Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/CR-RDz1ofXB5pfzfAGO08Igtmss.roa
File:                     CR-RDz1ofXB5pfzfAGO08Igtmss.roa (raw, json)
Hash identifier:          66Ir/e5cNvH7ep/Oit5zC0mqsSR4Wz+bgP3lOswpThI=
Subject key identifier:   09:1F:91:0F:3D:68:7D:70:79:A5:FC:DF:00:63:B4:F0:88:2D:9A:CB
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0188957F0FBAD4E348129AA97231B77EC495
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/CR-RDz1ofXB5pfzfAGO08Igtmss.roa
Signing time:             Wed 07 Jun 2023 10:55:12 +0000
ROA not before:           Wed 07 Jun 2023 10:55:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        79.175.95.0/24 maxlen: 24
                          79.175.96.0/24 maxlen: 24
                          188.255.144.0/24 maxlen: 24
                          188.255.212.0/24 maxlen: 24
                          109.121.38.0/24 maxlen: 24
                          109.121.36.0/24 maxlen: 24
                          109.121.37.0/24 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.40.0/24 maxlen: 24
                          109.121.41.0/24 maxlen: 24
                          109.121.39.0/24 maxlen: 24
                          109.121.47.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          212.69.11.0/24 maxlen: 24
                          178.253.237.0/24 maxlen: 24
                          109.233.185.0/24 maxlen: 24
                          109.233.184.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:95:7f:0f:ba:d4:e3:48:12:9a:a9:72:31:b7:7e:c4:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jun  7 10:55:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=091f910f3d687d7079a5fcdf0063b4f0882d9acb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6a:85:a4:32:9b:9c:a4:4f:7a:d0:85:82:42:
                    fd:cc:1f:c9:43:b3:4f:68:93:0f:04:0f:72:dc:86:
                    52:e2:49:24:d5:49:81:dc:b9:d1:20:ad:e8:c6:71:
                    19:c9:78:4a:ff:f0:da:84:6f:13:31:3e:26:fb:90:
                    fe:00:0a:56:5a:45:35:75:f7:ff:6d:b3:1b:ea:d1:
                    c5:08:63:31:2e:56:80:ee:75:56:61:e5:dd:13:25:
                    c4:58:0b:38:af:5b:35:70:05:ca:68:67:42:5e:52:
                    ce:03:ba:62:5d:24:00:19:76:5b:2a:e2:9e:f9:6a:
                    60:da:77:00:84:af:cc:28:58:f3:33:77:22:46:0b:
                    d1:c3:77:50:01:34:b9:8c:c3:13:d0:27:bf:4e:d7:
                    3f:1b:36:db:1b:e1:2e:e0:6a:35:95:f7:95:d2:6d:
                    de:7f:2a:0a:c9:7c:bb:c2:38:29:11:b3:cf:3d:fe:
                    99:30:d2:de:0d:ba:eb:85:6c:66:15:ec:ef:c2:7a:
                    50:87:6d:f7:ba:84:26:19:7e:1a:cf:73:98:7e:93:
                    d0:96:a9:9d:b3:55:51:cd:b0:6a:a7:a6:2f:7d:c3:
                    ff:08:73:00:29:15:dc:8f:41:ae:2e:29:54:7d:5d:
                    5a:a6:da:06:7f:36:2d:63:9e:54:bb:b8:8a:03:92:
                    db:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1F:91:0F:3D:68:7D:70:79:A5:FC:DF:00:63:B4:F0:88:2D:9A:CB
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/CR-RDz1ofXB5pfzfAGO08Igtmss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.95.0-79.175.96.255
                  109.121.33.0/24
                  109.121.36.0-109.121.43.255
                  109.121.45.0/24
                  109.121.47.0/24
                  109.233.184.0/23
                  178.253.237.0/24
                  188.255.144.0/24
                  188.255.212.0/24
                  212.69.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:51:e0:04:cc:20:17:6a:2f:7a:f8:18:29:0b:b3:61:7b:1b:
         34:64:3c:b0:ba:f7:d5:6f:24:b7:36:9f:e9:76:ef:32:f0:9e:
         b3:ec:55:a7:cd:a9:51:29:1c:b2:e6:48:30:cf:ca:6e:0d:00:
         87:4a:ed:2b:e3:d8:2f:78:7f:5c:e7:6a:ce:b9:3e:17:b9:3b:
         a1:fa:49:da:bc:34:43:8a:0d:0c:ef:a0:3d:ea:e6:e0:16:8c:
         8b:eb:d1:10:f5:33:84:69:1a:7c:b7:7a:b3:7e:84:f0:e9:5b:
         19:1d:80:3a:0b:af:61:4a:4e:a7:a0:e5:f7:eb:cc:a1:44:7a:
         07:ed:90:c3:f2:60:27:96:47:1e:af:e9:88:aa:5c:76:40:52:
         e8:9b:cd:61:fa:36:18:7b:eb:81:bb:fd:37:bb:2b:cf:e8:a4:
         86:66:9c:a0:58:5b:97:57:e3:2d:6f:ae:33:97:f1:07:4c:27:
         2d:ba:de:fd:3f:77:bc:ed:af:78:b0:f7:33:ab:4b:33:bb:7f:
         1d:2e:1c:1e:63:99:2f:c8:4b:5e:98:97:05:4e:4a:17:69:12:
         98:0a:b3:fa:c2:06:8a:91:44:12:b1:46:34:b2:fd:24:e6:b6:
         37:50:8c:19:9c:e1:d7:c6:10:a7:f2:0f:c0:47:e4:cd:1c:aa:
         ea:16:27:0d
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYiVfw+61ONIEpqpcjG3fsSVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjMwNjA3MTA1NTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTFmOTEwZjNkNjg3ZDcwNzlhNWZjZGYwMDYzYjRmMDg4MmQ5YWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2qFpDKbnKRPetCFgkL9zB/JQ7NP
aJMPBA9y3IZS4kkk1UmB3LnRIK3oxnEZyXhK//DahG8TMT4m+5D+AApWWkU1dff/
bbMb6tHFCGMxLlaA7nVWYeXdEyXEWAs4r1s1cAXKaGdCXlLOA7piXSQAGXZbKuKe
+Wpg2ncAhK/MKFjzM3ciRgvRw3dQATS5jMMT0Ce/Ttc/GzbbG+Eu4Go1lfeV0m3e
fyoKyXy7wjgpEbPPPf6ZMNLeDbrrhWxmFezvwnpQh233uoQmGX4az3OYfpPQlqmd
s1VRzbBqp6YvfcP/CHMAKRXcj0GuLilUfV1aptoGfzYtY55Uu7iKA5Lb1wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFAkfkQ89aH1weaX83wBjtPCILZrLMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvQ1ItUkR6MW9mWEI1cGZ6ZkFHTzA4SWd0bXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBABPr18D
BABPr2ADBABteSEwDAMEAm15JAMEAm15KAMEAG15LQMEAG15LwMEAW3puAMEALL9
7QMEALz/kAMEALz/1AMEANRFCzANBgkqhkiG9w0BAQsFAAOCAQEAk1HgBMwgF2ov
evgYKQuzYXsbNGQ8sLr31W8ktzaf6XbvMvCes+xVp82pUSkcsuZIMM/Kbg0Ah0rt
K+PYL3h/XOdqzrk+F7k7ofpJ2rw0Q4oNDO+gPerm4BaMi+vREPUzhGkafLd6s36E
8OlbGR2AOguvYUpOp6Dl9+vMoUR6B+2Qw/JgJ5ZHHq/piKpcdkBS6JvNYfo2GHvr
gbv9N7srz+ikhmacoFhbl1fjLW+uM5fxB0wnLbre/T93vO2veLD3M6tLM7t/HS4c
HmOZL8hLXpiXBU5KF2kSmAqz+sIGipFEErFGNLL9JOa2N1CMGZzh18YQp/IPwEfk
zRyq6hYnDQ==
-----END CERTIFICATE-----