Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/t4wZuNaw-rcjKWsRCWABdGBwjak.roa
File:                     t4wZuNaw-rcjKWsRCWABdGBwjak.roa (raw, json)
Hash identifier:          p56YDCCZrY+xUa0xvFoQUKcu9moDSbYICwm+ocfTmsI=
Subject key identifier:   B7:8C:19:B8:D6:B0:FA:B7:23:29:6B:11:09:60:01:74:60:70:8D:A9
Certificate issuer:       /CN=2d28cfa3fd2da9caaa659284758dee67099934f8
Certificate serial:       01889AE0ECF1C23D14F1CB39B911D7ECEBC2
Authority key identifier: 2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/t4wZuNaw-rcjKWsRCWABdGBwjak.roa
Signing time:             Thu 08 Jun 2023 12:00:11 +0000
ROA not before:           Thu 08 Jun 2023 12:00:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198735
IP address blocks:        217.145.231.0/24 maxlen: 24
                          212.15.85.0/24 maxlen: 24
                          212.15.84.0/24 maxlen: 24
                          212.15.83.0/24 maxlen: 24
                          212.15.82.0/24 maxlen: 24
                          212.15.81.0/24 maxlen: 24
                          212.15.80.0/24 maxlen: 24
                          212.15.80.0/21 maxlen: 21
                          212.15.87.0/24 maxlen: 24
                          212.15.86.0/24 maxlen: 24
                          185.51.223.0/24 maxlen: 24
                          185.51.222.0/24 maxlen: 24
                          185.51.221.0/24 maxlen: 24
                          185.51.220.0/22 maxlen: 22
                          185.51.220.0/24 maxlen: 24
                          5.1.105.0/24 maxlen: 24
                          5.1.104.0/24 maxlen: 24
                          5.1.104.0/21 maxlen: 21
                          5.1.111.0/24 maxlen: 24
                          5.1.110.0/24 maxlen: 24
                          5.1.109.0/24 maxlen: 24
                          5.1.108.0/24 maxlen: 24
                          5.1.107.0/24 maxlen: 24
                          5.1.106.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9a:e0:ec:f1:c2:3d:14:f1:cb:39:b9:11:d7:ec:eb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d28cfa3fd2da9caaa659284758dee67099934f8
        Validity
            Not Before: Jun  8 12:00:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b78c19b8d6b0fab723296b110960017460708da9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:04:8d:97:f5:27:81:1d:22:ff:9d:c6:e3:e7:
                    0e:74:b3:59:76:7f:68:8a:86:d7:9f:b2:86:e8:02:
                    c9:cd:28:51:22:43:5b:27:b6:46:99:4b:56:c7:4a:
                    84:2c:07:0a:41:7c:11:b7:00:e3:72:6f:83:55:b8:
                    5b:80:2b:3f:c1:12:29:3b:0a:33:72:6c:ec:f9:51:
                    f5:de:c7:27:2c:bb:a5:b6:62:5a:d3:d5:1f:83:0f:
                    2d:bc:c0:20:18:4a:e8:da:fc:86:d8:e5:50:6f:19:
                    fe:94:1b:33:2d:20:aa:de:d5:46:6e:d2:c4:40:9b:
                    2b:ed:76:65:9f:eb:41:62:f1:e8:16:c8:d9:e1:aa:
                    50:a9:ce:e6:ad:fa:0c:0b:26:d3:0b:26:ae:2b:33:
                    02:ac:09:ad:c9:a1:62:26:67:63:d2:84:ed:0a:1e:
                    25:1c:da:1b:e3:a8:dc:12:48:1c:eb:86:dd:81:e3:
                    52:d3:bb:f0:cb:18:6b:c6:75:77:a8:38:e6:57:f3:
                    8e:40:d2:5e:45:04:8b:8f:2b:99:c4:09:08:82:76:
                    3c:e9:7d:04:ae:31:fd:b2:d1:16:7d:a1:0e:17:64:
                    92:c1:d3:35:7a:97:62:20:81:11:a6:a8:52:69:8b:
                    29:f5:04:52:f8:57:9d:86:aa:fb:35:19:6d:7e:11:
                    0f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:8C:19:B8:D6:B0:FA:B7:23:29:6B:11:09:60:01:74:60:70:8D:A9
            X509v3 Authority Key Identifier:
                keyid:2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/t4wZuNaw-rcjKWsRCWABdGBwjak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.104.0/21
                  185.51.220.0/22
                  212.15.80.0/21
                  217.145.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:bc:25:cc:53:d8:61:54:ff:b9:e2:ce:01:c3:b9:db:f1:2a:
         66:67:ae:f8:16:5c:9f:89:75:b8:cb:f4:ef:b6:df:f5:82:7b:
         3a:f6:8a:6b:fd:2d:95:d7:89:18:f7:c1:45:56:4c:9d:b0:85:
         4a:60:af:f2:54:76:26:57:b0:b5:3f:72:e8:b5:0f:a8:25:79:
         3a:78:69:bb:96:61:4e:38:9f:4c:6b:0e:7f:a4:31:f7:a1:13:
         93:c3:28:ed:ec:71:ac:a0:e5:34:0c:dd:07:3d:a0:44:6c:5e:
         50:5a:cc:44:dc:79:89:63:32:9f:14:c6:3f:36:43:05:a3:8b:
         59:67:db:14:96:d3:5a:dc:49:d5:f6:17:e7:5b:0c:76:97:62:
         c8:bd:56:f1:94:2e:48:48:63:8c:af:06:84:ae:c4:86:37:44:
         d8:a0:97:e5:bf:94:8f:2f:36:29:df:cc:74:55:f1:8f:f0:17:
         d3:b5:19:8e:59:38:97:bb:ae:26:3c:95:48:74:0e:df:1c:76:
         46:2c:70:26:fc:1f:d8:07:64:d1:ea:99:42:4e:00:9d:d2:58:
         89:2c:ae:18:a8:15:5a:55:8c:43:0d:72:f7:d9:1d:7e:f2:3e:
         e5:3f:9c:2d:d0:e9:cb:30:46:93:e1:12:69:e4:62:5b:9a:77:
         c4:a0:92:ab
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYia4Ozxwj0U8cs5uRHX7OvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMjhjZmEzZmQyZGE5Y2FhYTY1OTI4NDc1OGRlZTY3MDk5
OTM0ZjgwHhcNMjMwNjA4MTIwMDExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzhjMTliOGQ2YjBmYWI3MjMyOTZiMTEwOTYwMDE3NDYwNzA4ZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwSNl/UngR0i/53G4+cOdLNZdn9o
iobXn7KG6ALJzShRIkNbJ7ZGmUtWx0qELAcKQXwRtwDjcm+DVbhbgCs/wRIpOwoz
cmzs+VH13scnLLultmJa09Ufgw8tvMAgGEro2vyG2OVQbxn+lBszLSCq3tVGbtLE
QJsr7XZln+tBYvHoFsjZ4apQqc7mrfoMCybTCyauKzMCrAmtyaFiJmdj0oTtCh4l
HNob46jcEkgc64bdgeNS07vwyxhrxnV3qDjmV/OOQNJeRQSLjyuZxAkIgnY86X0E
rjH9stEWfaEOF2SSwdM1epdiIIERpqhSaYsp9QRS+Fedhqr7NRltfhEPgQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLeMGbjWsPq3IylrEQlgAXRgcI2pMB8GA1UdIwQY
MBaAFC0oz6P9LanKqmWShHWN7mcJmTT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEt
M2FkNTJlOGI5NjI4LzEvdDR3WnVOYXctcmNqS1dzUkNXQUJkR0J3amFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEtM2FkNTJlOGI5NjI4
LzEvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDBQFoAwQC
uTPcAwQD1A9QAwQA2ZHnMA0GCSqGSIb3DQEBCwUAA4IBAQB3vCXMU9hhVP+54s4B
w7nb8SpmZ674FlyfiXW4y/Tvtt/1gns69opr/S2V14kY98FFVkydsIVKYK/yVHYm
V7C1P3LotQ+oJXk6eGm7lmFOOJ9Maw5/pDH3oROTwyjt7HGsoOU0DN0HPaBEbF5Q
WsxE3HmJYzKfFMY/NkMFo4tZZ9sUltNa3EnV9hfnWwx2l2LIvVbxlC5ISGOMrwaE
rsSGN0TYoJflv5SPLzYp38x0VfGP8BfTtRmOWTiXu64mPJVIdA7fHHZGLHAm/B/Y
B2TR6plCTgCd0liJLK4YqBVaVYxDDXL32R1+8j7lP5wt0OnLMEaT4RJp5GJbmnfE
oJKr
-----END CERTIFICATE-----