Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/sRmQz3S9umzH8M9lRqbtMUPGzpw.roa
File:                     sRmQz3S9umzH8M9lRqbtMUPGzpw.roa (raw, json)
Hash identifier:          ZcbEZpDctndIl/yV2ATZRmu198lwnxDc2lAeCpYljUs=
Subject key identifier:   B1:19:90:CF:74:BD:BA:6C:C7:F0:CF:65:46:A6:ED:31:43:C6:CE:9C
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01884780840E460216B8D520DE8A2E56F7DF
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/sRmQz3S9umzH8M9lRqbtMUPGzpw.roa
Signing time:             Tue 23 May 2023 07:26:24 +0000
ROA not before:           Tue 23 May 2023 07:26:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        84.32.63.0/24 maxlen: 24
                          88.216.186.0/24 maxlen: 24
                          84.32.95.0/24 maxlen: 24
                          84.32.15.0/24 maxlen: 24
                          84.32.24.0/24 maxlen: 24
                          84.32.32.0/24 maxlen: 24
                          84.32.178.0/23 maxlen: 24
                          84.32.174.0/23 maxlen: 24
                          88.216.34.0/24 maxlen: 24
                          84.32.151.0/24 maxlen: 24
                          84.32.152.0/24 maxlen: 24
                          84.32.149.0/24 maxlen: 24
                          88.216.41.0/24 maxlen: 24
                          84.32.154.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:47:80:84:0e:46:02:16:b8:d5:20:de:8a:2e:56:f7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: May 23 07:26:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b11990cf74bdba6cc7f0cf6546a6ed3143c6ce9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b4:88:74:49:dd:97:ca:7a:2b:c4:7a:8f:91:
                    32:15:bf:f2:cd:0d:08:43:8c:9e:7c:32:40:66:37:
                    a3:ab:4b:77:cf:f7:2e:f3:0f:07:8d:a1:01:66:a5:
                    28:63:a3:56:9e:cf:0f:87:e5:d7:3d:48:b6:8b:d5:
                    c4:d2:cc:eb:ca:0d:6f:b8:42:5f:5c:95:66:a9:0a:
                    ca:ab:ca:62:b2:02:f2:38:33:ab:d5:55:2c:e0:e8:
                    6d:72:d5:4f:77:9d:39:14:34:97:71:79:fa:47:62:
                    4d:db:a9:90:73:34:6e:53:17:9a:ff:c5:10:9f:80:
                    f7:68:ba:bd:0b:e7:c1:9f:8e:17:f5:55:09:91:92:
                    3d:0d:cd:30:3b:ee:25:d9:d9:7c:c1:fa:d3:5c:c0:
                    90:3b:67:88:ac:a0:11:f3:a1:77:86:8e:99:64:37:
                    4f:f3:e8:b1:2f:59:a8:d2:65:1d:74:69:f1:c1:16:
                    ca:7a:2f:ac:7e:fa:a1:e3:bb:59:5a:fb:54:a9:80:
                    9a:e9:e8:29:2c:a3:dc:f2:d1:4e:98:c3:f8:cb:75:
                    d5:b0:6d:de:49:56:38:91:31:12:86:7c:5e:39:ee:
                    ce:e2:21:f9:10:43:fd:b7:e0:ad:8a:e0:aa:30:22:
                    b3:41:28:34:7e:e0:7c:67:96:81:16:32:85:6b:b8:
                    dc:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:19:90:CF:74:BD:BA:6C:C7:F0:CF:65:46:A6:ED:31:43:C6:CE:9C
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/sRmQz3S9umzH8M9lRqbtMUPGzpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.15.0/24
                  84.32.24.0/24
                  84.32.32.0/24
                  84.32.63.0/24
                  84.32.95.0/24
                  84.32.149.0/24
                  84.32.151.0-84.32.152.255
                  84.32.154.0/24
                  84.32.174.0/23
                  84.32.178.0/23
                  88.216.34.0/24
                  88.216.41.0/24
                  88.216.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:5f:cb:a1:5f:b3:9c:32:0e:1b:f9:f6:97:65:1e:a5:d4:ac:
         e5:23:90:20:18:8a:32:57:35:78:cb:37:a2:38:d8:9f:a6:ae:
         cc:b8:63:81:28:34:89:24:c7:6f:c3:24:c8:f1:4a:8e:36:3b:
         ee:3d:93:30:21:d7:1c:de:22:72:72:02:3e:75:57:ac:a9:c9:
         ae:c7:35:b3:45:bc:aa:71:dd:b4:ea:0d:a4:92:c7:a4:f1:04:
         f3:42:bf:dc:62:74:68:57:cb:7b:3a:64:61:7a:d4:af:ac:3e:
         8b:9d:10:b8:31:14:9f:73:05:e5:f1:02:83:78:77:bd:2d:b9:
         09:87:7d:5f:5b:b5:92:56:a4:5b:fd:17:0a:8d:33:3a:9c:8c:
         15:34:2c:7a:a3:fe:d6:72:59:a2:cb:ea:21:f9:a3:bf:3a:8b:
         c7:fe:09:5d:18:56:3a:c5:6d:f6:3f:95:a0:83:a4:be:57:66:
         a3:64:03:79:4c:bc:1d:cc:0d:ce:a2:32:4c:8d:1c:7a:29:0d:
         54:10:cf:f9:0e:4a:23:5e:0e:dd:2d:de:9c:14:3d:dd:cc:52:
         94:55:90:ae:14:7b:88:f9:09:29:16:7f:c2:c7:67:45:75:98:
         aa:2f:6b:90:ac:b9:fa:a3:e2:8b:80:c2:83:8d:bc:0b:f2:ee:
         ac:0d:48:c9
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYhHgIQORgIWuNUg3oouVvffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwNTIzMDcyNjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTE5OTBjZjc0YmRiYTZjYzdmMGNmNjU0NmE2ZWQzMTQzYzZjZTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7SIdEndl8p6K8R6j5EyFb/yzQ0I
Q4yefDJAZjejq0t3z/cu8w8HjaEBZqUoY6NWns8Ph+XXPUi2i9XE0szryg1vuEJf
XJVmqQrKq8pisgLyODOr1VUs4OhtctVPd505FDSXcXn6R2JN26mQczRuUxea/8UQ
n4D3aLq9C+fBn44X9VUJkZI9Dc0wO+4l2dl8wfrTXMCQO2eIrKAR86F3ho6ZZDdP
8+ixL1mo0mUddGnxwRbKei+sfvqh47tZWvtUqYCa6egpLKPc8tFOmMP4y3XVsG3e
SVY4kTEShnxeOe7O4iH5EEP9t+CtiuCqMCKzQSg0fuB8Z5aBFjKFa7jciwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFLEZkM90vbpsx/DPZUam7TFDxs6cMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvc1JtUXozUzl1bXpIOE05bFJxYnRNVVBHenB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAVCAPAwQA
VCAYAwQAVCAgAwQAVCA/AwQAVCBfAwQAVCCVMAwDBABUIJcDBABUIJgDBABUIJoD
BAFUIK4DBAFUILIDBABY2CIDBABY2CkDBABY2LowDQYJKoZIhvcNAQELBQADggEB
AHNfy6Ffs5wyDhv59pdlHqXUrOUjkCAYijJXNXjLN6I42J+mrsy4Y4EoNIkkx2/D
JMjxSo42O+49kzAh1xzeInJyAj51V6ypya7HNbNFvKpx3bTqDaSSx6TxBPNCv9xi
dGhXy3s6ZGF61K+sPoudELgxFJ9zBeXxAoN4d70tuQmHfV9btZJWpFv9FwqNMzqc
jBU0LHqj/tZyWaLL6iH5o786i8f+CV0YVjrFbfY/laCDpL5XZqNkA3lMvB3MDc6i
MkyNHHopDVQQz/kOSiNeDt0t3pwUPd3MUpRVkK4Ue4j5CSkWf8LHZ0V1mKova5Cs
ufqj4ouAwoONvAvy7qwNSMk=
-----END CERTIFICATE-----