Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/da4an_jMvnYVzTS3NiOcvZ8qqNo.roa
File:                     da4an_jMvnYVzTS3NiOcvZ8qqNo.roa (raw, json)
Hash identifier:          mOmWeeEuE3JO2z7NNUV8V3SQTdteklay/3YySEIOv3w=
Subject key identifier:   75:AE:1A:9F:F8:CC:BE:76:15:CD:34:B7:36:23:9C:BD:9F:2A:A8:DA
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0188B148940B505048100DFDB53A35BC864B
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/da4an_jMvnYVzTS3NiOcvZ8qqNo.roa
Signing time:             Mon 12 Jun 2023 20:25:03 +0000
ROA not before:           Mon 12 Jun 2023 20:25:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        84.32.63.0/24 maxlen: 24
                          88.216.186.0/24 maxlen: 24
                          88.216.208.0/24 maxlen: 24
                          84.32.217.0/24 maxlen: 24
                          84.32.218.0/24 maxlen: 24
                          84.32.15.0/24 maxlen: 24
                          84.32.24.0/24 maxlen: 24
                          84.32.32.0/24 maxlen: 24
                          84.32.50.0/24 maxlen: 24
                          84.32.174.0/23 maxlen: 24
                          88.216.1.0/24 maxlen: 24
                          88.216.34.0/24 maxlen: 24
                          84.32.151.0/24 maxlen: 24
                          84.32.152.0/24 maxlen: 24
                          84.32.149.0/24 maxlen: 24
                          88.216.41.0/24 maxlen: 24
                          84.32.154.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b1:48:94:0b:50:50:48:10:0d:fd:b5:3a:35:bc:86:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jun 12 20:25:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=75ae1a9ff8ccbe7615cd34b736239cbd9f2aa8da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:49:73:f8:81:1e:45:d6:7a:d4:e2:af:29:ee:
                    4c:0d:d3:c3:af:32:e9:2b:a0:36:b2:12:0a:bd:90:
                    cb:ca:a0:cc:85:a4:1b:79:e6:03:b2:c1:a4:cd:42:
                    79:de:26:32:94:e6:f5:24:13:c8:8d:58:79:76:bb:
                    2e:d8:b4:4c:59:79:19:fd:af:19:3f:b8:de:09:f3:
                    2a:a7:c6:ad:14:6b:e4:8f:ae:a1:61:45:a0:2d:ae:
                    ab:64:dd:3e:23:12:e5:eb:9e:0b:0e:fb:7b:bd:0d:
                    fa:61:60:7e:3f:da:c5:91:b9:ee:2f:d2:b0:c3:5c:
                    1f:57:c9:ac:d9:83:f0:71:18:24:4a:e9:a0:89:b5:
                    a8:72:b2:47:d2:e5:c7:14:bd:92:72:74:a0:c9:62:
                    35:41:20:29:3f:a7:2c:ee:24:57:78:f7:e6:c1:4e:
                    62:96:e9:e5:fe:01:f6:d7:b7:2a:f8:90:43:a4:1d:
                    4d:a2:ab:0c:86:c1:d4:f0:c8:d8:89:5a:a0:08:3b:
                    ef:51:9f:b2:04:88:87:6d:2b:67:6a:4f:80:8f:8b:
                    a8:4a:46:43:b0:d2:fd:52:ce:b7:9e:02:b5:05:2a:
                    94:50:df:d4:f5:42:a1:a4:2d:4c:b8:a0:2b:19:26:
                    87:aa:a4:09:09:41:32:3b:95:6a:9c:5f:86:bc:0b:
                    53:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:AE:1A:9F:F8:CC:BE:76:15:CD:34:B7:36:23:9C:BD:9F:2A:A8:DA
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/da4an_jMvnYVzTS3NiOcvZ8qqNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.15.0/24
                  84.32.24.0/24
                  84.32.32.0/24
                  84.32.50.0/24
                  84.32.63.0/24
                  84.32.149.0/24
                  84.32.151.0-84.32.152.255
                  84.32.154.0/24
                  84.32.174.0/23
                  84.32.217.0-84.32.218.255
                  88.216.1.0/24
                  88.216.34.0/24
                  88.216.41.0/24
                  88.216.186.0/24
                  88.216.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:f3:7d:7f:96:df:f0:95:1e:ed:e9:c1:ee:f0:23:28:63:d1:
         46:9a:e8:94:2b:a0:f1:06:1d:db:ad:3f:44:d7:4e:f3:40:52:
         ba:b5:af:d9:52:90:af:43:e7:57:7f:9c:0a:61:df:3a:a0:8d:
         3e:ac:4e:99:2a:e3:fd:b4:b1:de:7b:55:ed:ca:fe:e5:fc:ca:
         03:c0:24:a6:41:74:ec:7d:59:68:e9:9e:e5:b2:47:7c:77:85:
         c1:e0:13:59:d7:a3:aa:ad:32:a2:cc:c8:43:1e:02:8c:67:ca:
         ec:47:94:ed:bc:3c:58:6a:4a:54:54:df:74:df:eb:72:90:a1:
         a8:41:ec:d2:ce:70:fc:78:8e:50:aa:d9:62:aa:7d:9f:98:66:
         3c:f8:d1:98:6b:22:28:45:c9:2e:d4:f6:df:d8:c9:0f:2f:e6:
         dd:b0:23:ad:df:be:a3:0c:34:bf:c8:07:e5:d0:10:5f:27:93:
         b2:8a:09:df:71:67:99:96:ba:3f:2b:8e:2a:b4:4e:ed:e6:38:
         ce:b2:46:37:dd:4e:bd:7a:2b:8c:ce:44:bb:dc:81:9e:d2:ef:
         e9:36:96:bb:b6:40:2c:05:04:eb:00:bf:5f:a1:ab:82:80:28:
         66:31:87:0c:06:ad:3d:b3:0e:81:91:52:e5:13:1f:a4:ad:50:
         48:f3:c5:db
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYixSJQLUFBIEA39tTo1vIZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwNjEyMjAyNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWFlMWE5ZmY4Y2NiZTc2MTVjZDM0YjczNjIzOWNiZDlmMmFhOGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0lz+IEeRdZ61OKvKe5MDdPDrzLp
K6A2shIKvZDLyqDMhaQbeeYDssGkzUJ53iYylOb1JBPIjVh5drsu2LRMWXkZ/a8Z
P7jeCfMqp8atFGvkj66hYUWgLa6rZN0+IxLl654LDvt7vQ36YWB+P9rFkbnuL9Kw
w1wfV8ms2YPwcRgkSumgibWocrJH0uXHFL2ScnSgyWI1QSApP6cs7iRXePfmwU5i
lunl/gH217cq+JBDpB1NoqsMhsHU8MjYiVqgCDvvUZ+yBIiHbStnak+Aj4uoSkZD
sNL9Us63ngK1BSqUUN/U9UKhpC1MuKArGSaHqqQJCUEyO5VqnF+GvAtTaQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFHWuGp/4zL52Fc00tzYjnL2fKqjaMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvZGE0YW5fak12bllWelRTM05pT2N2WjhxcU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwcAQCAAEwagMEAFQgDwME
AFQgGAMEAFQgIAMEAFQgMgMEAFQgPwMEAFQglTAMAwQAVCCXAwQAVCCYAwQAVCCa
AwQBVCCuMAwDBABUINkDBABUINoDBABY2AEDBABY2CIDBABY2CkDBABY2LoDBABY
2NAwDQYJKoZIhvcNAQELBQADggEBAJXzfX+W3/CVHu3pwe7wIyhj0Uaa6JQroPEG
HdutP0TXTvNAUrq1r9lSkK9D51d/nAph3zqgjT6sTpkq4/20sd57Ve3K/uX8ygPA
JKZBdOx9WWjpnuWyR3x3hcHgE1nXo6qtMqLMyEMeAoxnyuxHlO28PFhqSlRU33Tf
63KQoahB7NLOcPx4jlCq2WKqfZ+YZjz40ZhrIihFyS7U9t/YyQ8v5t2wI63fvqMM
NL/IB+XQEF8nk7KKCd9xZ5mWuj8rjiq0Tu3mOM6yRjfdTr16K4zORLvcgZ7S7+k2
lru2QCwFBOsAv1+hq4KAKGYxhwwGrT2zDoGRUuUTH6StUEjzxds=
-----END CERTIFICATE-----