Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/zfHyAwYdskzBRc6cl40Q2dqNkbE.roa
File:                     zfHyAwYdskzBRc6cl40Q2dqNkbE.roa (raw, json)
Hash identifier:          91WpeMGhPD9HJoRA4vMQZCgr5NtenoMciwvyFHQzuZw=
Subject key identifier:   CD:F1:F2:03:06:1D:B2:4C:C1:45:CE:9C:97:8D:10:D9:DA:8D:91:B1
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018794B151DE2C854547BB7DD8566E453E38
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/zfHyAwYdskzBRc6cl40Q2dqNkbE.roa
Signing time:             Tue 18 Apr 2023 14:07:41 +0000
ROA not before:           Tue 18 Apr 2023 14:07:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202553
IP address blocks:        147.181.12.0/22 maxlen: 24
                          147.181.16.0/23 maxlen: 24
                          147.181.32.0/22 maxlen: 24
                          147.181.36.0/22 maxlen: 24
                          147.181.44.0/22 maxlen: 24
                          147.181.4.0/22 maxlen: 24
                          147.181.8.0/22 maxlen: 24
                          2a04:9a00:100e::/48 maxlen: 48
                          2a04:9a00:1002::/48 maxlen: 48
                          2a04:9a00:1003::/48 maxlen: 48
                          2a04:9a00:1006::/48 maxlen: 48
                          2a04:9a00:1001::/48 maxlen: 48
                          2a04:9a00:1007::/48 maxlen: 48
                          2a04:9a00:1005::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:94:b1:51:de:2c:85:45:47:bb:7d:d8:56:6e:45:3e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Apr 18 14:07:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cdf1f203061db24cc145ce9c978d10d9da8d91b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:79:dd:2a:fe:27:f6:3d:37:3d:c6:3b:cc:e8:
                    44:6a:4d:19:8b:84:96:93:63:d7:ab:88:2e:80:31:
                    43:73:a6:13:39:93:1c:eb:3a:49:02:4e:91:d7:13:
                    48:39:6f:2b:f8:29:76:31:12:0f:2c:ee:cb:71:20:
                    29:7d:04:92:96:2e:ca:3b:73:8b:9b:ed:ba:54:f4:
                    98:3d:d2:92:99:b4:36:4d:28:d5:59:db:7a:5c:51:
                    7c:8f:52:e9:cf:84:5b:2c:e0:07:4f:7a:21:74:29:
                    98:fe:b5:41:51:65:3c:94:bb:74:24:f9:25:14:03:
                    43:43:67:fa:e0:e6:a5:ba:d8:64:b0:ee:ae:57:09:
                    16:f4:c2:1c:95:72:00:34:1b:a8:db:0d:b5:3e:50:
                    cf:c8:a6:06:ea:a8:19:ae:97:f4:ff:3a:07:9b:ec:
                    b9:18:9d:60:60:5c:27:19:46:2b:cd:9b:e7:fe:30:
                    00:4b:1b:5c:99:be:10:73:95:a7:fb:83:90:54:97:
                    93:e1:d1:0a:b8:ca:3c:d2:f9:0c:b6:91:cf:8d:32:
                    c2:02:59:c6:8b:13:9b:b7:2b:6c:96:f3:20:3f:79:
                    4d:bb:53:42:c0:fd:ce:d6:04:fe:d6:0b:e7:0f:00:
                    f6:f8:a4:72:92:e4:2d:7b:ac:10:f2:e0:f6:47:83:
                    ab:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F1:F2:03:06:1D:B2:4C:C1:45:CE:9C:97:8D:10:D9:DA:8D:91:B1
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/zfHyAwYdskzBRc6cl40Q2dqNkbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.181.4.0-147.181.17.255
                  147.181.32.0/21
                  147.181.44.0/22
                IPv6:
                  2a04:9a00:1001::-2a04:9a00:1003:ffff:ffff:ffff:ffff:ffff
                  2a04:9a00:1005::-2a04:9a00:1007:ffff:ffff:ffff:ffff:ffff
                  2a04:9a00:100e::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:53:df:48:e7:57:41:70:17:7b:e8:1f:f5:22:f5:55:d5:2b:
         8e:e1:0a:97:7c:5e:d1:2e:2f:36:40:d1:8b:06:95:e2:5a:fa:
         1d:74:6f:33:b4:cc:a4:86:a2:e1:ce:0a:9b:a9:59:e9:3d:59:
         cb:91:76:76:4e:0d:90:0e:b9:c2:a5:a5:a3:75:5d:5e:71:7c:
         e4:91:1c:ae:61:c6:15:aa:07:19:10:67:84:c3:b6:36:53:8f:
         59:97:9d:63:44:b5:74:e2:0a:6b:76:77:3b:59:b6:a5:04:1e:
         0d:64:b1:de:0d:82:9b:7d:0c:bc:33:3a:03:6d:87:b0:42:22:
         fc:be:c5:f9:b4:a6:57:01:14:d2:19:3e:7e:9f:83:55:c8:42:
         45:d5:4c:83:33:ec:d6:b2:f2:24:d6:bc:16:1e:2f:d6:34:b1:
         83:43:17:42:85:be:9a:45:ee:bb:70:e2:25:cf:d6:a6:09:57:
         08:d8:97:a2:09:6a:e6:86:cd:30:91:21:39:dd:8a:69:9d:1c:
         ea:4d:39:a0:aa:d2:81:70:3e:6b:1b:1a:06:c6:b7:ec:72:df:
         35:d6:b9:8a:50:a6:50:67:0c:ba:75:df:f6:57:d3:87:d5:55:
         d3:d1:13:9e:9f:71:7a:b0:94:92:ee:74:b0:3f:34:c8:ca:e2:
         c1:10:5c:60
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYeUsVHeLIVFR7t92FZuRT44MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjMwNDE4MTQwNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGYxZjIwMzA2MWRiMjRjYzE0NWNlOWM5NzhkMTBkOWRhOGQ5MWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnndKv4n9j03PcY7zOhEak0Zi4SW
k2PXq4gugDFDc6YTOZMc6zpJAk6R1xNIOW8r+Cl2MRIPLO7LcSApfQSSli7KO3OL
m+26VPSYPdKSmbQ2TSjVWdt6XFF8j1Lpz4RbLOAHT3ohdCmY/rVBUWU8lLt0JPkl
FANDQ2f64OaluthksO6uVwkW9MIclXIANBuo2w21PlDPyKYG6qgZrpf0/zoHm+y5
GJ1gYFwnGUYrzZvn/jAASxtcmb4Qc5Wn+4OQVJeT4dEKuMo80vkMtpHPjTLCAlnG
ixObtytslvMgP3lNu1NCwP3O1gT+1gvnDwD2+KRykuQte6wQ8uD2R4OrqwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFM3x8gMGHbJMwUXOnJeNENnajZGxMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvemZIeUF3WWRza3pCUmM2Y2w0MFEyZHFOa2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzAgBAIAATAaMAwDBAKTtQQD
BAGTtRADBAOTtSADBAKTtSwwNwQCAAIwMTASAwcAKgSaABABAwcCKgSaABAAMBID
BwAqBJoAEAUDBwMqBJoAEAADBwAqBJoAEA4wDQYJKoZIhvcNAQELBQADggEBAJtT
30jnV0FwF3voH/Ui9VXVK47hCpd8XtEuLzZA0YsGleJa+h10bzO0zKSGouHOCpup
Wek9WcuRdnZODZAOucKlpaN1XV5xfOSRHK5hxhWqBxkQZ4TDtjZTj1mXnWNEtXTi
Cmt2dztZtqUEHg1ksd4Ngpt9DLwzOgNth7BCIvy+xfm0plcBFNIZPn6fg1XIQkXV
TIMz7Nay8iTWvBYeL9Y0sYNDF0KFvppF7rtw4iXP1qYJVwjYl6IJauaGzTCRITnd
immdHOpNOaCq0oFwPmsbGgbGt+xy3zXWuYpQplBnDLp13/ZX04fVVdPRE56fcXqw
lJLudLA/NMjK4sEQXGA=
-----END CERTIFICATE-----