Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/NGrVZBgSrw2M2-BpD40t0GdOhf4.roa
File:                     NGrVZBgSrw2M2-BpD40t0GdOhf4.roa (raw, json)
Hash identifier:          /DryEuTRap/ixxQxIIQBHl5ln7L7+mzQFxG80OWKT2o=
Subject key identifier:   34:6A:D5:64:18:12:AF:0D:8C:DB:E0:69:0F:8D:2D:D0:67:4E:85:FE
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018571F0F7E2D515E77BBAB45B4CFC88D561
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/NGrVZBgSrw2M2-BpD40t0GdOhf4.roa
Signing time:             Mon 02 Jan 2023 10:04:55 +0000
ROA not before:           Mon 02 Jan 2023 10:04:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50563
IP address blocks:        89.46.140.0/24 maxlen: 24
                          88.148.115.0/24 maxlen: 24
                          89.46.140.0/23 maxlen: 23
                          89.46.141.0/24 maxlen: 24
                          88.148.53.0/24 maxlen: 24
                          88.148.52.0/23 maxlen: 23
                          88.148.52.0/24 maxlen: 24
                          176.56.116.0/24 maxlen: 24
                          5.154.44.0/24 maxlen: 24
                          176.227.145.0/24 maxlen: 24
                          178.156.121.0/24 maxlen: 24
                          5.154.0.0/24 maxlen: 24
                          84.236.143.0/24 maxlen: 24
                          94.76.141.0/24 maxlen: 24
                          185.27.125.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:f0:f7:e2:d5:15:e7:7b:ba:b4:5b:4c:fc:88:d5:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 10:04:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=346ad5641812af0d8cdbe0690f8d2dd0674e85fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:70:8c:4e:56:0d:e1:f1:36:ef:df:b5:66:76:
                    85:44:86:b0:85:6a:5d:7c:0a:73:e2:ee:4c:c2:93:
                    fa:33:06:5d:9f:56:af:a1:1e:7e:2e:ff:2f:a8:bf:
                    f2:71:44:9f:55:7a:ad:0b:e8:f0:62:69:13:69:a3:
                    95:56:9c:3c:19:59:db:64:4d:b5:cf:30:3e:8a:09:
                    9c:22:c4:b5:ca:e1:30:6f:10:7e:d8:ed:47:4a:97:
                    f0:e6:52:69:68:6d:af:6e:b7:d6:f8:94:49:67:17:
                    6a:f0:91:1a:cd:70:b3:28:6a:e2:9c:4c:42:83:43:
                    d4:4e:2f:3c:38:d3:57:47:da:4e:f7:16:46:db:39:
                    fb:a9:02:40:34:21:b7:ee:64:af:d0:4b:5a:d7:ce:
                    6e:bb:06:25:f9:6a:5d:df:93:70:7c:02:0b:94:da:
                    37:2f:1d:0a:f4:c6:b9:7f:f6:8f:59:05:25:de:a5:
                    91:c7:ba:d5:45:7f:fe:19:35:42:5f:13:ec:87:94:
                    01:95:c2:ff:3c:00:58:f8:92:d4:2a:06:d1:ef:29:
                    82:77:cc:87:85:b2:6e:19:8a:b3:9f:1e:31:ef:4d:
                    91:87:32:30:7c:c3:a4:c8:4f:e9:eb:bc:ab:15:28:
                    0c:74:5c:49:1b:6d:f2:1d:52:3a:17:fa:42:57:6e:
                    fa:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:6A:D5:64:18:12:AF:0D:8C:DB:E0:69:0F:8D:2D:D0:67:4E:85:FE
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/NGrVZBgSrw2M2-BpD40t0GdOhf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.0.0/24
                  5.154.44.0/24
                  84.236.143.0/24
                  88.148.52.0/23
                  88.148.115.0/24
                  89.46.140.0/23
                  94.76.141.0/24
                  176.56.116.0/24
                  176.227.145.0/24
                  178.156.121.0/24
                  185.27.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:08:1b:9d:52:b4:f8:3f:fb:95:48:f6:a2:cb:8b:28:70:88:
         6f:87:ee:ca:09:bd:9a:31:2d:42:d4:e1:db:6c:d1:63:05:9d:
         d3:49:41:49:f3:68:45:50:83:fa:bc:26:b0:8a:c2:38:5e:f5:
         c6:de:31:dc:fe:9f:0b:06:11:ef:86:bd:28:6d:e1:71:ea:2f:
         fd:4d:bc:86:cd:6f:4c:b0:fa:d5:b1:d2:33:88:26:a2:1b:63:
         5e:8c:52:31:1e:84:00:12:dc:59:d2:1f:5f:db:1b:a6:1c:f6:
         36:38:9e:d4:b1:4a:af:4d:3f:fa:6c:7d:2a:cd:c1:18:ea:e3:
         36:c2:b7:36:77:cc:c7:c2:61:34:b7:6a:99:cd:ba:e8:db:8e:
         de:a5:72:c7:eb:a6:f3:9e:dd:60:4f:8c:e3:77:d9:69:3f:46:
         c0:ac:c1:24:53:44:e4:f8:bc:79:1e:c3:09:61:17:b7:dd:da:
         8b:6a:50:7e:02:8c:1c:c2:20:70:e5:e2:40:34:f9:a9:c2:22:
         c3:a5:6d:46:4e:3d:12:b9:3b:1e:ec:1c:c9:6e:90:82:64:09:
         55:30:81:eb:e3:cf:73:56:1d:0c:8b:a2:f4:b1:f6:07:8e:67:
         bc:70:d2:9b:1c:b7:39:6e:f9:9a:99:df:c7:ce:ac:52:49:52:
         b4:e3:2b:a5
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYVx8Pfi1RXne7q0W0z8iNVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjMwMTAyMTAwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDZhZDU2NDE4MTJhZjBkOGNkYmUwNjkwZjhkMmRkMDY3NGU4NWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnCMTlYN4fE279+1ZnaFRIawhWpd
fApz4u5MwpP6MwZdn1avoR5+Lv8vqL/ycUSfVXqtC+jwYmkTaaOVVpw8GVnbZE21
zzA+igmcIsS1yuEwbxB+2O1HSpfw5lJpaG2vbrfW+JRJZxdq8JEazXCzKGrinExC
g0PUTi88ONNXR9pO9xZG2zn7qQJANCG37mSv0Eta185uuwYl+Wpd35NwfAILlNo3
Lx0K9Ma5f/aPWQUl3qWRx7rVRX/+GTVCXxPsh5QBlcL/PABY+JLUKgbR7ymCd8yH
hbJuGYqznx4x702RhzIwfMOkyE/p67yrFSgMdFxJG23yHVI6F/pCV276tQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDRq1WQYEq8NjNvgaQ+NLdBnToX+MB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvTkdyVlpCZ1NydzJNMi1CcEQ0MHQwR2RPaGY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABZoAAwQA
BZosAwQAVOyPAwQBWJQ0AwQAWJRzAwQBWS6MAwQAXkyNAwQAsDh0AwQAsOORAwQA
spx5AwQAuRt9MA0GCSqGSIb3DQEBCwUAA4IBAQAdCBudUrT4P/uVSPaiy4socIhv
h+7KCb2aMS1C1OHbbNFjBZ3TSUFJ82hFUIP6vCawisI4XvXG3jHc/p8LBhHvhr0o
beFx6i/9TbyGzW9MsPrVsdIziCaiG2NejFIxHoQAEtxZ0h9f2xumHPY2OJ7UsUqv
TT/6bH0qzcEY6uM2wrc2d8zHwmE0t2qZzbro247epXLH66bznt1gT4zjd9lpP0bA
rMEkU0Tk+Lx5HsMJYRe33dqLalB+AowcwiBw5eJANPmpwiLDpW1GTj0SuTse7BzJ
bpCCZAlVMIHr489zVh0Mi6L0sfYHjme8cNKbHLc5bvmamd/HzqxSSVK04yul
-----END CERTIFICATE-----