Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/PWdygQlDT09Bjo31vrfrTS7F_A0.roa
File:                     PWdygQlDT09Bjo31vrfrTS7F_A0.roa (raw, json)
Hash identifier:          ItDk4hKgDhtBiAoBfJE1H0OSm9Ll7e7DNUqNWLo0XkY=
Subject key identifier:   3D:67:72:81:09:43:4F:4F:41:8E:8D:F5:BE:B7:EB:4D:2E:C5:FC:0D
Certificate issuer:       /CN=ef4f78947341ce55888b7ebf3690143b0cbff3d6
Certificate serial:       0185A1747E2BACB36483B4FDD9E0AFA5B2BB
Authority key identifier: EF:4F:78:94:73:41:CE:55:88:8B:7E:BF:36:90:14:3B:0C:BF:F3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/PWdygQlDT09Bjo31vrfrTS7F_A0.roa
Signing time:             Wed 11 Jan 2023 15:30:44 +0000
ROA not before:           Wed 11 Jan 2023 15:30:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15954
IP address blocks:        37.247.120.0/21 maxlen: 21
                          91.216.219.0/24 maxlen: 24
                          185.49.184.0/22 maxlen: 22
                          217.18.32.0/20 maxlen: 20
                          31.24.120.0/21 maxlen: 21
                          194.176.119.0/24 maxlen: 24
                          185.203.224.0/22 maxlen: 22
                          185.57.196.0/22 maxlen: 22
                          31.47.72.0/21 maxlen: 21
                          193.247.194.0/24 maxlen: 24
                          2a02:2810::/32 maxlen: 32
                          2a01:a940::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a1:74:7e:2b:ac:b3:64:83:b4:fd:d9:e0:af:a5:b2:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef4f78947341ce55888b7ebf3690143b0cbff3d6
        Validity
            Not Before: Jan 11 15:30:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3d67728109434f4f418e8df5beb7eb4d2ec5fc0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:67:66:25:7c:13:a9:5b:5f:e7:da:3a:f3:4c:
                    2a:cd:88:d3:ac:40:83:c6:a0:02:19:ed:23:6c:7a:
                    46:37:d9:69:fd:60:20:0f:df:48:2d:0b:25:b3:d2:
                    d1:3f:56:f3:fb:74:2f:55:84:40:c0:d2:cf:8b:4a:
                    3a:71:90:0f:bc:73:de:65:03:87:6b:74:dd:8f:48:
                    d6:4d:e7:fe:55:88:9d:78:e1:c6:ac:2c:bc:ca:77:
                    2f:70:87:0f:ff:c9:db:07:eb:62:40:f3:3b:70:b9:
                    c5:e5:e3:ef:52:d7:72:f7:0b:b5:7a:20:51:53:4d:
                    ff:93:b5:ea:9f:d9:34:3a:96:07:98:ca:53:c2:f6:
                    1b:98:34:08:19:97:ba:01:46:6b:1c:ea:bb:07:34:
                    06:f1:3f:95:6c:30:53:4c:ea:02:d8:29:6f:65:5b:
                    bf:9f:01:6c:6f:ca:95:89:79:ab:fb:35:96:ee:e2:
                    96:d9:44:93:48:6c:ad:b2:2b:31:c7:da:d9:b2:1f:
                    ad:7b:cf:4a:86:5a:62:08:36:dc:52:cb:a4:c6:38:
                    17:88:97:0c:09:1f:64:01:71:07:43:b4:7b:ca:35:
                    1d:fc:e0:49:74:34:4b:90:84:39:b9:f4:9c:60:a2:
                    a9:a6:f7:9b:5d:42:31:01:7f:0d:2d:73:80:cc:55:
                    10:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:67:72:81:09:43:4F:4F:41:8E:8D:F5:BE:B7:EB:4D:2E:C5:FC:0D
            X509v3 Authority Key Identifier:
                keyid:EF:4F:78:94:73:41:CE:55:88:8B:7E:BF:36:90:14:3B:0C:BF:F3:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/PWdygQlDT09Bjo31vrfrTS7F_A0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/7094lHNBzlWIi36_NpAUOwy_89Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.120.0/21
                  31.47.72.0/21
                  37.247.120.0/21
                  91.216.219.0/24
                  185.49.184.0/22
                  185.57.196.0/22
                  185.203.224.0/22
                  193.247.194.0/24
                  194.176.119.0/24
                  217.18.32.0/20
                IPv6:
                  2a01:a940::/32
                  2a02:2810::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:80:0c:cd:16:03:e5:0c:a8:63:0a:29:01:7c:f3:1e:5a:b4:
         31:e7:7c:08:11:8d:ae:8c:d8:da:c1:28:85:fa:9c:4f:ec:dc:
         36:a6:18:a0:30:69:ad:72:c3:28:c3:3a:63:dc:37:34:84:02:
         b4:6d:b6:3a:84:f3:f8:f6:68:08:62:5c:47:e4:a7:9d:cf:9b:
         54:d5:22:49:b6:b1:15:d1:44:6b:18:cd:cf:d4:44:5c:9d:af:
         e5:85:22:bc:5f:4d:e2:dd:a9:10:39:31:da:76:d1:1c:8e:c5:
         8a:19:92:18:89:d0:0d:7c:65:49:af:ad:83:02:4e:02:1c:7c:
         3c:43:24:72:16:6d:76:33:94:09:64:03:9e:d7:96:74:34:6f:
         34:04:69:c2:65:a8:49:2a:75:0d:4d:06:09:c0:ce:c3:ff:f7:
         88:89:f1:7c:72:da:b5:0f:08:3e:a3:43:40:5c:80:3f:94:e0:
         93:35:b5:39:0c:ca:1c:9d:3b:e3:ec:b3:1a:76:5d:e8:39:18:
         ae:f2:06:50:8b:17:5d:ea:dc:96:30:7e:06:0f:78:a2:90:c9:
         e9:ff:05:f8:08:dd:68:e0:1c:ea:84:7b:2b:be:d9:fe:c4:b0:
         26:7c:12:30:40:8e:f7:4b:71:e0:1f:d8:58:f6:19:d6:d0:d5:
         ae:22:6a:07
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYWhdH4rrLNkg7T92eCvpbK7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNGY3ODk0NzM0MWNlNTU4ODhiN2ViZjM2OTAxNDNiMGNi
ZmYzZDYwHhcNMjMwMTExMTUzMDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDY3NzI4MTA5NDM0ZjRmNDE4ZThkZjViZWI3ZWI0ZDJlYzVmYzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWdmJXwTqVtf59o680wqzYjTrECD
xqACGe0jbHpGN9lp/WAgD99ILQsls9LRP1bz+3QvVYRAwNLPi0o6cZAPvHPeZQOH
a3Tdj0jWTef+VYideOHGrCy8yncvcIcP/8nbB+tiQPM7cLnF5ePvUtdy9wu1eiBR
U03/k7Xqn9k0OpYHmMpTwvYbmDQIGZe6AUZrHOq7BzQG8T+VbDBTTOoC2ClvZVu/
nwFsb8qViXmr+zWW7uKW2USTSGytsisxx9rZsh+te89KhlpiCDbcUsukxjgXiJcM
CR9kAXEHQ7R7yjUd/OBJdDRLkIQ5ufScYKKppvebXUIxAX8NLXOAzFUQHwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFD1ncoEJQ09PQY6N9b63600uxfwNMB8GA1UdIwQY
MBaAFO9PeJRzQc5ViIt+vzaQFDsMv/PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzA5NGxITkJ6bFdJaTM2X05wQVVPd3lfODlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wMDVjOWUtZmU3Yy00NjlhLWI2ZjAt
OWJhYTY2Y2ExNDA0LzEvUFdkeWdRbERUMDlCam8zMXZyZnJUUzdGX0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wMDVjOWUtZmU3Yy00NjlhLWI2ZjAtOWJhYTY2Y2ExNDA0
LzEvNzA5NGxITkJ6bFdJaTM2X05wQVVPd3lfODlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQDHxh4AwQD
Hy9IAwQDJfd4AwQAW9jbAwQCuTG4AwQCuTnEAwQCucvgAwQAwffCAwQAwrB3AwQE
2RIgMBQEAgACMA4DBQAqAalAAwUAKgIoEDANBgkqhkiG9w0BAQsFAAOCAQEAuIAM
zRYD5QyoYwopAXzzHlq0Med8CBGNrozY2sEohfqcT+zcNqYYoDBprXLDKMM6Y9w3
NIQCtG22OoTz+PZoCGJcR+Snnc+bVNUiSbaxFdFEaxjNz9REXJ2v5YUivF9N4t2p
EDkx2nbRHI7FihmSGInQDXxlSa+tgwJOAhx8PEMkchZtdjOUCWQDnteWdDRvNARp
wmWoSSp1DU0GCcDOw//3iInxfHLatQ8IPqNDQFyAP5TgkzW1OQzKHJ074+yzGnZd
6DkYrvIGUIsXXercljB+Bg94opDJ6f8F+AjdaOAc6oR7K77Z/sSwJnwSMECO90tx
4B/YWPYZ1tDVriJqBw==
-----END CERTIFICATE-----