Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/DEHBcnozPN7Vo88L8DyOW8_n_3g.roa
File:                     DEHBcnozPN7Vo88L8DyOW8_n_3g.roa (raw, json)
Hash identifier:          5tbvKgsbOzz2ZMa3RyeN+trXZZtBgavrd3kdyZMB/c4=
Subject key identifier:   0C:41:C1:72:7A:33:3C:DE:D5:A3:CF:0B:F0:3C:8E:5B:CF:E7:FF:78
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018B8A11AD56D317BD5FA7C67EF595CB7E7C
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/DEHBcnozPN7Vo88L8DyOW8_n_3g.roa
Signing time:             Wed 01 Nov 2023 08:48:16 +0000
ROA not before:           Wed 01 Nov 2023 08:48:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43357
IP address blocks:        92.60.40.0/24 maxlen: 24
                          45.130.20.0/22 maxlen: 32
                          45.147.51.0/24 maxlen: 32
                          45.147.50.0/24 maxlen: 32
                          194.36.25.0/24 maxlen: 24
                          185.248.85.0/24 maxlen: 24
                          185.254.75.0/24 maxlen: 24
                          185.194.52.0/22 maxlen: 24
                          2a07:fe00:1::/48 maxlen: 48
                          2a03:d9c0:3000::/48 maxlen: 48
                          2a09:7:2007::/48 maxlen: 48
                          2a0c:59c0:18::/48 maxlen: 48
                          2a0b:89c1:3::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:8a:11:ad:56:d3:17:bd:5f:a7:c6:7e:f5:95:cb:7e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Nov  1 08:48:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0c41c1727a333cded5a3cf0bf03c8e5bcfe7ff78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:43:d6:13:20:5b:81:a4:13:7f:66:0f:7a:22:
                    d9:dd:5f:07:65:bf:2f:0e:75:fa:fc:4e:5f:6c:a0:
                    e6:35:a5:df:1c:26:55:6a:b4:d6:f0:7b:0b:c7:dc:
                    fa:60:80:0c:fc:6d:6a:24:c3:9b:ce:0e:c0:04:02:
                    88:97:ac:da:b9:0c:b7:c8:74:c8:b0:8d:7d:f2:12:
                    15:06:e2:79:a5:87:d3:25:e8:bf:5c:c9:eb:e8:08:
                    99:8c:ac:e8:12:9d:ec:ef:17:3c:64:58:da:2a:af:
                    8c:73:ae:c7:98:3b:1b:55:15:f7:b0:db:7b:c7:da:
                    80:0c:1c:ea:fd:ae:2f:a1:b0:5c:26:35:8f:df:18:
                    9d:5e:1c:43:a9:6c:4b:e6:7f:7b:76:f0:8c:ae:3c:
                    31:31:81:91:13:c4:7e:07:4c:f9:7e:d5:09:57:bd:
                    84:de:ae:c1:a3:25:6d:c5:51:3f:a4:1f:80:bc:77:
                    9b:59:a5:5f:60:77:a2:3c:1e:79:41:e6:05:de:cd:
                    fb:1d:2a:46:45:25:6d:9f:17:88:82:43:fa:f6:44:
                    0a:82:11:49:7a:bb:c4:7d:82:f4:5c:14:a4:15:85:
                    47:da:d8:fd:be:ee:68:8b:3f:9f:61:2b:61:67:3f:
                    bb:99:71:3c:4a:4b:45:39:e4:ed:07:63:f1:ee:b3:
                    6e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:41:C1:72:7A:33:3C:DE:D5:A3:CF:0B:F0:3C:8E:5B:CF:E7:FF:78
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/DEHBcnozPN7Vo88L8DyOW8_n_3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.20.0/22
                  45.147.50.0/23
                  92.60.40.0/24
                  185.194.52.0/22
                  185.248.85.0/24
                  185.254.75.0/24
                  194.36.25.0/24
                IPv6:
                  2a03:d9c0:3000::/48
                  2a07:fe00:1::/48
                  2a09:7:2007::/48
                  2a0b:89c1:3::/48
                  2a0c:59c0:18::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:c4:eb:2f:20:1e:ff:f9:db:91:84:3f:c2:a9:66:59:4e:be:
         3b:2d:e2:fe:48:66:ef:06:85:e6:84:e4:a6:3d:6f:47:cf:74:
         bb:d9:cc:c8:e0:4f:ee:42:8d:df:ed:61:4f:68:6f:b6:2d:ee:
         3c:75:36:4a:23:c9:de:9d:c5:e7:3b:19:50:bf:e3:6c:f7:dd:
         b6:58:78:e1:1a:5b:5f:fd:eb:6f:47:c1:ff:fb:16:bc:c9:33:
         ac:c4:8f:0c:61:16:e9:56:5e:e0:20:7b:71:f3:3d:45:87:8b:
         1b:c3:55:9f:d5:fa:d6:c0:a2:91:af:d0:5a:85:e7:88:e1:2e:
         7f:82:8d:21:48:64:a9:87:d7:6a:84:f7:6b:34:f1:ef:f3:83:
         68:c5:b3:b7:cb:c1:1f:2e:7b:2c:75:99:d6:59:26:5d:09:40:
         70:c5:53:a5:bd:3e:12:1a:59:c6:a5:41:3a:83:b3:7e:42:05:
         2d:63:2d:21:cb:7b:7c:8c:9a:b4:9d:8a:66:8c:7f:2c:d3:d3:
         6e:c4:01:ce:53:2f:24:55:eb:a0:a0:ad:b9:ad:9a:7a:1e:93:
         cf:58:48:6b:79:3b:e0:7d:9c:20:a4:e3:78:c4:51:53:67:d2:
         a0:f7:e6:5f:15:1c:e1:6d:57:78:72:52:ed:96:bf:f9:67:75:
         c9:49:f0:fb
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYuKEa1W0xe9X6fGfvWVy358MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjMxMTAxMDg0ODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzQxYzE3MjdhMzMzY2RlZDVhM2NmMGJmMDNjOGU1YmNmZTdmZjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEPWEyBbgaQTf2YPeiLZ3V8HZb8v
DnX6/E5fbKDmNaXfHCZVarTW8HsLx9z6YIAM/G1qJMObzg7ABAKIl6zauQy3yHTI
sI198hIVBuJ5pYfTJei/XMnr6AiZjKzoEp3s7xc8ZFjaKq+Mc67HmDsbVRX3sNt7
x9qADBzq/a4vobBcJjWP3xidXhxDqWxL5n97dvCMrjwxMYGRE8R+B0z5ftUJV72E
3q7BoyVtxVE/pB+AvHebWaVfYHeiPB55QeYF3s37HSpGRSVtnxeIgkP69kQKghFJ
ervEfYL0XBSkFYVH2tj9vu5oiz+fYSthZz+7mXE8SktFOeTtB2Px7rNu/QIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFAxBwXJ6Mzze1aPPC/A8jlvP5/94MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvREVIQmNub3pQTjdWbzg4TDhEeU9XOF9uXzNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzAwBAIAATAqAwQCLYIUAwQB
LZMyAwQAXDwoAwQCucI0AwQAufhVAwQAuf5LAwQAwiQZMDMEAgACMC0DBwAqA9nA
MAADBwAqB/4AAAEDBwAqCQAHIAcDBwAqC4nBAAMDBwAqDFnAABgwDQYJKoZIhvcN
AQELBQADggEBAETE6y8gHv/525GEP8KpZllOvjst4v5IZu8GheaE5KY9b0fPdLvZ
zMjgT+5Cjd/tYU9ob7Yt7jx1Nkojyd6dxec7GVC/42z33bZYeOEaW1/9629Hwf/7
FrzJM6zEjwxhFulWXuAge3HzPUWHixvDVZ/V+tbAopGv0FqF54jhLn+CjSFIZKmH
12qE92s08e/zg2jFs7fLwR8ueyx1mdZZJl0JQHDFU6W9PhIaWcalQTqDs35CBS1j
LSHLe3yMmrSdimaMfyzT027EAc5TLyRV66Cgrbmtmnoek89YSGt5O+B9nCCk43jE
UVNn0qD35l8VHOFtV3hyUu2Wv/lndclJ8Ps=
-----END CERTIFICATE-----