Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/_0czp3Z6bZ_strlwjW4rib0RrK4.roa
File:                     _0czp3Z6bZ_strlwjW4rib0RrK4.roa (raw, json)
Hash identifier:          ewLYzAaWLSj8cSNBpv7vJ+aSCRvd/dtTcXIiT9q7qgA=
Subject key identifier:   FF:47:33:A7:76:7A:6D:9F:EC:B6:B9:70:8D:6E:2B:89:BD:11:AC:AE
Certificate issuer:       /CN=84f824d32df1a5113d82101345d785a38addbde5
Certificate serial:       0185727A2D28BDAD1604CDBB73981E3E43EC
Authority key identifier: 84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/_0czp3Z6bZ_strlwjW4rib0RrK4.roa
Signing time:             Mon 02 Jan 2023 12:34:47 +0000
ROA not before:           Mon 02 Jan 2023 12:34:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     398217
IP address blocks:        89.36.136.0/24 maxlen: 24
                          86.107.72.0/24 maxlen: 24
                          89.32.43.0/24 maxlen: 24
                          89.38.240.0/24 maxlen: 24
                          86.105.229.0/24 maxlen: 24
                          86.105.230.0/24 maxlen: 24
                          89.46.47.0/24 maxlen: 24
                          194.41.60.0/24 maxlen: 24
                          194.41.61.0/24 maxlen: 24
                          46.102.183.0/24 maxlen: 24
                          46.102.182.0/24 maxlen: 24
                          77.81.86.0/24 maxlen: 24
                          86.106.175.0/24 maxlen: 24
                          86.106.174.0/24 maxlen: 24
                          86.105.2.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:7a:2d:28:bd:ad:16:04:cd:bb:73:98:1e:3e:43:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84f824d32df1a5113d82101345d785a38addbde5
        Validity
            Not Before: Jan  2 12:34:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff4733a7767a6d9fecb6b9708d6e2b89bd11acae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:29:b7:a0:d3:45:d8:0d:a2:d8:f2:80:03:a6:
                    bb:cd:39:c5:73:bb:65:57:bd:d1:ed:12:b1:dd:ed:
                    0b:5a:b1:00:c9:85:82:ee:26:f0:57:3b:d8:22:4a:
                    93:bf:cf:dc:6a:b0:5d:d1:3d:75:9c:6d:59:e2:96:
                    68:84:71:ba:2d:e4:1e:31:f9:ce:1a:4d:e0:ad:67:
                    b5:3e:e4:21:69:54:19:56:80:bd:64:8d:62:d1:4b:
                    18:79:30:4d:6a:6f:ac:3d:8d:92:3f:3d:16:a9:b8:
                    61:ff:75:99:b4:30:12:bf:9e:ad:3a:57:5c:f2:33:
                    89:00:f8:5d:fd:42:71:c0:4b:a5:5e:11:6e:9c:5b:
                    af:e2:8d:e9:aa:70:ca:21:ab:45:ba:8b:11:9e:99:
                    df:be:2c:b4:36:85:7f:ef:c3:37:06:28:ec:d6:3e:
                    44:ef:c9:de:a8:a0:62:fa:c8:45:a8:6b:4a:ce:84:
                    d8:fb:0a:a0:cf:02:0c:4c:ef:47:cb:bc:da:f3:b0:
                    68:eb:65:18:0d:78:ee:51:3d:74:68:ef:d2:aa:a3:
                    82:f0:68:52:70:65:88:b2:eb:a6:30:6b:03:a6:de:
                    26:5b:cd:c3:7d:e5:50:76:17:d2:e6:56:78:91:94:
                    e9:75:06:e6:ac:95:e1:fc:81:bd:a8:8e:77:61:16:
                    55:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:47:33:A7:76:7A:6D:9F:EC:B6:B9:70:8D:6E:2B:89:BD:11:AC:AE
            X509v3 Authority Key Identifier:
                keyid:84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/_0czp3Z6bZ_strlwjW4rib0RrK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.182.0/23
                  77.81.86.0/24
                  86.105.2.0/24
                  86.105.229.0-86.105.230.255
                  86.106.174.0/23
                  86.107.72.0/24
                  89.32.43.0/24
                  89.36.136.0/24
                  89.38.240.0/24
                  89.46.47.0/24
                  194.41.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:90:9f:85:52:8b:51:56:3c:4e:cd:b8:cb:af:d9:15:e3:45:
         84:ff:68:ca:a4:1e:73:67:90:6c:bc:66:65:1b:fd:25:dd:33:
         92:47:d9:f5:a3:3f:b7:38:c8:5d:14:a8:31:ff:f1:e3:f7:75:
         0f:95:38:54:29:5b:73:ea:ea:48:88:99:93:e2:2b:a0:89:c4:
         23:1e:eb:40:9c:d2:7c:1c:66:d7:4e:c4:e0:5a:60:54:ec:0b:
         c1:61:85:d3:72:02:68:7a:1e:aa:2a:be:8b:f5:b7:45:71:c7:
         de:f6:83:1e:1f:32:39:10:1c:71:bc:1c:27:40:64:6a:97:2a:
         a8:48:27:91:5b:90:7e:17:c3:05:1f:42:33:9a:0f:1a:00:38:
         5e:3a:35:e0:9a:b1:c1:1a:59:22:88:4c:9c:2f:98:14:b6:79:
         47:4e:f0:ca:58:86:71:f6:3e:8f:6c:df:6f:7a:d6:87:ad:bc:
         ed:b7:e2:bf:3a:dc:dd:84:75:c9:00:7a:df:6e:5c:5a:0c:61:
         d2:ac:a1:e7:d6:96:b5:e2:35:54:b1:2a:f5:3f:ad:63:e3:3a:
         a1:f8:fa:ff:3a:4f:c1:5c:7d:54:e1:20:6f:77:7d:0a:31:6b:
         12:29:41:ab:16:fd:1e:f9:ac:16:1d:e6:b1:ae:17:08:d2:01:
         b0:1c:01:2c
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVyei0ova0WBM27c5gePkPsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZjgyNGQzMmRmMWE1MTEzZDgyMTAxMzQ1ZDc4NWEzOGFk
ZGJkZTUwHhcNMjMwMTAyMTIzNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjQ3MzNhNzc2N2E2ZDlmZWNiNmI5NzA4ZDZlMmI4OWJkMTFhY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkim3oNNF2A2i2PKAA6a7zTnFc7tl
V73R7RKx3e0LWrEAyYWC7ibwVzvYIkqTv8/carBd0T11nG1Z4pZohHG6LeQeMfnO
Gk3grWe1PuQhaVQZVoC9ZI1i0UsYeTBNam+sPY2SPz0Wqbhh/3WZtDASv56tOldc
8jOJAPhd/UJxwEulXhFunFuv4o3pqnDKIatFuosRnpnfviy0NoV/78M3Bijs1j5E
78neqKBi+shFqGtKzoTY+wqgzwIMTO9Hy7za87Bo62UYDXjuUT10aO/SqqOC8GhS
cGWIsuumMGsDpt4mW83DfeVQdhfS5lZ4kZTpdQbmrJXh/IG9qI53YRZVDQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFP9HM6d2em2f7La5cI1uK4m9EayuMB8GA1UdIwQY
MBaAFIT4JNMt8aURPYIQE0XXhaOK3b3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgt
NDM3Mzk0OTM4YzUyLzEvXzBjenAzWjZiWl9zdHJsd2pXNHJpYjBScks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgtNDM3Mzk0OTM4YzUy
LzEvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQBLma2AwQA
TVFWAwQAVmkCMAwDBABWaeUDBABWaeYDBAFWaq4DBABWa0gDBABZICsDBABZJIgD
BABZJvADBABZLi8DBAHCKTwwDQYJKoZIhvcNAQELBQADggEBALKQn4VSi1FWPE7N
uMuv2RXjRYT/aMqkHnNnkGy8ZmUb/SXdM5JH2fWjP7c4yF0UqDH/8eP3dQ+VOFQp
W3Pq6kiImZPiK6CJxCMe60Cc0nwcZtdOxOBaYFTsC8FhhdNyAmh6Hqoqvov1t0Vx
x972gx4fMjkQHHG8HCdAZGqXKqhIJ5FbkH4XwwUfQjOaDxoAOF46NeCascEaWSKI
TJwvmBS2eUdO8MpYhnH2Po9s32961oetvO234r863N2EdckAet9uXFoMYdKsoefW
lrXiNVSxKvU/rWPjOqH4+v86T8FcfVThIG93fQoxaxIpQasW/R75rBYd5rGuFwjS
AbAcASw=
-----END CERTIFICATE-----