Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/x0qOmeFCUo1EMyX_ZwKE1OvkUHc.roa
File:                     x0qOmeFCUo1EMyX_ZwKE1OvkUHc.roa (raw, json)
Hash identifier:          SjC6eKWuW6/wuhsvf9OBnht4TLeQl6Jd19i1HqDajuA=
Subject key identifier:   C7:4A:8E:99:E1:42:52:8D:44:33:25:FF:67:02:84:D4:EB:E4:50:77
Certificate issuer:       /CN=b87b766968716296e5bba0bce83856ae7165b8b8
Certificate serial:       0187576531270024F04C86551391C86395CD
Authority key identifier: B8:7B:76:69:68:71:62:96:E5:BB:A0:BC:E8:38:56:AE:71:65:B8:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uHt2aWhxYpblu6C86DhWrnFluLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/x0qOmeFCUo1EMyX_ZwKE1OvkUHc.roa
Signing time:             Thu 06 Apr 2023 16:27:42 +0000
ROA not before:           Thu 06 Apr 2023 16:27:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        185.92.220.0/22 maxlen: 24
                          78.141.192.0/19 maxlen: 24
                          199.247.0.0/19 maxlen: 24
                          78.141.224.0/19 maxlen: 24
                          80.240.16.0/20 maxlen: 24
                          192.248.128.0/18 maxlen: 24
                          95.179.128.0/17 maxlen: 24
                          209.250.224.0/19 maxlen: 24
                          217.69.0.0/20 maxlen: 24
                          2a05:f480:3000::/38 maxlen: 38
                          2a05:f480:2400::/38 maxlen: 38
                          2a05:f480:2800::/38 maxlen: 38
                          2a05:f480:2000::/38 maxlen: 38
                          2a05:f480:1c00::/38 maxlen: 38
                          2a05:f480:1800::/38 maxlen: 38
                          2a05:f480:1400::/38 maxlen: 38
                          2a05:f480:1000::/38 maxlen: 38
                          2a05:f480:2c00::/38 maxlen: 38

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:57:65:31:27:00:24:f0:4c:86:55:13:91:c8:63:95:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b87b766968716296e5bba0bce83856ae7165b8b8
        Validity
            Not Before: Apr  6 16:27:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c74a8e99e142528d443325ff670284d4ebe45077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f2:4a:c9:3d:d8:6a:84:07:68:e9:d7:c9:fb:
                    30:04:3e:59:eb:89:de:42:85:24:6e:d1:61:92:d3:
                    88:16:ac:fd:09:a4:9c:02:9e:47:46:43:eb:db:2a:
                    89:8d:59:a9:e1:2c:45:c0:39:de:20:80:46:3f:af:
                    15:e8:94:45:9b:c9:14:2e:5a:21:a3:dd:0e:0d:4b:
                    5f:9c:c1:b7:67:af:16:d9:43:45:7c:4b:62:2b:e8:
                    1c:11:5d:e9:7b:49:18:72:9c:4c:e5:1d:fb:23:71:
                    3f:4f:6a:1c:41:b9:41:97:cd:04:f6:80:93:a0:11:
                    f8:46:81:c8:f0:b1:72:c1:be:38:0b:4e:4d:c2:b6:
                    62:38:9d:e7:29:fe:5f:7b:e1:5b:04:9a:13:c5:b0:
                    a4:0d:a4:1a:e3:b7:0b:f0:56:e1:02:b7:94:e6:67:
                    1c:78:8f:82:a4:a3:b8:5d:fa:a7:9a:25:2b:97:db:
                    8b:8c:96:5e:bd:ec:18:8f:71:29:b8:11:f3:9e:36:
                    3f:3c:d6:99:2a:4c:d7:0b:73:88:38:26:35:e4:58:
                    bf:97:fa:5a:b2:91:2a:23:b4:b2:eb:3d:1c:40:83:
                    b1:ad:ec:17:e1:ab:3d:3e:27:98:fb:28:72:a8:7f:
                    e6:b9:a3:61:5f:01:1c:02:0d:36:e2:8e:65:68:6f:
                    02:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:4A:8E:99:E1:42:52:8D:44:33:25:FF:67:02:84:D4:EB:E4:50:77
            X509v3 Authority Key Identifier:
                keyid:B8:7B:76:69:68:71:62:96:E5:BB:A0:BC:E8:38:56:AE:71:65:B8:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uHt2aWhxYpblu6C86DhWrnFluLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/x0qOmeFCUo1EMyX_ZwKE1OvkUHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/a3ede6-bc31-4d00-925c-3d612f324996/1/uHt2aWhxYpblu6C86DhWrnFluLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.141.192.0/18
                  80.240.16.0/20
                  95.179.128.0/17
                  185.92.220.0/22
                  192.248.128.0/18
                  199.247.0.0/19
                  209.250.224.0/19
                  217.69.0.0/20
                IPv6:
                  2a05:f480:1000::-2a05:f480:33ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         84:94:1d:90:65:bc:62:d0:c1:1c:07:97:78:b7:8c:e9:b2:ce:
         7a:e0:3d:9f:a5:27:57:79:17:81:5a:fb:2a:75:2a:77:ff:6e:
         ef:50:de:9f:75:ca:f2:85:d6:e0:6a:6d:0d:b8:d7:93:91:5d:
         0e:e1:bd:20:40:8a:c5:9b:bb:85:83:9d:4a:d2:19:71:42:a5:
         7a:86:65:0f:09:7a:44:f9:2b:5f:b1:12:b9:2a:6c:6e:92:5e:
         fb:7f:67:95:d2:0c:be:77:c1:68:97:06:93:3e:e3:97:b4:ea:
         7a:76:bf:0f:c2:46:66:bb:bc:0d:c6:92:6c:a8:31:c2:c2:9e:
         16:79:a3:ca:ec:24:f6:00:46:b3:a1:60:b2:a5:d3:f3:06:e2:
         3c:53:e0:42:3c:c9:c9:9b:8a:44:5a:00:71:65:26:a3:4c:70:
         6e:7b:62:c3:f7:d6:f6:09:a1:42:1c:ce:7c:82:80:e5:24:89:
         44:f8:81:41:11:94:42:1a:a1:68:22:a2:10:b7:d5:ac:be:af:
         1a:1d:78:7d:31:52:e4:ae:c1:a7:c3:97:3c:a5:ac:38:39:a8:
         97:d0:bb:7c:b0:63:27:f3:eb:a8:90:8f:38:76:13:a4:a2:dd:
         12:9a:23:46:96:bb:69:16:8f:ed:d3:8f:77:f9:3b:1d:fc:29:
         bc:95:bd:e7
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYdXZTEnACTwTIZVE5HIY5XNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4N2I3NjY5Njg3MTYyOTZlNWJiYTBiY2U4Mzg1NmFlNzE2
NWI4YjgwHhcNMjMwNDA2MTYyNzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzRhOGU5OWUxNDI1MjhkNDQzMzI1ZmY2NzAyODRkNGViZTQ1MDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPJKyT3YaoQHaOnXyfswBD5Z64ne
QoUkbtFhktOIFqz9CaScAp5HRkPr2yqJjVmp4SxFwDneIIBGP68V6JRFm8kULloh
o90ODUtfnMG3Z68W2UNFfEtiK+gcEV3pe0kYcpxM5R37I3E/T2ocQblBl80E9oCT
oBH4RoHI8LFywb44C05NwrZiOJ3nKf5fe+FbBJoTxbCkDaQa47cL8FbhAreU5mcc
eI+CpKO4XfqnmiUrl9uLjJZevewYj3EpuBHznjY/PNaZKkzXC3OIOCY15Fi/l/pa
spEqI7Sy6z0cQIOxrewX4as9PieY+yhyqH/muaNhXwEcAg024o5laG8CPQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFMdKjpnhQlKNRDMl/2cChNTr5FB3MB8GA1UdIwQY
MBaAFLh7dmlocWKW5bugvOg4Vq5xZbi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUh0MmFXaHhZcGJsdTZDODZEaFdybkZsdUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9hM2VkZTYtYmMzMS00ZDAwLTkyNWMt
M2Q2MTJmMzI0OTk2LzEveDBxT21lRkNVbzFFTXlYX1p3S0UxT3ZrVUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9hM2VkZTYtYmMzMS00ZDAwLTkyNWMtM2Q2MTJmMzI0OTk2
LzEvdUh0MmFXaHhZcGJsdTZDODZEaFdybkZsdUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjA2BAIAATAwAwQGTo3AAwQE
UPAQAwQHX7OAAwQCuVzcAwQGwPiAAwQFx/cAAwQF0frgAwQE2UUAMBgEAgACMBIw
EAMGBCoF9IAQAwYCKgX0gDAwDQYJKoZIhvcNAQELBQADggEBAISUHZBlvGLQwRwH
l3i3jOmyznrgPZ+lJ1d5F4Fa+yp1Knf/bu9Q3p91yvKF1uBqbQ2415ORXQ7hvSBA
isWbu4WDnUrSGXFCpXqGZQ8JekT5K1+xErkqbG6SXvt/Z5XSDL53wWiXBpM+45e0
6np2vw/CRma7vA3GkmyoMcLCnhZ5o8rsJPYARrOhYLKl0/MG4jxT4EI8ycmbikRa
AHFlJqNMcG57YsP31vYJoUIcznyCgOUkiUT4gUERlEIaoWgiohC31ay+rxodeH0x
UuSuwafDlzylrDg5qJfQu3ywYyfz66iQjzh2E6Si3RKaI0aWu2kWj+3Tj3f5Ox38
KbyVvec=
-----END CERTIFICATE-----