Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/RByTCmL-OhjpRTSpcOmbTpDPIV4.roa
File:                     RByTCmL-OhjpRTSpcOmbTpDPIV4.roa (raw, json)
Hash identifier:          wkOd0yRX0W1Ti68D9k7GV/b6IpQQaeK9dh5j3OtGxjE=
Subject key identifier:   44:1C:93:0A:62:FE:3A:18:E9:45:34:A9:70:E9:9B:4E:90:CF:21:5E
Certificate issuer:       /CN=477f4b6ec4347157c4d13ef0e7abe1290a0bf57c
Certificate serial:       018CAB55D6D351CD794DFB797ED77271C6DD
Authority key identifier: 47:7F:4B:6E:C4:34:71:57:C4:D1:3E:F0:E7:AB:E1:29:0A:0B:F5:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R39LbsQ0cVfE0T7w56vhKQoL9Xw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/RByTCmL-OhjpRTSpcOmbTpDPIV4.roa
Signing time:             Wed 27 Dec 2023 12:52:58 +0000
ROA not before:           Wed 27 Dec 2023 12:52:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34087
IP address blocks:        89.151.224.0/19 maxlen: 19
                          185.161.56.0/23 maxlen: 23
                          185.161.56.0/22 maxlen: 22
                          178.164.64.0/19 maxlen: 19
                          94.246.0.0/18 maxlen: 18
                          178.164.96.0/19 maxlen: 19
                          89.151.192.0/19 maxlen: 19
                          178.164.0.0/17 maxlen: 17
                          178.164.0.0/19 maxlen: 19
                          84.52.224.0/19 maxlen: 19
                          84.16.192.0/19 maxlen: 19
                          217.168.80.0/20 maxlen: 20
                          178.164.32.0/19 maxlen: 19
                          84.52.192.0/18 maxlen: 18
                          85.89.0.0/19 maxlen: 19
                          2a01:560::/29 maxlen: 29
                          2a01:560::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ab:55:d6:d3:51:cd:79:4d:fb:79:7e:d7:72:71:c6:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=477f4b6ec4347157c4d13ef0e7abe1290a0bf57c
        Validity
            Not Before: Dec 27 12:52:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=441c930a62fe3a18e94534a970e99b4e90cf215e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f9:bb:99:eb:84:05:6c:f6:98:46:3a:19:32:
                    dd:b0:7e:0c:7e:a6:9e:43:60:07:6d:2c:de:a3:d1:
                    73:20:47:9e:90:f1:f4:53:c0:f9:7a:ca:b5:93:cd:
                    c1:ad:71:ec:58:e9:92:85:97:38:23:3c:59:bd:76:
                    59:2a:cf:3f:6a:ac:6a:14:1e:3c:e3:cb:41:be:dd:
                    6b:60:a2:1d:b0:ac:08:38:b0:9a:23:3a:2b:95:d7:
                    55:5c:7a:c3:8d:2d:18:67:59:9f:7a:51:70:cb:9f:
                    91:ec:86:26:5c:b2:8e:9e:e9:4d:ed:d2:b5:3a:26:
                    98:1b:45:41:63:a5:c7:22:0d:9a:00:a5:78:f8:b2:
                    85:28:0e:57:70:1e:23:8a:17:a0:75:80:4d:93:95:
                    c7:c3:a4:4e:2c:d7:f9:06:39:d5:0b:9d:40:41:b5:
                    70:a2:5f:f2:fc:c8:36:eb:c6:9a:79:9b:c0:50:c9:
                    42:2f:32:19:f3:ac:3b:32:14:a8:fb:b1:4c:d8:42:
                    dc:ef:e2:7d:3a:b9:90:79:c4:21:1b:c2:5c:9f:bb:
                    a6:03:58:9f:c1:41:a8:02:1a:ce:ac:76:b4:17:58:
                    b0:cb:96:e3:f0:37:9e:3a:60:94:6f:42:b9:a0:32:
                    1e:0b:d5:6d:1f:fd:00:34:5e:11:3e:fd:da:9f:c5:
                    16:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:1C:93:0A:62:FE:3A:18:E9:45:34:A9:70:E9:9B:4E:90:CF:21:5E
            X509v3 Authority Key Identifier:
                keyid:47:7F:4B:6E:C4:34:71:57:C4:D1:3E:F0:E7:AB:E1:29:0A:0B:F5:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R39LbsQ0cVfE0T7w56vhKQoL9Xw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/RByTCmL-OhjpRTSpcOmbTpDPIV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/393e16-898e-45d8-9d72-d8bd250b64f9/1/R39LbsQ0cVfE0T7w56vhKQoL9Xw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.16.192.0/19
                  84.52.192.0/18
                  85.89.0.0/19
                  89.151.192.0/18
                  94.246.0.0/18
                  178.164.0.0/17
                  185.161.56.0/22
                  217.168.80.0/20
                IPv6:
                  2a01:560::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:38:d1:30:e8:99:26:2c:dd:10:b3:7d:aa:7f:cc:d6:97:96:
         e1:62:5a:e7:11:46:4e:e9:d7:63:4d:75:4d:5d:ae:c7:f9:84:
         8b:a8:e8:f4:4a:b7:71:39:4f:26:e1:38:54:bd:6d:35:58:6c:
         46:e3:79:c9:94:cb:52:50:c3:a0:f4:54:6e:8f:d9:04:32:5d:
         2a:8c:da:2f:de:48:bd:9b:1a:b5:1a:64:9e:95:91:c6:f6:a4:
         be:77:33:3a:db:f7:c9:83:e2:c6:1e:28:cf:02:5d:7b:68:a6:
         f6:b4:b7:04:f4:10:58:50:75:23:01:28:47:33:d7:9d:7d:5e:
         bb:1b:2b:da:7d:ab:1d:8e:57:f0:2f:68:7c:8b:41:4b:66:d7:
         c9:31:94:48:f3:1f:39:f1:c9:5b:49:c4:3e:2f:dd:32:4a:31:
         1b:b4:da:8d:5f:52:5a:b7:54:79:12:2d:12:98:f7:7d:9c:1e:
         e1:21:e0:e5:85:0b:32:85:45:fa:3f:12:c6:02:71:05:40:87:
         cd:0c:f8:8c:f0:4e:5d:00:d0:25:1e:02:81:dd:64:e9:ed:44:
         56:17:33:46:c5:50:c1:e7:fd:87:88:2a:67:a4:70:70:69:78:
         18:0d:88:d3:99:f2:6c:c1:0c:fd:6d:16:b5:05:83:73:0c:7d:
         a9:94:19:e5
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYyrVdbTUc15Tft5ftdyccbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3N2Y0YjZlYzQzNDcxNTdjNGQxM2VmMGU3YWJlMTI5MGEw
YmY1N2MwHhcNMjMxMjI3MTI1MjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDFjOTMwYTYyZmUzYTE4ZTk0NTM0YTk3MGU5OWI0ZTkwY2YyMTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvm7meuEBWz2mEY6GTLdsH4Mfqae
Q2AHbSzeo9FzIEeekPH0U8D5esq1k83BrXHsWOmShZc4IzxZvXZZKs8/aqxqFB48
48tBvt1rYKIdsKwIOLCaIzorlddVXHrDjS0YZ1mfelFwy5+R7IYmXLKOnulN7dK1
OiaYG0VBY6XHIg2aAKV4+LKFKA5XcB4jihegdYBNk5XHw6ROLNf5BjnVC51AQbVw
ol/y/Mg268aaeZvAUMlCLzIZ86w7MhSo+7FM2ELc7+J9OrmQecQhG8Jcn7umA1if
wUGoAhrOrHa0F1iwy5bj8DeeOmCUb0K5oDIeC9VtH/0ANF4RPv3an8UWzQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEQckwpi/joY6UU0qXDpm06QzyFeMB8GA1UdIwQY
MBaAFEd/S27ENHFXxNE+8Oer4SkKC/V8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjM5TGJzUTBjVmZFMFQ3dzU2dmhLUW9MOVh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zOTNlMTYtODk4ZS00NWQ4LTlkNzIt
ZDhiZDI1MGI2NGY5LzEvUkJ5VENtTC1PaGpwUlRTcGNPbWJUcERQSVY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zOTNlMTYtODk4ZS00NWQ4LTlkNzItZDhiZDI1MGI2NGY5
LzEvUjM5TGJzUTBjVmZFMFQ3dzU2dmhLUW9MOVh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQFVBDAAwQG
VDTAAwQFVVkAAwQGWZfAAwQGXvYAAwQHsqQAAwQCuaE4AwQE2ahQMA0EAgACMAcD
BQMqAQVgMA0GCSqGSIb3DQEBCwUAA4IBAQBQONEw6JkmLN0Qs32qf8zWl5bhYlrn
EUZO6ddjTXVNXa7H+YSLqOj0SrdxOU8m4ThUvW01WGxG43nJlMtSUMOg9FRuj9kE
Ml0qjNov3ki9mxq1GmSelZHG9qS+dzM62/fJg+LGHijPAl17aKb2tLcE9BBYUHUj
AShHM9edfV67GyvafasdjlfwL2h8i0FLZtfJMZRI8x858clbScQ+L90ySjEbtNqN
X1Jat1R5Ei0SmPd9nB7hIeDlhQsyhUX6PxLGAnEFQIfNDPiM8E5dANAlHgKB3WTp
7URWFzNGxVDB5/2HiCpnpHBwaXgYDYjTmfJswQz9bRa1BYNzDH2plBnl
-----END CERTIFICATE-----