Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/_HSmW_bY-1SfzePqHTYqHMQbuKM.roa
File:                     _HSmW_bY-1SfzePqHTYqHMQbuKM.roa (raw, json)
Hash identifier:          Ze5evk8BrCAXaP53sx2DyYIvRXWSYv6IeC9h/HXo0u8=
Subject key identifier:   FC:74:A6:5B:F6:D8:FB:54:9F:CD:E3:EA:1D:36:2A:1C:C4:1B:B8:A3
Certificate issuer:       /CN=6d39ce4c29ab3f802f9de933f4495026c4d0ee4a
Certificate serial:       01856E6FBAC1D6F2C689F6991A3290C4983B
Authority key identifier: 6D:39:CE:4C:29:AB:3F:80:2F:9D:E9:33:F4:49:50:26:C4:D0:EE:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bTnOTCmrP4Avnekz9ElQJsTQ7ko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/_HSmW_bY-1SfzePqHTYqHMQbuKM.roa
Signing time:             Sun 01 Jan 2023 17:44:54 +0000
ROA not before:           Sun 01 Jan 2023 17:44:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52000
IP address blocks:        194.213.24.0/24 maxlen: 24
                          185.142.34.0/23 maxlen: 23
                          185.15.209.0/24 maxlen: 24
                          185.15.208.0/24 maxlen: 24
                          185.142.32.0/24 maxlen: 24
                          185.15.211.0/24 maxlen: 24
                          185.142.35.0/24 maxlen: 24
                          185.15.210.0/24 maxlen: 24
                          194.242.38.0/24 maxlen: 24
                          194.242.33.0/24 maxlen: 24
                          2a03:afc0:5::/48 maxlen: 48
                          2a03:afc0:3::/48 maxlen: 48
                          2a03:afc0:4::/48 maxlen: 48
                          2a03:afc0:7::/48 maxlen: 48
                          2a03:afc0:2::/48 maxlen: 48
                          2a03:afc0:8::/48 maxlen: 48
                          2a03:afc0:6::/48 maxlen: 48
                          2a03:afc0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:6f:ba:c1:d6:f2:c6:89:f6:99:1a:32:90:c4:98:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d39ce4c29ab3f802f9de933f4495026c4d0ee4a
        Validity
            Not Before: Jan  1 17:44:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fc74a65bf6d8fb549fcde3ea1d362a1cc41bb8a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:2c:e7:00:35:56:64:f5:a1:05:3a:77:7c:6b:
                    b1:40:1c:64:bc:08:44:4b:a7:9c:d3:a3:ca:39:c6:
                    04:d7:5e:a6:44:eb:d9:2d:ff:72:3a:b7:1c:b4:e1:
                    4a:db:4a:a4:12:78:30:99:e4:70:7e:eb:5c:e4:63:
                    24:bc:2a:db:a9:c1:e0:31:3b:e4:f1:06:a8:c0:45:
                    ac:da:24:06:fa:30:76:24:2d:c9:92:27:ac:8b:77:
                    6a:03:07:77:d1:84:e2:82:2f:ac:b3:f8:69:a2:a5:
                    bc:5a:8b:77:f9:2e:2a:4c:e3:65:f1:00:10:f3:38:
                    e9:2d:0b:e1:9d:47:ca:f1:4c:f7:8e:45:ce:67:19:
                    6d:0e:2e:52:2e:72:c3:48:54:11:21:5d:29:f0:97:
                    3e:d9:4c:41:52:e5:44:5a:a8:30:c5:9b:92:1c:d4:
                    f5:d9:0e:19:38:85:fb:f8:b8:7a:60:54:d6:ae:c3:
                    35:10:cf:1d:b7:81:7c:e0:81:74:bb:70:a0:d6:b2:
                    22:1f:72:4d:09:19:5c:46:03:67:2b:8a:db:bd:6e:
                    ea:81:2f:f3:7d:39:91:23:dc:93:59:33:6f:38:eb:
                    ac:46:92:2f:22:c5:0e:f6:f3:89:a9:55:0a:fc:c6:
                    33:8f:cf:88:5d:14:af:2c:73:0c:f2:87:ce:13:bf:
                    6e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:74:A6:5B:F6:D8:FB:54:9F:CD:E3:EA:1D:36:2A:1C:C4:1B:B8:A3
            X509v3 Authority Key Identifier:
                keyid:6D:39:CE:4C:29:AB:3F:80:2F:9D:E9:33:F4:49:50:26:C4:D0:EE:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bTnOTCmrP4Avnekz9ElQJsTQ7ko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/_HSmW_bY-1SfzePqHTYqHMQbuKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/bTnOTCmrP4Avnekz9ElQJsTQ7ko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.208.0/22
                  185.142.32.0/24
                  185.142.34.0/23
                  194.213.24.0/24
                  194.242.33.0/24
                  194.242.38.0/24
                IPv6:
                  2a03:afc0:1::-2a03:afc0:8:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         6c:f1:5b:16:3b:82:fa:dc:9d:5b:a7:c8:e8:e0:ce:48:91:64:
         04:68:85:de:ae:ad:06:ed:c6:2c:ae:4f:ab:dd:b5:55:8b:56:
         8f:8b:e5:f3:e4:60:41:2c:b7:b2:b9:fa:3c:a8:97:a5:c3:da:
         0c:f9:07:b8:8a:cf:9e:ff:06:84:f8:20:07:57:66:3e:90:11:
         79:bd:30:e9:b7:7e:5c:cd:43:71:94:0e:d5:3e:b9:b7:91:0e:
         fe:55:c9:0a:bd:89:65:ad:c9:8b:9c:f3:30:6a:c3:5b:42:a8:
         b9:d0:f2:c9:51:7d:1a:dc:e3:a5:e6:84:d4:f4:02:ab:6a:8e:
         2c:b8:d6:54:9b:45:50:1a:e0:21:ea:ba:82:46:7b:64:6a:a9:
         9a:a6:1e:38:9c:f7:ce:27:14:ee:8d:8b:03:83:8a:fb:f6:56:
         bd:8d:de:52:b7:91:f5:bd:b4:ee:7f:09:73:41:ba:14:a9:93:
         dd:15:f8:b6:d3:e1:3c:af:0e:ea:c9:f9:60:bb:af:cb:eb:12:
         c2:19:86:f3:97:82:e2:f9:ac:9e:94:2d:59:e9:5c:4f:33:ea:
         b1:2a:69:72:48:c5:b5:76:cd:09:e7:3d:f9:9a:e2:8a:78:f8:
         71:34:53:88:09:df:f9:d2:11:00:48:f2:d2:8f:f9:6e:12:05:
         27:67:2b:9f
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYVub7rB1vLGifaZGjKQxJg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMzljZTRjMjlhYjNmODAyZjlkZTkzM2Y0NDk1MDI2YzRk
MGVlNGEwHhcNMjMwMTAxMTc0NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzc0YTY1YmY2ZDhmYjU0OWZjZGUzZWExZDM2MmExY2M0MWJiOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCznADVWZPWhBTp3fGuxQBxkvAhE
S6ec06PKOcYE116mROvZLf9yOrcctOFK20qkEngwmeRwfutc5GMkvCrbqcHgMTvk
8QaowEWs2iQG+jB2JC3Jkiesi3dqAwd30YTigi+ss/hpoqW8Wot3+S4qTONl8QAQ
8zjpLQvhnUfK8Uz3jkXOZxltDi5SLnLDSFQRIV0p8Jc+2UxBUuVEWqgwxZuSHNT1
2Q4ZOIX7+Lh6YFTWrsM1EM8dt4F84IF0u3Cg1rIiH3JNCRlcRgNnK4rbvW7qgS/z
fTmRI9yTWTNvOOusRpIvIsUO9vOJqVUK/MYzj8+IXRSvLHMM8ofOE79upQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFPx0plv22PtUn83j6h02KhzEG7ijMB8GA1UdIwQY
MBaAFG05zkwpqz+AL53pM/RJUCbE0O5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlRuT1RDbXJQNEF2bmVrejlFbFFKc1RRN2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS80NGU4ZjUtMzU4NC00OTBlLTk5Nzkt
Y2RjMzFkNWZiOGE0LzEvX0hTbVdfYlktMVNmemVQcUhUWXFITVFidUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS80NGU4ZjUtMzU4NC00OTBlLTk5NzktY2RjMzFkNWZiOGE0
LzEvYlRuT1RDbXJQNEF2bmVrejlFbFFKc1RRN2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAqBAIAATAkAwQCuQ/QAwQA
uY4gAwQBuY4iAwQAwtUYAwQAwvIhAwQAwvImMBoEAgACMBQwEgMHACoDr8AAAQMH
ACoDr8AACDANBgkqhkiG9w0BAQsFAAOCAQEAbPFbFjuC+tydW6fI6ODOSJFkBGiF
3q6tBu3GLK5Pq921VYtWj4vl8+RgQSy3srn6PKiXpcPaDPkHuIrPnv8GhPggB1dm
PpAReb0w6bd+XM1DcZQO1T65t5EO/lXJCr2JZa3Ji5zzMGrDW0KoudDyyVF9Gtzj
peaE1PQCq2qOLLjWVJtFUBrgIeq6gkZ7ZGqpmqYeOJz3zicU7o2LA4OK+/ZWvY3e
UreR9b207n8Jc0G6FKmT3RX4ttPhPK8O6sn5YLuvy+sSwhmG85eC4vmsnpQtWelc
TzPqsSppckjFtXbNCec9+Zriinj4cTRTiAnf+dIRAEjy0o/5bhIFJ2crnw==
-----END CERTIFICATE-----