Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/QEju4zfcrBt9G_Q25pFGj3HLzHc.roa
File:                     QEju4zfcrBt9G_Q25pFGj3HLzHc.roa (raw, json)
Hash identifier:          /xueG/5VANZpFW0bY8/OWcBl9+cLtzNrd/mfEgz9SCg=
Subject key identifier:   40:48:EE:E3:37:DC:AC:1B:7D:1B:F4:36:E6:91:46:8F:71:CB:CC:77
Certificate issuer:       /CN=dd3d4011175e5df7a3f57d38e78150a2c05fdd1d
Certificate serial:       018AB7FE17AED008E96FB2179C71BFCD17CF
Authority key identifier: DD:3D:40:11:17:5E:5D:F7:A3:F5:7D:38:E7:81:50:A2:C0:5F:DD:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3T1AERdeXfej9X0454FQosBf3R0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/QEju4zfcrBt9G_Q25pFGj3HLzHc.roa
Signing time:             Thu 21 Sep 2023 13:46:37 +0000
ROA not before:           Thu 21 Sep 2023 13:46:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206805
IP address blocks:        185.159.111.0/24 maxlen: 24
                          45.84.152.0/23 maxlen: 23
                          45.84.155.0/24 maxlen: 24
                          45.84.154.0/24 maxlen: 24
                          193.19.100.0/23 maxlen: 24
                          45.145.190.0/23 maxlen: 23
                          45.145.190.0/24 maxlen: 24
                          45.145.188.0/23 maxlen: 23
                          185.247.192.0/22 maxlen: 24
                          185.228.48.0/22 maxlen: 24
                          178.159.32.0/23 maxlen: 24
                          188.64.150.0/23 maxlen: 24
                          188.64.149.0/24 maxlen: 24
                          2a0c:ee00:20c::/48 maxlen: 48
                          2a0c:ee00:200::/40 maxlen: 40
                          2a0c:ee00::/40 maxlen: 40
                          2a0c:ee00:100::/40 maxlen: 40

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b7:fe:17:ae:d0:08:e9:6f:b2:17:9c:71:bf:cd:17:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd3d4011175e5df7a3f57d38e78150a2c05fdd1d
        Validity
            Not Before: Sep 21 13:46:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4048eee337dcac1b7d1bf436e691468f71cbcc77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:8d:53:78:39:4f:80:d0:97:e6:a6:6a:14:a1:
                    b5:80:23:2a:f2:ca:a6:9a:72:1d:8b:b8:7e:ab:6d:
                    92:44:b6:54:aa:2c:1f:ce:da:19:2b:af:39:e1:5c:
                    04:3c:a4:40:33:99:4f:d4:d5:3c:6b:bc:4f:69:32:
                    0c:d6:0f:11:37:53:97:ed:20:d1:ea:c8:04:ef:6c:
                    c5:47:22:d0:cf:79:47:ae:d5:fa:a4:dd:b2:2f:f4:
                    99:3e:9a:5d:0c:08:ed:b1:16:f5:af:3a:f7:fb:57:
                    94:bc:2f:e1:2b:d2:74:a5:f5:77:fd:35:5a:0b:16:
                    e3:90:14:5d:14:50:f4:9d:6f:05:59:aa:73:04:25:
                    5b:71:ec:a5:94:80:1a:b3:b5:b5:f7:c3:c0:99:f5:
                    8f:cf:a4:40:e1:e8:80:cb:66:8a:e5:6e:59:05:f8:
                    e9:0a:9f:37:10:df:71:48:16:f6:63:87:62:a4:82:
                    e6:c6:7d:af:9b:00:cd:c6:95:e0:36:db:a4:18:7e:
                    24:29:8d:9b:a3:da:1a:33:4a:cf:3a:0d:12:ba:bf:
                    a6:54:be:19:54:90:4a:54:5a:5c:38:e1:09:70:08:
                    0a:bb:12:a4:77:d5:68:40:11:99:ed:75:11:5c:3f:
                    b1:d5:f4:fb:2d:57:ae:7f:80:52:3f:cf:dd:c1:be:
                    af:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:48:EE:E3:37:DC:AC:1B:7D:1B:F4:36:E6:91:46:8F:71:CB:CC:77
            X509v3 Authority Key Identifier:
                keyid:DD:3D:40:11:17:5E:5D:F7:A3:F5:7D:38:E7:81:50:A2:C0:5F:DD:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3T1AERdeXfej9X0454FQosBf3R0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/QEju4zfcrBt9G_Q25pFGj3HLzHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/308589-92fe-4593-93e4-2d0a78be892d/1/3T1AERdeXfej9X0454FQosBf3R0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.152.0/22
                  45.145.188.0/22
                  178.159.32.0/23
                  185.159.111.0/24
                  185.228.48.0/22
                  185.247.192.0/22
                  188.64.149.0-188.64.151.255
                  193.19.100.0/23
                IPv6:
                  2a0c:ee00::-2a0c:ee00:2ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a8:b0:5b:f7:de:06:16:76:fa:94:a6:ea:4b:0f:ac:55:a8:f6:
         3a:6a:da:e3:1c:f7:46:15:04:cd:d6:4d:96:66:ba:84:0d:f1:
         8c:78:9b:0b:ee:5e:7f:a1:fc:05:7b:15:16:58:ab:a6:82:ec:
         37:e9:93:7a:85:f5:10:cb:11:de:3d:b1:11:24:0b:bd:aa:47:
         97:93:2c:e2:e2:3b:60:e7:24:23:aa:dc:7b:c1:04:88:10:d6:
         05:a5:27:eb:d4:7f:ac:15:94:9a:8f:e3:65:67:59:81:1c:7d:
         81:3e:25:6a:f7:00:ed:0a:5a:c3:38:38:61:8c:2b:15:0b:51:
         e7:88:dc:3f:29:25:fe:23:7a:4a:af:f2:46:f2:56:7a:5b:7c:
         c6:f0:9c:68:b6:52:89:b4:d7:d4:81:d8:4a:f6:1e:e9:5d:e0:
         e9:dc:a7:67:6d:20:07:fa:ca:fd:d8:d8:80:a3:90:9f:db:77:
         d1:e6:fd:7d:87:80:0e:df:64:58:b4:3c:d9:93:00:8d:59:b4:
         ba:85:2e:b0:59:a0:16:2b:1e:c9:8f:67:15:d9:c5:f3:73:35:
         9e:78:e9:4f:c2:cd:0b:f1:64:ea:95:11:5a:2f:31:0d:55:1a:
         6d:e3:aa:4d:84:83:26:3d:7b:f7:aa:b9:e6:5d:00:2b:b0:84:
         2e:f3:d5:ce
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYq3/heu0Ajpb7IXnHG/zRfPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkM2Q0MDExMTc1ZTVkZjdhM2Y1N2QzOGU3ODE1MGEyYzA1
ZmRkMWQwHhcNMjMwOTIxMTM0NjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDQ4ZWVlMzM3ZGNhYzFiN2QxYmY0MzZlNjkxNDY4ZjcxY2JjYzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgY1TeDlPgNCX5qZqFKG1gCMq8sqm
mnIdi7h+q22SRLZUqiwfztoZK6854VwEPKRAM5lP1NU8a7xPaTIM1g8RN1OX7SDR
6sgE72zFRyLQz3lHrtX6pN2yL/SZPppdDAjtsRb1rzr3+1eUvC/hK9J0pfV3/TVa
CxbjkBRdFFD0nW8FWapzBCVbceyllIAas7W198PAmfWPz6RA4eiAy2aK5W5ZBfjp
Cp83EN9xSBb2Y4dipILmxn2vmwDNxpXgNtukGH4kKY2bo9oaM0rPOg0Sur+mVL4Z
VJBKVFpcOOEJcAgKuxKkd9VoQBGZ7XURXD+x1fT7LVeuf4BSP8/dwb6vXQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFEBI7uM33KwbfRv0NuaRRo9xy8x3MB8GA1UdIwQY
MBaAFN09QBEXXl33o/V9OOeBUKLAX90dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1QxQUVSZGVYZmVqOVgwNDU0RlFvc0JmM1IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zMDg1ODktOTJmZS00NTkzLTkzZTQt
MmQwYTc4YmU4OTJkLzEvUUVqdTR6ZmNyQnQ5R19RMjVwRkdqM0hMekhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zMDg1ODktOTJmZS00NTkzLTkzZTQtMmQwYTc4YmU4OTJk
LzEvM1QxQUVSZGVYZmVqOVgwNDU0RlFvc0JmM1IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDA+BAIAATA4AwQCLVSYAwQC
LZG8AwQBsp8gAwQAuZ9vAwQCueQwAwQCuffAMAwDBAC8QJUDBAO8QJADBAHBE2Qw
FgQCAAIwEDAOAwQBKgzuAwYAKgzuAAIwDQYJKoZIhvcNAQELBQADggEBAKiwW/fe
BhZ2+pSm6ksPrFWo9jpq2uMc90YVBM3WTZZmuoQN8Yx4mwvuXn+h/AV7FRZYq6aC
7Dfpk3qF9RDLEd49sREkC72qR5eTLOLiO2DnJCOq3HvBBIgQ1gWlJ+vUf6wVlJqP
42VnWYEcfYE+JWr3AO0KWsM4OGGMKxULUeeI3D8pJf4jekqv8kbyVnpbfMbwnGi2
Uom019SB2Er2Huld4Oncp2dtIAf6yv3Y2ICjkJ/bd9Hm/X2HgA7fZFi0PNmTAI1Z
tLqFLrBZoBYrHsmPZxXZxfNzNZ546U/CzQvxZOqVEVovMQ1VGm3jqk2EgyY9e/eq
ueZdACuwhC7z1c4=
-----END CERTIFICATE-----