Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/e27d71-efbc-47ef-9840-e74d8d1d4e02/1/K8SSF5ynfGWT0G_uaQTtosCqJxA.roa
File:                     K8SSF5ynfGWT0G_uaQTtosCqJxA.roa (raw, json)
Hash identifier:          qqwxzdvuZG0xhDBYyyPxizDJmz5b+wMgZvlBCg71lxI=
Subject key identifier:   2B:C4:92:17:9C:A7:7C:65:93:D0:6F:EE:69:04:ED:A2:C0:AA:27:10
Certificate issuer:       /CN=9b6b7b3ea60efb4a579a4f5e237ea7a88d3bc078
Certificate serial:       018571B0F91B939563B28688E695B774CC69
Authority key identifier: 9B:6B:7B:3E:A6:0E:FB:4A:57:9A:4F:5E:23:7E:A7:A8:8D:3B:C0:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m2t7PqYO-0pXmk9eI36nqI07wHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/e27d71-efbc-47ef-9840-e74d8d1d4e02/1/K8SSF5ynfGWT0G_uaQTtosCqJxA.roa
Signing time:             Mon 02 Jan 2023 08:55:01 +0000
ROA not before:           Mon 02 Jan 2023 08:55:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13110
IP address blocks:        194.24.164.0/23 maxlen: 23
                          94.127.104.0/21 maxlen: 21
                          80.87.32.0/20 maxlen: 20
                          109.173.128.0/17 maxlen: 17
                          185.44.172.0/22 maxlen: 22
                          85.221.128.0/17 maxlen: 17
                          151.249.80.0/21 maxlen: 21
                          46.228.80.0/20 maxlen: 20
                          77.65.0.0/17 maxlen: 17
                          195.160.180.0/23 maxlen: 23
                          62.21.0.0/17 maxlen: 17
                          88.151.136.0/21 maxlen: 21
                          46.238.64.0/18 maxlen: 18
                          185.14.72.0/22 maxlen: 22
                          2001:4020::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:b0:f9:1b:93:95:63:b2:86:88:e6:95:b7:74:cc:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b6b7b3ea60efb4a579a4f5e237ea7a88d3bc078
        Validity
            Not Before: Jan  2 08:55:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2bc492179ca77c6593d06fee6904eda2c0aa2710
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ee:ac:31:d8:c9:7e:be:ef:79:19:20:af:8a:
                    fa:fb:ea:54:8a:42:39:9a:ec:8a:5c:8c:1a:48:b3:
                    ee:b0:b9:8a:74:84:82:49:ba:6c:b0:70:2b:47:20:
                    16:f3:4d:99:61:6d:0a:08:9e:0a:ba:fd:5d:e1:ea:
                    73:42:4e:f1:6f:22:ec:64:75:1f:48:4f:1f:12:0e:
                    6b:8b:11:c2:59:fe:10:9b:75:52:39:e4:d9:06:fa:
                    04:7f:e8:dc:b7:72:84:22:b8:ee:f7:45:38:6a:f3:
                    da:92:ab:aa:c7:1c:0a:1c:36:73:1e:ce:ca:9b:40:
                    5e:c9:e8:23:01:9f:b7:8c:f1:f2:c4:0d:7d:1f:16:
                    03:a0:81:21:3f:85:d7:78:31:15:b1:bb:92:8f:70:
                    7d:65:75:40:64:5a:16:63:ca:04:73:be:f4:8f:f4:
                    e4:66:72:af:80:1e:db:ae:f2:86:95:dc:e4:ef:e4:
                    d6:9e:e9:85:79:38:50:9b:fb:83:f9:7b:1c:72:79:
                    7f:30:7c:af:57:49:3d:f9:30:f6:a2:4e:65:79:43:
                    b2:5f:e2:67:d1:d7:12:fd:64:3e:96:e3:1b:a7:f5:
                    94:32:49:95:6b:b0:e0:18:fd:b9:e3:88:79:83:1d:
                    ad:db:d5:6f:51:5a:17:88:7f:36:76:51:0c:51:05:
                    0a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:C4:92:17:9C:A7:7C:65:93:D0:6F:EE:69:04:ED:A2:C0:AA:27:10
            X509v3 Authority Key Identifier:
                keyid:9B:6B:7B:3E:A6:0E:FB:4A:57:9A:4F:5E:23:7E:A7:A8:8D:3B:C0:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m2t7PqYO-0pXmk9eI36nqI07wHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/e27d71-efbc-47ef-9840-e74d8d1d4e02/1/K8SSF5ynfGWT0G_uaQTtosCqJxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/e27d71-efbc-47ef-9840-e74d8d1d4e02/1/m2t7PqYO-0pXmk9eI36nqI07wHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.228.80.0/20
                  46.238.64.0/18
                  62.21.0.0/17
                  77.65.0.0/17
                  80.87.32.0/20
                  85.221.128.0/17
                  88.151.136.0/21
                  94.127.104.0/21
                  109.173.128.0/17
                  151.249.80.0/21
                  185.14.72.0/22
                  185.44.172.0/22
                  194.24.164.0/23
                  195.160.180.0/23
                IPv6:
                  2001:4020::/32

    Signature Algorithm: sha256WithRSAEncryption
         be:20:32:bd:ba:44:9f:52:c7:83:9f:60:4a:73:8a:fc:bc:9c:
         34:8a:f1:78:5f:71:87:36:4f:cf:89:49:3d:b5:06:bf:24:b3:
         75:c7:a4:d3:81:72:09:17:8d:0a:5f:75:89:ce:23:18:94:53:
         97:ca:e7:6a:56:74:8c:7b:29:4a:71:cf:93:63:b7:fb:5f:d7:
         58:09:75:52:da:8a:c6:4d:0f:85:46:95:cd:62:fe:f1:35:9a:
         63:69:67:6f:30:60:e4:cc:69:3d:1c:f0:ef:0f:d2:56:b8:bb:
         3f:f4:d6:6a:d9:86:a3:ea:5d:cb:ff:a6:d4:cd:25:e2:4b:80:
         94:c9:82:ac:da:40:36:3e:03:22:b7:a3:df:44:4e:6a:3d:32:
         77:80:dc:d6:f7:e8:92:0f:83:b7:41:fe:5d:cf:1e:84:0e:f1:
         33:2e:ba:01:51:fb:84:38:47:06:00:e3:bb:5a:3e:de:5a:a3:
         25:1c:5d:08:15:f9:30:19:47:fa:a7:86:1f:52:58:cf:7d:71:
         e3:17:59:56:45:01:57:aa:5d:e4:38:d5:71:0a:ef:07:f2:bc:
         78:ce:0d:8b:b8:96:b6:0d:cf:3f:31:61:d8:83:fa:5d:5f:51:
         01:2c:aa:b8:94:69:d8:46:b6:00:f7:bb:c5:22:70:81:9e:b8:
         96:ea:56:ec
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAYVxsPkbk5VjsoaI5pW3dMxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNmI3YjNlYTYwZWZiNGE1NzlhNGY1ZTIzN2VhN2E4OGQz
YmMwNzgwHhcNMjMwMTAyMDg1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmM0OTIxNzljYTc3YzY1OTNkMDZmZWU2OTA0ZWRhMmMwYWEyNzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAne6sMdjJfr7veRkgr4r6++pUikI5
muyKXIwaSLPusLmKdISCSbpssHArRyAW802ZYW0KCJ4Kuv1d4epzQk7xbyLsZHUf
SE8fEg5rixHCWf4Qm3VSOeTZBvoEf+jct3KEIrju90U4avPakquqxxwKHDZzHs7K
m0BeyegjAZ+3jPHyxA19HxYDoIEhP4XXeDEVsbuSj3B9ZXVAZFoWY8oEc770j/Tk
ZnKvgB7brvKGldzk7+TWnumFeThQm/uD+Xsccnl/MHyvV0k9+TD2ok5leUOyX+Jn
0dcS/WQ+luMbp/WUMkmVa7DgGP2544h5gx2t29VvUVoXiH82dlEMUQUKCQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFCvEkhecp3xlk9Bv7mkE7aLAqicQMB8GA1UdIwQY
MBaAFJtrez6mDvtKV5pPXiN+p6iNO8B4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTJ0N1BxWU8tMHBYbWs5ZUkzNm5xSTA3d0hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9lMjdkNzEtZWZiYy00N2VmLTk4NDAt
ZTc0ZDhkMWQ0ZTAyLzEvSzhTU0Y1eW5mR1dUMEdfdWFRVHRvc0NxSnhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9lMjdkNzEtZWZiYy00N2VmLTk4NDAtZTc0ZDhkMWQ0ZTAy
LzEvbTJ0N1BxWU8tMHBYbWs5ZUkzNm5xSTA3d0hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQELuRQAwQG
Lu5AAwQHPhUAAwQHTUEAAwQEUFcgAwQHVd2AAwQDWJeIAwQDXn9oAwQHba2AAwQD
l/lQAwQCuQ5IAwQCuSysAwQBwhikAwQBw6C0MA0EAgACMAcDBQAgAUAgMA0GCSqG
SIb3DQEBCwUAA4IBAQC+IDK9ukSfUseDn2BKc4r8vJw0ivF4X3GHNk/PiUk9tQa/
JLN1x6TTgXIJF40KX3WJziMYlFOXyudqVnSMeylKcc+TY7f7X9dYCXVS2orGTQ+F
RpXNYv7xNZpjaWdvMGDkzGk9HPDvD9JWuLs/9NZq2Yaj6l3L/6bUzSXiS4CUyYKs
2kA2PgMit6PfRE5qPTJ3gNzW9+iSD4O3Qf5dzx6EDvEzLroBUfuEOEcGAOO7Wj7e
WqMlHF0IFfkwGUf6p4YfUljPfXHjF1lWRQFXql3kONVxCu8H8rx4zg2LuJa2Dc8/
MWHYg/pdX1EBLKq4lGnYRrYA97vFInCBnriW6lbs
-----END CERTIFICATE-----