Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/iuLaz70HoHq6DyV1e1PJwMcnUuY.roa
File:                     iuLaz70HoHq6DyV1e1PJwMcnUuY.roa (raw, json)
Hash identifier:          iNTGXuGv1ERPIIR1ExQCJeobLqiQB3uwmHMZ5LmlGFY=
Subject key identifier:   8A:E2:DA:CF:BD:07:A0:7A:BA:0F:25:75:7B:53:C9:C0:C7:27:52:E6
Certificate issuer:       /CN=c1acf260d23263a7c6bb6c59c19eebc6759b60be
Certificate serial:       018586DFB4730B980F7486F2B877B6E45896
Authority key identifier: C1:AC:F2:60:D2:32:63:A7:C6:BB:6C:59:C1:9E:EB:C6:75:9B:60:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wazyYNIyY6fGu2xZwZ7rxnWbYL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/iuLaz70HoHq6DyV1e1PJwMcnUuY.roa
Signing time:             Fri 06 Jan 2023 11:38:05 +0000
ROA not before:           Fri 06 Jan 2023 11:38:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13280
IP address blocks:        89.204.240.0/20 maxlen: 24
                          95.83.192.0/18 maxlen: 24
                          95.83.196.0/22 maxlen: 24
                          95.83.196.0/23 maxlen: 24
                          89.204.160.0/19 maxlen: 24
                          89.204.160.0/20 maxlen: 24
                          31.200.128.0/18 maxlen: 24
                          89.204.192.0/18 maxlen: 24
                          92.251.240.0/21 maxlen: 24
                          213.191.224.0/19 maxlen: 24
                          178.167.128.0/17 maxlen: 24
                          95.83.229.0/24 maxlen: 24
                          92.251.128.0/17 maxlen: 24
                          62.40.32.0/19 maxlen: 24
                          80.233.0.0/17 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:86:df:b4:73:0b:98:0f:74:86:f2:b8:77:b6:e4:58:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1acf260d23263a7c6bb6c59c19eebc6759b60be
        Validity
            Not Before: Jan  6 11:38:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8ae2dacfbd07a07aba0f25757b53c9c0c72752e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:bc:9b:e4:d3:d2:82:46:1c:e7:a3:15:90:33:
                    10:57:a5:c8:f4:84:5b:0c:d9:d1:17:73:aa:50:bb:
                    23:4e:6f:ba:97:0a:12:2c:ca:7b:57:7a:dc:dd:94:
                    66:40:ba:8b:5c:f6:a8:a7:3b:44:c1:3a:c2:68:1c:
                    7f:55:c1:da:8f:b8:c0:4f:3a:33:53:93:8b:5b:53:
                    55:1b:ce:99:d0:bb:f0:12:84:ed:23:5f:77:bc:6e:
                    b9:fb:b6:e4:ab:ea:03:7b:96:ca:40:fe:46:a8:65:
                    57:33:46:d1:ff:c5:ca:3a:8d:95:34:bb:3f:2f:d7:
                    f4:1a:ee:06:94:40:9a:99:a2:34:d7:43:ea:66:0d:
                    6a:12:34:cf:cf:53:52:0c:5f:19:5d:ca:f6:85:43:
                    2e:21:8b:ec:42:1d:ed:a0:58:c4:9c:5f:d5:7d:e8:
                    7c:26:d9:70:d4:6a:37:e9:70:a5:29:03:9c:ee:e8:
                    3c:89:4d:52:54:6b:12:a9:8b:e0:88:05:9d:e0:d6:
                    d2:5a:f6:b0:a1:86:b3:c9:e4:ae:58:1f:a3:14:1f:
                    82:93:81:23:aa:40:de:ee:dd:49:bd:91:d1:22:9b:
                    76:09:53:7f:7e:cd:27:99:82:ac:72:96:83:f2:bb:
                    22:7c:b9:f8:6c:0e:da:62:42:8c:9b:fc:45:a0:e9:
                    ac:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:E2:DA:CF:BD:07:A0:7A:BA:0F:25:75:7B:53:C9:C0:C7:27:52:E6
            X509v3 Authority Key Identifier:
                keyid:C1:AC:F2:60:D2:32:63:A7:C6:BB:6C:59:C1:9E:EB:C6:75:9B:60:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wazyYNIyY6fGu2xZwZ7rxnWbYL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/iuLaz70HoHq6DyV1e1PJwMcnUuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d0c17a-19b7-4142-b941-ffd646d05f67/1/wazyYNIyY6fGu2xZwZ7rxnWbYL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.200.128.0/18
                  62.40.32.0/19
                  80.233.0.0/17
                  89.204.160.0-89.204.255.255
                  92.251.128.0/17
                  95.83.192.0/18
                  178.167.128.0/17
                  213.191.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         59:3f:2b:a5:99:e1:42:25:63:4c:24:b0:21:28:2f:d9:e9:57:
         2f:5b:e8:bf:c5:ac:c7:fc:4e:49:79:c5:42:aa:a9:5a:37:a7:
         d5:f8:59:3f:1f:94:d4:8a:a8:9e:cb:c7:8c:a9:2f:cd:0a:b0:
         8d:20:ab:ef:16:bf:81:06:ae:53:96:4d:1e:f6:a4:f7:ba:6a:
         07:16:ec:a1:34:f5:e7:cc:11:65:29:ee:a0:80:b0:19:5a:46:
         42:3c:d7:3f:55:62:02:9b:74:79:09:ba:ac:09:f9:db:9c:46:
         4b:5a:62:7f:fc:57:6d:9f:00:9a:af:e4:95:ac:59:24:64:2f:
         9c:b8:ad:6a:d0:c3:c3:69:d9:a9:9d:e6:56:93:85:b0:82:8e:
         8b:a8:90:18:b4:54:08:78:71:5d:0d:e1:a3:5c:c9:67:12:97:
         c8:2e:39:6d:f1:c7:3d:6e:57:b9:8e:8a:f7:ad:d9:32:5a:9d:
         5b:dd:80:67:30:89:aa:34:75:88:ba:37:f0:75:74:9d:4e:bf:
         dd:c1:b3:69:9d:56:c8:e1:55:98:72:38:d0:4b:be:44:a2:95:
         31:19:b6:3b:65:42:c3:fe:a2:c3:bf:88:32:5c:53:a0:4b:78:
         35:70:0c:d7:c5:e4:99:7c:83:f6:d7:92:58:4d:ed:d6:09:b4:
         f5:d6:e1:69
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYWG37RzC5gPdIbyuHe25FiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYWNmMjYwZDIzMjYzYTdjNmJiNmM1OWMxOWVlYmM2NzU5
YjYwYmUwHhcNMjMwMTA2MTEzODA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWUyZGFjZmJkMDdhMDdhYmEwZjI1NzU3YjUzYzljMGM3Mjc1MmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLyb5NPSgkYc56MVkDMQV6XI9IRb
DNnRF3OqULsjTm+6lwoSLMp7V3rc3ZRmQLqLXPaopztEwTrCaBx/VcHaj7jATzoz
U5OLW1NVG86Z0LvwEoTtI193vG65+7bkq+oDe5bKQP5GqGVXM0bR/8XKOo2VNLs/
L9f0Gu4GlECamaI010PqZg1qEjTPz1NSDF8ZXcr2hUMuIYvsQh3toFjEnF/Vfeh8
Jtlw1Go36XClKQOc7ug8iU1SVGsSqYvgiAWd4NbSWvawoYazyeSuWB+jFB+Ck4Ej
qkDe7t1JvZHRIpt2CVN/fs0nmYKscpaD8rsifLn4bA7aYkKMm/xFoOmsFQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFIri2s+9B6B6ug8ldXtTycDHJ1LmMB8GA1UdIwQY
MBaAFMGs8mDSMmOnxrtsWcGe68Z1m2C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2F6eVlOSXlZNmZHdTJ4WndaN3J4bldiWUw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9kMGMxN2EtMTliNy00MTQyLWI5NDEt
ZmZkNjQ2ZDA1ZjY3LzEvaXVMYXo3MEhvSHE2RHlWMWUxUEp3TWNuVXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9kMGMxN2EtMTliNy00MTQyLWI5NDEtZmZkNjQ2ZDA1ZjY3
LzEvd2F6eVlOSXlZNmZHdTJ4WndaN3J4bldiWUw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzA9BAIAATA3AwQGH8iAAwQF
PiggAwQHUOkAMAsDBAVZzKADAwBZzAMEB1z7gAMEBl9TwAMEB7KngAMEBdW/4DAN
BgkqhkiG9w0BAQsFAAOCAQEAWT8rpZnhQiVjTCSwISgv2elXL1vov8Wsx/xOSXnF
QqqpWjen1fhZPx+U1IqonsvHjKkvzQqwjSCr7xa/gQauU5ZNHvak97pqBxbsoTT1
58wRZSnuoICwGVpGQjzXP1ViApt0eQm6rAn525xGS1pif/xXbZ8Amq/klaxZJGQv
nLitatDDw2nZqZ3mVpOFsIKOi6iQGLRUCHhxXQ3ho1zJZxKXyC45bfHHPW5XuY6K
963ZMlqdW92AZzCJqjR1iLo38HV0nU6/3cGzaZ1WyOFVmHI40Eu+RKKVMRm2O2VC
w/6iw7+IMlxToEt4NXAM18XkmXyD9teSWE3t1gm09dbhaQ==
-----END CERTIFICATE-----