Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/a65d14-9365-40c9-a568-3ff9645503e9/1/J442mZUqlDXK2knS9dVbCUB9J5M.roa
File:                     J442mZUqlDXK2knS9dVbCUB9J5M.roa (raw, json)
Hash identifier:          jA9R8fblchP83qAVPJ4vzYYFkPmcYmzsWWBg3JFeG70=
Subject key identifier:   27:8E:36:99:95:2A:94:35:CA:DA:49:D2:F5:D5:5B:09:40:7D:27:93
Certificate issuer:       /CN=deb145756080aff1bb00f5f90fd9f2f27cc5732a
Certificate serial:       01856FDDDAD093C568EBE87132166BBEE8B1
Authority key identifier: DE:B1:45:75:60:80:AF:F1:BB:00:F5:F9:0F:D9:F2:F2:7C:C5:73:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3rFFdWCAr_G7APX5D9ny8nzFcyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/a65d14-9365-40c9-a568-3ff9645503e9/1/J442mZUqlDXK2knS9dVbCUB9J5M.roa
Signing time:             Mon 02 Jan 2023 00:24:48 +0000
ROA not before:           Mon 02 Jan 2023 00:24:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35491
IP address blocks:        194.24.180.0/23 maxlen: 23
                          46.148.64.0/20 maxlen: 20
                          46.148.64.0/24 maxlen: 24
                          46.148.67.0/24 maxlen: 24
                          46.148.68.0/24 maxlen: 24
                          46.148.69.0/24 maxlen: 24
                          46.148.70.0/24 maxlen: 24
                          46.148.71.0/24 maxlen: 24
                          46.148.65.0/24 maxlen: 24
                          46.148.66.0/24 maxlen: 24
                          46.148.76.0/24 maxlen: 24
                          46.148.77.0/24 maxlen: 24
                          46.148.72.0/24 maxlen: 24
                          46.148.73.0/24 maxlen: 24
                          193.151.112.0/22 maxlen: 22
                          193.151.112.0/24 maxlen: 24
                          193.151.113.0/24 maxlen: 24
                          193.151.114.0/24 maxlen: 24
                          193.151.115.0/24 maxlen: 24
                          91.192.120.0/22 maxlen: 22
                          91.192.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:dd:da:d0:93:c5:68:eb:e8:71:32:16:6b:be:e8:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=deb145756080aff1bb00f5f90fd9f2f27cc5732a
        Validity
            Not Before: Jan  2 00:24:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=278e3699952a9435cada49d2f5d55b09407d2793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:71:f5:b9:ff:91:c7:92:31:86:1b:fd:09:e8:
                    2e:ee:7a:f3:ee:e4:2f:34:45:5c:3e:5c:57:da:99:
                    7a:4f:4f:8a:6f:37:48:c6:c2:d8:d0:cf:ca:ca:44:
                    88:7f:b8:34:2d:9d:9c:41:12:79:f4:a8:6b:e9:bb:
                    fb:1e:37:c3:8c:60:fd:2f:2a:76:c8:15:1a:6e:4a:
                    0b:3f:42:68:80:63:60:d0:1d:21:f6:39:dc:62:d0:
                    4b:1f:5f:aa:b1:ea:4a:97:2a:78:2b:2f:70:de:88:
                    0c:83:d0:67:e2:8e:ac:d6:09:8b:62:c5:ae:d7:16:
                    30:59:20:6e:5b:fe:f3:6c:95:e4:b8:aa:79:d7:03:
                    57:47:59:28:0e:de:6b:3a:83:d2:2f:d2:ce:55:93:
                    b3:1e:02:47:8a:53:67:30:0e:16:da:ea:b8:19:e9:
                    64:a1:29:19:ef:c4:c4:53:ac:bc:da:53:79:b1:29:
                    c2:55:6a:fd:96:34:ad:36:e0:0b:15:ff:d7:65:2a:
                    1a:40:b7:65:fc:73:2d:b0:40:09:6e:b5:c7:35:99:
                    26:75:82:20:9b:14:42:df:dc:dc:e9:a4:49:b0:ed:
                    5d:12:cd:01:e3:be:c7:7f:eb:37:35:dd:6c:c5:ee:
                    db:a4:d1:da:93:fb:67:f6:83:d4:82:1b:d5:75:e9:
                    82:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:8E:36:99:95:2A:94:35:CA:DA:49:D2:F5:D5:5B:09:40:7D:27:93
            X509v3 Authority Key Identifier:
                keyid:DE:B1:45:75:60:80:AF:F1:BB:00:F5:F9:0F:D9:F2:F2:7C:C5:73:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3rFFdWCAr_G7APX5D9ny8nzFcyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a65d14-9365-40c9-a568-3ff9645503e9/1/J442mZUqlDXK2knS9dVbCUB9J5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a65d14-9365-40c9-a568-3ff9645503e9/1/3rFFdWCAr_G7APX5D9ny8nzFcyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.64.0/20
                  91.192.120.0/22
                  193.151.112.0/22
                  194.24.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:d9:01:06:b0:94:b4:bd:65:b7:18:87:8f:6b:0c:77:2c:52:
         16:85:7a:1f:ac:c7:26:59:dc:69:a4:c9:7a:3d:d2:6c:55:b4:
         57:07:13:9d:95:21:82:e0:13:ec:b4:d7:4a:a1:bb:37:5e:a3:
         8d:59:21:ff:8a:ed:2f:a8:5c:b2:c0:92:80:fd:88:f6:18:c5:
         46:10:0d:99:31:55:20:7b:24:80:41:f2:8f:23:2c:6c:4c:a6:
         55:7c:dc:c1:79:33:de:c6:09:57:29:21:a3:39:1c:a9:0d:d5:
         1f:7f:22:b5:57:6e:cd:61:58:c6:4d:8a:5c:bf:41:00:df:91:
         f8:fc:37:44:9c:3f:2e:49:96:8c:89:a9:47:1b:03:a0:23:e2:
         b1:95:72:c1:0c:8b:5a:af:b0:90:8b:8e:1d:81:c5:fd:c1:05:
         c2:f1:22:d9:35:40:9a:ea:fb:14:35:92:64:26:34:a2:77:f2:
         95:8b:82:bd:71:fd:bd:a6:43:9e:62:6f:16:d6:a2:01:e5:f3:
         10:04:c3:8d:ce:ad:82:8c:ad:a1:ba:ac:a2:0c:5e:ef:6c:49:
         1a:14:69:07:09:5c:ac:25:b4:95:3e:37:25:dc:78:e7:64:f2:
         4c:c6:68:54:a0:63:44:a8:e3:9e:73:a0:cc:6e:c7:40:7c:38:
         b7:ac:ca:11
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVv3drQk8Vo6+hxMhZrvuixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYjE0NTc1NjA4MGFmZjFiYjAwZjVmOTBmZDlmMmYyN2Nj
NTczMmEwHhcNMjMwMTAyMDAyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzhlMzY5OTk1MmE5NDM1Y2FkYTQ5ZDJmNWQ1NWIwOTQwN2QyNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXH1uf+Rx5Ixhhv9Cegu7nrz7uQv
NEVcPlxX2pl6T0+KbzdIxsLY0M/KykSIf7g0LZ2cQRJ59Khr6bv7HjfDjGD9Lyp2
yBUabkoLP0JogGNg0B0h9jncYtBLH1+qsepKlyp4Ky9w3ogMg9Bn4o6s1gmLYsWu
1xYwWSBuW/7zbJXkuKp51wNXR1koDt5rOoPSL9LOVZOzHgJHilNnMA4W2uq4Gelk
oSkZ78TEU6y82lN5sSnCVWr9ljStNuALFf/XZSoaQLdl/HMtsEAJbrXHNZkmdYIg
mxRC39zc6aRJsO1dEs0B477Hf+s3Nd1sxe7bpNHak/tn9oPUghvVdemCqQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCeONpmVKpQ1ytpJ0vXVWwlAfSeTMB8GA1UdIwQY
MBaAFN6xRXVggK/xuwD1+Q/Z8vJ8xXMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3JGRmRXQ0FyX0c3QVBYNUQ5bnk4bnpGY3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9hNjVkMTQtOTM2NS00MGM5LWE1Njgt
M2ZmOTY0NTUwM2U5LzEvSjQ0Mm1aVXFsRFhLMmtuUzlkVmJDVUI5SjVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9hNjVkMTQtOTM2NS00MGM5LWE1NjgtM2ZmOTY0NTUwM2U5
LzEvM3JGRmRXQ0FyX0c3QVBYNUQ5bnk4bnpGY3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQELpRAAwQC
W8B4AwQCwZdwAwQBwhi0MA0GCSqGSIb3DQEBCwUAA4IBAQCQ2QEGsJS0vWW3GIeP
awx3LFIWhXofrMcmWdxppMl6PdJsVbRXBxOdlSGC4BPstNdKobs3XqONWSH/iu0v
qFyywJKA/Yj2GMVGEA2ZMVUgeySAQfKPIyxsTKZVfNzBeTPexglXKSGjORypDdUf
fyK1V27NYVjGTYpcv0EA35H4/DdEnD8uSZaMialHGwOgI+KxlXLBDItar7CQi44d
gcX9wQXC8SLZNUCa6vsUNZJkJjSid/KVi4K9cf29pkOeYm8W1qIB5fMQBMONzq2C
jK2huqyiDF7vbEkaFGkHCVysJbSVPjcl3HjnZPJMxmhUoGNEqOOec6DMbsdAfDi3
rMoR
-----END CERTIFICATE-----