Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/Ji5AhsJ91HxGnLe3i9un1fevY-g.roa
File:                     Ji5AhsJ91HxGnLe3i9un1fevY-g.roa (raw, json)
Hash identifier:          uRefVEPmYCwPbDbrFsmJpGWqtnOcvybzMuanpAgCLMw=
Subject key identifier:   26:2E:40:86:C2:7D:D4:7C:46:9C:B7:B7:8B:DB:A7:D5:F7:AF:63:E8
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       01871A968E7612279AD02C51D8CD88D80D79
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/Ji5AhsJ91HxGnLe3i9un1fevY-g.roa
Signing time:             Sat 25 Mar 2023 21:04:47 +0000
ROA not before:           Sat 25 Mar 2023 21:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     398464
IP address blocks:        212.87.218.0/24 maxlen: 24
                          212.87.216.0/24 maxlen: 24
                          212.87.219.0/24 maxlen: 24
                          91.132.124.0/24 maxlen: 24
                          31.40.195.0/24 maxlen: 24
                          45.133.112.0/22 maxlen: 24
                          193.142.36.0/22 maxlen: 24
                          194.180.232.0/23 maxlen: 24
                          194.180.236.0/23 maxlen: 24
                          45.136.24.0/22 maxlen: 24
                          45.147.8.0/22 maxlen: 24
                          93.177.94.0/23 maxlen: 24
                          45.147.232.0/22 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:1a:96:8e:76:12:27:9a:d0:2c:51:d8:cd:88:d8:0d:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Mar 25 21:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=262e4086c27dd47c469cb7b78bdba7d5f7af63e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d7:64:f6:e3:85:af:eb:ae:74:57:8e:69:dd:
                    0a:da:06:77:6a:06:34:89:39:ff:af:93:39:55:23:
                    6e:b6:90:4f:13:15:b5:03:25:8a:a9:dc:ef:d7:e4:
                    94:5b:70:c5:b1:5f:bc:62:93:9f:f5:4f:e0:a6:87:
                    ce:80:4c:ea:98:88:9d:ee:16:4d:65:9a:b3:21:5c:
                    1d:5e:6e:59:81:d1:aa:57:5d:db:cd:c8:94:43:d3:
                    20:ee:f1:e9:8f:6d:3c:f1:5e:c1:cf:ba:4f:be:cc:
                    08:22:97:e2:04:de:e5:d2:30:12:c6:52:c2:0e:4d:
                    6f:32:58:15:87:d5:aa:67:0d:d4:03:66:44:cf:04:
                    49:ac:c2:03:c3:36:1a:eb:8a:6f:7b:98:40:03:b9:
                    2c:d9:ab:a6:e8:ec:bf:02:c1:54:1b:a4:4f:13:ba:
                    55:45:3b:fc:07:bf:6d:3a:1f:69:67:09:b0:81:ae:
                    d6:04:92:c0:13:30:68:cc:64:b9:80:17:43:03:f5:
                    ed:18:a1:15:26:66:d9:81:5d:af:77:89:b6:45:c4:
                    be:5e:4b:3a:ca:54:ad:d2:a6:f4:88:48:2c:66:6a:
                    78:ac:29:f1:1c:1a:13:f1:7e:37:9a:92:af:d3:9e:
                    0a:11:9a:4c:5d:c6:bd:50:8e:19:f7:07:cd:1d:8e:
                    e4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:2E:40:86:C2:7D:D4:7C:46:9C:B7:B7:8B:DB:A7:D5:F7:AF:63:E8
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/Ji5AhsJ91HxGnLe3i9un1fevY-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.195.0/24
                  45.133.112.0/22
                  45.136.24.0/22
                  45.147.8.0/22
                  45.147.232.0/22
                  91.132.124.0/24
                  93.177.94.0/23
                  193.142.36.0/22
                  194.180.232.0/23
                  194.180.236.0/23
                  212.87.216.0/24
                  212.87.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:a7:c0:93:e4:2a:ad:de:a4:b2:12:06:75:ee:08:c1:6a:4d:
         d9:66:fa:89:77:8c:4a:ca:cc:9d:2b:79:a9:23:f2:9b:be:36:
         81:0d:35:a1:65:7c:ae:b0:3d:d0:98:79:0b:70:6f:0e:bd:6a:
         f5:71:96:6d:43:5d:30:9a:7e:23:a1:d5:27:88:da:89:9f:e0:
         15:d8:b2:af:60:a2:8f:b6:c5:89:9a:a8:3b:e8:c1:32:26:64:
         40:96:43:1c:6c:a2:5f:41:99:96:c2:8f:9b:d1:e0:f0:ec:61:
         72:75:db:ed:d0:27:f2:5c:8d:7d:a3:f8:04:ef:56:ed:24:42:
         3f:51:60:ce:6a:de:5d:67:a0:41:e6:72:bb:5d:6c:76:fc:0c:
         a0:dc:bf:ba:76:16:cc:1b:a9:bc:3a:e9:6b:81:b4:0d:21:4e:
         b4:16:0d:28:06:84:e2:40:2c:dd:f8:3d:c2:c3:1a:d9:d4:78:
         40:92:77:b2:01:a5:5a:6a:cb:95:c6:58:bd:8d:60:91:d7:58:
         f0:22:db:e9:63:29:23:19:e8:1c:a7:70:2b:98:05:b6:3a:fa:
         7e:6b:92:e5:28:23:bd:7a:e1:24:c0:00:63:d2:49:5b:1b:2e:
         0b:e1:79:a7:4d:eb:a6:b3:a5:a1:b4:9b:b2:ae:57:1b:a9:73:
         46:f8:f2:57
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYcalo52Eiea0CxR2M2I2A15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjMwMzI1MjEwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjJlNDA4NmMyN2RkNDdjNDY5Y2I3Yjc4YmRiYTdkNWY3YWY2M2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltdk9uOFr+uudFeOad0K2gZ3agY0
iTn/r5M5VSNutpBPExW1AyWKqdzv1+SUW3DFsV+8YpOf9U/gpofOgEzqmIid7hZN
ZZqzIVwdXm5ZgdGqV13bzciUQ9Mg7vHpj2088V7Bz7pPvswIIpfiBN7l0jASxlLC
Dk1vMlgVh9WqZw3UA2ZEzwRJrMIDwzYa64pve5hAA7ks2aum6Oy/AsFUG6RPE7pV
RTv8B79tOh9pZwmwga7WBJLAEzBozGS5gBdDA/XtGKEVJmbZgV2vd4m2RcS+Xks6
ylSt0qb0iEgsZmp4rCnxHBoT8X43mpKv054KEZpMXca9UI4Z9wfNHY7kywIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCYuQIbCfdR8Rpy3t4vbp9X3r2PoMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvSmk1QWhzSjkxSHhHbkxlM2k5dW4xZmV2WS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAHyjDAwQC
LYVwAwQCLYgYAwQCLZMIAwQCLZPoAwQAW4R8AwQBXbFeAwQCwY4kAwQBwrToAwQB
wrTsAwQA1FfYAwQB1FfaMA0GCSqGSIb3DQEBCwUAA4IBAQBUp8CT5Cqt3qSyEgZ1
7gjBak3ZZvqJd4xKysydK3mpI/KbvjaBDTWhZXyusD3QmHkLcG8OvWr1cZZtQ10w
mn4jodUniNqJn+AV2LKvYKKPtsWJmqg76MEyJmRAlkMcbKJfQZmWwo+b0eDw7GFy
ddvt0CfyXI19o/gE71btJEI/UWDOat5dZ6BB5nK7XWx2/Ayg3L+6dhbMG6m8Oulr
gbQNIU60Fg0oBoTiQCzd+D3CwxrZ1HhAkneyAaVaasuVxli9jWCR11jwItvpYykj
Gegcp3ArmAW2Ovp+a5LlKCO9euEkwABj0klbGy4L4XmnTeums6WhtJuyrlcbqXNG
+PJX
-----END CERTIFICATE-----