Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/3t9XJWgk6fiPujj_RNJYDq4toHQ.roa
File:                     3t9XJWgk6fiPujj_RNJYDq4toHQ.roa (raw, json)
Hash identifier:          E4UXb7csQNhYyLhno1r2+At62+SVRu3SDBIjNCkMz5U=
Subject key identifier:   DE:DF:57:25:68:24:E9:F8:8F:BA:38:FF:44:D2:58:0E:AE:2D:A0:74
Certificate issuer:       /CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
Certificate serial:       0189AB61999AAF18687BB72B771E32A48AA9
Authority key identifier: D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/3t9XJWgk6fiPujj_RNJYDq4toHQ.roa
Signing time:             Mon 31 Jul 2023 09:57:27 +0000
ROA not before:           Mon 31 Jul 2023 09:57:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42846
IP address blocks:        89.252.179.0/24 maxlen: 24
                          89.252.178.0/24 maxlen: 24
                          89.252.186.0/24 maxlen: 24
                          89.252.185.0/24 maxlen: 24
                          89.252.181.0/24 maxlen: 24
                          89.252.180.0/24 maxlen: 24
                          89.252.187.0/24 maxlen: 24
                          185.106.211.0/24 maxlen: 24
                          185.106.210.0/24 maxlen: 24
                          185.106.209.0/24 maxlen: 24
                          185.106.208.0/24 maxlen: 24
                          45.84.188.0/24 maxlen: 24
                          45.84.191.0/24 maxlen: 24
                          45.84.190.0/24 maxlen: 24
                          2a06:41c0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ab:61:99:9a:af:18:68:7b:b7:2b:77:1e:32:a4:8a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
        Validity
            Not Before: Jul 31 09:57:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dedf57256824e9f88fba38ff44d2580eae2da074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:04:df:0d:84:09:f6:a6:d0:fb:05:10:ef:51:
                    1a:c0:f1:9c:bc:77:ba:17:53:05:3b:4e:5f:90:c9:
                    e6:1b:e4:b1:12:89:2b:96:c4:ff:51:54:e7:03:c8:
                    3e:0b:63:b7:10:8c:7a:09:cb:ed:bf:35:1f:a8:b5:
                    a4:27:96:4e:28:ea:2c:dc:72:97:6b:a7:f4:d2:5a:
                    1d:18:fb:27:9c:ba:4e:3e:ff:8f:67:65:5b:59:8b:
                    00:64:e2:31:e2:7d:1d:6c:42:7c:ec:86:84:a4:ac:
                    56:f3:f8:75:66:d1:b7:81:20:7b:6c:8c:7f:33:7d:
                    62:e1:33:f6:67:34:c4:d2:4a:25:47:1e:68:46:ba:
                    bd:55:96:06:5f:03:4c:a4:78:93:5f:ec:62:2f:d5:
                    20:02:da:c6:ed:3f:95:92:e5:ec:45:51:62:20:ac:
                    b3:ff:91:44:f7:01:ea:4b:94:90:cf:4f:42:c0:6c:
                    3e:71:d6:21:a9:6e:03:6d:e8:8f:5f:40:16:f7:56:
                    5b:47:1f:6e:59:45:0b:f2:bd:e6:74:92:1b:2b:a1:
                    d8:af:ca:ff:fd:04:3f:55:1b:a0:d8:91:31:6e:3f:
                    fc:34:85:47:26:a1:43:d7:a6:5c:3c:64:27:cd:71:
                    6f:c0:1d:df:52:ef:4e:6a:2a:8d:e8:7e:99:52:10:
                    08:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:DF:57:25:68:24:E9:F8:8F:BA:38:FF:44:D2:58:0E:AE:2D:A0:74
            X509v3 Authority Key Identifier:
                keyid:D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/3t9XJWgk6fiPujj_RNJYDq4toHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/0coacGq8--G4WGUjjYQ17jPnWCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.188.0/24
                  45.84.190.0/23
                  89.252.178.0-89.252.181.255
                  89.252.185.0-89.252.187.255
                  185.106.208.0/22
                IPv6:
                  2a06:41c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:07:bc:c3:a7:d8:d4:c1:d4:27:4f:0b:fb:a4:76:31:3a:81:
         24:49:b5:24:9d:ec:aa:ed:f3:d2:c6:8d:73:3e:94:93:ec:13:
         11:84:38:ac:f8:ca:6d:e2:9c:f8:fa:5b:b3:77:c8:19:4b:55:
         f7:21:90:8b:aa:d2:f3:31:7d:b4:03:4b:aa:0a:a7:d5:d9:53:
         3b:88:52:c0:92:32:17:c5:48:05:e3:95:2f:28:95:a7:2a:e2:
         ab:f7:21:f4:71:a4:17:c5:0c:e8:2c:7a:9b:49:b2:e1:c5:ac:
         78:66:92:63:ea:d5:21:3b:74:39:13:21:d8:0e:5b:6e:42:b3:
         f9:18:dc:4a:8c:d7:9d:30:b4:8d:4b:1a:b6:0b:4d:a1:9d:6d:
         2e:85:28:f6:18:5a:f5:d9:c2:76:94:6a:7e:06:0a:e6:a6:af:
         c7:71:4d:dc:88:3c:ab:b7:c4:0c:6f:39:11:ec:78:dc:fa:cd:
         c4:e6:d3:de:e8:1d:12:f2:48:64:2a:36:be:a3:81:d3:c6:c6:
         95:f6:27:63:24:85:23:ab:06:ee:4b:98:e6:4d:a2:dc:99:e9:
         ed:dc:2f:a7:ff:7c:6e:94:d8:05:31:37:09:c5:41:18:fa:5d:
         e0:a4:6e:76:f7:03:3e:9f:36:3d:8f:8d:fe:16:3f:f5:50:3d:
         34:f8:90:61
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYmrYZmarxhoe7crdx4ypIqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2ExYTcwNmFiY2ZiZTFiODU4NjUyMzhkODQzNWVlMzNl
NzU4MjAwHhcNMjMwNzMxMDk1NzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWRmNTcyNTY4MjRlOWY4OGZiYTM4ZmY0NGQyNTgwZWFlMmRhMDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjATfDYQJ9qbQ+wUQ71EawPGcvHe6
F1MFO05fkMnmG+SxEokrlsT/UVTnA8g+C2O3EIx6CcvtvzUfqLWkJ5ZOKOos3HKX
a6f00lodGPsnnLpOPv+PZ2VbWYsAZOIx4n0dbEJ87IaEpKxW8/h1ZtG3gSB7bIx/
M31i4TP2ZzTE0kolRx5oRrq9VZYGXwNMpHiTX+xiL9UgAtrG7T+VkuXsRVFiIKyz
/5FE9wHqS5SQz09CwGw+cdYhqW4DbeiPX0AW91ZbRx9uWUUL8r3mdJIbK6HYr8r/
/QQ/VRug2JExbj/8NIVHJqFD16ZcPGQnzXFvwB3fUu9OaiqN6H6ZUhAIMQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFN7fVyVoJOn4j7o4/0TSWA6uLaB0MB8GA1UdIwQY
MBaAFNHKGnBqvPvhuFhlI42ENe4z51ggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzIt
ZThmN2ZkM2E0MDc4LzEvM3Q5WEpXZ2s2ZmlQdWpqX1JOSllEcTR0b0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzItZThmN2ZkM2E0MDc4
LzEvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA0BAIAATAuAwQALVS8AwQB
LVS+MAwDBAFZ/LIDBAFZ/LQwDAMEAFn8uQMEAln8uAMEArlq0DAPBAIAAjAJAwcA
KgZBwAABMA0GCSqGSIb3DQEBCwUAA4IBAQAlB7zDp9jUwdQnTwv7pHYxOoEkSbUk
neyq7fPSxo1zPpST7BMRhDis+Mpt4pz4+luzd8gZS1X3IZCLqtLzMX20A0uqCqfV
2VM7iFLAkjIXxUgF45UvKJWnKuKr9yH0caQXxQzoLHqbSbLhxax4ZpJj6tUhO3Q5
EyHYDltuQrP5GNxKjNedMLSNSxq2C02hnW0uhSj2GFr12cJ2lGp+Bgrmpq/HcU3c
iDyrt8QMbzkR7Hjc+s3E5tPe6B0S8khkKja+o4HTxsaV9idjJIUjqwbuS5jmTaLc
ment3C+n/3xulNgFMTcJxUEY+l3gpG529wM+nzY9j43+Fj/1UD00+JBh
-----END CERTIFICATE-----