Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/f8e803-41f5-4668-afa5-db13abbe4e9a/1/fDImNNIIX5RSxejmt3Ls_5yeO7c.roa
File:                     fDImNNIIX5RSxejmt3Ls_5yeO7c.roa (raw, json)
Hash identifier:          Vg0kEZpG1zlE5w7bwg5pCAtlQMImCM9rtbDqBpc1b7o=
Subject key identifier:   7C:32:26:34:D2:08:5F:94:52:C5:E8:E6:B7:72:EC:FF:9C:9E:3B:B7
Certificate issuer:       /CN=1fd7bbb1de6809df7f6e573f9abb64e603613ca1
Certificate serial:       01857094F6D9C09519A3AF0FCA8FBD95E0E4
Authority key identifier: 1F:D7:BB:B1:DE:68:09:DF:7F:6E:57:3F:9A:BB:64:E6:03:61:3C:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H9e7sd5oCd9_blc_mrtk5gNhPKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/f8e803-41f5-4668-afa5-db13abbe4e9a/1/fDImNNIIX5RSxejmt3Ls_5yeO7c.roa
Signing time:             Mon 02 Jan 2023 03:44:48 +0000
ROA not before:           Mon 02 Jan 2023 03:44:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15692
IP address blocks:        89.37.69.0/24 maxlen: 24
                          89.37.68.0/23 maxlen: 23
                          89.37.68.0/24 maxlen: 24
                          188.215.28.0/23 maxlen: 23
                          188.215.28.0/24 maxlen: 24
                          188.215.29.0/24 maxlen: 24
                          94.177.130.0/24 maxlen: 24
                          193.169.192.0/23 maxlen: 23
                          185.13.244.0/22 maxlen: 22
                          93.115.8.0/24 maxlen: 24
                          86.105.0.0/24 maxlen: 24
                          89.40.44.0/23 maxlen: 23
                          86.105.225.0/24 maxlen: 24
                          2a02:f540::/30 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:94:f6:d9:c0:95:19:a3:af:0f:ca:8f:bd:95:e0:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fd7bbb1de6809df7f6e573f9abb64e603613ca1
        Validity
            Not Before: Jan  2 03:44:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7c322634d2085f9452c5e8e6b772ecff9c9e3bb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fc:4b:06:7a:1b:3b:4b:a9:85:f6:ce:18:0d:
                    5b:22:4c:81:d3:e4:fe:ed:28:85:f0:c3:60:44:a4:
                    dd:f1:ff:11:a5:12:c5:10:dc:5d:76:e1:6f:be:a2:
                    cb:e0:92:57:77:40:ad:86:75:a8:51:2f:5c:9d:99:
                    96:88:f3:a0:ef:8e:b1:48:10:9b:90:a5:50:ce:f2:
                    88:d0:f2:b8:ea:26:7d:0e:49:2a:cd:91:b6:f9:8c:
                    d4:7c:0a:1a:be:b2:88:cb:57:af:86:b4:95:39:15:
                    b7:98:5c:ba:94:97:8d:8f:37:cf:bc:6c:d9:08:74:
                    0b:f6:2f:44:9f:ff:8e:dc:17:34:2f:6e:38:43:08:
                    95:ec:24:8b:87:5c:81:f3:73:68:ed:91:bb:03:5e:
                    c1:a1:8c:52:da:f5:bd:ce:ac:a0:e1:5a:46:ac:6b:
                    8b:34:02:73:4e:3d:3e:de:90:33:f5:98:60:a3:92:
                    2f:01:ac:68:62:a4:cf:f7:92:16:b5:3d:9f:6a:06:
                    6a:98:89:40:f4:7e:dc:fd:08:14:7a:1f:74:68:93:
                    4e:88:7b:3c:c7:f7:68:3d:80:5f:38:45:a6:cf:1d:
                    05:3a:c6:80:cc:3a:c0:36:4f:c3:cd:c3:8d:57:cf:
                    08:04:c4:a2:89:e7:18:d3:be:73:1a:b2:0c:a2:33:
                    6c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:32:26:34:D2:08:5F:94:52:C5:E8:E6:B7:72:EC:FF:9C:9E:3B:B7
            X509v3 Authority Key Identifier:
                keyid:1F:D7:BB:B1:DE:68:09:DF:7F:6E:57:3F:9A:BB:64:E6:03:61:3C:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H9e7sd5oCd9_blc_mrtk5gNhPKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/f8e803-41f5-4668-afa5-db13abbe4e9a/1/fDImNNIIX5RSxejmt3Ls_5yeO7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/f8e803-41f5-4668-afa5-db13abbe4e9a/1/H9e7sd5oCd9_blc_mrtk5gNhPKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.0.0/24
                  86.105.225.0/24
                  89.37.68.0/23
                  89.40.44.0/23
                  93.115.8.0/24
                  94.177.130.0/24
                  185.13.244.0/22
                  188.215.28.0/23
                  193.169.192.0/23
                IPv6:
                  2a02:f540::/30

    Signature Algorithm: sha256WithRSAEncryption
         30:ba:f8:b5:62:f0:d6:a8:7b:9d:54:73:b2:c6:29:9d:9b:4e:
         37:09:a3:1f:90:39:5c:12:88:f7:8b:5b:eb:e1:26:20:2f:97:
         fd:31:7a:79:fd:e5:d0:b7:71:af:1e:c6:ed:b7:c3:c9:81:60:
         15:8a:20:1d:a7:f2:3b:ef:fe:49:bf:5f:23:7f:71:8f:f0:7e:
         35:a4:4e:70:c1:30:94:6d:23:db:fd:1d:ca:71:c2:bb:07:18:
         62:e3:51:af:90:8c:19:98:16:b4:f3:13:e2:62:bf:fc:f4:52:
         f9:9b:6f:a9:58:e5:9f:0d:a0:23:86:62:45:d5:d8:3b:51:a6:
         d6:dc:c4:7f:82:3b:ed:36:56:0c:b0:bf:2a:0e:f9:51:f2:d3:
         1c:65:b9:17:4d:80:fc:3f:54:2b:10:e5:d2:31:c0:32:9b:d9:
         db:69:c1:50:d5:8a:7a:3e:06:f9:26:86:bf:b6:a8:c0:f9:e3:
         36:6c:76:82:6f:51:82:55:c6:49:6f:bc:2d:84:00:de:2b:93:
         86:79:d2:22:a0:41:a5:c4:8f:a3:2b:82:06:4b:f3:9a:97:0e:
         66:47:40:81:eb:91:07:c1:86:4b:40:f9:92:bc:68:df:81:6e:
         79:3d:d8:f9:05:5d:5c:34:93:10:74:37:ce:aa:ff:49:b2:67:
         9d:90:bd:b3
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVwlPbZwJUZo68Pyo+9leDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZDdiYmIxZGU2ODA5ZGY3ZjZlNTczZjlhYmI2NGU2MDM2
MTNjYTEwHhcNMjMwMTAyMDM0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzMyMjYzNGQyMDg1Zjk0NTJjNWU4ZTZiNzcyZWNmZjljOWUzYmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfxLBnobO0uphfbOGA1bIkyB0+T+
7SiF8MNgRKTd8f8RpRLFENxdduFvvqLL4JJXd0CthnWoUS9cnZmWiPOg746xSBCb
kKVQzvKI0PK46iZ9DkkqzZG2+YzUfAoavrKIy1evhrSVORW3mFy6lJeNjzfPvGzZ
CHQL9i9En/+O3Bc0L244QwiV7CSLh1yB83No7ZG7A17BoYxS2vW9zqyg4VpGrGuL
NAJzTj0+3pAz9Zhgo5IvAaxoYqTP95IWtT2fagZqmIlA9H7c/QgUeh90aJNOiHs8
x/doPYBfOEWmzx0FOsaAzDrANk/DzcONV88IBMSiiecY075zGrIMojNslwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFHwyJjTSCF+UUsXo5rdy7P+cnju3MB8GA1UdIwQY
MBaAFB/Xu7HeaAnff25XP5q7ZOYDYTyhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDllN3NkNW9DZDlfYmxjX21ydGs1Z05oUEtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9mOGU4MDMtNDFmNS00NjY4LWFmYTUt
ZGIxM2FiYmU0ZTlhLzEvZkRJbU5OSUlYNVJTeGVqbXQzTHNfNXllTzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9mOGU4MDMtNDFmNS00NjY4LWFmYTUtZGIxM2FiYmU0ZTlh
LzEvSDllN3NkNW9DZDlfYmxjX21ydGs1Z05oUEtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQAVmkAAwQA
VmnhAwQBWSVEAwQBWSgsAwQAXXMIAwQAXrGCAwQCuQ30AwQBvNccAwQBwanAMA0E
AgACMAcDBQIqAvVAMA0GCSqGSIb3DQEBCwUAA4IBAQAwuvi1YvDWqHudVHOyximd
m043CaMfkDlcEoj3i1vr4SYgL5f9MXp5/eXQt3GvHsbtt8PJgWAViiAdp/I77/5J
v18jf3GP8H41pE5wwTCUbSPb/R3KccK7Bxhi41GvkIwZmBa08xPiYr/89FL5m2+p
WOWfDaAjhmJF1dg7UabW3MR/gjvtNlYMsL8qDvlR8tMcZbkXTYD8P1QrEOXSMcAy
m9nbacFQ1Yp6Pgb5Joa/tqjA+eM2bHaCb1GCVcZJb7wthADeK5OGedIioEGlxI+j
K4IGS/Oalw5mR0CB65EHwYZLQPmSvGjfgW55Pdj5BV1cNJMQdDfOqv9JsmedkL2z
-----END CERTIFICATE-----