermaurNyIUKphE8VFDYa5xwoXB1rez0=
Subject key identifier:   FD:FF:EF:E0:F6:FC:96:42:06:78:F8:94:89:6F:E6:74:88:BE:26:4C
Certificate issuer:       /CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
Certificate serial:       0189962AACC001998F0F4B7CB35B4C0296DA
Authority key identifier: D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/_f_v4Pb8lkIGePiUiW_mdIi-Jkw.roa
Signing time:             Thu 27 Jul 2023 07:05:26 +0000
ROA not before:           Thu 27 Jul 2023 07:05:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51665
IP address blocks:        178.237.192.0/21 maxlen: 21
                          178.237.192.0/24 maxlen: 24
                          178.237.198.0/24 maxlen: 24
                          178.237.199.0/24 maxlen: 24
                          178.237.193.0/24 maxlen: 24
                          178.237.194.0/24 maxlen: 24
                          178.237.195.0/24 maxlen: 24
                          178.237.196.0/24 maxlen: 24
                          178.237.197.0/24 maxlen: 24
                          178.237.200.0/24 maxlen: 24
                          178.237.201.0/24 maxlen: 24
                          178.237.202.0/24 maxlen: 24
                          178.237.203.0/24 maxlen: 24
                          178.237.204.0/24 maxlen: 24
                          178.237.205.0/24 maxlen: 24
                          178.237.200.0/22 maxlen: 22
                          178.237.207.0/24 maxlen: 24
                          2a04:7e03::/32 maxlen: 32
                          2a04:7e02::/32 maxlen: 32
                          2a04:7e01::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:96:2a:ac:c0:01:99:8f:0f:4b:7c:b3:5b:4c:02:96:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
        Validity
            Not Before: Jul 27 07:05:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fdffefe0f6fc96420678f894896fe67488be264c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:66:68:52:ea:25:8e:48:80:e1:4c:66:30:c1:
                    7b:75:c5:a2:28:ab:18:f5:5b:eb:d9:37:d0:e4:e8:
                    53:4f:b0:1c:06:1c:32:2a:6d:7c:9b:e1:32:dc:d5:
                    7c:01:3a:f3:d7:eb:f6:11:75:6a:5a:0c:b7:63:a4:
                    08:b9:30:b5:85:8b:9b:a6:b9:e0:75:d3:5d:e9:e5:
                    48:1c:23:bf:77:94:22:de:8a:16:c8:5d:ca:b3:da:
                    dc:8f:89:c3:76:d8:e2:15:f1:80:a5:95:91:f0:50:
                    36:e6:74:df:66:2f:33:18:ff:04:27:2d:31:e1:7f:
                    ec:a6:8b:e1:d6:5f:9c:87:aa:9f:1e:6c:c8:c4:ec:
                    69:9c:58:16:fe:95:df:1c:82:84:ee:77:cb:e5:32:
                    80:54:e4:b8:8d:c3:15:a0:26:c3:72:24:6a:10:51:
                    c7:a1:40:f9:6b:99:4b:78:33:2f:05:70:33:83:60:
                    3b:12:4e:19:3b:a6:5a:62:7d:ed:16:fa:b0:8b:bb:
                    be:7f:bc:d2:c8:a7:7e:28:c2:6d:0f:a0:f7:51:56:
                    73:00:99:27:f3:f0:af:2b:1b:84:2e:8a:24:f8:40:
                    ce:e4:35:ac:09:f4:4a:f6:49:0a:18:ac:d4:8e:05:
                    24:0b:cc:65:36:30:e9:1d:d1:ae:b9:a8:ae:ee:51:
                    3d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:FF:EF:E0:F6:FC:96:42:06:78:F8:94:89:6F:E6:74:88:BE:26:4C
            X509v3 Authority Key Identifier:
                keyid:D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/_f_v4Pb8lkIGePiUiW_mdIi-Jkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.237.192.0-178.237.205.255
                  178.237.207.0/24
                IPv6:
                  2a04:7e01::-2a04:7e03:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         9a:b8:fa:88:92:7e:8a:e0:91:ae:cd:0d:c2:63:38:8e:a3:93:
         32:ae:52:b9:9f:da:4c:b5:63:c3:de:22:77:bb:ba:e3:c8:0d:
         04:4f:b4:dd:09:c5:ab:55:38:42:12:74:6d:d4:12:19:e3:46:
         69:6e:22:b1:3d:3f:17:73:4a:bd:2f:13:fd:af:76:51:0c:b2:
         ca:c0:1f:fa:7f:75:0e:d6:65:12:e4:33:79:93:e2:bf:42:35:
         de:f1:75:24:9c:8b:2b:11:c5:24:83:09:75:06:5b:1c:0a:98:
         e2:a0:72:49:bd:56:f8:39:3b:ea:5e:a9:4e:01:35:51:20:3a:
         5f:38:51:ca:48:4b:f5:03:d7:8c:3d:18:db:58:db:bc:98:f1:
         24:86:4e:7e:b6:a3:a7:ac:a5:55:73:b8:bd:19:f6:87:9b:d3:
         8b:63:8a:de:6b:84:c3:90:fd:67:6b:9f:b9:2f:62:30:e7:27:
         87:e8:fb:f0:f7:dc:55:ab:1d:1c:8e:fc:bd:d2:c5:e2:c8:65:
         ea:9d:bb:8b:ef:f6:32:41:67:8a:d2:a2:65:5a:06:49:4b:cd:
         d8:4d:8d:ee:1d:fc:c9:12:2d:12:0f:a9:62:85:9d:5e:cc:ed:
         91:52:36:72:46:51:d3:93:24:e5:80:7e:c7:d2:be:61:3a:df:
         dd:94:14:5c
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYmWKqzAAZmPD0t8s1tMApbaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OTkyMmNhOGQxMzlhNGQwM2Q2ZDU3Y2JjODE3N2RjMDVm
ZWI5ZWMwHhcNMjMwNzI3MDcwNTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGZmZWZlMGY2ZmM5NjQyMDY3OGY4OTQ4OTZmZTY3NDg4YmUyNjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGZoUuoljkiA4UxmMMF7dcWiKKsY
9Vvr2TfQ5OhTT7AcBhwyKm18m+Ey3NV8ATrz1+v2EXVqWgy3Y6QIuTC1hYubprng
ddNd6eVIHCO/d5Qi3ooWyF3Ks9rcj4nDdtjiFfGApZWR8FA25nTfZi8zGP8EJy0x
4X/spovh1l+ch6qfHmzIxOxpnFgW/pXfHIKE7nfL5TKAVOS4jcMVoCbDciRqEFHH
oUD5a5lLeDMvBXAzg2A7Ek4ZO6ZaYn3tFvqwi7u+f7zSyKd+KMJtD6D3UVZzAJkn
8/CvKxuELook+EDO5DWsCfRK9kkKGKzUjgUkC8xlNjDpHdGuuaiu7lE95wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFP3/7+D2/JZCBnj4lIlv5nSIviZMMB8GA1UdIwQY
MBaAFNSZIsqNE5pNA9bVfLyBd9wF/rnsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUt
ZThiNjBhMmRkNmI0LzEvX2ZfdjRQYjhsa0lHZVBpVWlXX21kSWktSmt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUtZThiNjBhMmRkNmI0
LzEvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAaBAIAATAUMAwDBAay7cAD
BAGy7cwDBACy7c8wFgQCAAIwEDAOAwUAKgR+AQMFAioEfgAwDQYJKoZIhvcNAQEL
BQADggEBAJq4+oiSforgka7NDcJjOI6jkzKuUrmf2ky1Y8PeIne7uuPIDQRPtN0J
xatVOEISdG3UEhnjRmluIrE9PxdzSr0vE/2vdlEMssrAH/p/dQ7WZRLkM3mT4r9C
Nd7xdSSciysRxSSDCXUGWxwKmOKgckm9Vvg5O+peqU4BNVEgOl84UcpIS/UD14w9
GNtY27yY8SSGTn62o6espVVzuL0Z9oeb04tjit5rhMOQ/Wdrn7kvYjDnJ4fo+/D3
3FWrHRyO/L3SxeLIZeqdu4vv9jJBZ4rSomVaBklLzdhNje4d/MkSLRIPqWKFnV7M
7ZFSNnJGUdOTJOWAfsfSvmE6392UFFw=
-----END CERTIFICATE-----