Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/q_FvaLbEshYTvOVwRNZM1HCNVhE.roa
File:                     q_FvaLbEshYTvOVwRNZM1HCNVhE.roa (raw, json)
Hash identifier:          KKNYzm73vHbfXWbariG0HnXi6tuHjzSYasSdGvYMoCo=
Subject key identifier:   AB:F1:6F:68:B6:C4:B2:16:13:BC:E5:70:44:D6:4C:D4:70:8D:56:11
Certificate issuer:       /CN=e07e008d6ed2388ad31b7422423152a92a54de71
Certificate serial:       018572F123732A364F9D3D71102677789F68
Authority key identifier: E0:7E:00:8D:6E:D2:38:8A:D3:1B:74:22:42:31:52:A9:2A:54:DE:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4H4AjW7SOIrTG3QiQjFSqSpU3nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/q_FvaLbEshYTvOVwRNZM1HCNVhE.roa
Signing time:             Mon 02 Jan 2023 14:44:43 +0000
ROA not before:           Mon 02 Jan 2023 14:44:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197227
IP address blocks:        145.14.240.0/21 maxlen: 24
                          46.243.156.0/22 maxlen: 24
                          185.131.160.0/22 maxlen: 22
                          213.5.208.0/21 maxlen: 24
                          185.81.56.0/22 maxlen: 24
                          46.175.40.0/21 maxlen: 24
                          85.234.248.0/21 maxlen: 24
                          37.247.56.0/21 maxlen: 24
                          5.133.248.0/21 maxlen: 24
                          195.80.128.0/21 maxlen: 24
                          188.211.16.0/21 maxlen: 24
                          2a03:1280::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:f1:23:73:2a:36:4f:9d:3d:71:10:26:77:78:9f:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e07e008d6ed2388ad31b7422423152a92a54de71
        Validity
            Not Before: Jan  2 14:44:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=abf16f68b6c4b21613bce57044d64cd4708d5611
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7d:4a:c5:ea:18:64:a2:0a:ce:e6:6c:92:04:
                    c4:41:0e:09:1a:4a:fe:a1:1a:a4:6a:1c:87:74:c2:
                    2c:5a:f6:9c:e3:23:ba:54:ba:95:a6:8f:a2:aa:74:
                    a6:cf:c4:7e:36:92:50:be:2c:7c:1c:37:f9:47:16:
                    08:63:1e:20:d5:ab:17:c3:3d:04:0a:78:a9:94:5d:
                    84:6d:bc:dc:54:eb:7b:d6:72:af:ee:b9:e4:77:6a:
                    62:5b:80:1a:52:5b:c6:50:ad:2e:b6:f5:c9:d2:17:
                    08:5c:70:7e:61:32:b0:e8:4e:96:d5:59:3b:61:89:
                    cf:e9:6d:c7:9b:23:3d:fb:a9:86:ed:57:fa:58:e6:
                    63:f3:89:62:9f:e5:3f:02:98:9a:82:8b:41:cc:ae:
                    e8:7b:ca:d7:b1:b5:1d:6c:1b:72:f2:0c:7f:78:98:
                    8d:30:c6:00:50:a9:47:5a:ff:11:0a:48:c9:e0:eb:
                    70:f5:be:81:ae:4f:36:3a:e8:d5:ee:eb:17:15:17:
                    3d:14:b0:3c:26:c4:0b:90:2f:b0:a4:7b:2f:67:00:
                    39:13:17:4b:f7:d2:61:59:01:1c:b2:5e:ff:8f:0e:
                    21:28:30:4b:26:7d:3c:13:3a:62:89:26:2d:91:cc:
                    1a:d5:33:95:4e:5e:e8:77:ca:54:17:c3:1f:c2:f9:
                    3c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:F1:6F:68:B6:C4:B2:16:13:BC:E5:70:44:D6:4C:D4:70:8D:56:11
            X509v3 Authority Key Identifier:
                keyid:E0:7E:00:8D:6E:D2:38:8A:D3:1B:74:22:42:31:52:A9:2A:54:DE:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4H4AjW7SOIrTG3QiQjFSqSpU3nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/q_FvaLbEshYTvOVwRNZM1HCNVhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/4H4AjW7SOIrTG3QiQjFSqSpU3nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.248.0/21
                  37.247.56.0/21
                  46.175.40.0/21
                  46.243.156.0/22
                  85.234.248.0/21
                  145.14.240.0/21
                  185.81.56.0/22
                  185.131.160.0/22
                  188.211.16.0/21
                  195.80.128.0/21
                  213.5.208.0/21
                IPv6:
                  2a03:1280::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:9a:a1:77:ee:23:b9:d9:52:63:25:6a:9d:19:b7:1c:3c:bf:
         b7:a8:85:80:d7:8d:71:b1:5b:f5:ff:89:3a:f4:16:62:da:fc:
         85:a3:49:17:d6:1e:57:f5:32:ba:66:46:48:b0:e3:3e:c9:65:
         73:da:23:2f:b2:f3:a2:4e:c2:37:aa:28:95:2b:c3:8a:57:d8:
         8f:3d:af:31:0a:d7:fb:10:20:ee:e1:83:f3:d6:c9:4e:c1:48:
         41:11:43:6b:ee:8b:e7:62:41:31:68:02:d9:0a:1f:f4:04:25:
         78:7d:56:5a:a2:72:2a:83:a0:2a:78:37:6e:83:ff:cc:7c:74:
         15:7f:89:0a:c8:85:ca:7f:53:cf:b0:b5:c1:64:14:8b:03:ff:
         05:24:91:21:f6:18:35:47:5b:74:dd:05:6f:22:fd:c9:b2:d0:
         6a:ab:0b:35:d4:8d:2e:34:ab:f7:ea:0f:20:52:da:25:e0:0f:
         5e:6c:eb:c6:85:11:8e:8a:39:25:2c:e8:51:fb:35:54:ae:84:
         ee:0b:36:f1:35:51:a5:81:ec:35:4e:83:4d:c2:3b:61:5f:16:
         da:07:da:68:9f:0a:80:ae:c1:f8:09:69:94:d8:ca:35:4b:7b:
         9c:f4:c1:56:fb:f7:e4:8e:b4:26:2c:72:2c:77:29:5a:06:dc:
         6b:64:d0:c4
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVy8SNzKjZPnT1xECZ3eJ9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwN2UwMDhkNmVkMjM4OGFkMzFiNzQyMjQyMzE1MmE5MmE1
NGRlNzEwHhcNMjMwMTAyMTQ0NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmYxNmY2OGI2YzRiMjE2MTNiY2U1NzA0NGQ2NGNkNDcwOGQ1NjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn1KxeoYZKIKzuZskgTEQQ4JGkr+
oRqkahyHdMIsWvac4yO6VLqVpo+iqnSmz8R+NpJQvix8HDf5RxYIYx4g1asXwz0E
CniplF2EbbzcVOt71nKv7rnkd2piW4AaUlvGUK0utvXJ0hcIXHB+YTKw6E6W1Vk7
YYnP6W3HmyM9+6mG7Vf6WOZj84lin+U/ApiagotBzK7oe8rXsbUdbBty8gx/eJiN
MMYAUKlHWv8RCkjJ4Otw9b6Brk82OujV7usXFRc9FLA8JsQLkC+wpHsvZwA5ExdL
99JhWQEcsl7/jw4hKDBLJn08EzpiiSYtkcwa1TOVTl7od8pUF8Mfwvk8YwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFKvxb2i2xLIWE7zlcETWTNRwjVYRMB8GA1UdIwQY
MBaAFOB+AI1u0jiK0xt0IkIxUqkqVN5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEg0QWpXN1NPSXJURzNRaVFqRlNxU3BVM25FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9kNDc5Y2MtYTcxMi00YmMzLTgzMmQt
MjcyNzI0N2FmMjEwLzEvcV9GdmFMYkVzaFlUdk9Wd1JOWk0xSENOVmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9kNDc5Y2MtYTcxMi00YmMzLTgzMmQtMjcyNzI0N2FmMjEw
LzEvNEg0QWpXN1NPSXJURzNRaVFqRlNxU3BVM25FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDBYX4AwQD
Jfc4AwQDLq8oAwQCLvOcAwQDVer4AwQDkQ7wAwQCuVE4AwQCuYOgAwQDvNMQAwQD
w1CAAwQD1QXQMA0EAgACMAcDBQAqAxKAMA0GCSqGSIb3DQEBCwUAA4IBAQCrmqF3
7iO52VJjJWqdGbccPL+3qIWA141xsVv1/4k69BZi2vyFo0kX1h5X9TK6ZkZIsOM+
yWVz2iMvsvOiTsI3qiiVK8OKV9iPPa8xCtf7ECDu4YPz1slOwUhBEUNr7ovnYkEx
aALZCh/0BCV4fVZaonIqg6AqeDdug//MfHQVf4kKyIXKf1PPsLXBZBSLA/8FJJEh
9hg1R1t03QVvIv3JstBqqws11I0uNKv36g8gUtol4A9ebOvGhRGOijklLOhR+zVU
roTuCzbxNVGlgew1ToNNwjthXxbaB9ponwqArsH4CWmU2Mo1S3uc9MFW+/fkjrQm
LHIsdylaBtxrZNDE
-----END CERTIFICATE-----