Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9v3Qt_AkAezWSYxh5e2SDMi_M_4.roa
File:                     9v3Qt_AkAezWSYxh5e2SDMi_M_4.roa (raw, json)
Hash identifier:          WiE0u7Vw/iYUWuhr0NCJGPW7dnof9H1Tk/6wO7vaOwY=
Subject key identifier:   F6:FD:D0:B7:F0:24:01:EC:D6:49:8C:61:E5:ED:92:0C:C8:BF:33:FE
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       01898C43952693853469DD3648C740EFCD3B
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9v3Qt_AkAezWSYxh5e2SDMi_M_4.roa
Signing time:             Tue 25 Jul 2023 08:56:26 +0000
ROA not before:           Tue 25 Jul 2023 08:56:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210906
IP address blocks:        209.35.99.0/24 maxlen: 24
                          193.36.76.0/24 maxlen: 24
                          194.29.67.0/24 maxlen: 24
                          194.29.70.0/24 maxlen: 24
                          194.29.80.0/24 maxlen: 24
                          193.200.96.0/23 maxlen: 23
                          89.32.204.0/24 maxlen: 24
                          89.47.34.0/24 maxlen: 24
                          86.104.215.0/24 maxlen: 24
                          89.33.83.0/24 maxlen: 24
                          194.26.149.0/24 maxlen: 24
                          86.104.227.0/24 maxlen: 24
                          162.218.158.0/24 maxlen: 24
                          162.218.157.0/24 maxlen: 24
                          212.102.116.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8c:43:95:26:93:85:34:69:dd:36:48:c7:40:ef:cd:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: Jul 25 08:56:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f6fdd0b7f02401ecd6498c61e5ed920cc8bf33fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:85:9c:6c:95:f7:f5:73:dd:0c:cc:d9:52:5c:
                    cf:5d:b1:23:63:1b:88:5f:e6:6e:87:05:f8:5c:23:
                    e2:77:32:43:73:77:8c:51:fb:fd:ee:7b:90:84:38:
                    e3:bf:34:9c:ad:6a:03:a2:1e:99:d7:51:ff:5f:b4:
                    3c:6a:77:62:b0:ea:0c:fd:4c:61:75:74:7e:73:40:
                    40:9f:6f:9d:8e:ca:b5:ac:a6:17:9d:81:31:ca:9d:
                    54:38:e0:de:60:98:cf:cf:f1:91:48:a3:27:ad:49:
                    da:7a:c5:0a:3f:a8:1a:63:38:28:ab:f4:35:b1:7f:
                    1b:d4:ab:c3:c8:a5:26:a9:3a:81:bc:c7:bf:26:72:
                    15:a7:b2:d5:90:7d:76:32:3a:c2:d2:2a:8f:d0:ad:
                    8c:40:ed:76:6b:dc:69:f3:3f:6b:1f:76:85:7d:02:
                    76:21:c9:91:cd:c1:ce:8f:57:73:54:04:8f:1d:d3:
                    b1:00:39:b4:d0:a7:15:1a:b1:4c:87:af:8c:f9:e5:
                    93:f0:99:dc:0d:4b:4c:63:15:89:97:c3:f2:0d:2d:
                    93:b7:a6:82:9e:bb:9b:d4:ae:2c:13:c4:52:03:ca:
                    59:c9:6f:a7:50:24:62:b4:57:db:7a:f1:0e:32:85:
                    d0:ce:00:9a:24:73:95:6a:c4:72:99:07:40:eb:15:
                    37:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:FD:D0:B7:F0:24:01:EC:D6:49:8C:61:E5:ED:92:0C:C8:BF:33:FE
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9v3Qt_AkAezWSYxh5e2SDMi_M_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.215.0/24
                  86.104.227.0/24
                  89.32.204.0/24
                  89.33.83.0/24
                  89.47.34.0/24
                  162.218.157.0-162.218.158.255
                  193.36.76.0/24
                  193.200.96.0/23
                  194.26.149.0/24
                  194.29.67.0/24
                  194.29.70.0/24
                  194.29.80.0/24
                  209.35.99.0/24
                  212.102.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:3d:94:2d:37:70:40:8c:dd:bd:e4:13:75:25:b5:82:e7:6b:
         ca:8b:88:a6:f7:53:ef:8f:1b:fc:bf:18:01:8b:24:32:ed:52:
         ba:f2:03:a8:27:c0:5a:81:68:09:82:26:a2:38:fe:97:b6:48:
         0c:c3:6e:95:bc:8a:40:81:12:e7:80:09:16:e2:5e:4b:6b:e3:
         90:c8:c0:c1:70:69:95:ec:56:aa:94:12:9d:57:89:80:fa:a8:
         8e:4c:eb:da:2f:77:45:5d:13:51:4e:f9:11:6d:3a:a2:f9:db:
         24:44:97:8e:b3:87:9f:5f:1e:78:40:49:45:2a:e1:9c:57:d1:
         40:ce:e9:2a:82:ba:a9:37:9d:10:5b:63:a0:90:24:af:07:44:
         6f:a4:22:9a:cf:5d:da:d9:f0:35:aa:56:cd:79:bb:9e:1e:6b:
         c0:f8:18:72:4e:17:40:d3:7c:56:2f:b8:ad:dc:19:0e:e7:1b:
         7c:d2:6a:85:4e:d4:57:8a:c8:57:b1:d5:60:c7:af:69:a2:0b:
         ba:20:e9:ed:5b:44:a7:8d:2b:ee:a7:fd:18:47:22:75:65:1f:
         f2:d4:37:dc:ae:59:22:2f:e2:2d:56:a4:d8:ce:a1:3d:40:81:
         b7:23:62:77:64:d4:57:05:45:7b:c5:10:ea:9f:84:43:d3:32:
         9c:b5:f3:f8
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYmMQ5Umk4U0ad02SMdA7807MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjMwNzI1MDg1NjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmZkZDBiN2YwMjQwMWVjZDY0OThjNjFlNWVkOTIwY2M4YmYzM2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoWcbJX39XPdDMzZUlzPXbEjYxuI
X+ZuhwX4XCPidzJDc3eMUfv97nuQhDjjvzScrWoDoh6Z11H/X7Q8andisOoM/Uxh
dXR+c0BAn2+djsq1rKYXnYExyp1UOODeYJjPz/GRSKMnrUnaesUKP6gaYzgoq/Q1
sX8b1KvDyKUmqTqBvMe/JnIVp7LVkH12MjrC0iqP0K2MQO12a9xp8z9rH3aFfQJ2
IcmRzcHOj1dzVASPHdOxADm00KcVGrFMh6+M+eWT8JncDUtMYxWJl8PyDS2Tt6aC
nrub1K4sE8RSA8pZyW+nUCRitFfbevEOMoXQzgCaJHOVasRymQdA6xU3JQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFPb90LfwJAHs1kmMYeXtkgzIvzP+MB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvOXYzUXRfQWtBZXpXU1l4aDVlMlNETWlfTV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAVmjXAwQA
VmjjAwQAWSDMAwQAWSFTAwQAWS8iMAwDBACi2p0DBACi2p4DBADBJEwDBAHByGAD
BADCGpUDBADCHUMDBADCHUYDBADCHVADBADRI2MDBADUZnQwDQYJKoZIhvcNAQEL
BQADggEBADc9lC03cECM3b3kE3UltYLna8qLiKb3U++PG/y/GAGLJDLtUrryA6gn
wFqBaAmCJqI4/pe2SAzDbpW8ikCBEueACRbiXktr45DIwMFwaZXsVqqUEp1XiYD6
qI5M69ovd0VdE1FO+RFtOqL52yREl46zh59fHnhASUUq4ZxX0UDO6SqCuqk3nRBb
Y6CQJK8HRG+kIprPXdrZ8DWqVs15u54ea8D4GHJOF0DTfFYvuK3cGQ7nG3zSaoVO
1FeKyFex1WDHr2miC7og6e1bRKeNK+6n/RhHInVlH/LUN9yuWSIv4i1WpNjOoT1A
gbcjYndk1FcFRXvFEOqfhEPTMpy18/g=
-----END CERTIFICATE-----