Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/BhVmiVcmJr7QcFXD9m4Txvq2wG8.roa
File:                     BhVmiVcmJr7QcFXD9m4Txvq2wG8.roa (raw, json)
Hash identifier:          VLi9MuunhIRJb77nsdzQrBJCMC3HyEOw2bhhA5iEAVY=
Subject key identifier:   06:15:66:89:57:26:26:BE:D0:70:55:C3:F6:6E:13:C6:FA:B6:C0:6F
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       0187746154D1A8938E7BB3F811C5033ED8B9
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/BhVmiVcmJr7QcFXD9m4Txvq2wG8.roa
Signing time:             Wed 12 Apr 2023 07:32:28 +0000
ROA not before:           Wed 12 Apr 2023 07:32:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41313
IP address blocks:        185.40.164.0/22 maxlen: 24
                          46.35.160.0/19 maxlen: 24
                          185.18.228.0/22 maxlen: 24
                          151.252.192.0/20 maxlen: 24
                          79.110.120.0/21 maxlen: 24
                          95.158.128.0/18 maxlen: 24
                          80.95.16.0/21 maxlen: 24
                          80.95.22.0/24 maxlen: 24
                          93.175.244.0/23 maxlen: 24
                          212.21.128.0/19 maxlen: 24
                          93.152.234.0/23 maxlen: 24
                          2a00:e200::/32 maxlen: 48
                          2a0d:3b40::/29 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:74:61:54:d1:a8:93:8e:7b:b3:f8:11:c5:03:3e:d8:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Apr 12 07:32:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=06156689572626bed07055c3f66e13c6fab6c06f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:47:0b:a4:f1:92:d8:95:88:35:91:8e:f7:a5:
                    97:d3:43:da:46:e6:48:ba:fd:67:48:b8:2e:23:b9:
                    39:55:e6:c0:13:db:d8:63:92:fa:b4:97:00:af:92:
                    20:8a:08:dd:2b:d2:e9:7a:b1:59:99:b6:cb:a4:6b:
                    ce:de:c3:f7:3b:ed:93:48:a9:c3:63:c4:25:43:40:
                    e0:a6:75:e2:db:18:84:79:7a:33:3e:8d:d4:28:c4:
                    7f:10:4a:10:b6:57:b8:4c:97:72:60:c4:f5:bf:13:
                    a3:c4:40:78:38:25:93:ec:6b:0d:8b:34:fa:9b:5f:
                    77:19:b0:8b:bc:03:17:63:7b:63:28:9a:cc:57:25:
                    67:22:79:b3:89:c1:14:d2:59:6c:9f:28:95:36:d3:
                    85:84:c8:3a:b0:cb:8b:5e:82:44:fe:6b:39:27:64:
                    80:2a:5a:93:95:0a:fb:b3:9a:d9:32:81:d0:3f:34:
                    8e:26:6e:5a:4e:c2:d2:68:7c:50:52:89:f5:8d:93:
                    d5:e7:44:66:1f:22:aa:57:d9:93:75:e5:01:04:cf:
                    15:d9:a7:40:9f:3f:a6:40:c6:c1:20:d1:33:02:f1:
                    6e:39:ed:be:15:67:49:03:db:dd:8c:cf:fd:1d:ba:
                    ea:d8:e6:c7:fa:a6:e0:d9:77:7f:47:84:2c:35:78:
                    45:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:15:66:89:57:26:26:BE:D0:70:55:C3:F6:6E:13:C6:FA:B6:C0:6F
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/BhVmiVcmJr7QcFXD9m4Txvq2wG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.35.160.0/19
                  79.110.120.0/21
                  80.95.16.0/21
                  93.152.234.0/23
                  93.175.244.0/23
                  95.158.128.0/18
                  151.252.192.0/20
                  185.18.228.0/22
                  185.40.164.0/22
                  212.21.128.0/19
                IPv6:
                  2a00:e200::/32
                  2a0d:3b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:22:90:64:d4:e8:1c:86:d0:c0:d1:f4:48:ea:f7:2c:b8:16:
         0a:2e:4f:c6:fc:e4:e6:96:b5:61:6a:1d:9d:66:4d:61:ba:38:
         d5:ad:99:1c:35:c5:80:6c:a7:39:4c:21:3b:db:c9:97:b5:f5:
         c9:5c:01:6c:56:14:bd:92:cf:50:b0:6c:1a:4b:c9:1b:7a:d1:
         1f:2e:b5:ae:80:20:ec:16:e6:6a:52:bf:87:b7:9f:f5:a3:c3:
         30:53:96:b5:74:94:25:57:92:71:d2:49:81:30:1d:2f:92:f2:
         41:0b:ef:51:9e:70:bd:1f:c4:44:9a:b5:34:73:b7:dd:69:c6:
         0c:5a:4d:d1:14:9c:49:2f:3a:7e:15:99:8c:34:14:f8:6c:6c:
         21:04:9a:2d:a0:c6:ee:ec:52:7d:64:fb:ad:14:25:6b:f8:de:
         90:7d:98:3c:81:25:4f:1a:8a:55:4e:50:52:c4:1c:74:fb:2a:
         52:3e:69:31:a1:97:a3:bc:fd:b2:06:f8:b6:a3:d2:0c:b1:93:
         e8:0a:7c:63:77:dd:ae:09:00:1a:a5:e0:22:fa:31:3a:b1:50:
         14:cd:68:6c:3a:40:20:f6:1a:06:48:fd:45:97:d6:c5:c8:93:
         3d:91:70:1f:02:e8:34:27:42:43:23:a6:4e:ff:e5:4c:1c:23:
         57:6c:2c:9e
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYd0YVTRqJOOe7P4EcUDPti5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjMwNDEyMDczMjI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjE1NjY4OTU3MjYyNmJlZDA3MDU1YzNmNjZlMTNjNmZhYjZjMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUcLpPGS2JWINZGO96WX00PaRuZI
uv1nSLguI7k5VebAE9vYY5L6tJcAr5IgigjdK9LperFZmbbLpGvO3sP3O+2TSKnD
Y8QlQ0DgpnXi2xiEeXozPo3UKMR/EEoQtle4TJdyYMT1vxOjxEB4OCWT7GsNizT6
m193GbCLvAMXY3tjKJrMVyVnInmzicEU0llsnyiVNtOFhMg6sMuLXoJE/ms5J2SA
KlqTlQr7s5rZMoHQPzSOJm5aTsLSaHxQUon1jZPV50RmHyKqV9mTdeUBBM8V2adA
nz+mQMbBINEzAvFuOe2+FWdJA9vdjM/9Hbrq2ObH+qbg2Xd/R4QsNXhFzQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFAYVZolXJia+0HBVw/ZuE8b6tsBvMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvQmhWbWlWY21KcjdRY0ZYRDltNFR4dnEyd0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQFLiOgAwQD
T254AwQDUF8QAwQBXZjqAwQBXa/0AwQGX56AAwQEl/zAAwQCuRLkAwQCuSikAwQF
1BWAMBQEAgACMA4DBQAqAOIAAwUDKg07QDANBgkqhkiG9w0BAQsFAAOCAQEArSKQ
ZNToHIbQwNH0SOr3LLgWCi5Pxvzk5pa1YWodnWZNYbo41a2ZHDXFgGynOUwhO9vJ
l7X1yVwBbFYUvZLPULBsGkvJG3rRHy61roAg7BbmalK/h7ef9aPDMFOWtXSUJVeS
cdJJgTAdL5LyQQvvUZ5wvR/ERJq1NHO33WnGDFpN0RScSS86fhWZjDQU+GxsIQSa
LaDG7uxSfWT7rRQla/jekH2YPIElTxqKVU5QUsQcdPsqUj5pMaGXo7z9sgb4tqPS
DLGT6Ap8Y3fdrgkAGqXgIvoxOrFQFM1obDpAIPYaBkj9RZfWxciTPZFwHwLoNCdC
QyOmTv/lTBwjV2wsng==
-----END CERTIFICATE-----