Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/pIcSD0SlyxKLUKwP1NAAw71rN7U.roa
File:                     pIcSD0SlyxKLUKwP1NAAw71rN7U.roa (raw, json)
Hash identifier:          +11TS6KFgcZEYfqlUct5/DA6IzLg7hAWzI10zyibH3w=
Subject key identifier:   A4:87:12:0F:44:A5:CB:12:8B:50:AC:0F:D4:D0:00:C3:BD:6B:37:B5
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018C8814F2048BEAEE83504E15A3E408863F
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/pIcSD0SlyxKLUKwP1NAAw71rN7U.roa
Signing time:             Wed 20 Dec 2023 16:35:23 +0000
ROA not before:           Wed 20 Dec 2023 16:35:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44889
IP address blocks:        212.16.64.0/19 maxlen: 24
                          212.16.71.0/24 maxlen: 24
                          212.16.72.0/24 maxlen: 25
                          212.16.86.0/23 maxlen: 23
                          212.16.89.0/24 maxlen: 24
                          212.16.92.0/23 maxlen: 23
                          212.80.0.0/19 maxlen: 24
                          212.80.2.0/24 maxlen: 24
                          212.80.18.0/23 maxlen: 23
                          212.80.29.0/24 maxlen: 24
                          46.38.141.0/24 maxlen: 24
                          46.38.144.0/21 maxlen: 21
                          46.38.144.0/23 maxlen: 23
                          46.38.140.0/24 maxlen: 24
                          46.38.150.0/24 maxlen: 24
                          46.38.156.0/23 maxlen: 23
                          46.38.158.0/24 maxlen: 24
                          46.38.129.0/24 maxlen: 24
                          46.38.131.0/24 maxlen: 24
                          2a00:7d80::/29 maxlen: 64

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:88:14:f2:04:8b:ea:ee:83:50:4e:15:a3:e4:08:86:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Dec 20 16:35:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a487120f44a5cb128b50ac0fd4d000c3bd6b37b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:44:dc:93:e9:86:49:93:9b:3d:31:9a:7e:3c:
                    4c:55:13:be:e5:09:90:45:73:27:92:1d:9b:8f:87:
                    ae:ca:cd:ff:73:19:75:be:cc:d8:9c:05:13:cd:e4:
                    46:8a:54:a9:63:e2:7d:12:bb:e5:12:68:7a:0f:fc:
                    a3:e0:31:78:ea:49:b0:63:5c:15:90:11:ba:10:29:
                    8e:e8:2e:7c:3c:25:20:52:34:b7:84:1a:d8:f7:b0:
                    d7:d0:65:71:2e:68:9f:79:1b:cc:5c:f0:34:cc:bf:
                    45:96:60:33:0e:87:e9:f8:9f:97:54:3a:9c:a5:fa:
                    1d:08:9c:65:91:2f:17:45:21:10:ef:1a:88:f6:99:
                    ac:f2:a8:cf:7e:6a:fd:cf:d9:cf:c1:e4:24:13:07:
                    61:8e:ef:1d:7e:d2:b1:e2:a4:55:e3:57:a3:f1:22:
                    b0:fb:fc:6d:a9:ea:b6:03:71:bb:3d:ef:bc:e1:97:
                    13:4e:4c:c4:17:34:8e:cb:14:24:e8:eb:87:45:2d:
                    e5:89:27:a7:b2:23:71:99:81:71:82:5e:4b:ba:ee:
                    df:b0:a0:05:31:e1:a7:13:68:25:8e:f2:d1:2e:c8:
                    ed:b4:e9:a9:66:fe:c4:95:9f:90:dd:40:5e:f8:6b:
                    2d:0d:57:b7:0f:b5:d6:ee:86:8c:bc:15:e2:20:4f:
                    4b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:87:12:0F:44:A5:CB:12:8B:50:AC:0F:D4:D0:00:C3:BD:6B:37:B5
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/pIcSD0SlyxKLUKwP1NAAw71rN7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.129.0/24
                  46.38.131.0/24
                  46.38.140.0/23
                  46.38.144.0/21
                  46.38.156.0-46.38.158.255
                  212.16.64.0/19
                  212.80.0.0/19
                IPv6:
                  2a00:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:b8:8c:4b:df:30:96:16:97:ea:a2:40:43:b3:cf:89:a9:13:
         de:6c:24:80:f7:f5:28:4f:3b:2d:46:85:b9:94:3a:da:eb:ed:
         bd:d3:45:e2:e9:47:9e:e1:be:0a:61:56:ea:94:14:3b:6a:9d:
         69:fe:71:35:b5:15:a3:00:b0:c0:c3:e1:6e:d9:c9:0e:17:f2:
         ca:ac:30:8a:28:8c:b0:09:df:f9:4b:b1:8b:23:64:90:de:2f:
         a7:08:69:4e:83:ec:a2:ca:6d:a1:ab:b4:88:e6:60:38:7e:35:
         88:5c:b3:17:c0:cd:a5:fd:4d:cb:19:c6:20:01:e1:a6:2d:20:
         98:fa:2e:7d:de:2b:e4:94:4b:6c:c3:8b:24:3b:b1:32:cd:64:
         d7:30:06:a6:76:fc:b9:81:3a:64:ed:1d:e7:19:72:46:a8:61:
         4d:3a:d8:47:86:53:ce:02:fd:1a:46:fc:a7:fc:e0:e0:da:9e:
         8f:b1:87:bb:58:d5:d7:95:9d:9b:90:50:c4:6c:aa:e2:1f:51:
         b4:43:82:9e:5c:7a:c6:9e:7d:7c:b3:da:dc:1e:3f:57:16:25:
         7f:6e:7d:09:13:61:77:bc:5d:c7:63:60:d1:f9:d4:51:01:03:
         81:59:c4:ee:c6:13:86:7d:7e:08:39:db:c7:ec:0b:b1:08:ea:
         bc:24:96:30
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYyIFPIEi+rug1BOFaPkCIY/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjMxMjIwMTYzNTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDg3MTIwZjQ0YTVjYjEyOGI1MGFjMGZkNGQwMDBjM2JkNmIzN2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUTck+mGSZObPTGafjxMVRO+5QmQ
RXMnkh2bj4euys3/cxl1vszYnAUTzeRGilSpY+J9ErvlEmh6D/yj4DF46kmwY1wV
kBG6ECmO6C58PCUgUjS3hBrY97DX0GVxLmifeRvMXPA0zL9FlmAzDofp+J+XVDqc
pfodCJxlkS8XRSEQ7xqI9pms8qjPfmr9z9nPweQkEwdhju8dftKx4qRV41ej8SKw
+/xtqeq2A3G7Pe+84ZcTTkzEFzSOyxQk6OuHRS3liSensiNxmYFxgl5Luu7fsKAF
MeGnE2gljvLRLsjttOmpZv7ElZ+Q3UBe+GstDVe3D7XW7oaMvBXiIE9LGQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFKSHEg9EpcsSi1CsD9TQAMO9aze1MB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvcEljU0QwU2x5eEtMVUt3UDFOQUF3NzFyTjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQALiaBAwQA
LiaDAwQBLiaMAwQDLiaQMAwDBAIuJpwDBAAuJp4DBAXUEEADBAXUUAAwDQQCAAIw
BwMFAyoAfYAwDQYJKoZIhvcNAQELBQADggEBALO4jEvfMJYWl+qiQEOzz4mpE95s
JID39ShPOy1GhbmUOtrr7b3TReLpR57hvgphVuqUFDtqnWn+cTW1FaMAsMDD4W7Z
yQ4X8sqsMIoojLAJ3/lLsYsjZJDeL6cIaU6D7KLKbaGrtIjmYDh+NYhcsxfAzaX9
TcsZxiAB4aYtIJj6Ln3eK+SUS2zDiyQ7sTLNZNcwBqZ2/LmBOmTtHecZckaoYU06
2EeGU84C/RpG/Kf84ODano+xh7tY1deVnZuQUMRsquIfUbRDgp5cesaefXyz2twe
P1cWJX9ufQkTYXe8XcdjYNH51FEBA4FZxO7GE4Z9fgg528fsC7EI6rwkljA=
-----END CERTIFICATE-----