Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/ed51d7-64fd-4c73-9e8c-0e37e11d0ec3/1/aSIWXSGhXzsEcOPzIYvoZIjeXaA.roa
File:                     aSIWXSGhXzsEcOPzIYvoZIjeXaA.roa (raw, json)
Hash identifier:          oJNd+U7Gz9rnVbK304m9+90Pqrc/rpDUPM5SIu6QgrI=
Subject key identifier:   69:22:16:5D:21:A1:5F:3B:04:70:E3:F3:21:8B:E8:64:88:DE:5D:A0
Certificate issuer:       /CN=b6d14118dbd227298daa80c7acab11eea6d63e21
Certificate serial:       01884735B2C1BC7A0DBCEA4AF7776B87B7C5
Authority key identifier: B6:D1:41:18:DB:D2:27:29:8D:AA:80:C7:AC:AB:11:EE:A6:D6:3E:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ttFBGNvSJymNqoDHrKsR7qbWPiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/ed51d7-64fd-4c73-9e8c-0e37e11d0ec3/1/aSIWXSGhXzsEcOPzIYvoZIjeXaA.roa
Signing time:             Tue 23 May 2023 06:04:41 +0000
ROA not before:           Tue 23 May 2023 06:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57391
IP address blocks:        185.67.101.0/24 maxlen: 24
                          185.132.82.0/24 maxlen: 24
                          185.132.80.0/24 maxlen: 24
                          185.233.14.0/24 maxlen: 24
                          185.233.13.0/24 maxlen: 24
                          88.135.44.0/24 maxlen: 24
                          88.135.43.0/24 maxlen: 24
                          88.135.42.0/24 maxlen: 24
                          88.135.41.0/24 maxlen: 24
                          88.135.40.0/24 maxlen: 24
                          88.135.47.0/24 maxlen: 24
                          88.135.46.0/24 maxlen: 24
                          88.135.45.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:47:35:b2:c1:bc:7a:0d:bc:ea:4a:f7:77:6b:87:b7:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6d14118dbd227298daa80c7acab11eea6d63e21
        Validity
            Not Before: May 23 06:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6922165d21a15f3b0470e3f3218be86488de5da0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c6:84:9c:32:94:4c:1d:75:ca:02:a7:6a:97:
                    2d:35:75:9d:12:5e:4f:f3:c3:a4:1d:e8:ed:6c:c9:
                    f7:b0:60:de:c4:5f:96:cb:72:48:7b:cf:e9:b9:d6:
                    4f:46:66:73:5c:5b:b6:d6:6a:3e:6e:ed:44:fd:dc:
                    8c:39:9a:dd:41:a5:3f:12:47:9f:9d:23:b2:28:9d:
                    31:6b:28:16:ff:24:4a:9d:4c:f0:d2:56:02:75:84:
                    50:a5:cd:9e:52:0b:67:f6:af:c1:6d:13:9a:6a:06:
                    a4:e6:72:df:17:14:fb:64:21:35:18:70:03:86:00:
                    50:0f:42:e1:0f:8d:07:92:2f:52:ac:2a:c9:b9:1e:
                    7a:23:1b:ee:98:a7:a7:04:0d:4d:f8:da:8b:70:b1:
                    df:c7:83:9d:36:3d:4d:ba:3b:b7:4f:8a:0f:59:a2:
                    3f:fc:7e:53:98:b5:72:03:b9:f6:6d:83:f0:2e:e1:
                    3d:37:dc:df:f5:e0:a7:51:4c:f0:55:90:37:2c:47:
                    0c:3e:4b:d5:bc:2d:54:43:a1:32:85:54:94:78:ce:
                    9e:dc:d7:3b:fb:3c:16:80:db:02:da:ac:1c:88:f8:
                    5c:63:01:b6:ae:c8:a8:ab:68:4d:e2:6a:2e:81:7f:
                    21:24:cc:63:5a:1a:7b:d1:9a:95:7d:aa:0e:92:bb:
                    a1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:22:16:5D:21:A1:5F:3B:04:70:E3:F3:21:8B:E8:64:88:DE:5D:A0
            X509v3 Authority Key Identifier:
                keyid:B6:D1:41:18:DB:D2:27:29:8D:AA:80:C7:AC:AB:11:EE:A6:D6:3E:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ttFBGNvSJymNqoDHrKsR7qbWPiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/ed51d7-64fd-4c73-9e8c-0e37e11d0ec3/1/aSIWXSGhXzsEcOPzIYvoZIjeXaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/ed51d7-64fd-4c73-9e8c-0e37e11d0ec3/1/ttFBGNvSJymNqoDHrKsR7qbWPiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.40.0/21
                  185.67.101.0/24
                  185.132.80.0/24
                  185.132.82.0/24
                  185.233.13.0-185.233.14.255

    Signature Algorithm: sha256WithRSAEncryption
         18:a9:0d:13:a7:28:f2:6b:3d:cf:96:0f:de:43:7f:32:7d:5d:
         6d:be:cb:66:6f:96:f5:a5:7d:ef:c1:45:d1:b4:9b:eb:7c:09:
         38:3f:18:01:54:db:36:cb:58:09:18:b1:6b:09:61:ce:d5:9e:
         66:41:ab:00:f8:f2:68:77:ed:5e:f9:a2:21:2a:3d:e0:d1:0c:
         8d:a4:17:b7:1f:17:56:54:bf:71:fa:0a:67:88:41:d9:85:47:
         92:88:8b:88:6d:51:60:fb:da:d2:e5:fe:f5:d3:ff:e8:25:01:
         1c:a7:2e:ca:af:55:42:71:21:90:72:cc:3a:78:45:16:dd:a6:
         d6:01:07:9e:60:95:1b:0c:fb:39:f6:c2:b8:10:ec:12:79:09:
         c3:cd:61:70:6e:36:52:1b:da:0e:07:61:77:d9:d2:69:a3:03:
         a5:3b:5d:35:73:53:cb:34:82:7f:96:64:b0:28:db:ac:f5:b1:
         86:d9:0a:8b:b7:2b:95:72:57:91:f5:d3:94:d8:9e:9d:60:6d:
         df:30:1e:e2:cf:cd:5d:a0:ef:00:05:e3:e5:04:7e:b5:bb:e7:
         f9:49:49:96:ca:fb:2d:ee:57:84:2d:57:f8:13:45:01:8a:45:
         cf:33:17:7b:6a:d9:8a:ea:43:0e:5b:83:8f:f9:93:71:80:da:
         ba:9f:d5:6f
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYhHNbLBvHoNvOpK93drh7fFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZDE0MTE4ZGJkMjI3Mjk4ZGFhODBjN2FjYWIxMWVlYTZk
NjNlMjEwHhcNMjMwNTIzMDYwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTIyMTY1ZDIxYTE1ZjNiMDQ3MGUzZjMyMThiZTg2NDg4ZGU1ZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMaEnDKUTB11ygKnapctNXWdEl5P
88OkHejtbMn3sGDexF+Wy3JIe8/pudZPRmZzXFu21mo+bu1E/dyMOZrdQaU/Ekef
nSOyKJ0xaygW/yRKnUzw0lYCdYRQpc2eUgtn9q/BbROaagak5nLfFxT7ZCE1GHAD
hgBQD0LhD40Hki9SrCrJuR56IxvumKenBA1N+NqLcLHfx4OdNj1Nuju3T4oPWaI/
/H5TmLVyA7n2bYPwLuE9N9zf9eCnUUzwVZA3LEcMPkvVvC1UQ6EyhVSUeM6e3Nc7
+zwWgNsC2qwciPhcYwG2rsioq2hN4mougX8hJMxjWhp70ZqVfaoOkruh7wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFGkiFl0hoV87BHDj8yGL6GSI3l2gMB8GA1UdIwQY
MBaAFLbRQRjb0icpjaqAx6yrEe6m1j4hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHRGQkdOdlNKeW1OcW9ESHJLc1I3cWJXUGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZDUxZDctNjRmZC00YzczLTllOGMt
MGUzN2UxMWQwZWMzLzEvYVNJV1hTR2hYenNFY09QeklZdm9aSWplWGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZDUxZDctNjRmZC00YzczLTllOGMtMGUzN2UxMWQwZWMz
LzEvdHRGQkdOdlNKeW1OcW9ESHJLc1I3cWJXUGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQDWIcoAwQA
uUNlAwQAuYRQAwQAuYRSMAwDBAC56Q0DBAC56Q4wDQYJKoZIhvcNAQELBQADggEB
ABipDROnKPJrPc+WD95DfzJ9XW2+y2ZvlvWlfe/BRdG0m+t8CTg/GAFU2zbLWAkY
sWsJYc7VnmZBqwD48mh37V75oiEqPeDRDI2kF7cfF1ZUv3H6CmeIQdmFR5KIi4ht
UWD72tLl/vXT/+glARynLsqvVUJxIZByzDp4RRbdptYBB55glRsM+zn2wrgQ7BJ5
CcPNYXBuNlIb2g4HYXfZ0mmjA6U7XTVzU8s0gn+WZLAo26z1sYbZCou3K5VyV5H1
05TYnp1gbd8wHuLPzV2g7wAF4+UEfrW75/lJSZbK+y3uV4QtV/gTRQGKRc8zF3tq
2YrqQw5bg4/5k3GA2rqf1W8=
-----END CERTIFICATE-----