Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/eQG4Z06AEWg8inmT2V5GMcpXEpk.roa
File:                     eQG4Z06AEWg8inmT2V5GMcpXEpk.roa (raw, json)
Hash identifier:          +WyGjCtYRMnOFlm3OHpMtm8JceosGAxrjMCY+y82evA=
Subject key identifier:   79:01:B8:67:4E:80:11:68:3C:8A:79:93:D9:5E:46:31:CA:57:12:99
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018570B08003ABBB1C206B5C52344101F304
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/eQG4Z06AEWg8inmT2V5GMcpXEpk.roa
Signing time:             Mon 02 Jan 2023 04:14:53 +0000
ROA not before:           Mon 02 Jan 2023 04:14:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201106
IP address blocks:        194.124.218.0/23 maxlen: 32
                          194.124.224.0/23 maxlen: 32
                          45.142.156.0/24 maxlen: 32
                          45.142.157.0/24 maxlen: 32
                          45.142.158.0/23 maxlen: 32
                          194.147.98.0/23 maxlen: 32
                          194.147.100.0/23 maxlen: 32
                          45.150.226.0/23 maxlen: 32
                          193.218.200.0/23 maxlen: 32
                          45.154.212.0/22 maxlen: 32
                          45.150.164.0/22 maxlen: 32
                          193.221.94.0/23 maxlen: 32
                          45.151.132.0/22 maxlen: 32
                          45.145.74.0/23 maxlen: 32
                          45.145.72.0/23 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:b0:80:03:ab:bb:1c:20:6b:5c:52:34:41:01:f3:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  2 04:14:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7901b8674e8011683c8a7993d95e4631ca571299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e6:a1:f6:58:57:66:97:f9:fd:22:7c:0d:ed:
                    64:8b:d8:c0:34:f7:72:68:f4:d9:fb:1c:62:38:99:
                    27:81:09:47:29:70:68:f9:03:30:d2:71:aa:76:b7:
                    26:5b:d5:22:87:c4:83:5d:b7:80:16:12:77:c7:59:
                    86:d6:07:03:40:3c:6d:2b:fc:ad:34:81:34:ff:6b:
                    a7:03:d0:53:04:b2:f7:5f:23:33:a5:6f:b0:b8:f1:
                    91:16:38:a4:82:4c:9e:41:db:b3:6f:13:19:3b:f2:
                    6b:ff:d4:71:d2:ac:e7:22:10:d5:ae:de:66:d8:f6:
                    7a:67:40:db:2d:39:e1:2e:36:9a:91:04:cd:55:58:
                    a7:37:d4:c2:44:42:aa:71:66:91:9a:65:2d:f1:ab:
                    3e:a8:8d:59:99:43:fc:6f:76:15:13:5f:00:c9:6a:
                    4a:e8:38:2c:74:b4:fa:72:45:7e:88:62:d2:d4:f5:
                    d7:00:b7:a4:b7:a6:78:f7:1d:97:e6:27:60:60:ef:
                    bc:85:ad:7d:71:47:a8:fc:ff:8d:53:33:c0:15:5c:
                    9d:25:c3:04:0b:aa:aa:b2:80:3c:36:60:78:03:23:
                    8e:9e:6a:5d:5c:82:81:94:72:89:28:53:64:09:15:
                    25:ef:1b:1c:10:51:36:90:68:b2:d2:22:7d:2c:8b:
                    07:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:01:B8:67:4E:80:11:68:3C:8A:79:93:D9:5E:46:31:CA:57:12:99
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/eQG4Z06AEWg8inmT2V5GMcpXEpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.156.0/22
                  45.145.72.0/22
                  45.150.164.0/22
                  45.150.226.0/23
                  45.151.132.0/22
                  45.154.212.0/22
                  193.218.200.0/23
                  193.221.94.0/23
                  194.124.218.0/23
                  194.124.224.0/23
                  194.147.98.0-194.147.101.255

    Signature Algorithm: sha256WithRSAEncryption
         aa:05:a6:94:5c:01:70:d7:53:d0:6e:ff:db:b8:38:0f:af:29:
         9a:64:d2:eb:2b:81:e3:de:96:2a:fc:1c:28:86:ed:d2:3d:7d:
         10:63:4e:dd:5c:bf:04:0c:34:bc:3d:de:02:8a:2e:14:3e:81:
         06:4c:b5:51:b8:56:30:c5:a6:90:b1:c5:98:7f:a0:68:4b:ee:
         61:e9:91:43:da:fb:f7:ff:48:06:80:1e:ae:7f:00:9b:44:67:
         33:96:fd:7b:24:7d:4c:7d:f9:6e:11:9f:65:77:0b:4a:af:9f:
         ca:b4:d6:ca:d3:6f:64:b0:77:a6:b2:a5:41:55:b1:39:78:d2:
         c9:ca:ae:d1:8b:55:fd:a9:52:27:29:72:29:5f:32:50:b3:27:
         a6:72:e1:0b:75:64:53:0b:3d:5f:04:e2:0e:3c:df:22:62:e4:
         ff:33:4c:8e:eb:3a:c7:36:17:3b:6b:0d:70:e5:cf:ba:4c:cc:
         d8:d8:6e:86:2d:f7:38:b4:b9:ba:f6:04:13:65:46:6c:66:ef:
         a2:5f:f0:df:7d:ef:6d:f3:7d:52:70:b1:b1:b5:f9:20:9c:a7:
         5a:2d:9e:23:5c:5b:d0:46:bf:68:d8:2b:76:34:b5:42:58:90:
         ba:ca:7e:bb:f7:03:2b:d7:0d:54:1b:f8:81:c0:87:88:55:58:
         fe:a6:8d:3a
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVwsIADq7scIGtcUjRBAfMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjMwMTAyMDQxNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTAxYjg2NzRlODAxMTY4M2M4YTc5OTNkOTVlNDYzMWNhNTcxMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+ah9lhXZpf5/SJ8De1ki9jANPdy
aPTZ+xxiOJkngQlHKXBo+QMw0nGqdrcmW9Uih8SDXbeAFhJ3x1mG1gcDQDxtK/yt
NIE0/2unA9BTBLL3XyMzpW+wuPGRFjikgkyeQduzbxMZO/Jr/9Rx0qznIhDVrt5m
2PZ6Z0DbLTnhLjaakQTNVVinN9TCREKqcWaRmmUt8as+qI1ZmUP8b3YVE18AyWpK
6DgsdLT6ckV+iGLS1PXXALekt6Z49x2X5idgYO+8ha19cUeo/P+NUzPAFVydJcME
C6qqsoA8NmB4AyOOnmpdXIKBlHKJKFNkCRUl7xscEFE2kGiy0iJ9LIsH3wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFHkBuGdOgBFoPIp5k9leRjHKVxKZMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvZVFHNFowNkFFV2c4aW5tVDJWNUdNY3BYRXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQCLY6cAwQC
LZFIAwQCLZakAwQBLZbiAwQCLZeEAwQCLZrUAwQBwdrIAwQBwd1eAwQBwnzaAwQB
wnzgMAwDBAHCk2IDBAHCk2QwDQYJKoZIhvcNAQELBQADggEBAKoFppRcAXDXU9Bu
/9u4OA+vKZpk0usrgePelir8HCiG7dI9fRBjTt1cvwQMNLw93gKKLhQ+gQZMtVG4
VjDFppCxxZh/oGhL7mHpkUPa+/f/SAaAHq5/AJtEZzOW/XskfUx9+W4Rn2V3C0qv
n8q01srTb2Swd6aypUFVsTl40snKrtGLVf2pUicpcilfMlCzJ6Zy4Qt1ZFMLPV8E
4g483yJi5P8zTI7rOsc2FztrDXDlz7pMzNjYboYt9zi0ubr2BBNlRmxm76Jf8N99
723zfVJwsbG1+SCcp1otniNcW9BGv2jYK3Y0tUJYkLrKfrv3AyvXDVQb+IHAh4hV
WP6mjTo=
-----END CERTIFICATE-----