Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/ODIMu1RtLxy2kvGGyBkP8jRZTDQ.roa
File:                     ODIMu1RtLxy2kvGGyBkP8jRZTDQ.roa (raw, json)
Hash identifier:          MxJ8MUs3zBDpiHN97dRDMFESMwjr5PXaNMil0iNcvnI=
Subject key identifier:   38:32:0C:BB:54:6D:2F:1C:B6:92:F1:86:C8:19:0F:F2:34:59:4C:34
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       018723BC504CDC1215477EC19951920BDE29
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/ODIMu1RtLxy2kvGGyBkP8jRZTDQ.roa
Signing time:             Mon 27 Mar 2023 15:42:36 +0000
ROA not before:           Mon 27 Mar 2023 15:42:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     26383
IP address blocks:        91.149.232.0/23 maxlen: 23
                          91.149.240.0/24 maxlen: 24
                          91.149.239.0/24 maxlen: 24
                          91.149.238.0/24 maxlen: 24
                          91.149.236.0/23 maxlen: 23
                          91.149.243.0/24 maxlen: 24
                          91.149.242.0/24 maxlen: 24
                          91.149.241.0/24 maxlen: 24
                          91.149.253.0/24 maxlen: 24
                          91.149.255.0/24 maxlen: 24
                          91.149.254.0/24 maxlen: 24
                          91.149.202.0/23 maxlen: 23
                          91.149.218.0/24 maxlen: 24
                          91.149.219.0/24 maxlen: 24
                          91.149.222.0/23 maxlen: 23
                          91.149.221.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:23:bc:50:4c:dc:12:15:47:7e:c1:99:51:92:0b:de:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: Mar 27 15:42:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38320cbb546d2f1cb692f186c8190ff234594c34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:56:f4:2f:6f:7b:26:38:8f:60:20:e3:bf:15:
                    a6:c0:b5:89:71:2a:83:91:20:84:74:af:c4:5a:87:
                    c0:dc:66:e8:ef:a5:10:d2:70:c8:0d:ab:9d:01:18:
                    2f:75:5b:76:1f:b3:f9:bc:11:53:f0:a9:7e:75:bf:
                    1c:eb:e3:10:a2:2a:55:20:a8:38:07:f0:8e:79:c0:
                    a3:04:b0:0e:4c:6c:23:0c:c9:cb:cb:2f:03:77:1a:
                    a1:5e:61:c2:b1:23:ff:d8:62:a6:bf:58:bf:05:d4:
                    71:99:b0:48:dc:57:c8:a7:ad:51:d9:05:bf:ac:bb:
                    19:41:9a:f0:8c:2d:05:f0:dd:45:4e:32:28:27:6c:
                    be:a6:77:3d:8d:1d:90:91:83:23:75:84:37:d9:a1:
                    9c:d3:9b:d5:83:14:7a:a1:1b:c3:5d:17:07:ec:57:
                    66:a8:99:1b:c9:f3:53:82:d9:f2:d2:93:c5:63:e4:
                    ae:b2:7a:85:22:fe:89:0c:99:be:ca:07:34:e5:c7:
                    e4:f9:06:4b:09:36:ab:70:d6:2d:ba:ab:a8:3c:6d:
                    c1:f9:dc:20:3d:df:b1:53:f0:d0:fd:60:0e:fe:cd:
                    32:03:ff:8d:a6:7b:c3:e9:71:ec:fc:e9:9f:42:dd:
                    80:45:cf:e0:90:e8:57:c3:30:5c:1b:ba:1d:60:2c:
                    e6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:32:0C:BB:54:6D:2F:1C:B6:92:F1:86:C8:19:0F:F2:34:59:4C:34
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/ODIMu1RtLxy2kvGGyBkP8jRZTDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.202.0/23
                  91.149.218.0/23
                  91.149.221.0-91.149.223.255
                  91.149.232.0/23
                  91.149.236.0-91.149.243.255
                  91.149.253.0-91.149.255.255

    Signature Algorithm: sha256WithRSAEncryption
         cf:81:e5:7c:f0:17:00:38:54:f4:da:12:6e:21:6b:19:3f:44:
         21:cd:1d:e9:bf:91:27:f5:e8:b3:58:b9:85:50:ac:e7:ed:e8:
         1f:8d:d0:d3:e4:6d:ed:6b:4d:5b:b7:0b:d1:42:2f:c8:08:d9:
         f8:d0:f7:b0:71:b2:86:38:2b:5c:97:f0:1a:a6:ee:1b:2a:c7:
         e9:d8:16:3e:11:8e:9e:a9:ae:69:ef:52:ed:01:81:ff:4a:93:
         0c:53:dc:61:dd:32:39:73:59:71:74:0d:08:cc:48:b4:1b:0e:
         4d:4d:52:f2:aa:b5:26:ee:2f:79:c6:63:ce:7e:41:82:ee:48:
         52:dd:97:9b:0a:e9:2a:a6:d2:2e:7d:9e:61:df:38:9d:9f:ef:
         bb:6e:cd:83:29:59:46:3b:58:5a:63:ff:86:45:28:9f:99:e5:
         ca:71:a6:c9:a4:42:d8:6c:04:a3:ee:5b:3c:21:a9:5f:a3:93:
         a6:d1:38:58:76:46:2f:6f:c5:c8:e5:0b:b4:ba:d2:12:ad:1d:
         e6:7d:bd:6d:96:bf:06:1d:ba:2c:99:a6:e4:13:5e:1a:29:e5:
         91:c9:84:95:06:c5:bd:c8:b9:de:c4:ba:a4:c5:72:93:8a:c0:
         1a:ff:54:a1:e0:68:e9:58:7a:5d:b7:1a:16:b2:0b:59:77:51:
         ec:12:a9:13
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYcjvFBM3BIVR37BmVGSC94pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjMwMzI3MTU0MjM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODMyMGNiYjU0NmQyZjFjYjY5MmYxODZjODE5MGZmMjM0NTk0YzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1b0L297JjiPYCDjvxWmwLWJcSqD
kSCEdK/EWofA3Gbo76UQ0nDIDaudARgvdVt2H7P5vBFT8Kl+db8c6+MQoipVIKg4
B/COecCjBLAOTGwjDMnLyy8DdxqhXmHCsSP/2GKmv1i/BdRxmbBI3FfIp61R2QW/
rLsZQZrwjC0F8N1FTjIoJ2y+pnc9jR2QkYMjdYQ32aGc05vVgxR6oRvDXRcH7Fdm
qJkbyfNTgtny0pPFY+SusnqFIv6JDJm+ygc05cfk+QZLCTarcNYtuquoPG3B+dwg
Pd+xU/DQ/WAO/s0yA/+NpnvD6XHs/OmfQt2ARc/gkOhXwzBcG7odYCzmWQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFDgyDLtUbS8ctpLxhsgZD/I0WUw0MB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvT0RJTXUxUnRMeHkya3ZHR3lCa1A4alJaVERRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzBBBAIAATA7AwQBW5XKAwQB
W5XaMAwDBABbld0DBAVblcADBAFblegwDAMEAluV7AMEAluV8DALAwQAW5X9AwMB
W5QwDQYJKoZIhvcNAQELBQADggEBAM+B5XzwFwA4VPTaEm4haxk/RCHNHem/kSf1
6LNYuYVQrOft6B+N0NPkbe1rTVu3C9FCL8gI2fjQ97BxsoY4K1yX8Bqm7hsqx+nY
Fj4Rjp6prmnvUu0Bgf9KkwxT3GHdMjlzWXF0DQjMSLQbDk1NUvKqtSbuL3nGY85+
QYLuSFLdl5sK6Sqm0i59nmHfOJ2f77tuzYMpWUY7WFpj/4ZFKJ+Z5cpxpsmkQths
BKPuWzwhqV+jk6bROFh2Ri9vxcjlC7S60hKtHeZ9vW2WvwYduiyZpuQTXhop5ZHJ
hJUGxb3Iud7EuqTFcpOKwBr/VKHgaOlYel23GhayC1l3UewSqRM=
-----END CERTIFICATE-----