Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/8Vq4gEXmb4NL2BxCxiIc1acGATk.roa
File:                     8Vq4gEXmb4NL2BxCxiIc1acGATk.roa (raw, json)
Hash identifier:          HIyu3gV8HuMiUJg0PMOdXF4zAl/R/Yb6bPGAMU7Be8o=
Subject key identifier:   F1:5A:B8:80:45:E6:6F:83:4B:D8:1C:42:C6:22:1C:D5:A7:06:01:39
Certificate issuer:       /CN=dd3d4011175e5df7a3f57d38e78150a2c05fdd1d
Certificate serial:       018570798F632EEB86CC9C52D87CFC9547AC
Authority key identifier: DD:3D:40:11:17:5E:5D:F7:A3:F5:7D:38:E7:81:50:A2:C0:5F:DD:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3T1AERdeXfej9X0454FQosBf3R0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/8Vq4gEXmb4NL2BxCxiIc1acGATk.roa
Signing time:             Mon 02 Jan 2023 03:14:52 +0000
ROA not before:           Mon 02 Jan 2023 03:14:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206805
IP address blocks:        185.159.111.0/24 maxlen: 24
                          45.84.152.0/23 maxlen: 23
                          45.84.155.0/24 maxlen: 24
                          45.84.154.0/24 maxlen: 24
                          193.19.100.0/23 maxlen: 23
                          45.145.188.0/23 maxlen: 23
                          185.247.192.0/22 maxlen: 24
                          185.228.48.0/22 maxlen: 24
                          178.159.32.0/23 maxlen: 24
                          188.64.149.0/24 maxlen: 24
                          2a0c:ee00:20c::/48 maxlen: 48
                          2a0c:ee00:100::/40 maxlen: 40
                          2a0c:ee00::/40 maxlen: 40

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:79:8f:63:2e:eb:86:cc:9c:52:d8:7c:fc:95:47:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd3d4011175e5df7a3f57d38e78150a2c05fdd1d
        Validity
            Not Before: Jan  2 03:14:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f15ab88045e66f834bd81c42c6221cd5a7060139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:45:98:6a:c3:0a:fd:00:1c:4c:da:eb:62:c0:
                    19:48:43:38:c1:fa:e7:33:21:a1:3b:4e:02:f1:50:
                    9e:ba:fa:38:d7:00:1e:49:23:c1:48:21:8f:4e:2e:
                    e7:8a:fe:7c:0d:6f:27:0c:f5:c0:88:1e:c9:bf:47:
                    59:dd:d5:97:a2:d6:8b:87:ae:3f:9c:00:1d:91:97:
                    c4:45:97:5e:1f:e9:98:7e:6b:a6:23:0d:48:61:3a:
                    27:3f:e0:6a:68:62:2d:64:7d:c3:2f:d9:53:51:48:
                    f5:68:fd:06:06:8c:42:34:2c:22:1a:ec:07:20:bd:
                    fc:5e:3a:ba:d4:87:cf:a7:2f:f5:b8:54:b8:1c:24:
                    d0:f3:7d:63:ef:6d:00:9d:6d:cb:85:f5:43:f3:48:
                    89:49:c4:40:30:05:5b:d5:68:8e:5d:b1:3e:5e:1e:
                    1c:2f:c3:fb:35:f7:3e:13:ee:9b:49:4f:8b:32:fd:
                    fc:64:96:e5:49:04:8d:b0:6b:7a:b8:96:77:8d:6d:
                    ad:79:4a:b2:34:c1:d0:24:a9:1d:01:8b:77:95:7c:
                    2a:d7:29:69:80:47:81:59:2b:06:d6:41:68:a4:da:
                    07:08:c3:b9:25:54:8a:27:2d:e9:dd:fa:b5:32:b3:
                    d8:e7:a3:5e:1d:34:64:9b:53:66:da:9d:96:32:78:
                    8e:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:5A:B8:80:45:E6:6F:83:4B:D8:1C:42:C6:22:1C:D5:A7:06:01:39
            X509v3 Authority Key Identifier:
                keyid:DD:3D:40:11:17:5E:5D:F7:A3:F5:7D:38:E7:81:50:A2:C0:5F:DD:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3T1AERdeXfej9X0454FQosBf3R0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/8Vq4gEXmb4NL2BxCxiIc1acGATk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/3T1AERdeXfej9X0454FQosBf3R0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.152.0/22
                  45.145.188.0/23
                  178.159.32.0/23
                  185.159.111.0/24
                  185.228.48.0/22
                  185.247.192.0/22
                  188.64.149.0/24
                  193.19.100.0/23
                IPv6:
                  2a0c:ee00::/39
                  2a0c:ee00:20c::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:09:fa:ac:9f:21:82:fb:7c:a3:7b:6c:0f:f7:79:0d:cf:c8:
         eb:86:60:00:ab:a5:0a:d1:1e:be:3d:85:0e:18:34:7e:6c:12:
         7a:1a:de:9f:2f:ca:25:7f:30:26:a9:2b:cc:99:ce:34:20:36:
         ec:e9:a1:e6:51:f1:9e:c5:69:19:e2:9c:9e:21:09:11:5e:86:
         11:5e:a0:7c:84:2c:8d:8c:3b:29:c7:2b:d4:63:3f:4f:86:6c:
         5c:21:6f:95:7e:31:84:83:20:18:d2:fb:f5:88:48:df:2b:6b:
         0e:80:f7:d3:d5:1c:8a:c9:5b:b8:a7:ea:b9:bc:72:4c:ed:b7:
         81:0a:56:5d:ff:39:16:b8:fc:80:ac:e9:32:e9:19:a7:ed:e3:
         38:d9:28:3f:cd:66:42:f6:b1:99:64:68:ff:05:65:17:e0:0b:
         18:ae:45:cf:7a:77:15:52:e4:27:be:bc:79:57:f4:fc:5c:47:
         85:e6:f6:60:f2:cd:7e:63:a4:95:52:ab:ac:25:14:10:6d:59:
         5f:da:9d:33:58:48:f7:c5:20:1e:9f:09:bb:e6:41:5f:77:84:
         57:74:30:53:d6:64:c3:8b:9b:bd:01:52:b3:44:0c:c8:6a:12:
         e7:09:af:27:53:cb:90:dc:1e:69:24:51:5b:09:f0:4e:3b:3f:
         6c:f4:e8:e5
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYVweY9jLuuGzJxS2Hz8lUesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkM2Q0MDExMTc1ZTVkZjdhM2Y1N2QzOGU3ODE1MGEyYzA1
ZmRkMWQwHhcNMjMwMTAyMDMxNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTVhYjg4MDQ1ZTY2ZjgzNGJkODFjNDJjNjIyMWNkNWE3MDYwMTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEWYasMK/QAcTNrrYsAZSEM4wfrn
MyGhO04C8VCeuvo41wAeSSPBSCGPTi7niv58DW8nDPXAiB7Jv0dZ3dWXotaLh64/
nAAdkZfERZdeH+mYfmumIw1IYTonP+BqaGItZH3DL9lTUUj1aP0GBoxCNCwiGuwH
IL38Xjq61IfPpy/1uFS4HCTQ831j720AnW3LhfVD80iJScRAMAVb1WiOXbE+Xh4c
L8P7Nfc+E+6bSU+LMv38ZJblSQSNsGt6uJZ3jW2teUqyNMHQJKkdAYt3lXwq1ylp
gEeBWSsG1kFopNoHCMO5JVSKJy3p3fq1MrPY56NeHTRkm1Nm2p2WMniOjQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFPFauIBF5m+DS9gcQsYiHNWnBgE5MB8GA1UdIwQY
MBaAFN09QBEXXl33o/V9OOeBUKLAX90dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1QxQUVSZGVYZmVqOVgwNDU0RlFvc0JmM1IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zMDg1ODktOTJmZS00NTkzLTkzZTQt
MmQwYTc4YmU4OTJkLzEvOFZxNGdFWG1iNE5MMkJ4Q3hpSWMxYWNHQVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zMDg1ODktOTJmZS00NTkzLTkzZTQtMmQwYTc4YmU4OTJk
LzEvM1QxQUVSZGVYZmVqOVgwNDU0RlFvc0JmM1IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTA2BAIAATAwAwQCLVSYAwQB
LZG8AwQBsp8gAwQAuZ9vAwQCueQwAwQCuffAAwQAvECVAwQBwRNkMBcEAgACMBED
BgEqDO4AAAMHACoM7gACDDANBgkqhkiG9w0BAQsFAAOCAQEAjQn6rJ8hgvt8o3ts
D/d5Dc/I64ZgAKulCtEevj2FDhg0fmwSehreny/KJX8wJqkrzJnONCA27Omh5lHx
nsVpGeKcniEJEV6GEV6gfIQsjYw7Kccr1GM/T4ZsXCFvlX4xhIMgGNL79YhI3ytr
DoD309UcislbuKfqubxyTO23gQpWXf85Frj8gKzpMukZp+3jONkoP81mQvaxmWRo
/wVlF+ALGK5Fz3p3FVLkJ768eVf0/FxHheb2YPLNfmOklVKrrCUUEG1ZX9qdM1hI
98UgHp8Ju+ZBX3eEV3QwU9Zkw4ubvQFSs0QMyGoS5wmvJ1PLkNweaSRRWwnwTjs/
bPTo5Q==
-----END CERTIFICATE-----