Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/hI-jtI8ryeo_4SEipvDdXARXOzo.roa
File:                     hI-jtI8ryeo_4SEipvDdXARXOzo.roa (raw, json)
Hash identifier:          pjjyC849h2Dttm8tLfKn/yFcy0ajxgqlo8t2r2HLcdY=
Subject key identifier:   84:8F:A3:B4:8F:2B:C9:EA:3F:E1:21:22:A6:F0:DD:5C:04:57:3B:3A
Certificate issuer:       /CN=13a0f7143ffa22113442dc8589ee1352ebe3daa3
Certificate serial:       0185C02098E573DE38AE52FBF743E334AB7A
Authority key identifier: 13:A0:F7:14:3F:FA:22:11:34:42:DC:85:89:EE:13:52:EB:E3:DA:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E6D3FD_6IhE0QtyFie4TUuvj2qM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/hI-jtI8ryeo_4SEipvDdXARXOzo.roa
Signing time:             Tue 17 Jan 2023 14:27:19 +0000
ROA not before:           Tue 17 Jan 2023 14:27:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50889
IP address blocks:        185.136.71.0/24 maxlen: 24
                          185.136.69.0/24 maxlen: 24
                          185.136.70.0/24 maxlen: 24
                          77.111.250.0/24 maxlen: 24
                          77.111.251.0/24 maxlen: 24
                          77.111.248.0/24 maxlen: 24
                          77.111.249.0/24 maxlen: 24
                          80.84.166.0/24 maxlen: 24
                          80.84.160.0/24 maxlen: 24
                          80.84.164.0/24 maxlen: 24
                          80.84.165.0/24 maxlen: 24
                          80.84.163.0/24 maxlen: 24
                          80.84.161.0/24 maxlen: 24
                          80.84.162.0/24 maxlen: 24
                          80.84.167.0/24 maxlen: 24
                          80.84.171.0/24 maxlen: 24
                          80.84.172.0/24 maxlen: 24
                          80.84.170.0/24 maxlen: 24
                          80.84.168.0/24 maxlen: 24
                          80.84.169.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c0:20:98:e5:73:de:38:ae:52:fb:f7:43:e3:34:ab:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13a0f7143ffa22113442dc8589ee1352ebe3daa3
        Validity
            Not Before: Jan 17 14:27:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=848fa3b48f2bc9ea3fe12122a6f0dd5c04573b3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fb:24:87:16:bc:e1:fb:68:97:ae:1a:61:dd:
                    15:a6:20:6e:c9:98:85:1f:12:85:c3:3e:20:5a:a5:
                    d3:8c:2e:1b:9a:b0:43:04:95:59:83:c7:4a:26:91:
                    6b:e7:74:1b:73:52:40:c4:93:0b:65:4e:2f:a9:92:
                    ea:e6:94:a2:20:52:cf:99:de:0d:fe:e6:de:75:25:
                    ea:8d:52:9b:39:dd:a5:67:2b:15:4d:19:02:a8:92:
                    61:53:c1:6f:6e:44:69:29:03:f4:f3:a9:7d:22:ed:
                    11:36:c9:b8:8d:a4:77:3a:f1:1b:e1:fb:c5:4a:8d:
                    f2:6f:54:0e:d5:91:9c:fa:44:05:42:e2:66:23:42:
                    ec:88:84:ef:b3:3e:4b:f6:e3:82:ce:64:a7:c5:71:
                    1e:92:02:f1:04:06:8c:9d:d9:e7:c8:e9:ac:0b:03:
                    e6:2a:da:4c:be:e6:21:e0:25:ce:4b:b8:4b:ce:42:
                    99:3f:ac:df:97:0f:75:fc:ef:24:eb:cd:47:e4:f3:
                    79:88:60:5f:4c:52:4e:0a:63:9b:a5:8e:ce:36:cd:
                    91:e5:e9:56:e9:dc:76:8c:98:bd:8a:10:98:04:26:
                    4a:26:d9:83:13:64:3f:9d:63:c0:0d:d7:f1:c7:94:
                    1c:53:82:ed:3b:d7:1a:b1:61:2d:ca:73:df:04:d2:
                    81:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:8F:A3:B4:8F:2B:C9:EA:3F:E1:21:22:A6:F0:DD:5C:04:57:3B:3A
            X509v3 Authority Key Identifier:
                keyid:13:A0:F7:14:3F:FA:22:11:34:42:DC:85:89:EE:13:52:EB:E3:DA:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E6D3FD_6IhE0QtyFie4TUuvj2qM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/hI-jtI8ryeo_4SEipvDdXARXOzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/E6D3FD_6IhE0QtyFie4TUuvj2qM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.248.0/22
                  80.84.160.0-80.84.172.255
                  185.136.69.0-185.136.71.255

    Signature Algorithm: sha256WithRSAEncryption
         96:c4:73:bd:60:bd:ca:8e:cb:bc:86:68:26:55:b6:7f:bd:4d:
         1c:6d:ad:0a:3a:83:1c:b0:51:67:24:06:91:16:c4:fa:90:c7:
         b0:c6:13:65:f8:11:24:57:40:c3:f8:18:8a:c2:f2:92:b5:b7:
         e9:12:b2:5a:fd:94:e2:fc:bc:e0:fb:e2:5d:14:26:71:47:0a:
         0d:c4:e7:4b:3d:ee:99:ef:48:10:c5:e8:73:5f:57:b1:98:fb:
         01:09:b0:94:9c:f8:c6:d1:11:5b:f8:b9:c9:ae:a7:9e:3a:fe:
         f4:ba:eb:8d:73:cc:54:82:a4:b7:2a:60:ae:c4:89:a6:18:cb:
         53:60:21:d5:f5:87:19:ab:2b:5a:48:3e:9c:1f:4b:21:21:de:
         fe:1f:89:29:12:ca:31:7a:8f:95:c2:b2:1d:80:65:8c:39:ef:
         d1:25:75:b2:aa:23:cf:3d:b7:3b:f0:67:94:0b:05:df:99:27:
         b5:58:3d:98:b4:fd:3e:2d:b6:5b:cf:85:96:ce:f9:3c:42:b1:
         0d:5b:d8:d4:00:35:0a:80:ff:40:a6:a1:07:a7:dc:11:d7:65:
         b6:0b:df:67:e7:ce:b9:7f:46:34:51:f9:4d:5d:d8:2f:fb:ed:
         71:f4:a8:3f:08:95:a3:e6:2b:26:6a:84:ff:fd:cd:a3:9e:ff:
         a4:05:7e:d4
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYXAIJjlc944rlL790PjNKt6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYTBmNzE0M2ZmYTIyMTEzNDQyZGM4NTg5ZWUxMzUyZWJl
M2RhYTMwHhcNMjMwMTE3MTQyNzE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDhmYTNiNDhmMmJjOWVhM2ZlMTIxMjJhNmYwZGQ1YzA0NTczYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPskhxa84ftol64aYd0VpiBuyZiF
HxKFwz4gWqXTjC4bmrBDBJVZg8dKJpFr53Qbc1JAxJMLZU4vqZLq5pSiIFLPmd4N
/ubedSXqjVKbOd2lZysVTRkCqJJhU8FvbkRpKQP086l9Iu0RNsm4jaR3OvEb4fvF
So3yb1QO1ZGc+kQFQuJmI0LsiITvsz5L9uOCzmSnxXEekgLxBAaMndnnyOmsCwPm
KtpMvuYh4CXOS7hLzkKZP6zflw91/O8k681H5PN5iGBfTFJOCmObpY7ONs2R5elW
6dx2jJi9ihCYBCZKJtmDE2Q/nWPADdfxx5QcU4LtO9casWEtynPfBNKBhQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFISPo7SPK8nqP+EhIqbw3VwEVzs6MB8GA1UdIwQY
MBaAFBOg9xQ/+iIRNELchYnuE1Lr49qjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTZEM0ZEXzZJaEUwUXR5RmllNFRVdXZqMnFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi80NDNmODctNGFlMC00MTk4LWJjYjgt
MTA0YTMzNDM3NjY1LzEvaEktanRJOHJ5ZW9fNFNFaXB2RGRYQVJYT3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi80NDNmODctNGFlMC00MTk4LWJjYjgtMTA0YTMzNDM3NjY1
LzEvRTZEM0ZEXzZJaEUwUXR5RmllNFRVdXZqMnFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQCTW/4MAwD
BAVQVKADBABQVKwwDAMEALmIRQMEA7mIQDANBgkqhkiG9w0BAQsFAAOCAQEAlsRz
vWC9yo7LvIZoJlW2f71NHG2tCjqDHLBRZyQGkRbE+pDHsMYTZfgRJFdAw/gYisLy
krW36RKyWv2U4vy84PviXRQmcUcKDcTnSz3ume9IEMXoc19XsZj7AQmwlJz4xtER
W/i5ya6nnjr+9LrrjXPMVIKktypgrsSJphjLU2Ah1fWHGasrWkg+nB9LISHe/h+J
KRLKMXqPlcKyHYBljDnv0SV1sqojzz23O/BnlAsF35kntVg9mLT9Pi22W8+Fls75
PEKxDVvY1AA1CoD/QKahB6fcEddltgvfZ+fOuX9GNFH5TV3YL/vtcfSoPwiVo+Yr
JmqE//3No57/pAV+1A==
-----END CERTIFICATE-----