Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/6b329f-f4f5-4af0-a81e-92b6796c77cc/1/EAo9A1D-tOuizdUH-X1TSkkFiDc.roa
File:                     EAo9A1D-tOuizdUH-X1TSkkFiDc.roa (raw, json)
Hash identifier:          6AkDv1pPuDtszEPlX8Opu0539Uo+1qUpwXz/muV+dPk=
Subject key identifier:   10:0A:3D:03:50:FE:B4:EB:A2:CD:D5:07:F9:7D:53:4A:49:05:88:37
Certificate issuer:       /CN=cbd745ebfcec382df252c2f750db648f4f034abf
Certificate serial:       018A6A1EA617887DC1E7EF2D8CFBE4E5E7B4
Authority key identifier: CB:D7:45:EB:FC:EC:38:2D:F2:52:C2:F7:50:DB:64:8F:4F:03:4A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9dF6_zsOC3yUsL3UNtkj08DSr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/6b329f-f4f5-4af0-a81e-92b6796c77cc/1/EAo9A1D-tOuizdUH-X1TSkkFiDc.roa
Signing time:             Wed 06 Sep 2023 10:51:47 +0000
ROA not before:           Wed 06 Sep 2023 10:51:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3209
IP address blocks:        146.60.0.0/16 maxlen: 24
                          213.23.0.0/16 maxlen: 24
                          212.144.0.0/16 maxlen: 24
                          195.158.128.0/19 maxlen: 19
                          92.72.0.0/13 maxlen: 24
                          94.216.0.0/13 maxlen: 24
                          84.56.0.0/13 maxlen: 24
                          193.25.247.0/24 maxlen: 24
                          195.50.128.0/18 maxlen: 18
                          185.2.132.0/22 maxlen: 22
                          88.64.0.0/12 maxlen: 24
                          188.96.0.0/12 maxlen: 24
                          92.216.0.0/14 maxlen: 24
                          85.238.224.0/19 maxlen: 19
                          2a00:20::/32 maxlen: 42
                          2a00::/22 maxlen: 22

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:6a:1e:a6:17:88:7d:c1:e7:ef:2d:8c:fb:e4:e5:e7:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd745ebfcec382df252c2f750db648f4f034abf
        Validity
            Not Before: Sep  6 10:51:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=100a3d0350feb4eba2cdd507f97d534a49058837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:29:d0:2e:79:d6:bd:a3:63:25:53:c5:d3:a7:
                    5a:bb:f7:6c:df:fb:2f:f6:ec:77:8a:5b:7a:3c:3d:
                    17:cf:e6:ed:1b:a4:26:7e:41:41:d3:57:1a:40:e6:
                    d3:d8:4d:bb:cf:01:39:75:ca:39:3b:41:86:15:97:
                    94:19:3c:71:3a:cc:99:87:db:f4:55:cd:5e:8c:f0:
                    54:21:51:1c:c3:4b:46:b3:59:ff:97:ad:97:39:3b:
                    ae:ad:9d:30:d7:9b:61:c8:a9:84:9a:7c:60:5a:92:
                    93:32:6d:76:11:45:43:76:be:fd:67:fa:ee:87:cf:
                    13:5e:89:b7:b9:f1:ec:0d:84:70:63:5c:af:82:a1:
                    8e:79:dd:ca:91:62:25:fa:d2:dc:76:8b:68:1e:52:
                    a8:a8:6d:41:91:40:6a:70:14:5f:06:c5:9b:3e:d9:
                    bd:c4:11:56:28:d4:c0:94:c1:e3:d2:a3:4b:1a:17:
                    30:3d:f4:cb:ec:ab:ee:79:74:b0:8f:67:cd:b5:0a:
                    04:9c:f8:17:d5:81:d9:d1:b2:33:7e:31:5c:49:43:
                    f3:47:65:66:10:0e:4d:c4:bf:8b:c0:5c:eb:bd:a4:
                    f4:67:88:ef:ad:cb:92:15:20:6f:d5:d1:2b:7a:ef:
                    29:c6:f5:c1:6b:72:0d:41:39:1a:94:a1:ca:1a:03:
                    aa:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:0A:3D:03:50:FE:B4:EB:A2:CD:D5:07:F9:7D:53:4A:49:05:88:37
            X509v3 Authority Key Identifier:
                keyid:CB:D7:45:EB:FC:EC:38:2D:F2:52:C2:F7:50:DB:64:8F:4F:03:4A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9dF6_zsOC3yUsL3UNtkj08DSr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/6b329f-f4f5-4af0-a81e-92b6796c77cc/1/EAo9A1D-tOuizdUH-X1TSkkFiDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/6b329f-f4f5-4af0-a81e-92b6796c77cc/1/y9dF6_zsOC3yUsL3UNtkj08DSr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.56.0.0/13
                  85.238.224.0/19
                  88.64.0.0/12
                  92.72.0.0/13
                  92.216.0.0/14
                  94.216.0.0/13
                  146.60.0.0/16
                  185.2.132.0/22
                  188.96.0.0/12
                  193.25.247.0/24
                  195.50.128.0/18
                  195.158.128.0/19
                  212.144.0.0/16
                  213.23.0.0/16
                IPv6:
                  2a00::/22

    Signature Algorithm: sha256WithRSAEncryption
         45:04:7a:ad:a1:8b:ef:09:c7:81:36:d6:62:e1:8e:a2:dd:f4:
         d4:07:be:8f:c8:a5:e4:4a:43:f0:f9:a8:91:78:92:fb:7c:03:
         ac:ce:06:9b:69:b1:8c:d7:8b:fc:cb:dc:b8:a6:b0:5b:96:be:
         00:73:fe:fc:6e:3a:81:7f:49:f4:17:26:0c:6c:2c:e3:36:6d:
         58:3d:61:fb:7d:6a:4e:d8:03:88:75:57:1d:cf:43:43:0e:13:
         90:64:48:60:2f:f7:6d:ed:dc:02:f4:ee:a7:e6:a9:1a:0d:aa:
         35:ca:57:b5:06:74:9b:e1:9a:66:a8:44:6c:49:7f:80:a8:39:
         d7:9c:91:0f:4d:64:2c:0b:d3:8b:ff:d9:1d:41:c2:6c:90:fd:
         87:6e:33:a1:6c:1f:15:10:66:c7:4c:02:4d:36:2b:88:35:f5:
         3f:a8:fd:b0:32:5e:27:a4:32:72:61:d7:20:ad:0a:9b:f5:c5:
         24:4d:d7:15:60:ad:75:f3:a9:48:21:4b:84:8e:cf:b4:af:99:
         e2:71:37:f4:1d:21:a5:08:5d:b8:4f:cc:c9:60:d6:52:c6:12:
         78:6e:23:ab:f7:46:c4:19:05:28:a7:70:d7:99:fd:29:4d:2d:
         1d:66:d2:b4:b6:96:eb:a5:91:07:e4:04:72:98:63:97:64:6a:
         9e:1d:5a:51
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYpqHqYXiH3B5+8tjPvk5ee0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDc0NWViZmNlYzM4MmRmMjUyYzJmNzUwZGI2NDhmNGYw
MzRhYmYwHhcNMjMwOTA2MTA1MTQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDBhM2QwMzUwZmViNGViYTJjZGQ1MDdmOTdkNTM0YTQ5MDU4ODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsinQLnnWvaNjJVPF06dau/ds3/sv
9ux3ilt6PD0Xz+btG6QmfkFB01caQObT2E27zwE5dco5O0GGFZeUGTxxOsyZh9v0
Vc1ejPBUIVEcw0tGs1n/l62XOTuurZ0w15thyKmEmnxgWpKTMm12EUVDdr79Z/ru
h88TXom3ufHsDYRwY1yvgqGOed3KkWIl+tLcdotoHlKoqG1BkUBqcBRfBsWbPtm9
xBFWKNTAlMHj0qNLGhcwPfTL7KvueXSwj2fNtQoEnPgX1YHZ0bIzfjFcSUPzR2Vm
EA5NxL+LwFzrvaT0Z4jvrcuSFSBv1dEreu8pxvXBa3INQTkalKHKGgOq5wIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFBAKPQNQ/rTros3VB/l9U0pJBYg3MB8GA1UdIwQY
MBaAFMvXRev87Dgt8lLC91DbZI9PA0q/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlkRjZfenNPQzN5VXNMM1VOdGtqMDhEU3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi82YjMyOWYtZjRmNS00YWYwLWE4MWUt
OTJiNjc5NmM3N2NjLzEvRUFvOUExRC10T3VpemRVSC1YMVRTa2tGaURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi82YjMyOWYtZjRmNS00YWYwLWE4MWUtOTJiNjc5NmM3N2Nj
LzEveTlkRjZfenNPQzN5VXNMM1VOdGtqMDhEU3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBRBAIAATBLAwMDVDgDBAVV
7uADAwRYQAMDA1xIAwMCXNgDAwNe2AMDAJI8AwQCuQKEAwMEvGADBADBGfcDBAbD
MoADBAXDnoADAwDUkAMDANUXMAwEAgACMAYDBAIqAAAwDQYJKoZIhvcNAQELBQAD
ggEBAEUEeq2hi+8Jx4E21mLhjqLd9NQHvo/IpeRKQ/D5qJF4kvt8A6zOBptpsYzX
i/zL3LimsFuWvgBz/vxuOoF/SfQXJgxsLOM2bVg9Yft9ak7YA4h1Vx3PQ0MOE5Bk
SGAv923t3AL07qfmqRoNqjXKV7UGdJvhmmaoRGxJf4CoOdeckQ9NZCwL04v/2R1B
wmyQ/YduM6FsHxUQZsdMAk02K4g19T+o/bAyXiekMnJh1yCtCpv1xSRN1xVgrXXz
qUghS4SOz7SvmeJxN/QdIaUIXbhPzMlg1lLGEnhuI6v3RsQZBSincNeZ/SlNLR1m
0rS2luulkQfkBHKYY5dkap4dWlE=
-----END CERTIFICATE-----