Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/i03FvxYV8n-h-9eW80z95a4mwhM.roa
File:                     i03FvxYV8n-h-9eW80z95a4mwhM.roa (raw, json)
Hash identifier:          40S5zZixjXmjcQK9PQ+o5bVJ87tFinRHx6t4PY8OdrU=
Subject key identifier:   8B:4D:C5:BF:16:15:F2:7F:A1:FB:D7:96:F3:4C:FD:E5:AE:26:C2:13
Certificate issuer:       /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial:       0189990D8578E2D7C4C5A8766E18234857B1
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/i03FvxYV8n-h-9eW80z95a4mwhM.roa
Signing time:             Thu 27 Jul 2023 20:32:27 +0000
ROA not before:           Thu 27 Jul 2023 20:32:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     33932
IP address blocks:        217.150.212.0/24 maxlen: 24
                          217.150.213.0/24 maxlen: 24
                          217.150.211.0/24 maxlen: 24
                          217.150.209.0/24 maxlen: 24
                          217.150.208.0/20 maxlen: 24
                          217.150.210.0/24 maxlen: 24
                          217.150.208.0/24 maxlen: 24
                          217.150.214.0/24 maxlen: 24
                          185.228.172.0/24 maxlen: 24
                          185.228.175.0/24 maxlen: 24
                          185.228.173.0/24 maxlen: 24
                          185.228.174.0/24 maxlen: 24
                          2a0d:2e00:4000::/36 maxlen: 36
                          2a0d:2e00:3000::/36 maxlen: 36
                          2a0d:2e00:2000::/36 maxlen: 36
                          2a0d:2e00:1000::/36 maxlen: 36
                          2a0d:2e00:4000::/48 maxlen: 48
                          2a0d:2e00:3000::/48 maxlen: 48
                          2a0d:2e00:2000::/48 maxlen: 48
                          2a0d:2e00:1000::/48 maxlen: 48
                          2a0d:2e00::/29 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:99:0d:85:78:e2:d7:c4:c5:a8:76:6e:18:23:48:57:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
        Validity
            Not Before: Jul 27 20:32:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b4dc5bf1615f27fa1fbd796f34cfde5ae26c213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1b:7f:6e:45:58:da:20:0d:70:2a:3c:01:e5:
                    16:09:5c:3a:b9:4c:52:b8:a5:4d:95:ed:97:13:57:
                    36:9f:4f:65:a2:bf:9a:13:d5:30:a2:fe:cc:a2:04:
                    76:6b:fa:ab:a3:ad:14:2c:f6:f9:03:95:fb:c3:cd:
                    80:01:62:f1:6d:75:27:2f:d7:bd:46:56:fa:54:bb:
                    0b:dc:74:1f:fa:1d:68:38:b7:91:44:a7:08:5b:e2:
                    20:a8:4b:67:b3:e7:0a:06:d4:e7:21:0f:72:3e:9c:
                    d7:a9:24:91:0d:44:0d:72:82:1b:83:79:ba:4e:12:
                    e6:8d:dc:e5:59:6f:da:e1:16:6f:c0:8d:93:60:47:
                    f1:cf:4d:bb:ed:65:cb:62:ae:18:62:eb:64:6a:6b:
                    8a:2c:6b:92:6c:37:6c:17:5d:b1:01:98:71:be:b4:
                    af:dd:db:ec:c2:75:25:b4:6e:6d:06:9b:ca:4e:10:
                    56:87:08:e5:d9:3b:7e:8e:13:84:9c:c6:12:3d:3f:
                    66:d4:85:c1:25:61:c7:51:df:51:d0:43:b8:24:41:
                    09:51:d3:98:87:74:b2:46:6a:0d:63:d6:b3:b9:b6:
                    61:4b:a1:96:17:9c:0c:47:cf:76:3c:fd:10:89:cd:
                    b4:30:5a:5b:4d:18:20:b5:2f:6c:5f:8d:54:43:5d:
                    ba:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:4D:C5:BF:16:15:F2:7F:A1:FB:D7:96:F3:4C:FD:E5:AE:26:C2:13
            X509v3 Authority Key Identifier:
                keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/i03FvxYV8n-h-9eW80z95a4mwhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.172.0/22
                  217.150.208.0/20
                IPv6:
                  2a0d:2e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:37:01:21:93:f5:8b:b5:1e:88:10:e2:78:e1:b0:e1:0c:32:
         25:ae:83:96:b5:44:86:01:c7:8f:fc:7b:ab:45:46:ec:00:84:
         3e:36:ed:9d:1a:4b:ff:ed:93:fe:4f:2a:91:7e:74:b3:10:d8:
         64:9c:90:36:b3:e1:12:84:44:4a:90:2b:91:64:2b:44:a3:81:
         54:c5:c0:d5:59:2b:2b:eb:6a:5f:4a:73:64:97:2e:5a:f9:be:
         91:da:7c:5c:46:46:28:8b:f8:ab:77:58:13:69:e2:57:dd:38:
         2b:9b:e5:f6:af:fd:21:8c:63:9d:5b:12:08:d3:0d:b6:a1:54:
         09:99:ea:18:21:76:0b:75:8a:eb:0f:61:45:73:24:0d:56:bd:
         c6:51:a6:fc:dd:f9:34:b2:10:78:fd:e6:7f:5a:73:7f:31:dc:
         ed:a0:7b:d8:4f:25:a2:8c:15:4e:61:b7:40:53:66:98:8d:0d:
         e4:7f:a4:0d:30:a4:f6:95:e6:a9:d6:81:94:88:c8:ca:e2:6a:
         62:dd:c2:d0:e4:f4:fc:30:a5:41:c3:fd:d2:82:b8:c3:f5:24:
         98:31:b3:0c:91:fd:5a:5c:22:39:ac:ce:c5:de:8b:87:af:4d:
         40:c7:4c:7d:e0:29:2c:2b:95:88:30:12:4e:37:79:e2:b6:62:
         97:3e:c9:67
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYmZDYV44tfExah2bhgjSFexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYyNjc0OWNiZjg0YmNmNDJlYmIyOTg1Yjg2ZGVlODMw
ZTVjMTQwHhcNMjMwNzI3MjAzMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjRkYzViZjE2MTVmMjdmYTFmYmQ3OTZmMzRjZmRlNWFlMjZjMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRt/bkVY2iANcCo8AeUWCVw6uUxS
uKVNle2XE1c2n09lor+aE9Uwov7MogR2a/qro60ULPb5A5X7w82AAWLxbXUnL9e9
Rlb6VLsL3HQf+h1oOLeRRKcIW+IgqEtns+cKBtTnIQ9yPpzXqSSRDUQNcoIbg3m6
ThLmjdzlWW/a4RZvwI2TYEfxz0277WXLYq4YYutkamuKLGuSbDdsF12xAZhxvrSv
3dvswnUltG5tBpvKThBWhwjl2Tt+jhOEnMYSPT9m1IXBJWHHUd9R0EO4JEEJUdOY
h3SyRmoNY9azubZhS6GWF5wMR892PP0Qic20MFpbTRggtS9sX41UQ126PwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFItNxb8WFfJ/ofvXlvNM/eWuJsITMB8GA1UdIwQY
MBaAFB2GJnScv4S89C67KYW4be6DDlwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYt
MGJmYmFkNDg0OWNkLzEvaTAzRnZ4WVY4bi1oLTllVzgwejk1YTRtd2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYtMGJmYmFkNDg0OWNk
LzEvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCueSsAwQE
2ZbQMA0EAgACMAcDBQMqDS4AMA0GCSqGSIb3DQEBCwUAA4IBAQBONwEhk/WLtR6I
EOJ44bDhDDIlroOWtUSGAceP/HurRUbsAIQ+Nu2dGkv/7ZP+TyqRfnSzENhknJA2
s+EShERKkCuRZCtEo4FUxcDVWSsr62pfSnNkly5a+b6R2nxcRkYoi/ird1gTaeJX
3Tgrm+X2r/0hjGOdWxII0w22oVQJmeoYIXYLdYrrD2FFcyQNVr3GUab83fk0shB4
/eZ/WnN/MdztoHvYTyWijBVOYbdAU2aYjQ3kf6QNMKT2leap1oGUiMjK4mpi3cLQ
5PT8MKVBw/3SgrjD9SSYMbMMkf1aXCI5rM7F3ouHr01Ax0x94CksK5WIMBJON3ni
tmKXPsln
-----END CERTIFICATE-----