Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/7oQqrfh7BN7oJSHpsDGcw04pJFY.roa
File:                     7oQqrfh7BN7oJSHpsDGcw04pJFY.roa (raw, json)
Hash identifier:          5f0rSOXe01/GsuwkGCAZWhs9BAiV366IbMg5bRqSf/Q=
Subject key identifier:   EE:84:2A:AD:F8:7B:04:DE:E8:25:21:E9:B0:31:9C:C3:4E:29:24:56
Certificate issuer:       /CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
Certificate serial:       018940D3D465652AB9A27151EB7D6F1B735D
Authority key identifier: 19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/7oQqrfh7BN7oJSHpsDGcw04pJFY.roa
Signing time:             Mon 10 Jul 2023 17:22:51 +0000
ROA not before:           Mon 10 Jul 2023 17:22:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13213
IP address blocks:        176.67.160.0/20 maxlen: 24
                          185.7.224.0/22 maxlen: 24
                          176.67.169.0/24 maxlen: 24
                          109.123.64.0/18 maxlen: 24
                          83.170.64.0/18 maxlen: 24
                          82.163.72.0/21 maxlen: 24
                          88.202.224.0/21 maxlen: 24
                          77.92.64.0/19 maxlen: 24
                          31.24.224.0/21 maxlen: 24
                          91.109.240.0/21 maxlen: 24
                          37.123.112.0/21 maxlen: 24
                          46.23.64.0/20 maxlen: 24
                          37.123.114.0/23 maxlen: 24
                          46.23.74.0/24 maxlen: 24
                          88.202.176.0/20 maxlen: 24
                          2a02:2498:8000::/40 maxlen: 40
                          2a02:2498::/32 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:40:d3:d4:65:65:2a:b9:a2:71:51:eb:7d:6f:1b:73:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
        Validity
            Not Before: Jul 10 17:22:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ee842aadf87b04dee82521e9b0319cc34e292456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f6:24:a0:1f:1f:4a:bb:bc:d1:25:c3:20:fc:
                    97:b6:ad:4e:a8:4a:91:f3:ec:56:d9:33:f7:4f:3e:
                    18:d5:be:a9:29:46:68:19:b4:0b:7b:f3:45:9b:e4:
                    60:17:29:80:92:0a:21:b2:b1:82:7d:1c:c4:1d:e1:
                    f4:b2:40:a7:dc:09:31:95:e7:6f:a0:3f:a6:95:5f:
                    81:c2:2e:ab:a4:9e:71:b5:9e:e7:fb:37:5b:c0:45:
                    e0:36:3a:82:1b:c9:39:97:4c:1b:c0:b0:0c:63:a3:
                    e4:36:d6:cc:5d:d0:dd:45:75:cf:98:e6:08:0b:e7:
                    1e:40:53:f2:41:e0:72:94:15:c8:2e:4e:30:a9:60:
                    a7:6e:1e:c7:11:e7:d5:3e:f0:a4:03:18:b7:c4:77:
                    ac:0c:4e:eb:e1:4a:32:cf:b1:5e:b5:00:16:5b:ee:
                    e5:8d:7a:1d:b6:c8:84:c5:e3:4d:d5:c0:33:2f:7e:
                    d0:96:bd:86:47:a8:3a:df:7c:09:ef:7e:66:1f:51:
                    0e:f2:d9:fb:d5:89:80:22:2f:87:81:84:aa:16:11:
                    29:fb:a8:87:ae:da:c3:06:d9:bc:4e:26:dd:48:dc:
                    64:2a:d3:a6:2b:e8:e8:4f:26:c4:fc:36:c3:a8:74:
                    84:c4:fa:3b:92:6b:d1:2d:65:13:c1:d2:c9:f1:9a:
                    1e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:84:2A:AD:F8:7B:04:DE:E8:25:21:E9:B0:31:9C:C3:4E:29:24:56
            X509v3 Authority Key Identifier:
                keyid:19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/7oQqrfh7BN7oJSHpsDGcw04pJFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.224.0/21
                  37.123.112.0/21
                  46.23.64.0/20
                  77.92.64.0/19
                  82.163.72.0/21
                  83.170.64.0/18
                  88.202.176.0/20
                  88.202.224.0/21
                  91.109.240.0/21
                  109.123.64.0/18
                  176.67.160.0/20
                  185.7.224.0/22
                IPv6:
                  2a02:2498::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:50:6b:72:b4:d9:7c:66:ab:4a:9f:62:07:91:cd:de:7e:85:
         a9:d0:66:1f:da:62:4d:54:94:29:3e:6d:cd:9f:9a:39:9a:08:
         0f:d9:9f:e3:fc:82:99:a3:32:bc:56:2b:9b:7c:4a:20:09:63:
         43:a8:8d:7e:06:9e:43:69:28:f5:29:e7:2d:2d:3f:53:d8:37:
         70:19:d9:1f:6e:0d:d2:75:75:25:48:fe:fb:0c:ab:ab:75:1b:
         03:b2:31:ff:08:f9:0a:0b:7e:12:a8:1a:90:08:e8:0b:c6:f0:
         57:73:d3:fb:bd:26:96:7b:3d:0a:e8:b4:60:9f:ac:eb:d3:65:
         ac:36:5d:a4:51:64:cf:9c:81:ea:fd:54:0b:52:36:d3:04:e7:
         fc:e7:9d:8c:ac:44:1f:5b:a9:dd:38:49:82:3a:ce:ce:0a:cb:
         ee:5f:51:7f:f0:56:dc:7f:42:76:51:23:2a:6d:ec:c8:05:0d:
         f8:a9:56:f7:6e:8f:0f:51:0f:55:01:a5:d1:7c:82:a6:02:3a:
         08:31:93:d6:95:b8:7f:61:25:04:e9:7d:f0:20:e5:f1:03:89:
         41:5f:9f:93:aa:ec:ba:c5:a3:69:07:d8:58:7e:23:cc:9b:48:
         e9:9b:00:93:f0:b5:c2:01:e4:c8:5f:d5:f3:95:29:b8:eb:7d:
         10:f9:c6:8a
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYlA09RlZSq5onFR631vG3NdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZmZmZjI4OWYyZGFkMGZjMDg0NTZiMGJhZDU0ZDdiYTQ0
OWE0OTIwHhcNMjMwNzEwMTcyMjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTg0MmFhZGY4N2IwNGRlZTgyNTIxZTliMDMxOWNjMzRlMjkyNDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/YkoB8fSru80SXDIPyXtq1OqEqR
8+xW2TP3Tz4Y1b6pKUZoGbQLe/NFm+RgFymAkgohsrGCfRzEHeH0skCn3Akxledv
oD+mlV+Bwi6rpJ5xtZ7n+zdbwEXgNjqCG8k5l0wbwLAMY6PkNtbMXdDdRXXPmOYI
C+ceQFPyQeBylBXILk4wqWCnbh7HEefVPvCkAxi3xHesDE7r4Uoyz7FetQAWW+7l
jXodtsiExeNN1cAzL37Qlr2GR6g633wJ735mH1EO8tn71YmAIi+HgYSqFhEp+6iH
rtrDBtm8TibdSNxkKtOmK+joTybE/DbDqHSExPo7kmvRLWUTwdLJ8ZoejwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFO6EKq34ewTe6CUh6bAxnMNOKSRWMB8GA1UdIwQY
MBaAFBn//yifLa0PwIRWsLrVTXukSaSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMt
ZDUyNTcxOGFhNDRhLzEvN29RcXJmaDdCTjdvSlNIcHNER2N3MDRwSkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMtZDUyNTcxOGFhNDRh
LzEvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDHxjgAwQD
JXtwAwQELhdAAwQFTVxAAwQDUqNIAwQGU6pAAwQEWMqwAwQDWMrgAwQDW23wAwQG
bXtAAwQEsEOgAwQCuQfgMA0EAgACMAcDBQAqAiSYMA0GCSqGSIb3DQEBCwUAA4IB
AQCRUGtytNl8ZqtKn2IHkc3efoWp0GYf2mJNVJQpPm3Nn5o5mggP2Z/j/IKZozK8
ViubfEogCWNDqI1+Bp5DaSj1KectLT9T2DdwGdkfbg3SdXUlSP77DKurdRsDsjH/
CPkKC34SqBqQCOgLxvBXc9P7vSaWez0K6LRgn6zr02WsNl2kUWTPnIHq/VQLUjbT
BOf8552MrEQfW6ndOEmCOs7OCsvuX1F/8Fbcf0J2USMqbezIBQ34qVb3bo8PUQ9V
AaXRfIKmAjoIMZPWlbh/YSUE6X3wIOXxA4lBX5+Tquy6xaNpB9hYfiPMm0jpmwCT
8LXCAeTIX9XzlSm4630Q+caK
-----END CERTIFICATE-----