Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/ShlP39PiEaNUlVvBzyHiiv6gvGE.roa
File:                     ShlP39PiEaNUlVvBzyHiiv6gvGE.roa (raw, json)
Hash identifier:          9A/vp4+Ur4oyDZXriYDaMyVwqyiC6Au0u3nd28JHm7Q=
Subject key identifier:   4A:19:4F:DF:D3:E2:11:A3:54:95:5B:C1:CF:21:E2:8A:FE:A0:BC:61
Certificate issuer:       /CN=cf4a717f8fa1bb0359274223acdae22b70e66bec
Certificate serial:       018BD823B85A9A60C3EEA9BDCAB8C29E20A7
Authority key identifier: CF:4A:71:7F:8F:A1:BB:03:59:27:42:23:AC:DA:E2:2B:70:E6:6B:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/ShlP39PiEaNUlVvBzyHiiv6gvGE.roa
Signing time:             Thu 16 Nov 2023 12:38:21 +0000
ROA not before:           Thu 16 Nov 2023 12:38:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15774
IP address blocks:        91.105.128.0/18 maxlen: 32
                          188.244.128.0/17 maxlen: 32
                          37.49.192.0/19 maxlen: 32
                          109.171.0.0/17 maxlen: 32
                          195.238.100.0/22 maxlen: 32
                          46.241.0.0/17 maxlen: 32
                          46.50.128.0/17 maxlen: 32
                          188.168.0.0/16 maxlen: 32
                          109.197.128.0/21 maxlen: 32
                          37.205.48.0/21 maxlen: 32
                          188.44.96.0/19 maxlen: 32
                          37.205.64.0/19 maxlen: 32
                          2a02:618::/32 maxlen: 96

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d8:23:b8:5a:9a:60:c3:ee:a9:bd:ca:b8:c2:9e:20:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf4a717f8fa1bb0359274223acdae22b70e66bec
        Validity
            Not Before: Nov 16 12:38:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a194fdfd3e211a354955bc1cf21e28afea0bc61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:12:0a:c7:0f:ee:b7:24:ec:d8:c6:f4:dd:b5:
                    d3:27:c1:a6:45:ee:f8:71:8f:15:97:ba:ea:50:2c:
                    29:31:fe:20:fc:11:4e:8d:fe:d5:82:ed:0f:4c:09:
                    08:eb:e2:98:3c:5d:72:ae:41:41:22:d9:c0:a9:27:
                    88:54:2e:7c:d1:9f:0e:c9:ba:d3:3e:07:3b:d0:4b:
                    e8:68:5f:db:e6:07:e7:25:5c:ae:c2:77:f9:d7:f1:
                    8a:8b:20:76:95:21:91:5a:0d:04:0a:a4:2b:44:e6:
                    eb:d3:6b:7c:7f:a0:31:b1:e3:16:36:0f:37:3e:ef:
                    7f:08:73:39:a1:bc:5e:5d:6a:25:73:9b:c7:2d:24:
                    a1:aa:98:06:1d:0a:05:ce:9f:c6:14:6d:2b:76:2e:
                    47:5c:0e:b5:1b:72:03:3e:50:8e:33:fb:0f:70:0e:
                    26:48:37:7a:15:d3:4f:22:e6:98:ba:6b:f6:ad:5c:
                    fc:7d:28:b6:6d:b1:0f:11:45:27:5e:36:bd:fc:73:
                    f2:4f:e3:f7:bc:e4:25:05:cb:8c:66:c1:b1:1c:7c:
                    a3:fd:27:a8:78:ff:8b:b9:ab:df:2b:e0:28:e7:39:
                    d7:d3:a0:2f:9a:0a:2d:f9:ee:d4:3e:6d:d3:c8:a1:
                    72:f8:d4:86:91:c3:85:a7:83:40:38:ca:6d:99:ad:
                    1a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:19:4F:DF:D3:E2:11:A3:54:95:5B:C1:CF:21:E2:8A:FE:A0:BC:61
            X509v3 Authority Key Identifier:
                keyid:CF:4A:71:7F:8F:A1:BB:03:59:27:42:23:AC:DA:E2:2B:70:E6:6B:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/ShlP39PiEaNUlVvBzyHiiv6gvGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/z0pxf4-huwNZJ0IjrNriK3Dma-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.192.0/19
                  37.205.48.0/21
                  37.205.64.0/19
                  46.50.128.0/17
                  46.241.0.0/17
                  91.105.128.0/18
                  109.171.0.0/17
                  109.197.128.0/21
                  188.44.96.0/19
                  188.168.0.0/16
                  188.244.128.0/17
                  195.238.100.0/22
                IPv6:
                  2a02:618::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:5d:d5:c0:e9:9e:f7:3d:79:3d:02:84:f8:24:3d:30:4c:bf:
         49:75:65:59:39:8b:6b:64:3d:14:6a:c5:33:11:db:9a:ab:89:
         e0:36:74:f2:58:5e:ef:f1:9a:8c:99:19:e6:29:07:1b:6d:df:
         53:26:74:d0:e9:07:42:c9:75:3c:ce:b7:d0:71:47:bc:3f:6f:
         c4:2c:a7:7c:94:1a:18:2b:86:50:b3:a6:57:72:d2:f5:ad:9c:
         42:73:f8:c5:c0:d1:9a:d4:18:ee:37:88:4f:93:0e:40:20:ae:
         be:73:f3:13:72:2c:10:11:70:cd:0a:25:35:81:9b:94:c9:ff:
         ae:f7:e7:d0:ca:13:3b:3b:cc:16:d2:71:fe:bc:f8:90:de:95:
         65:43:53:6a:92:30:49:d0:7c:19:ab:15:f9:ea:ee:97:15:51:
         ab:89:5d:c1:86:9a:f1:7d:82:83:12:e4:b0:1f:a3:14:19:25:
         c9:3f:19:9a:20:21:49:04:04:02:a5:0d:6e:57:fa:01:37:d4:
         14:46:d5:e9:f3:f9:74:8d:cc:d0:00:69:e4:f4:4b:9c:f5:4c:
         68:fa:e5:d7:ae:28:62:bd:0d:7b:53:ee:a1:47:ca:d1:c8:ca:
         b1:f8:ed:ac:c5:ab:da:c1:1a:8a:94:5e:d7:17:c6:48:25:03:
         eb:30:dd:be
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYvYI7hammDD7qm9yrjCniCnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNGE3MTdmOGZhMWJiMDM1OTI3NDIyM2FjZGFlMjJiNzBl
NjZiZWMwHhcNMjMxMTE2MTIzODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTE5NGZkZmQzZTIxMWEzNTQ5NTViYzFjZjIxZTI4YWZlYTBiYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hIKxw/utyTs2Mb03bXTJ8GmRe74
cY8Vl7rqUCwpMf4g/BFOjf7Vgu0PTAkI6+KYPF1yrkFBItnAqSeIVC580Z8OybrT
Pgc70EvoaF/b5gfnJVyuwnf51/GKiyB2lSGRWg0ECqQrRObr02t8f6AxseMWNg83
Pu9/CHM5obxeXWolc5vHLSShqpgGHQoFzp/GFG0rdi5HXA61G3IDPlCOM/sPcA4m
SDd6FdNPIuaYumv2rVz8fSi2bbEPEUUnXja9/HPyT+P3vOQlBcuMZsGxHHyj/Seo
eP+LuavfK+Ao5znX06Avmgot+e7UPm3TyKFy+NSGkcOFp4NAOMptma0aIQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFEoZT9/T4hGjVJVbwc8h4or+oLxhMB8GA1UdIwQY
MBaAFM9KcX+PobsDWSdCI6za4itw5mvsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejBweGY0LWh1d05aSjBJanJOcmlLM0RtYS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9lNTBmNTQtNmZkZC00ZmU5LTlmZTkt
NmFhYTZiMDIxNjBkLzEvU2hsUDM5UGlFYU5VbFZ2Qnp5SGlpdjZndkdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9lNTBmNTQtNmZkZC00ZmU5LTlmZTktNmFhYTZiMDIxNjBk
LzEvejBweGY0LWh1d05aSjBJanJOcmlLM0RtYS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBNBAIAATBHAwQFJTHAAwQD
Jc0wAwQFJc1AAwQHLjKAAwQHLvEAAwQGW2mAAwQHbasAAwQDbcWAAwQFvCxgAwMA
vKgDBAe89IADBALD7mQwDQQCAAIwBwMFACoCBhgwDQYJKoZIhvcNAQELBQADggEB
AAFd1cDpnvc9eT0ChPgkPTBMv0l1ZVk5i2tkPRRqxTMR25qrieA2dPJYXu/xmoyZ
GeYpBxtt31MmdNDpB0LJdTzOt9BxR7w/b8Qsp3yUGhgrhlCzpldy0vWtnEJz+MXA
0ZrUGO43iE+TDkAgrr5z8xNyLBARcM0KJTWBm5TJ/67359DKEzs7zBbScf68+JDe
lWVDU2qSMEnQfBmrFfnq7pcVUauJXcGGmvF9goMS5LAfoxQZJck/GZogIUkEBAKl
DW5X+gE31BRG1enz+XSNzNAAaeT0S5z1TGj65deuKGK9DXtT7qFHytHIyrH47azF
q9rBGoqUXtcXxkglA+sw3b4=
-----END CERTIFICATE-----