Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/36SQtBIAJTScndkXPMbLImUmSvE.roa
File:                     36SQtBIAJTScndkXPMbLImUmSvE.roa (raw, json)
Hash identifier:          S94zJHO97h0agMCju8mZl6WSxvCcH+7anxj69h1OCU0=
Subject key identifier:   DF:A4:90:B4:12:00:25:34:9C:9D:D9:17:3C:C6:CB:22:65:26:4A:F1
Certificate issuer:       /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial:       018570C2C317BFFD9B4B415AE925105D2869
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/36SQtBIAJTScndkXPMbLImUmSvE.roa
Signing time:             Mon 02 Jan 2023 04:34:50 +0000
ROA not before:           Mon 02 Jan 2023 04:34:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     33932
IP address blocks:        217.150.212.0/24 maxlen: 24
                          217.150.213.0/24 maxlen: 24
                          217.150.211.0/24 maxlen: 24
                          217.150.209.0/24 maxlen: 24
                          217.150.208.0/20 maxlen: 24
                          217.150.210.0/24 maxlen: 24
                          217.150.208.0/24 maxlen: 24
                          185.228.172.0/24 maxlen: 24
                          185.228.175.0/24 maxlen: 24
                          185.228.173.0/24 maxlen: 24
                          185.228.174.0/24 maxlen: 24
                          2a0d:2e00:4000::/36 maxlen: 36
                          2a0d:2e00:3000::/36 maxlen: 36
                          2a0d:2e00:2000::/36 maxlen: 36
                          2a0d:2e00:1000::/36 maxlen: 36
                          2a0d:2e00:4000::/48 maxlen: 48
                          2a0d:2e00:3000::/48 maxlen: 48
                          2a0d:2e00:2000::/48 maxlen: 48
                          2a0d:2e00:1000::/48 maxlen: 48
                          2a0d:2e00::/29 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:c2:c3:17:bf:fd:9b:4b:41:5a:e9:25:10:5d:28:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
        Validity
            Not Before: Jan  2 04:34:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dfa490b4120025349c9dd9173cc6cb2265264af1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:72:fe:c7:00:af:5f:04:11:f1:02:89:a6:44:
                    18:84:40:94:60:41:87:90:75:d5:af:c4:a5:e1:29:
                    97:d4:c1:6c:d7:1f:88:ef:9b:7e:d7:7c:69:ec:74:
                    ab:f3:02:6a:30:d5:d9:a6:ab:5f:76:b0:72:52:47:
                    8d:75:e7:45:02:0f:b1:36:cc:fa:3b:e3:46:0e:54:
                    20:79:c6:b3:5b:99:c4:e0:c7:f5:df:64:2c:29:86:
                    3b:26:69:1e:e1:17:69:b8:1a:37:30:53:0b:c6:ec:
                    71:3f:8a:ee:0e:94:3e:9d:8c:05:a9:14:61:36:9d:
                    b6:aa:22:06:3b:98:2f:29:42:fa:6a:25:aa:6a:67:
                    30:a2:c3:36:71:ab:06:70:46:f5:f6:3a:1c:2c:12:
                    99:7e:91:0f:92:c1:98:bb:cd:65:71:52:ea:ce:0b:
                    a5:e7:2c:4e:ef:d1:29:13:1f:67:62:85:37:fa:2e:
                    7a:4c:8a:c3:b8:15:87:e9:9e:23:c5:db:37:65:ef:
                    1a:e6:27:a9:94:90:ea:3e:1a:a1:32:0b:6b:26:fd:
                    84:d4:2a:fa:8b:7e:c8:c4:64:b2:4a:a2:7c:43:93:
                    28:34:4a:fd:17:c0:c3:57:dc:ab:9c:1d:61:a2:fc:
                    74:48:ca:22:8d:c8:cf:31:d4:96:7a:15:d6:39:24:
                    2e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:A4:90:B4:12:00:25:34:9C:9D:D9:17:3C:C6:CB:22:65:26:4A:F1
            X509v3 Authority Key Identifier:
                keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/36SQtBIAJTScndkXPMbLImUmSvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.172.0/22
                  217.150.208.0/20
                IPv6:
                  2a0d:2e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:d9:1c:37:70:73:d0:e5:05:95:2d:57:26:08:92:bd:e7:a4:
         1f:41:68:34:8a:fd:30:ba:25:0a:f6:9d:31:f6:53:26:09:88:
         6e:62:90:bc:94:44:91:76:67:7f:a3:90:2d:4c:c4:40:23:46:
         c3:96:2c:fc:e7:fa:0b:28:88:b5:7f:c8:d2:d5:a8:b8:0c:7c:
         a2:f3:54:8c:bf:b7:04:c5:db:72:90:54:37:3d:c9:0b:b4:ee:
         71:5a:8f:ed:bc:ca:00:60:4d:e2:8a:0b:60:64:82:57:c4:2d:
         f8:6c:96:1d:16:9b:bf:3c:46:11:39:dc:0e:a7:41:12:0a:36:
         aa:5f:af:31:3f:e3:bc:a6:dd:ff:73:a6:51:74:a7:0e:b2:73:
         37:a2:1a:d2:43:9d:39:55:d7:5f:a0:94:80:b1:8f:8e:83:31:
         b2:8e:e1:d3:33:d9:93:30:8c:0d:47:18:95:f3:96:32:65:92:
         fe:28:29:bf:5b:cd:78:3e:d3:73:2a:e3:2d:d2:f1:97:45:36:
         95:2c:72:ba:0d:66:7b:7f:79:5f:09:8d:b5:a9:f1:8e:ca:49:
         4b:f4:1a:e0:12:eb:e7:42:9b:44:bf:b4:f2:7d:42:1a:55:82:
         4b:95:82:a8:f9:61:ad:cb:15:4e:77:6d:91:39:39:28:d9:71:
         d1:0c:b3:db
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVwwsMXv/2bS0Fa6SUQXShpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYyNjc0OWNiZjg0YmNmNDJlYmIyOTg1Yjg2ZGVlODMw
ZTVjMTQwHhcNMjMwMTAyMDQzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmE0OTBiNDEyMDAyNTM0OWM5ZGQ5MTczY2M2Y2IyMjY1MjY0YWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3L+xwCvXwQR8QKJpkQYhECUYEGH
kHXVr8Sl4SmX1MFs1x+I75t+13xp7HSr8wJqMNXZpqtfdrByUkeNdedFAg+xNsz6
O+NGDlQgecazW5nE4Mf132QsKYY7Jmke4RdpuBo3MFMLxuxxP4ruDpQ+nYwFqRRh
Np22qiIGO5gvKUL6aiWqamcwosM2casGcEb19jocLBKZfpEPksGYu81lcVLqzgul
5yxO79EpEx9nYoU3+i56TIrDuBWH6Z4jxds3Ze8a5ieplJDqPhqhMgtrJv2E1Cr6
i37IxGSySqJ8Q5MoNEr9F8DDV9yrnB1hovx0SMoijcjPMdSWehXWOSQuqwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN+kkLQSACU0nJ3ZFzzGyyJlJkrxMB8GA1UdIwQY
MBaAFB2GJnScv4S89C67KYW4be6DDlwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYt
MGJmYmFkNDg0OWNkLzEvMzZTUXRCSUFKVFNjbmRrWFBNYkxJbVVtU3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYtMGJmYmFkNDg0OWNk
LzEvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCueSsAwQE
2ZbQMA0EAgACMAcDBQMqDS4AMA0GCSqGSIb3DQEBCwUAA4IBAQBD2Rw3cHPQ5QWV
LVcmCJK956QfQWg0iv0wuiUK9p0x9lMmCYhuYpC8lESRdmd/o5AtTMRAI0bDliz8
5/oLKIi1f8jS1ai4DHyi81SMv7cExdtykFQ3PckLtO5xWo/tvMoAYE3iigtgZIJX
xC34bJYdFpu/PEYROdwOp0ESCjaqX68xP+O8pt3/c6ZRdKcOsnM3ohrSQ505Vddf
oJSAsY+OgzGyjuHTM9mTMIwNRxiV85YyZZL+KCm/W814PtNzKuMt0vGXRTaVLHK6
DWZ7f3lfCY21qfGOyklL9BrgEuvnQptEv7TyfUIaVYJLlYKo+WGtyxVOd22ROTko
2XHRDLPb
-----END CERTIFICATE-----