Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/NdF7_VetelSNYajFbSi8LIhLIUQ.roa
File:                     NdF7_VetelSNYajFbSi8LIhLIUQ.roa (raw, json)
Hash identifier:          PC5roD6JPuOezzXnLKjJTukam4OlvZhQpVN9/ySwF2E=
Subject key identifier:   35:D1:7B:FD:57:AD:7A:54:8D:61:A8:C5:6D:28:BC:2C:88:4B:21:44
Certificate issuer:       /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial:       018A4C758405ECD72F3BA586D326243D7DF5
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/NdF7_VetelSNYajFbSi8LIhLIUQ.roa
Signing time:             Thu 31 Aug 2023 16:38:04 +0000
ROA not before:           Thu 31 Aug 2023 16:38:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25393
IP address blocks:        193.178.144.0/23 maxlen: 23
                          78.27.224.0/19 maxlen: 19
                          77.87.192.0/21 maxlen: 21
                          89.184.72.0/21 maxlen: 21
                          89.184.88.0/21 maxlen: 21
                          5.149.120.0/22 maxlen: 24
                          5.149.124.0/22 maxlen: 24
                          195.177.116.0/22 maxlen: 22
                          2a02:2278:200::/40 maxlen: 56
                          2a02:2278:204::/48 maxlen: 48
                          2a02:2278:100::/44 maxlen: 56
                          2a02:2278:208::/48 maxlen: 48
                          2a02:2279::/32 maxlen: 32
                          2a02:2279::/40 maxlen: 56
                          2a02:2279:1200::/40 maxlen: 56
                          2a02:2279:200::/40 maxlen: 56

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:4c:75:84:05:ec:d7:2f:3b:a5:86:d3:26:24:3d:7d:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
        Validity
            Not Before: Aug 31 16:38:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=35d17bfd57ad7a548d61a8c56d28bc2c884b2144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:30:6d:d2:c6:76:ea:73:5e:90:e5:d0:9e:88:
                    3f:a2:55:fa:b8:69:9a:f2:c3:aa:4d:d5:7b:2f:e2:
                    4d:db:5b:3d:5d:0e:1d:7b:49:58:13:53:be:e9:46:
                    09:a0:f0:76:75:6d:6c:c7:48:4b:bf:d4:8d:f6:85:
                    3b:e0:27:20:ae:0d:d8:7e:d0:07:a4:24:82:47:af:
                    5e:51:bd:ef:5b:ee:e9:14:b4:c0:62:c1:b1:fc:75:
                    4d:d5:a3:55:3e:41:a7:54:44:55:21:33:50:85:e9:
                    ad:92:de:61:34:32:9f:94:f9:ab:38:10:08:ba:8f:
                    7c:b1:4a:b7:93:74:09:52:fc:c6:66:6c:8e:f7:35:
                    08:86:51:80:c1:4f:48:9a:76:1d:f6:db:90:ff:a1:
                    4e:0e:4f:38:15:53:9f:ef:12:e0:91:cf:d1:2a:73:
                    18:3f:87:dd:25:81:60:4f:89:3c:97:c9:4f:b2:60:
                    60:9e:d0:00:45:a9:85:f1:69:d5:41:7c:7a:be:e4:
                    f8:3d:f5:7c:1d:72:16:f3:12:4a:b6:be:d8:c1:63:
                    b8:61:b6:6c:d0:60:04:ee:21:86:f7:43:df:2a:48:
                    2d:33:02:d7:4c:9c:7b:7f:96:ba:a0:fc:46:bc:31:
                    68:9c:d3:6a:68:a5:dc:53:54:ca:4c:37:54:30:4b:
                    22:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D1:7B:FD:57:AD:7A:54:8D:61:A8:C5:6D:28:BC:2C:88:4B:21:44
            X509v3 Authority Key Identifier:
                keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/NdF7_VetelSNYajFbSi8LIhLIUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.120.0/21
                  77.87.192.0/21
                  78.27.224.0/19
                  89.184.72.0/21
                  89.184.88.0/21
                  193.178.144.0/23
                  195.177.116.0/22
                IPv6:
                  2a02:2278:100::/44
                  2a02:2278:200::/40
                  2a02:2279::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:7f:d3:47:26:d6:2a:b1:f3:e2:8f:df:fd:bb:94:46:00:31:
         95:80:25:2e:21:13:86:6a:c7:48:7e:0f:af:12:cf:32:f2:50:
         88:0e:f8:cb:4b:ac:da:29:1a:39:b7:93:cb:79:b3:87:4e:52:
         ed:69:97:ec:ec:27:ec:2b:b0:11:d7:4a:c0:76:0f:76:16:94:
         ee:fb:8e:f5:37:f3:fe:3f:5e:95:25:91:9f:24:d1:9a:d8:5e:
         51:bc:90:6c:6f:2c:13:db:32:1c:76:f7:29:6d:d9:42:60:7f:
         c3:58:fe:b8:17:f9:f6:23:4b:b5:ac:fa:11:8b:75:5d:54:90:
         e0:99:d1:be:b4:b5:ab:05:cb:04:30:b4:38:b9:c9:ff:95:ae:
         6d:ce:50:5b:78:3b:5b:69:2e:96:b8:b9:4a:76:a7:e1:4a:06:
         7c:71:c3:16:c5:71:e6:70:f4:0d:cf:cf:0a:19:5c:01:32:82:
         7c:37:68:9d:d0:f3:44:51:1b:6f:21:ad:de:d1:08:ac:d5:f5:
         6f:70:eb:2c:84:62:2f:77:04:a6:69:02:5a:79:4c:79:68:fb:
         fe:11:60:c3:33:eb:c8:de:de:4a:b8:08:42:89:4d:fc:f0:d5:
         50:62:6e:f0:e1:31:74:29:75:85:e8:b0:18:b4:1b:ad:e0:74:
         e6:81:5a:fe
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYpMdYQF7NcvO6WG0yYkPX31MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjMwODMxMTYzODA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQxN2JmZDU3YWQ3YTU0OGQ2MWE4YzU2ZDI4YmMyYzg4NGIyMTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzBt0sZ26nNekOXQnog/olX6uGma
8sOqTdV7L+JN21s9XQ4de0lYE1O+6UYJoPB2dW1sx0hLv9SN9oU74Ccgrg3YftAH
pCSCR69eUb3vW+7pFLTAYsGx/HVN1aNVPkGnVERVITNQhemtkt5hNDKflPmrOBAI
uo98sUq3k3QJUvzGZmyO9zUIhlGAwU9ImnYd9tuQ/6FODk84FVOf7xLgkc/RKnMY
P4fdJYFgT4k8l8lPsmBgntAARamF8WnVQXx6vuT4PfV8HXIW8xJKtr7YwWO4YbZs
0GAE7iGG90PfKkgtMwLXTJx7f5a6oPxGvDFonNNqaKXcU1TKTDdUMEsizQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFDXRe/1XrXpUjWGoxW0ovCyISyFEMB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvTmRGN19WZXRlbFNOWWFqRmJTaThMSWhMSVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjAwBAIAATAqAwQDBZV4AwQD
TVfAAwQFThvgAwQDWbhIAwQDWbhYAwQBwbKQAwQCw7F0MB4EAgACMBgDBwQqAiJ4
AQADBgAqAiJ4AgMFACoCInkwDQYJKoZIhvcNAQELBQADggEBABN/00cm1iqx8+KP
3/27lEYAMZWAJS4hE4Zqx0h+D68SzzLyUIgO+MtLrNopGjm3k8t5s4dOUu1pl+zs
J+wrsBHXSsB2D3YWlO77jvU38/4/XpUlkZ8k0ZrYXlG8kGxvLBPbMhx29ylt2UJg
f8NY/rgX+fYjS7Ws+hGLdV1UkOCZ0b60tasFywQwtDi5yf+Vrm3OUFt4O1tpLpa4
uUp2p+FKBnxxwxbFceZw9A3PzwoZXAEygnw3aJ3Q80RRG28hrd7RCKzV9W9w6yyE
Yi93BKZpAlp5THlo+/4RYMMz68je3kq4CEKJTfzw1VBibvDhMXQpdYXosBi0G63g
dOaBWv4=
-----END CERTIFICATE-----