Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/qhkZx07VH2wjzWA-wx-e0tJB4Vg.roa
File:                     qhkZx07VH2wjzWA-wx-e0tJB4Vg.roa (raw, json)
Hash identifier:          D+dvAsVwZnqcgLOefAPJoCeTHl/3oQ/Ccv3IqwYVl6k=
Subject key identifier:   AA:19:19:C7:4E:D5:1F:6C:23:CD:60:3E:C3:1F:9E:D2:D2:41:E1:58
Certificate issuer:       /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial:       01857270F83487716B4423F1850A5FE4E940
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/qhkZx07VH2wjzWA-wx-e0tJB4Vg.roa
Signing time:             Mon 02 Jan 2023 12:24:44 +0000
ROA not before:           Mon 02 Jan 2023 12:24:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6898
IP address blocks:        31.44.32.0/20 maxlen: 20
                          193.221.216.0/23 maxlen: 23
                          31.44.46.0/23 maxlen: 23
                          46.21.16.0/23 maxlen: 23
                          46.21.18.0/23 maxlen: 23
                          46.21.29.0/24 maxlen: 24
                          46.21.31.0/24 maxlen: 24
                          193.222.104.0/23 maxlen: 24
                          185.155.176.0/22 maxlen: 22
                          185.155.184.0/23 maxlen: 23
                          77.220.64.0/19 maxlen: 19
                          2a00:bd00::/32 maxlen: 32
                          2a0f:e880::/29 maxlen: 29
                          2a02:210::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:70:f8:34:87:71:6b:44:23:f1:85:0a:5f:e4:e9:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
        Validity
            Not Before: Jan  2 12:24:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aa1919c74ed51f6c23cd603ec31f9ed2d241e158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6d:57:61:f9:3f:5d:3c:f3:af:9e:4e:a7:a0:
                    54:bd:6a:ab:c0:ff:1b:7f:12:3c:0d:31:dd:83:56:
                    ec:d1:63:77:6c:00:8c:ed:b8:78:12:6f:77:21:c9:
                    d3:c3:a0:30:bc:ca:ec:08:81:df:02:61:14:a2:d4:
                    85:0c:5f:eb:7d:e0:28:30:09:bb:e2:0c:15:8f:56:
                    b8:b0:92:9c:14:43:27:c4:35:8c:cb:40:62:02:6f:
                    9a:3c:27:0f:81:ca:f3:f3:2c:85:75:1c:e6:a2:5a:
                    b7:07:48:4a:f3:18:43:fe:07:c2:9d:fe:55:30:88:
                    a0:b1:7a:68:04:92:36:59:b4:c3:ed:e7:61:73:90:
                    b1:67:44:88:6a:86:68:8c:6f:c8:0e:de:be:84:94:
                    a0:66:f5:30:cb:65:50:81:6f:52:d0:e9:58:c9:53:
                    7d:09:8f:22:04:b5:e6:b8:ff:54:4b:32:89:59:8d:
                    d0:eb:30:e6:a9:92:c3:3d:a0:e6:a4:a7:4f:c8:d7:
                    46:07:2b:cc:9e:5b:de:50:e2:2d:97:b5:f6:1b:93:
                    65:56:f7:07:02:ba:ed:77:99:f3:fe:12:c0:f3:37:
                    6a:50:c1:02:7b:21:22:8f:01:a5:e8:40:ad:19:39:
                    0d:45:16:8c:77:35:aa:06:fb:57:e8:95:3b:a3:43:
                    5e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:19:19:C7:4E:D5:1F:6C:23:CD:60:3E:C3:1F:9E:D2:D2:41:E1:58
            X509v3 Authority Key Identifier:
                keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/qhkZx07VH2wjzWA-wx-e0tJB4Vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.32.0/20
                  46.21.16.0/22
                  46.21.29.0/24
                  46.21.31.0/24
                  77.220.64.0/19
                  185.155.176.0/22
                  185.155.184.0/23
                  193.221.216.0/23
                  193.222.104.0/23
                IPv6:
                  2a00:bd00::/32
                  2a02:210::/32
                  2a0f:e880::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:6b:a6:25:92:89:64:ce:6c:af:24:9b:7d:ad:da:36:89:0c:
         6a:3a:cd:90:7c:e5:a0:27:59:25:ba:cf:48:df:52:0e:1a:70:
         ab:bd:c0:c7:85:ce:93:c4:99:e2:cb:6f:d2:7e:76:f7:cc:bd:
         0a:64:dd:76:1c:38:b5:a5:4c:ac:a7:a2:cd:58:93:6f:14:f4:
         5d:12:28:e3:0a:fe:ad:54:9e:b3:2e:41:2e:e1:33:a8:22:26:
         36:73:22:f0:5b:de:3c:e3:b7:64:1b:76:91:5c:a5:99:77:84:
         e8:1d:e3:e3:ab:3b:52:41:31:09:58:29:66:6f:38:74:5a:ef:
         28:a0:a1:11:a8:8c:c1:8c:8c:8d:b7:33:ab:f4:a1:b3:ba:4e:
         f2:ca:3d:80:e5:51:90:db:7d:ca:3c:a9:8f:fa:cc:b9:45:38:
         95:08:eb:58:59:7d:2c:2b:c5:e4:85:f7:9f:73:ea:71:23:36:
         2d:fa:28:80:c4:67:73:45:af:d9:73:5e:0a:b5:4f:c4:73:e9:
         70:f0:8c:63:21:dc:f1:ee:e3:8a:8f:70:a6:4a:b5:e5:f9:97:
         84:ea:f3:f7:ca:d3:56:12:1d:c1:38:ae:af:24:6d:01:ec:1e:
         b0:3d:24:c4:66:71:0e:e8:99:58:a4:fb:22:a8:0b:31:77:5c:
         db:41:42:4b
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYVycPg0h3FrRCPxhQpf5OlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMwMTAyMTIyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTE5MTljNzRlZDUxZjZjMjNjZDYwM2VjMzFmOWVkMmQyNDFlMTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkG1XYfk/XTzzr55Op6BUvWqrwP8b
fxI8DTHdg1bs0WN3bACM7bh4Em93IcnTw6AwvMrsCIHfAmEUotSFDF/rfeAoMAm7
4gwVj1a4sJKcFEMnxDWMy0BiAm+aPCcPgcrz8yyFdRzmolq3B0hK8xhD/gfCnf5V
MIigsXpoBJI2WbTD7edhc5CxZ0SIaoZojG/IDt6+hJSgZvUwy2VQgW9S0OlYyVN9
CY8iBLXmuP9USzKJWY3Q6zDmqZLDPaDmpKdPyNdGByvMnlveUOItl7X2G5NlVvcH
Arrtd5nz/hLA8zdqUMECeyEijwGl6ECtGTkNRRaMdzWqBvtX6JU7o0NedwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFKoZGcdO1R9sI81gPsMfntLSQeFYMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvcWhrWngwN1ZIMndqeldBLXd4LWUwdEpCNFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzA8BAIAATA2AwQEHywgAwQC
LhUQAwQALhUdAwQALhUfAwQFTdxAAwQCuZuwAwQBuZu4AwQBwd3YAwQBwd5oMBsE
AgACMBUDBQAqAL0AAwUAKgICEAMFAyoP6IAwDQYJKoZIhvcNAQELBQADggEBAFFr
piWSiWTObK8km32t2jaJDGo6zZB85aAnWSW6z0jfUg4acKu9wMeFzpPEmeLLb9J+
dvfMvQpk3XYcOLWlTKynos1Yk28U9F0SKOMK/q1UnrMuQS7hM6giJjZzIvBb3jzj
t2QbdpFcpZl3hOgd4+OrO1JBMQlYKWZvOHRa7yigoRGojMGMjI23M6v0obO6TvLK
PYDlUZDbfco8qY/6zLlFOJUI61hZfSwrxeSF959z6nEjNi36KIDEZ3NFr9lzXgq1
T8Rz6XDwjGMh3PHu44qPcKZKteX5l4Tq8/fK01YSHcE4rq8kbQHsHrA9JMRmcQ7o
mVik+yKoCzF3XNtBQks=
-----END CERTIFICATE-----