Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/IKUz0hC8iviX5nB5wMosSRtva6c.roa
File:                     IKUz0hC8iviX5nB5wMosSRtva6c.roa (raw, json)
Hash identifier:          04qDPVtihANc3lRswbi+8MckPqHbvk+ceAYxSBwyP4I=
Subject key identifier:   20:A5:33:D2:10:BC:8A:F8:97:E6:70:79:C0:CA:2C:49:1B:6F:6B:A7
Certificate issuer:       /CN=f7b50c7e81d8cf264d1209b6ad5a3ccb82c16fdd
Certificate serial:       01888B7E578D97BC8E03C6EECBBA35C20230
Authority key identifier: F7:B5:0C:7E:81:D8:CF:26:4D:12:09:B6:AD:5A:3C:CB:82:C1:6F:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/97UMfoHYzyZNEgm2rVo8y4LBb90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/IKUz0hC8iviX5nB5wMosSRtva6c.roa
Signing time:             Mon 05 Jun 2023 12:18:12 +0000
ROA not before:           Mon 05 Jun 2023 12:18:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     63473
IP address blocks:        194.29.186.0/24 maxlen: 24
                          194.29.187.0/24 maxlen: 24
                          45.132.74.0/24 maxlen: 24
                          45.132.75.0/24 maxlen: 24
                          185.223.207.0/24 maxlen: 24
                          194.29.100.0/24 maxlen: 24
                          194.29.101.0/24 maxlen: 24
                          45.91.95.0/24 maxlen: 24
                          45.91.92.0/24 maxlen: 24
                          45.91.93.0/24 maxlen: 24
                          45.91.94.0/24 maxlen: 24
                          109.205.61.0/24 maxlen: 24
                          2a0e:dc0:4::/48 maxlen: 48
                          2a0e:dc0:5::/48 maxlen: 48
                          2a0e:dc0:8::/48 maxlen: 48
                          2a0e:dc0:3::/48 maxlen: 48
                          2a0e:dc0:9::/48 maxlen: 48
                          2a0e:dc0:2::/48 maxlen: 48
                          2a0e:dc0:6::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8b:7e:57:8d:97:bc:8e:03:c6:ee:cb:ba:35:c2:02:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7b50c7e81d8cf264d1209b6ad5a3ccb82c16fdd
        Validity
            Not Before: Jun  5 12:18:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20a533d210bc8af897e67079c0ca2c491b6f6ba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:cc:05:c5:9c:3c:e3:22:d8:ca:ae:74:8f:01:
                    31:6d:00:88:cc:2d:71:de:31:fa:4f:e1:6d:d6:82:
                    0b:b1:f6:5e:c2:f1:74:5d:e0:90:37:73:76:d2:7d:
                    d1:94:5a:c3:3c:2e:56:ee:48:08:f8:df:ab:8e:3e:
                    98:0a:3b:8f:7c:f4:77:c7:f6:34:5b:e2:ab:06:a2:
                    3b:3a:4b:a3:fe:ec:a2:2f:28:82:99:a1:3a:6e:c5:
                    5f:20:7d:46:2c:36:83:30:be:50:e4:f7:cb:1e:a8:
                    77:ea:5c:5d:be:de:3b:69:7d:41:11:4e:c3:77:e3:
                    d8:b5:cd:eb:7e:f2:2f:fe:7e:b1:e8:11:8d:be:c4:
                    b1:f3:71:72:49:98:0f:5d:dc:e9:7c:db:67:7c:a4:
                    88:9e:ec:26:99:fb:7f:45:fa:d7:30:f9:c9:be:1c:
                    c9:33:14:3b:8d:01:f3:6d:65:44:b0:bf:40:c4:67:
                    97:45:0b:86:b7:83:ab:1a:7b:3a:6b:bd:1f:cd:d7:
                    21:33:4f:0a:1a:67:b6:40:08:61:c4:fc:7d:de:33:
                    9f:57:51:41:20:56:28:3d:85:46:c7:45:df:93:91:
                    c9:4b:b2:f6:76:c1:56:f2:77:12:f6:64:bf:69:81:
                    b6:c6:21:f4:b9:09:0b:65:a1:fa:30:b9:c4:25:7c:
                    ff:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A5:33:D2:10:BC:8A:F8:97:E6:70:79:C0:CA:2C:49:1B:6F:6B:A7
            X509v3 Authority Key Identifier:
                keyid:F7:B5:0C:7E:81:D8:CF:26:4D:12:09:B6:AD:5A:3C:CB:82:C1:6F:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/97UMfoHYzyZNEgm2rVo8y4LBb90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/IKUz0hC8iviX5nB5wMosSRtva6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/97UMfoHYzyZNEgm2rVo8y4LBb90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.92.0/22
                  45.132.74.0/23
                  109.205.61.0/24
                  185.223.207.0/24
                  194.29.100.0/23
                  194.29.186.0/23
                IPv6:
                  2a0e:dc0:2::-2a0e:dc0:6:ffff:ffff:ffff:ffff:ffff
                  2a0e:dc0:8::/47

    Signature Algorithm: sha256WithRSAEncryption
         88:92:d6:4a:0d:5d:68:7e:7e:fa:41:45:6e:c3:2d:04:2b:cd:
         b4:29:33:bf:89:8a:1b:2f:18:c8:c1:ed:75:08:58:2e:47:1f:
         90:0e:b2:c0:c9:29:b2:3e:34:e5:44:92:22:f2:4e:af:77:8e:
         83:d5:19:27:53:52:96:f6:6a:d1:30:54:8d:84:74:f4:5f:35:
         70:b7:33:87:be:d9:1b:cf:25:32:83:68:0a:c1:7c:51:f3:3b:
         d6:30:4c:8d:00:a4:bb:89:c4:25:26:cf:a4:29:1f:5a:10:e4:
         84:7b:d8:4c:d4:18:31:b6:fd:1d:bd:d9:72:38:a9:f8:5d:2b:
         9a:d9:3f:4d:17:7a:e7:14:66:f1:f4:08:e3:f6:27:44:1a:b2:
         1b:0c:f2:72:c9:62:c0:df:da:0d:74:72:44:20:f1:c6:45:66:
         fa:dc:a3:4b:c5:18:5b:30:39:7c:a4:2d:6d:b5:47:83:c2:56:
         4e:d2:9f:7d:23:f7:5e:ef:c4:8e:30:70:46:7b:ee:f6:f7:5a:
         ac:f4:a6:52:09:3e:82:0e:f0:ac:dd:d2:50:cb:78:7d:d5:61:
         98:94:78:7c:ce:88:30:fd:23:23:41:79:b3:3f:b5:76:8a:bf:
         b4:15:52:b7:f6:0c:fd:b0:d8:17:5c:82:3a:bf:33:2c:b0:fb:
         be:f3:9f:5a
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYiLfleNl7yOA8buy7o1wgIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YjUwYzdlODFkOGNmMjY0ZDEyMDliNmFkNWEzY2NiODJj
MTZmZGQwHhcNMjMwNjA1MTIxODEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGE1MzNkMjEwYmM4YWY4OTdlNjcwNzljMGNhMmM0OTFiNmY2YmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMwFxZw84yLYyq50jwExbQCIzC1x
3jH6T+Ft1oILsfZewvF0XeCQN3N20n3RlFrDPC5W7kgI+N+rjj6YCjuPfPR3x/Y0
W+KrBqI7Okuj/uyiLyiCmaE6bsVfIH1GLDaDML5Q5PfLHqh36lxdvt47aX1BEU7D
d+PYtc3rfvIv/n6x6BGNvsSx83FySZgPXdzpfNtnfKSInuwmmft/RfrXMPnJvhzJ
MxQ7jQHzbWVEsL9AxGeXRQuGt4OrGns6a70fzdchM08KGme2QAhhxPx93jOfV1FB
IFYoPYVGx0Xfk5HJS7L2dsFW8ncS9mS/aYG2xiH0uQkLZaH6MLnEJXz/JwIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFCClM9IQvIr4l+ZwecDKLEkbb2unMB8GA1UdIwQY
MBaAFPe1DH6B2M8mTRIJtq1aPMuCwW/dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTdVTWZvSFl6eVpORWdtMnJWbzh5NExCYjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi83MzJhODctNGRiMC00ZWYxLWJhZmIt
YWM0MDE2MTIwY2I5LzEvSUtVejBoQzhpdmlYNW5CNXdNb3NTUnR2YTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi83MzJhODctNGRiMC00ZWYxLWJhZmItYWM0MDE2MTIwY2I5
LzEvOTdVTWZvSFl6eVpORWdtMnJWbzh5NExCYjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTAqBAIAATAkAwQCLVtcAwQB
LYRKAwQAbc09AwQAud/PAwQBwh1kAwQBwh26MCMEAgACMB0wEgMHASoODcAAAgMH
ACoODcAABgMHASoODcAACDANBgkqhkiG9w0BAQsFAAOCAQEAiJLWSg1daH5++kFF
bsMtBCvNtCkzv4mKGy8YyMHtdQhYLkcfkA6ywMkpsj405USSIvJOr3eOg9UZJ1NS
lvZq0TBUjYR09F81cLczh77ZG88lMoNoCsF8UfM71jBMjQCku4nEJSbPpCkfWhDk
hHvYTNQYMbb9Hb3Zcjip+F0rmtk/TRd65xRm8fQI4/YnRBqyGwzycsliwN/aDXRy
RCDxxkVm+tyjS8UYWzA5fKQtbbVHg8JWTtKffSP3Xu/EjjBwRnvu9vdarPSmUgk+
gg7wrN3SUMt4fdVhmJR4fM6IMP0jI0F5sz+1doq/tBVSt/YM/bDYF1yCOr8zLLD7
vvOfWg==
-----END CERTIFICATE-----