Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/1No-cjp9Y1zkRl7mGWU4BOLIv8o.roa
File:                     1No-cjp9Y1zkRl7mGWU4BOLIv8o.roa (raw, json)
Hash identifier:          3va2CPyho0E/CRa615Sm5GqacugylOn82X0slMseyDQ=
Subject key identifier:   D4:DA:3E:72:3A:7D:63:5C:E4:46:5E:E6:19:65:38:04:E2:C8:BF:CA
Certificate issuer:       /CN=8f368feb9e553bdd131562584a3353b1d7555c50
Certificate serial:       0189D3FA3AFF0EE3A971FC204E80C00A0485
Authority key identifier: 8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/1No-cjp9Y1zkRl7mGWU4BOLIv8o.roa
Signing time:             Tue 08 Aug 2023 07:08:58 +0000
ROA not before:           Tue 08 Aug 2023 07:08:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201565
IP address blocks:        185.11.232.0/22 maxlen: 22
                          185.91.151.0/24 maxlen: 24
                          185.91.150.0/24 maxlen: 24
                          185.91.149.0/24 maxlen: 24
                          185.91.148.0/24 maxlen: 24
                          94.176.185.0/24 maxlen: 24
                          94.176.184.0/24 maxlen: 24
                          185.59.96.0/22 maxlen: 22
                          89.35.206.0/24 maxlen: 24
                          89.35.207.0/24 maxlen: 24
                          2a03:7e40::/36 maxlen: 36
                          2a03:7e40:1000::/36 maxlen: 36
                          2a03:7e40:3000::/36 maxlen: 36
                          2a03:7e40:2000::/36 maxlen: 36
                          2a03:7e40:4000::/36 maxlen: 36
                          2a03:7e40:5000::/36 maxlen: 36

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d3:fa:3a:ff:0e:e3:a9:71:fc:20:4e:80:c0:0a:04:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f368feb9e553bdd131562584a3353b1d7555c50
        Validity
            Not Before: Aug  8 07:08:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d4da3e723a7d635ce4465ee619653804e2c8bfca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:79:aa:fd:34:ab:30:a1:db:f9:fd:0b:fb:b5:
                    af:8b:27:c3:79:0a:ff:30:30:27:a4:b1:80:6d:02:
                    2b:20:6e:94:74:8f:5e:54:67:ff:2d:c2:1f:b5:31:
                    97:db:b5:36:6e:51:aa:d5:13:f9:c7:f5:fa:39:49:
                    90:13:7c:cb:7a:79:ce:64:02:72:22:50:52:8e:3b:
                    ec:13:c3:e3:36:66:f0:14:e1:0f:82:c9:e0:34:e0:
                    1f:7f:76:4c:9a:22:8f:eb:fb:b0:86:ee:2c:6e:21:
                    c5:98:77:31:1a:35:c8:0e:7b:8d:d2:93:ac:ff:44:
                    f9:25:45:69:f8:10:4f:b1:f8:50:62:93:1f:01:38:
                    c9:18:e6:c8:e9:39:5d:14:c8:7b:f2:f7:f3:44:ec:
                    24:46:d1:e0:2c:fc:af:f4:72:dc:84:e2:cf:14:8d:
                    68:3c:2e:85:b8:54:04:0d:c7:d6:1c:49:cc:97:58:
                    9d:4c:11:d6:e5:95:34:2d:90:ae:96:f5:21:e6:0e:
                    d4:3f:c7:eb:03:30:c1:f0:32:cb:d9:c5:8a:65:c4:
                    f3:f8:fb:b6:7f:ba:19:54:43:e2:f3:fd:04:76:53:
                    e2:a6:b6:a9:2b:44:0b:21:69:d4:12:4f:a5:67:12:
                    ae:d4:aa:e6:56:49:83:ec:af:02:07:45:cb:1f:c6:
                    15:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:DA:3E:72:3A:7D:63:5C:E4:46:5E:E6:19:65:38:04:E2:C8:BF:CA
            X509v3 Authority Key Identifier:
                keyid:8F:36:8F:EB:9E:55:3B:DD:13:15:62:58:4A:33:53:B1:D7:55:5C:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzaP655VO90TFWJYSjNTsddVXFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/1No-cjp9Y1zkRl7mGWU4BOLIv8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/0547cb-c5dc-4e2f-aff7-3eca7df2ae57/1/jzaP655VO90TFWJYSjNTsddVXFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.206.0/23
                  94.176.184.0/23
                  185.11.232.0/22
                  185.59.96.0/22
                  185.91.148.0/22
                IPv6:
                  2a03:7e40::-2a03:7e40:5fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         92:5e:22:5e:39:41:08:cf:26:0e:b3:d5:6b:da:63:f6:a0:28:
         62:b9:30:04:61:11:54:56:ed:21:a8:0d:8c:d9:90:7f:1a:68:
         25:3f:10:79:9a:c1:f9:8b:d4:2e:56:b8:84:78:60:fe:a5:d8:
         c4:fc:34:8a:0b:10:21:f8:f6:7e:f3:4e:87:03:67:fb:ea:b5:
         a0:b3:d8:67:8b:56:ab:ec:7d:cd:a3:ab:09:54:00:88:f3:7a:
         a7:8f:cd:1d:0a:e8:17:4a:0f:83:b2:fe:bd:62:97:87:95:1b:
         2c:83:4f:2f:6a:d8:16:bd:d9:1f:be:52:c4:b9:ac:6c:b5:3c:
         cb:1b:af:90:70:3f:c5:d0:7e:d9:bb:ca:fd:52:27:d9:eb:d0:
         6b:c0:64:13:18:da:f5:30:ce:e0:bc:64:db:bb:48:fd:54:31:
         79:74:b2:ee:d2:22:2d:0c:8a:17:9c:79:6a:70:6a:b0:d9:68:
         cc:86:f3:d2:af:47:12:0c:4d:7c:67:7f:ff:7d:14:59:9e:02:
         7d:44:bc:89:eb:24:05:27:cf:18:98:ed:d1:83:d2:28:d5:bb:
         89:e2:b8:00:5b:25:b3:45:dc:2f:3a:73:53:51:d2:e4:44:16:
         69:02:bf:75:51:df:c6:42:6d:fe:c1:dd:4a:10:8e:cb:c3:4a:
         bc:7c:9b:37
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYnT+jr/DuOpcfwgToDACgSFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzY4ZmViOWU1NTNiZGQxMzE1NjI1ODRhMzM1M2IxZDc1
NTVjNTAwHhcNMjMwODA4MDcwODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGRhM2U3MjNhN2Q2MzVjZTQ0NjVlZTYxOTY1MzgwNGUyYzhiZmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXmq/TSrMKHb+f0L+7WviyfDeQr/
MDAnpLGAbQIrIG6UdI9eVGf/LcIftTGX27U2blGq1RP5x/X6OUmQE3zLennOZAJy
IlBSjjvsE8PjNmbwFOEPgsngNOAff3ZMmiKP6/uwhu4sbiHFmHcxGjXIDnuN0pOs
/0T5JUVp+BBPsfhQYpMfATjJGObI6TldFMh78vfzROwkRtHgLPyv9HLchOLPFI1o
PC6FuFQEDcfWHEnMl1idTBHW5ZU0LZCulvUh5g7UP8frAzDB8DLL2cWKZcTz+Pu2
f7oZVEPi8/0EdlPiprapK0QLIWnUEk+lZxKu1KrmVkmD7K8CB0XLH8YVewIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFNTaPnI6fWNc5EZe5hllOATiyL/KMB8GA1UdIwQY
MBaAFI82j+ueVTvdExViWEozU7HXVVxQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjct
M2VjYTdkZjJhZTU3LzEvMU5vLWNqcDlZMXprUmw3bUdXVTRCT0xJdjhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8wNTQ3Y2ItYzVkYy00ZTJmLWFmZjctM2VjYTdkZjJhZTU3
LzEvanphUDY1NVZPOTBURldKWVNqTlRzZGRWWEZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAkBAIAATAeAwQBWSPOAwQB
XrC4AwQCuQvoAwQCuTtgAwQCuVuUMBcEAgACMBEwDwMFBioDfkADBgUqA35AQDAN
BgkqhkiG9w0BAQsFAAOCAQEAkl4iXjlBCM8mDrPVa9pj9qAoYrkwBGERVFbtIagN
jNmQfxpoJT8QeZrB+YvULla4hHhg/qXYxPw0igsQIfj2fvNOhwNn++q1oLPYZ4tW
q+x9zaOrCVQAiPN6p4/NHQroF0oPg7L+vWKXh5UbLINPL2rYFr3ZH75SxLmsbLU8
yxuvkHA/xdB+2bvK/VIn2evQa8BkExja9TDO4Lxk27tI/VQxeXSy7tIiLQyKF5x5
anBqsNlozIbz0q9HEgxNfGd//30UWZ4CfUS8ieskBSfPGJjt0YPSKNW7ieK4AFsl
s0XcLzpzU1HS5EQWaQK/dVHfxkJt/sHdShCOy8NKvHybNw==
-----END CERTIFICATE-----