Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/0a3a0f-60f8-4a1c-bba0-7b880c063367/1/yfFYyyJUON5jYnjFzRdgBwvORNk.roa
File:                     yfFYyyJUON5jYnjFzRdgBwvORNk.roa (raw, json)
Hash identifier:          czT/A1sf59jP8LdchUGdRuMDYxNgYLLGuoIRdore9YY=
Subject key identifier:   C9:F1:58:CB:22:54:38:DE:63:62:78:C5:CD:17:60:07:0B:CE:44:D9
Certificate issuer:       /CN=3406d2c439ccbcb78a82d5cb2b4c3ff6e9934b96
Certificate serial:       018705A5D80DAEA4FA7324362492191F4F4C
Authority key identifier: 34:06:D2:C4:39:CC:BC:B7:8A:82:D5:CB:2B:4C:3F:F6:E9:93:4B:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NAbSxDnMvLeKgtXLK0w_9umTS5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/0a3a0f-60f8-4a1c-bba0-7b880c063367/1/yfFYyyJUON5jYnjFzRdgBwvORNk.roa
Signing time:             Tue 21 Mar 2023 19:29:27 +0000
ROA not before:           Tue 21 Mar 2023 19:29:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213122
IP address blocks:        89.37.100.0/24 maxlen: 24
                          188.210.236.0/24 maxlen: 24
                          5.252.166.0/24 maxlen: 24
                          5.252.164.0/24 maxlen: 24
                          5.252.165.0/24 maxlen: 24
                          5.252.167.0/24 maxlen: 24
                          45.130.152.0/24 maxlen: 24
                          45.130.153.0/24 maxlen: 24
                          89.36.230.0/24 maxlen: 24
                          45.87.62.0/24 maxlen: 24
                          45.87.63.0/24 maxlen: 24
                          45.87.60.0/24 maxlen: 24
                          45.87.61.0/24 maxlen: 24
                          103.104.251.0/24 maxlen: 24
                          103.104.248.0/24 maxlen: 24
                          103.104.250.0/24 maxlen: 24
                          185.162.74.0/24 maxlen: 24
                          2a0e:f380::/32 maxlen: 32
                          2a0e:f380:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:05:a5:d8:0d:ae:a4:fa:73:24:36:24:92:19:1f:4f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3406d2c439ccbcb78a82d5cb2b4c3ff6e9934b96
        Validity
            Not Before: Mar 21 19:29:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c9f158cb225438de636278c5cd1760070bce44d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:34:6e:5b:36:95:c6:a6:11:11:de:c4:69:35:
                    af:ea:9c:7e:61:21:5d:0b:41:35:17:bf:d9:be:5f:
                    04:d6:c7:33:cc:11:24:71:f9:4e:e8:f4:42:25:f7:
                    1d:e0:dc:e7:d7:35:68:55:1a:de:56:fa:a7:b0:d1:
                    cc:27:9c:af:1b:de:43:fa:71:ed:73:b1:e5:80:02:
                    18:06:82:8e:71:e2:e2:75:2c:98:4b:e4:10:82:f4:
                    1e:84:46:33:18:e9:48:39:c4:95:c4:6b:c5:b1:fd:
                    64:c0:49:b6:22:0d:e6:be:05:c0:0f:f4:b3:c2:1c:
                    e9:be:a7:84:92:ed:36:0a:20:8c:5d:af:8b:5f:be:
                    76:15:05:6d:3e:6d:89:a0:02:0e:6b:92:44:5b:c3:
                    7f:d8:f4:ba:cd:5c:a0:f2:41:17:13:29:73:cd:9f:
                    dd:23:2b:8d:9e:80:67:62:4f:e1:e3:ae:99:fa:24:
                    31:de:19:88:3a:db:ef:58:0c:ac:61:c9:ce:88:3b:
                    9b:40:58:51:16:51:4c:bf:94:c6:30:50:d5:c2:84:
                    db:15:fc:7a:88:97:77:b5:e2:fd:52:47:9a:08:67:
                    5e:40:d9:1f:f4:01:6f:95:c8:18:40:65:9d:1a:05:
                    63:7b:38:29:14:aa:f5:fb:3c:fe:50:38:79:12:f3:
                    98:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F1:58:CB:22:54:38:DE:63:62:78:C5:CD:17:60:07:0B:CE:44:D9
            X509v3 Authority Key Identifier:
                keyid:34:06:D2:C4:39:CC:BC:B7:8A:82:D5:CB:2B:4C:3F:F6:E9:93:4B:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NAbSxDnMvLeKgtXLK0w_9umTS5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/0a3a0f-60f8-4a1c-bba0-7b880c063367/1/yfFYyyJUON5jYnjFzRdgBwvORNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/0a3a0f-60f8-4a1c-bba0-7b880c063367/1/NAbSxDnMvLeKgtXLK0w_9umTS5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.164.0/22
                  45.87.60.0/22
                  45.130.152.0/23
                  89.36.230.0/24
                  89.37.100.0/24
                  103.104.248.0/24
                  103.104.250.0/23
                  185.162.74.0/24
                  188.210.236.0/24
                IPv6:
                  2a0e:f380::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:c7:fd:9d:54:d6:9c:85:0b:46:7d:7a:a0:47:f1:b9:ac:7c:
         84:16:6d:ab:c9:3f:32:94:5d:d7:fc:17:9d:a8:69:37:e4:99:
         ca:cc:6f:d4:00:2d:44:f1:31:38:ba:fe:0f:10:47:ed:8f:23:
         62:45:68:1c:be:0b:72:39:f2:9c:83:f4:4d:71:f7:05:86:37:
         f2:dd:e8:3e:b0:3f:ea:f8:50:ff:6d:b5:46:18:e1:4b:24:32:
         c3:f6:53:41:77:d4:02:0b:20:21:6d:a1:45:72:01:f5:e9:e9:
         c6:a6:8a:f4:a7:b1:30:a7:68:44:d5:11:a0:22:58:82:7b:27:
         a3:39:44:83:fd:e7:9e:3a:0c:90:64:81:31:61:1f:ad:aa:fb:
         c0:08:9a:37:44:3d:c2:70:fa:70:61:c7:d0:30:91:79:53:f8:
         f0:9e:fb:41:1a:76:f0:36:b9:fd:63:5a:23:02:cf:cf:83:85:
         63:6b:4c:0f:76:8f:d5:bb:c6:3e:bc:98:54:b8:23:21:8c:0f:
         a6:b8:15:3d:4f:e4:92:b0:f7:10:3c:c8:d7:c3:42:20:a8:16:
         9a:14:23:19:d0:62:b9:c8:1d:e1:e8:21:f0:09:66:24:25:29:
         ae:a4:6f:8b:57:1f:76:f2:11:6b:87:a0:ff:88:ec:64:fe:76:
         e7:d4:0d:e6
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYcFpdgNrqT6cyQ2JJIZH09MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MDZkMmM0MzljY2JjYjc4YTgyZDVjYjJiNGMzZmY2ZTk5
MzRiOTYwHhcNMjMwMzIxMTkyOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWYxNThjYjIyNTQzOGRlNjM2Mjc4YzVjZDE3NjAwNzBiY2U0NGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTRuWzaVxqYREd7EaTWv6px+YSFd
C0E1F7/Zvl8E1sczzBEkcflO6PRCJfcd4Nzn1zVoVRreVvqnsNHMJ5yvG95D+nHt
c7HlgAIYBoKOceLidSyYS+QQgvQehEYzGOlIOcSVxGvFsf1kwEm2Ig3mvgXAD/Sz
whzpvqeEku02CiCMXa+LX752FQVtPm2JoAIOa5JEW8N/2PS6zVyg8kEXEylzzZ/d
IyuNnoBnYk/h466Z+iQx3hmIOtvvWAysYcnOiDubQFhRFlFMv5TGMFDVwoTbFfx6
iJd3teL9UkeaCGdeQNkf9AFvlcgYQGWdGgVjezgpFKr1+zz+UDh5EvOYDwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFMnxWMsiVDjeY2J4xc0XYAcLzkTZMB8GA1UdIwQY
MBaAFDQG0sQ5zLy3ioLVyytMP/bpk0uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkFiU3hEbk12TGVLZ3RYTEswd185dW1UUzVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wYTNhMGYtNjBmOC00YTFjLWJiYTAt
N2I4ODBjMDYzMzY3LzEveWZGWXl5SlVPTjVqWW5qRnpSZGdCd3ZPUk5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wYTNhMGYtNjBmOC00YTFjLWJiYTAtN2I4ODBjMDYzMzY3
LzEvTkFiU3hEbk12TGVLZ3RYTEswd185dW1UUzVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCBfykAwQC
LVc8AwQBLYKYAwQAWSTmAwQAWSVkAwQAZ2j4AwQBZ2j6AwQAuaJKAwQAvNLsMA0E
AgACMAcDBQAqDvOAMA0GCSqGSIb3DQEBCwUAA4IBAQCIx/2dVNachQtGfXqgR/G5
rHyEFm2ryT8ylF3X/BedqGk35JnKzG/UAC1E8TE4uv4PEEftjyNiRWgcvgtyOfKc
g/RNcfcFhjfy3eg+sD/q+FD/bbVGGOFLJDLD9lNBd9QCCyAhbaFFcgH16enGpor0
p7Ewp2hE1RGgIliCeyejOUSD/eeeOgyQZIExYR+tqvvACJo3RD3CcPpwYcfQMJF5
U/jwnvtBGnbwNrn9Y1ojAs/Pg4Vja0wPdo/Vu8Y+vJhUuCMhjA+muBU9T+SSsPcQ
PMjXw0IgqBaaFCMZ0GK5yB3h6CHwCWYkJSmupG+LVx928hFrh6D/iOxk/nbn1A3m
-----END CERTIFICATE-----