Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/JgB0Cf60LfK3Hi-v0JDgh4VEU4Q.roa
File:                     JgB0Cf60LfK3Hi-v0JDgh4VEU4Q.roa (raw, json)
Hash identifier:          2dwjfIUN5Gs/kx/e1INVdwAwpQ34nz25C6CLINpA7s8=
Subject key identifier:   26:00:74:09:FE:B4:2D:F2:B7:1E:2F:AF:D0:90:E0:87:85:44:53:84
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       018570D52F7D33D842A1693010797EBAECD5
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/JgB0Cf60LfK3Hi-v0JDgh4VEU4Q.roa
Signing time:             Mon 02 Jan 2023 04:54:57 +0000
ROA not before:           Mon 02 Jan 2023 04:54:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42926
IP address blocks:        84.17.64.0/24 maxlen: 24
                          195.128.38.0/24 maxlen: 24
                          195.128.36.0/24 maxlen: 24
                          195.128.34.0/24 maxlen: 24
                          195.128.33.0/24 maxlen: 24
                          195.128.32.0/24 maxlen: 24
                          195.128.39.0/24 maxlen: 24
                          193.254.253.0/24 maxlen: 24
                          193.254.252.0/24 maxlen: 24
                          84.17.66.0/24 maxlen: 24
                          84.17.77.0/24 maxlen: 24
                          84.17.82.0/24 maxlen: 24
                          84.17.81.0/24 maxlen: 24
                          84.17.80.0/24 maxlen: 24
                          84.17.85.0/24 maxlen: 24
                          84.17.94.0/24 maxlen: 24
                          84.17.92.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:d5:2f:7d:33:d8:42:a1:69:30:10:79:7e:ba:ec:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  2 04:54:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=26007409feb42df2b71e2fafd090e08785445384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:03:93:12:39:43:9d:31:89:da:c9:8b:1e:d2:
                    ed:cf:29:2c:b6:d3:a4:bc:5b:9c:3e:8d:c8:11:48:
                    b6:11:61:c2:2c:9d:82:69:e4:6b:05:64:63:06:cd:
                    4c:a9:ad:b6:1f:1e:14:c1:7d:f3:2a:4b:b8:28:e6:
                    42:d5:47:6c:be:11:b5:12:e3:e6:fb:9c:e0:ec:85:
                    08:51:69:79:3d:aa:a0:c5:e1:39:3a:b2:31:f3:6c:
                    98:a6:62:7a:da:d9:3f:31:59:aa:17:0b:09:5b:ea:
                    c8:c3:88:b6:f6:6b:ed:72:6a:d0:3b:a0:ac:cd:46:
                    d3:f6:32:db:ed:dd:e6:4f:50:5b:7e:f0:02:a0:bb:
                    d0:b4:4a:1b:fe:c0:ba:a3:00:ea:2b:f3:3e:8f:ef:
                    24:9e:f5:fc:c4:b0:bc:23:c8:b0:05:40:4d:ce:a7:
                    96:ab:aa:d7:e5:09:d2:58:34:74:ae:4d:d4:10:65:
                    07:68:87:9c:fa:c6:dc:bc:41:48:18:98:18:be:72:
                    22:4b:88:86:4a:34:21:b1:50:1c:b0:56:ed:c9:e1:
                    70:94:ad:fe:76:29:35:21:e4:58:d6:de:de:80:56:
                    9b:5b:d1:b2:29:b9:71:92:25:ed:ec:7e:7c:f4:30:
                    fc:23:25:1b:48:b1:e2:91:f6:07:89:4f:67:ad:63:
                    d9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:00:74:09:FE:B4:2D:F2:B7:1E:2F:AF:D0:90:E0:87:85:44:53:84
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/JgB0Cf60LfK3Hi-v0JDgh4VEU4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.64.0/24
                  84.17.66.0/24
                  84.17.77.0/24
                  84.17.80.0-84.17.82.255
                  84.17.85.0/24
                  84.17.92.0/24
                  84.17.94.0/24
                  193.254.252.0/23
                  195.128.32.0-195.128.34.255
                  195.128.36.0/24
                  195.128.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:49:69:f6:67:d0:38:19:e7:b3:03:6d:b5:a7:38:ba:31:81:
         bc:3e:9a:8b:a7:bb:92:92:44:15:af:9a:06:ef:61:c1:f9:30:
         7d:68:a3:35:62:c9:cd:cf:f4:4e:4d:55:a4:c5:ff:2e:06:5a:
         16:7e:f9:35:17:e7:f1:23:36:f3:c0:c9:12:c0:8c:75:ec:3a:
         99:10:c1:6a:7d:0b:bb:57:e7:54:8a:e5:42:9c:90:49:55:42:
         22:97:a9:8b:d0:5a:8f:46:0e:08:de:12:c3:54:be:26:be:74:
         71:cf:7d:97:34:ef:ae:f1:29:64:5f:1d:ed:4d:2a:89:9c:8f:
         ff:2f:ce:cf:9e:6f:7b:d5:e0:07:7d:c1:4b:f7:77:42:cf:97:
         2a:41:3e:44:45:40:41:1f:3c:07:d0:a3:3e:0c:99:f2:16:aa:
         4c:11:11:8c:e1:90:4c:40:78:03:76:e4:60:51:5e:cc:bd:51:
         20:c7:9b:bf:06:fa:08:28:93:8b:b0:25:3d:68:a1:a5:72:1f:
         63:0d:af:36:e7:36:54:24:13:ff:b3:78:2b:8a:ad:e2:15:0d:
         15:ba:52:40:3a:bd:55:f4:9c:1e:04:ce:fe:6e:c9:45:b2:a3:
         d6:a6:fe:79:a0:49:48:89:7c:c2:e4:c7:dc:41:54:1a:ec:33:
         34:a4:00:0d
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYVw1S99M9hCoWkwEHl+uuzVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjMwMTAyMDQ1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjAwNzQwOWZlYjQyZGYyYjcxZTJmYWZkMDkwZTA4Nzg1NDQ1Mzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQOTEjlDnTGJ2smLHtLtzyksttOk
vFucPo3IEUi2EWHCLJ2CaeRrBWRjBs1Mqa22Hx4UwX3zKku4KOZC1UdsvhG1EuPm
+5zg7IUIUWl5PaqgxeE5OrIx82yYpmJ62tk/MVmqFwsJW+rIw4i29mvtcmrQO6Cs
zUbT9jLb7d3mT1BbfvACoLvQtEob/sC6owDqK/M+j+8knvX8xLC8I8iwBUBNzqeW
q6rX5QnSWDR0rk3UEGUHaIec+sbcvEFIGJgYvnIiS4iGSjQhsVAcsFbtyeFwlK3+
dik1IeRY1t7egFabW9GyKblxkiXt7H589DD8IyUbSLHikfYHiU9nrWPZ+wIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFCYAdAn+tC3ytx4vr9CQ4IeFRFOEMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvSmdCMENmNjBMZkszSGktdjBKRGdoNFZFVTRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAVBFAAwQA
VBFCAwQAVBFNMAwDBARUEVADBABUEVIDBABUEVUDBABUEVwDBABUEV4DBAHB/vww
DAMEBcOAIAMEAMOAIgMEAMOAJAMEAcOAJjANBgkqhkiG9w0BAQsFAAOCAQEAWElp
9mfQOBnnswNttac4ujGBvD6ai6e7kpJEFa+aBu9hwfkwfWijNWLJzc/0Tk1VpMX/
LgZaFn75NRfn8SM288DJEsCMdew6mRDBan0Lu1fnVIrlQpyQSVVCIpepi9Baj0YO
CN4Sw1S+Jr50cc99lzTvrvEpZF8d7U0qiZyP/y/Oz55ve9XgB33BS/d3Qs+XKkE+
REVAQR88B9CjPgyZ8haqTBERjOGQTEB4A3bkYFFezL1RIMebvwb6CCiTi7AlPWih
pXIfYw2vNuc2VCQT/7N4K4qt4hUNFbpSQDq9VfScHgTO/m7JRbKj1qb+eaBJSIl8
wuTH3EFUGuwzNKQADQ==
-----END CERTIFICATE-----