Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/SN5ahDC0cFiZgpGi5CLhhPxoJ80.roa
File:                     SN5ahDC0cFiZgpGi5CLhhPxoJ80.roa (raw, json)
Hash identifier:          AxkmiBHiUAcGzFKzgREK3CUKFLsubdRBCbfXksNXb6Q=
Subject key identifier:   48:DE:5A:84:30:B4:70:58:99:82:91:A2:E4:22:E1:84:FC:68:27:CD
Certificate issuer:       /CN=01335442514d5249b5143cfdf821216bb5c52940
Certificate serial:       01887B4F5A06AFB9F7A90CB00F9D4E62CD5C
Authority key identifier: 01:33:54:42:51:4D:52:49:B5:14:3C:FD:F8:21:21:6B:B5:C5:29:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ATNUQlFNUkm1FDz9-CEha7XFKUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/SN5ahDC0cFiZgpGi5CLhhPxoJ80.roa
Signing time:             Fri 02 Jun 2023 08:52:57 +0000
ROA not before:           Fri 02 Jun 2023 08:52:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39134
IP address blocks:        185.206.100.0/24 maxlen: 24
                          185.206.100.0/22 maxlen: 24
                          88.212.220.0/22 maxlen: 24
                          88.212.224.0/22 maxlen: 24
                          88.212.229.0/24 maxlen: 24
                          88.212.228.0/22 maxlen: 24
                          88.212.230.0/23 maxlen: 23
                          88.212.192.0/24 maxlen: 24
                          88.212.192.0/20 maxlen: 24
                          88.212.196.0/24 maxlen: 24
                          88.212.204.0/24 maxlen: 24
                          88.212.208.0/22 maxlen: 24
                          2a02:2100::/32 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7b:4f:5a:06:af:b9:f7:a9:0c:b0:0f:9d:4e:62:cd:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01335442514d5249b5143cfdf821216bb5c52940
        Validity
            Not Before: Jun  2 08:52:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=48de5a8430b47058998291a2e422e184fc6827cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:de:b7:c8:d2:a2:2b:02:9c:47:7b:c5:19:96:
                    c5:94:4a:d8:80:7f:63:6a:12:7e:7d:91:5c:e7:bd:
                    3b:93:f8:66:81:c6:b7:7a:cb:32:eb:e1:62:ae:82:
                    0b:75:22:92:13:df:9e:92:ad:ee:09:68:c2:69:1f:
                    53:27:32:dc:b9:a1:aa:dc:b9:89:9a:95:f0:82:85:
                    42:84:05:7c:f7:27:7c:d3:4d:65:cc:97:d8:a1:14:
                    55:3b:6a:dd:c6:06:11:cc:40:22:04:c9:db:fe:3c:
                    6e:ae:25:38:08:83:f0:49:77:5c:ef:00:0f:c6:1c:
                    d4:ca:51:e5:6d:4e:cd:44:7e:2b:21:1d:16:35:cd:
                    c7:4c:78:e0:6a:cb:f6:eb:66:ce:94:54:ee:23:59:
                    8d:88:b2:f4:ce:9a:fb:78:02:7f:fd:83:0d:3c:93:
                    e3:13:a4:d1:49:f7:fb:a7:ae:60:eb:10:c1:97:2b:
                    57:c3:b1:ef:84:74:1f:13:23:67:55:51:f7:48:03:
                    4c:30:7a:bf:a3:46:5f:9c:8b:80:05:01:8f:29:e8:
                    09:3c:5c:73:ec:19:ed:de:a5:f0:2e:0c:4c:5d:b0:
                    0b:38:be:13:57:f4:be:f0:5f:74:2a:f3:c9:87:24:
                    18:9b:e8:c3:04:16:80:41:52:d9:27:88:48:70:4b:
                    d5:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:DE:5A:84:30:B4:70:58:99:82:91:A2:E4:22:E1:84:FC:68:27:CD
            X509v3 Authority Key Identifier:
                keyid:01:33:54:42:51:4D:52:49:B5:14:3C:FD:F8:21:21:6B:B5:C5:29:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ATNUQlFNUkm1FDz9-CEha7XFKUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/SN5ahDC0cFiZgpGi5CLhhPxoJ80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c7a68f-7bf8-4f80-a9a2-815d2c026646/1/ATNUQlFNUkm1FDz9-CEha7XFKUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.212.192.0-88.212.211.255
                  88.212.220.0-88.212.231.255
                  185.206.100.0/22
                IPv6:
                  2a02:2100::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:7c:8d:53:8a:37:d1:8a:55:73:7d:9c:2f:3b:df:c5:98:73:
         c1:ca:78:a9:5b:23:45:9a:e1:64:ae:9a:45:6d:86:c5:33:58:
         d3:77:66:eb:b7:1e:31:31:47:bf:45:a6:5a:80:b7:b2:89:4f:
         2a:3f:ea:d2:56:e4:d9:6f:d6:67:fd:43:a0:69:65:6b:ee:5d:
         68:27:f8:8a:b9:37:c4:32:c9:9c:99:09:8f:d9:c5:0e:0e:7a:
         14:b3:97:5f:e2:11:b7:13:16:bd:ce:0e:ec:b3:5f:0d:de:6d:
         15:ac:46:a3:a8:9a:85:f4:63:7e:98:7a:e5:dc:c2:9a:d3:8f:
         86:f7:16:9e:be:d7:67:db:83:36:d5:77:64:82:96:90:ee:d3:
         8a:53:68:21:8b:b5:16:3d:35:85:fe:56:d1:54:bf:29:5b:e4:
         55:01:1c:01:eb:82:3a:20:65:ea:36:22:2b:08:0f:37:90:e3:
         c0:7d:08:99:b6:bb:11:21:f2:0f:3a:15:02:94:79:87:27:47:
         9d:76:1e:a3:8f:71:4b:e4:f1:70:0a:a2:c1:02:67:5b:7f:1e:
         4e:7a:3e:a9:93:f4:f1:ce:ca:52:bf:fd:36:b3:b6:c5:ce:2e:
         0d:44:4e:58:f4:a0:e5:95:d5:df:8c:fd:80:a6:e2:4d:a2:bb:
         8b:c9:65:cd
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYh7T1oGr7n3qQywD51OYs1cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMzM1NDQyNTE0ZDUyNDliNTE0M2NmZGY4MjEyMTZiYjVj
NTI5NDAwHhcNMjMwNjAyMDg1MjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGRlNWE4NDMwYjQ3MDU4OTk4MjkxYTJlNDIyZTE4NGZjNjgyN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk963yNKiKwKcR3vFGZbFlErYgH9j
ahJ+fZFc5707k/hmgca3essy6+FiroILdSKSE9+ekq3uCWjCaR9TJzLcuaGq3LmJ
mpXwgoVChAV89yd8001lzJfYoRRVO2rdxgYRzEAiBMnb/jxuriU4CIPwSXdc7wAP
xhzUylHlbU7NRH4rIR0WNc3HTHjgasv262bOlFTuI1mNiLL0zpr7eAJ//YMNPJPj
E6TRSff7p65g6xDBlytXw7HvhHQfEyNnVVH3SANMMHq/o0ZfnIuABQGPKegJPFxz
7Bnt3qXwLgxMXbALOL4TV/S+8F90KvPJhyQYm+jDBBaAQVLZJ4hIcEvVWwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFEjeWoQwtHBYmYKRouQi4YT8aCfNMB8GA1UdIwQY
MBaAFAEzVEJRTVJJtRQ8/fghIWu1xSlAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVROVVFsRk5Va20xRkR6OS1DRWhhN1hGS1VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9jN2E2OGYtN2JmOC00ZjgwLWE5YTIt
ODE1ZDJjMDI2NjQ2LzEvU041YWhEQzBjRmlaZ3BHaTVDTGhoUHhvSjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9jN2E2OGYtN2JmOC00ZjgwLWE5YTItODE1ZDJjMDI2NjQ2
LzEvQVROVVFsRk5Va20xRkR6OS1DRWhhN1hGS1VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAoBAIAATAiMAwDBAZY1MAD
BAJY1NAwDAMEAljU3AMEA1jU4AMEArnOZDANBAIAAjAHAwUAKgIhADANBgkqhkiG
9w0BAQsFAAOCAQEAinyNU4o30YpVc32cLzvfxZhzwcp4qVsjRZrhZK6aRW2GxTNY
03dm67ceMTFHv0WmWoC3solPKj/q0lbk2W/WZ/1DoGlla+5daCf4irk3xDLJnJkJ
j9nFDg56FLOXX+IRtxMWvc4O7LNfDd5tFaxGo6iahfRjfph65dzCmtOPhvcWnr7X
Z9uDNtV3ZIKWkO7TilNoIYu1Fj01hf5W0VS/KVvkVQEcAeuCOiBl6jYiKwgPN5Dj
wH0Imba7ESHyDzoVApR5hydHnXYeo49xS+TxcAqiwQJnW38eTno+qZP08c7KUr/9
NrO2xc4uDUROWPSg5ZXV34z9gKbiTaK7i8llzQ==
-----END CERTIFICATE-----