Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/vjOMSCNZXUeE5qsd9-GzBQ3kzxw.roa
File:                     vjOMSCNZXUeE5qsd9-GzBQ3kzxw.roa (raw, json)
Hash identifier:          C1O0212oRLHv6o8ec0EM5c5sAp0mhoFyWQMsjhgZdXI=
Subject key identifier:   BE:33:8C:48:23:59:5D:47:84:E6:AB:1D:F7:E1:B3:05:0D:E4:CF:1C
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       018736EC64C19E70BD8E29A68C107C4FD97B
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/vjOMSCNZXUeE5qsd9-GzBQ3kzxw.roa
Signing time:             Fri 31 Mar 2023 09:07:54 +0000
ROA not before:           Fri 31 Mar 2023 09:07:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41313
IP address blocks:        185.40.164.0/22 maxlen: 24
                          46.35.160.0/19 maxlen: 24
                          185.18.228.0/22 maxlen: 24
                          151.252.192.0/20 maxlen: 24
                          79.110.120.0/21 maxlen: 24
                          95.158.128.0/18 maxlen: 24
                          80.95.16.0/21 maxlen: 24
                          80.95.22.0/24 maxlen: 24
                          93.175.244.0/23 maxlen: 23
                          212.21.128.0/19 maxlen: 24
                          93.152.234.0/23 maxlen: 24
                          2a00:e200::/32 maxlen: 64
                          2a0d:3b40::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:36:ec:64:c1:9e:70:bd:8e:29:a6:8c:10:7c:4f:d9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Mar 31 09:07:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=be338c4823595d4784e6ab1df7e1b3050de4cf1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:67:8d:f4:62:17:ae:a5:ed:82:6e:f1:61:07:
                    f3:8c:4f:f8:ee:bf:63:d6:6a:07:a0:e7:fd:f5:e8:
                    f6:83:0d:43:fd:9b:2d:5e:81:75:2f:6b:ec:88:65:
                    61:b1:10:6a:4f:d5:18:22:30:55:1e:90:ff:34:cf:
                    b4:67:d2:a8:56:3b:46:d7:6c:b3:0d:ff:1b:28:99:
                    d1:10:64:32:f8:6e:5c:9a:62:99:94:c3:1a:94:d2:
                    72:12:69:6a:af:e4:a9:c9:9c:86:f4:40:a7:93:44:
                    79:1d:00:dd:cf:68:b2:17:1d:b5:70:75:d4:cf:69:
                    29:f8:91:2e:9a:2e:e2:73:7d:02:cc:59:c6:91:1a:
                    c3:9d:cd:af:a4:dd:ae:cb:17:7c:ce:58:55:0e:c7:
                    13:bd:10:38:81:84:3d:f4:44:c7:03:94:ea:26:a3:
                    37:51:30:4b:0f:2b:21:2d:42:0b:5a:c8:28:1f:15:
                    10:73:2d:77:b6:6c:89:1c:85:3f:63:ad:fe:ff:16:
                    61:f2:3d:e8:a5:37:cd:07:9d:1f:aa:14:d1:62:6b:
                    08:cc:1a:9c:44:d9:b2:2b:6f:8b:e4:53:d3:26:c3:
                    73:c2:33:c8:84:17:82:19:75:a8:24:9e:5b:97:f1:
                    68:9f:bc:26:27:17:39:ea:5b:ba:9c:e4:88:c1:46:
                    4a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:33:8C:48:23:59:5D:47:84:E6:AB:1D:F7:E1:B3:05:0D:E4:CF:1C
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/vjOMSCNZXUeE5qsd9-GzBQ3kzxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.35.160.0/19
                  79.110.120.0/21
                  80.95.16.0/21
                  93.152.234.0/23
                  93.175.244.0/23
                  95.158.128.0/18
                  151.252.192.0/20
                  185.18.228.0/22
                  185.40.164.0/22
                  212.21.128.0/19
                IPv6:
                  2a00:e200::/32
                  2a0d:3b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:e3:1c:2d:6d:6c:a2:6e:0b:e4:1d:21:75:46:6d:4a:0a:b1:
         60:5e:c7:4f:a5:8a:75:f2:ad:c6:c4:32:b3:d9:e5:9e:2a:85:
         68:05:1d:8a:fd:aa:69:91:74:10:de:e6:e4:03:8c:66:0a:30:
         33:89:02:5d:72:22:b1:f4:1c:01:f8:ff:77:c0:62:82:95:95:
         9a:b6:6f:bf:76:77:06:d7:04:61:93:48:79:6a:ab:c0:38:a8:
         97:49:76:6e:92:37:25:b4:1f:9d:2c:7f:49:a3:1c:ea:46:14:
         eb:9a:50:ba:ab:79:74:70:83:38:3b:d8:67:49:06:5d:73:3d:
         15:e2:a0:a1:25:d2:b9:a6:7f:05:27:2f:62:fc:91:06:4e:31:
         64:72:50:c6:30:d5:34:5a:6d:a2:7c:e4:c7:63:5c:ee:55:df:
         da:2a:b0:97:ac:45:38:39:55:c9:21:69:ba:73:38:32:da:ff:
         69:93:46:34:7e:df:5b:3f:65:ff:9e:56:7b:e1:ad:c1:c8:e4:
         df:d1:6a:9d:b5:f7:e8:79:d7:68:66:70:5a:b1:46:5f:bc:da:
         cd:e1:f1:3a:02:88:d1:a9:d1:4b:1f:2a:38:9f:d3:cd:8e:28:
         be:d5:34:81:47:e7:96:cc:f9:0a:79:23:43:17:50:b0:2c:41:
         2f:66:ca:56
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYc27GTBnnC9jimmjBB8T9l7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjMwMzMxMDkwNzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTMzOGM0ODIzNTk1ZDQ3ODRlNmFiMWRmN2UxYjMwNTBkZTRjZjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWeN9GIXrqXtgm7xYQfzjE/47r9j
1moHoOf99ej2gw1D/ZstXoF1L2vsiGVhsRBqT9UYIjBVHpD/NM+0Z9KoVjtG12yz
Df8bKJnREGQy+G5cmmKZlMMalNJyEmlqr+SpyZyG9ECnk0R5HQDdz2iyFx21cHXU
z2kp+JEumi7ic30CzFnGkRrDnc2vpN2uyxd8zlhVDscTvRA4gYQ99ETHA5TqJqM3
UTBLDyshLUILWsgoHxUQcy13tmyJHIU/Y63+/xZh8j3opTfNB50fqhTRYmsIzBqc
RNmyK2+L5FPTJsNzwjPIhBeCGXWoJJ5bl/Fon7wmJxc56lu6nOSIwUZKZQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFL4zjEgjWV1HhOarHffhswUN5M8cMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvdmpPTVNDTlpYVWVFNXFzZDktR3pCUTNrenh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQFLiOgAwQD
T254AwQDUF8QAwQBXZjqAwQBXa/0AwQGX56AAwQEl/zAAwQCuRLkAwQCuSikAwQF
1BWAMBQEAgACMA4DBQAqAOIAAwUDKg07QDANBgkqhkiG9w0BAQsFAAOCAQEAWOMc
LW1som4L5B0hdUZtSgqxYF7HT6WKdfKtxsQys9nlniqFaAUdiv2qaZF0EN7m5AOM
ZgowM4kCXXIisfQcAfj/d8BigpWVmrZvv3Z3BtcEYZNIeWqrwDiol0l2bpI3JbQf
nSx/SaMc6kYU65pQuqt5dHCDODvYZ0kGXXM9FeKgoSXSuaZ/BScvYvyRBk4xZHJQ
xjDVNFptonzkx2Nc7lXf2iqwl6xFODlVySFpunM4Mtr/aZNGNH7fWz9l/55We+Gt
wcjk39FqnbX36HnXaGZwWrFGX7zazeHxOgKI0anRSx8qOJ/TzY4ovtU0gUfnlsz5
CnkjQxdQsCxBL2bKVg==
-----END CERTIFICATE-----