Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ynyqdXxKATyAeat79g_TQRLIrhA.roa
File:                     ynyqdXxKATyAeat79g_TQRLIrhA.roa (raw, json)
Hash identifier:          Wp+LDg65SkwSaEwgdh/vFgKwnHCnG+A50RGDQxoTL1E=
Subject key identifier:   CA:7C:AA:75:7C:4A:01:3C:80:79:AB:7B:F6:0F:D3:41:12:C8:AE:10
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0188712A38CBC16A2FC4EA787E68DA832300
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ynyqdXxKATyAeat79g_TQRLIrhA.roa
Signing time:             Wed 31 May 2023 09:36:12 +0000
ROA not before:           Wed 31 May 2023 09:36:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        79.175.96.0/24 maxlen: 24
                          79.175.95.0/24 maxlen: 24
                          188.255.144.0/24 maxlen: 24
                          188.255.212.0/24 maxlen: 24
                          109.121.38.0/24 maxlen: 24
                          109.121.36.0/24 maxlen: 24
                          109.121.37.0/24 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.41.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.39.0/24 maxlen: 24
                          109.121.47.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          212.69.11.0/24 maxlen: 24
                          178.253.237.0/24 maxlen: 24
                          109.233.184.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:71:2a:38:cb:c1:6a:2f:c4:ea:78:7e:68:da:83:23:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 31 09:36:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ca7caa757c4a013c8079ab7bf60fd34112c8ae10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e5:db:48:f2:19:49:b2:aa:5c:13:31:cf:b5:
                    db:fb:34:6b:6e:3f:d1:8d:36:85:66:6a:4f:32:87:
                    74:4b:21:88:91:39:fd:59:60:4c:4e:1f:0d:31:ec:
                    61:c4:7c:db:70:9f:9a:5a:5c:39:68:72:32:bc:e7:
                    c5:55:70:20:65:cf:55:d8:91:05:9a:d2:42:d9:b7:
                    df:85:03:90:54:0a:d6:6a:3e:e1:9a:0f:e4:f0:12:
                    03:5b:25:03:9a:97:35:a8:7a:18:ab:bc:53:a9:2a:
                    ba:b3:92:b6:b1:ee:bc:61:20:4b:ca:4e:4f:e2:2b:
                    9f:25:a2:cd:e3:4c:36:7b:07:61:d0:dd:04:e5:3c:
                    9e:dd:95:fd:42:f4:8a:c5:a8:23:76:f7:66:13:67:
                    2d:b9:65:25:ae:d4:a8:3c:dc:b3:d0:50:b0:ff:42:
                    99:de:b5:7a:62:a9:42:85:55:c9:f9:19:4b:f4:02:
                    0f:62:e8:51:f9:87:bd:df:aa:cc:c6:74:ef:92:70:
                    0a:f0:d9:ba:54:3d:75:11:2c:ed:7f:26:94:10:8b:
                    3a:f5:52:fd:39:71:15:98:36:c4:84:af:1b:4a:6f:
                    ed:b0:2e:a8:22:b1:f8:d0:42:c7:06:ad:12:9d:4a:
                    b6:c2:9f:49:0a:86:85:b8:42:26:01:15:65:ba:8a:
                    a8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:7C:AA:75:7C:4A:01:3C:80:79:AB:7B:F6:0F:D3:41:12:C8:AE:10
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ynyqdXxKATyAeat79g_TQRLIrhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.95.0-79.175.96.255
                  109.121.33.0/24
                  109.121.36.0/22
                  109.121.41.0-109.121.42.255
                  109.121.45.0/24
                  109.121.47.0/24
                  109.233.184.0/24
                  178.253.237.0/24
                  188.255.144.0/24
                  188.255.212.0/24
                  212.69.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:27:fc:35:32:c3:55:8e:63:97:90:bc:a2:ec:ad:42:4a:61:
         fc:27:61:44:9c:4f:5b:e6:17:8d:76:8f:db:3a:5d:6b:90:4d:
         3d:98:11:39:f6:1a:d0:18:95:10:af:f0:32:4d:b6:00:6d:d7:
         a8:14:86:c5:b4:03:58:78:b3:7b:0e:37:4d:7c:88:44:31:56:
         63:06:92:36:07:77:e1:b5:97:23:ca:84:ae:ec:6a:94:e4:9a:
         7a:22:c3:9a:03:40:2c:77:9f:7d:7a:db:ac:ef:de:ea:14:fa:
         ad:4a:a9:60:26:1a:ad:1f:60:30:30:ee:2a:c5:18:9a:26:4d:
         40:0a:22:93:10:49:7a:56:89:6e:00:7e:e0:7b:b9:ec:fd:3c:
         e3:92:bd:0e:7c:3b:34:ae:8d:d9:66:dd:aa:10:dc:9a:27:a7:
         07:5e:6e:12:84:a3:8e:bf:42:f7:f0:1f:82:90:60:45:21:0a:
         e9:63:9f:b7:9b:da:9e:ad:a0:9d:75:a1:ed:17:21:80:1c:1e:
         b8:ee:01:55:76:03:8e:31:5f:f5:10:5b:3e:85:4d:4e:ac:c3:
         92:e7:66:98:5d:14:ce:cf:64:45:2f:7d:b0:ac:85:8b:80:4f:
         7e:aa:bf:8e:2f:cf:bf:18:4d:c6:c0:25:14:bc:f7:d1:ab:d6:
         56:73:9a:96
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYhxKjjLwWovxOp4fmjagyMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjMwNTMxMDkzNjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTdjYWE3NTdjNGEwMTNjODA3OWFiN2JmNjBmZDM0MTEyYzhhZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOXbSPIZSbKqXBMxz7Xb+zRrbj/R
jTaFZmpPMod0SyGIkTn9WWBMTh8NMexhxHzbcJ+aWlw5aHIyvOfFVXAgZc9V2JEF
mtJC2bffhQOQVArWaj7hmg/k8BIDWyUDmpc1qHoYq7xTqSq6s5K2se68YSBLyk5P
4iufJaLN40w2ewdh0N0E5Tye3ZX9QvSKxagjdvdmE2ctuWUlrtSoPNyz0FCw/0KZ
3rV6YqlChVXJ+RlL9AIPYuhR+Ye936rMxnTvknAK8Nm6VD11ESztfyaUEIs69VL9
OXEVmDbEhK8bSm/tsC6oIrH40ELHBq0SnUq2wp9JCoaFuEImARVluoqoBwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFMp8qnV8SgE8gHmre/YP00ESyK4QMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEveW55cWRYeEtBVHlBZWF0NzlnX1RRUkxJcmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSMAwDBABPr18D
BABPr2ADBABteSEDBAJteSQwDAMEAG15KQMEAG15KgMEAG15LQMEAG15LwMEAG3p
uAMEALL97QMEALz/kAMEALz/1AMEANRFCzANBgkqhkiG9w0BAQsFAAOCAQEAUyf8
NTLDVY5jl5C8ouytQkph/CdhRJxPW+YXjXaP2zpda5BNPZgROfYa0BiVEK/wMk22
AG3XqBSGxbQDWHizew43TXyIRDFWYwaSNgd34bWXI8qEruxqlOSaeiLDmgNALHef
fXrbrO/e6hT6rUqpYCYarR9gMDDuKsUYmiZNQAoikxBJelaJbgB+4Hu57P0845K9
Dnw7NK6N2WbdqhDcmienB15uEoSjjr9C9/AfgpBgRSEK6WOft5vanq2gnXWh7Rch
gBweuO4BVXYDjjFf9RBbPoVNTqzDkudmmF0Uzs9kRS99sKyFi4BPfqq/ji/PvxhN
xsAlFLz30avWVnOalg==
-----END CERTIFICATE-----