Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/CGrFhuzXLtr6yJzSbWoXyFPM1ys.roa
File:                     CGrFhuzXLtr6yJzSbWoXyFPM1ys.roa (raw, json)
Hash identifier:          //Mpo2xb74sPwuACnf6FKk2bbHwSWj3qYFtE2ebCNbQ=
Subject key identifier:   08:6A:C5:86:EC:D7:2E:DA:FA:C8:9C:D2:6D:6A:17:C8:53:CC:D7:2B
Certificate issuer:       /CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
Certificate serial:       018CA28424FD705C193A4843509DD3754B3B
Authority key identifier: D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/CGrFhuzXLtr6yJzSbWoXyFPM1ys.roa
Signing time:             Mon 25 Dec 2023 19:46:58 +0000
ROA not before:           Mon 25 Dec 2023 19:46:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42846
IP address blocks:        89.252.179.0/24 maxlen: 24
                          89.252.178.0/24 maxlen: 24
                          89.252.186.0/24 maxlen: 24
                          89.252.185.0/24 maxlen: 24
                          89.252.184.0/24 maxlen: 24
                          89.252.183.0/24 maxlen: 24
                          89.252.182.0/24 maxlen: 24
                          89.252.181.0/24 maxlen: 24
                          89.252.180.0/24 maxlen: 24
                          89.252.187.0/24 maxlen: 24
                          185.106.211.0/24 maxlen: 24
                          185.106.210.0/24 maxlen: 24
                          185.106.209.0/24 maxlen: 24
                          185.106.208.0/24 maxlen: 24
                          45.84.188.0/24 maxlen: 24
                          45.84.191.0/24 maxlen: 24
                          45.84.190.0/24 maxlen: 24
                          2a06:41c0:1::/48 maxlen: 48
                          2a06:41c0::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:a2:84:24:fd:70:5c:19:3a:48:43:50:9d:d3:75:4b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
        Validity
            Not Before: Dec 25 19:46:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=086ac586ecd72edafac89cd26d6a17c853ccd72b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:7e:66:12:37:4a:c3:fc:5d:f7:31:2f:d0:7b:
                    34:65:d7:35:d2:2c:03:b2:07:89:4c:16:66:ac:9d:
                    4a:ec:d1:43:4d:19:a1:a7:b2:43:43:ed:ee:f5:b2:
                    46:99:b8:c9:24:bf:8a:4c:1c:6a:ad:54:44:08:86:
                    1d:d5:24:89:75:d5:e3:26:b2:71:fb:82:60:38:d0:
                    a4:dd:09:e3:47:1e:9c:94:03:9a:97:42:05:7c:eb:
                    fb:63:18:b3:a2:6c:81:c2:4d:1b:9e:35:c6:d6:cf:
                    ae:83:9e:af:14:9c:1a:be:7f:b2:ce:e5:e5:65:02:
                    9e:17:65:fa:c1:68:45:32:bb:87:0b:2c:97:f9:dd:
                    e7:2e:57:bd:6b:66:c5:77:20:81:85:40:50:ff:49:
                    9d:1c:f2:20:9d:e2:61:d9:a9:0a:4a:98:dc:61:9e:
                    15:04:5a:67:c8:f7:2d:b9:62:f4:36:9c:fd:65:ea:
                    aa:68:74:cf:2a:3e:47:c0:fb:b7:b6:2b:a9:10:2d:
                    c2:ba:ab:bc:51:aa:46:50:b6:cc:b0:78:b5:c7:87:
                    bb:b9:ce:0e:81:8d:45:b2:7c:ae:4b:51:0a:68:c4:
                    28:ee:e2:a6:74:7a:3c:80:fd:70:45:ff:1c:29:a6:
                    47:1f:df:fe:17:9a:f6:78:ba:76:d6:7b:66:ba:a2:
                    41:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:6A:C5:86:EC:D7:2E:DA:FA:C8:9C:D2:6D:6A:17:C8:53:CC:D7:2B
            X509v3 Authority Key Identifier:
                keyid:D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/CGrFhuzXLtr6yJzSbWoXyFPM1ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/0coacGq8--G4WGUjjYQ17jPnWCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.188.0/24
                  45.84.190.0/23
                  89.252.178.0-89.252.187.255
                  185.106.208.0/22
                IPv6:
                  2a06:41c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         30:30:55:30:91:04:b6:0c:21:fe:86:85:f3:2a:db:63:58:b7:
         67:4c:4b:1c:54:5f:00:57:49:c3:ee:4f:09:10:60:b4:83:cd:
         bd:21:dd:2d:ce:ca:54:af:d5:fc:fd:80:9e:f7:57:96:3e:c0:
         b8:7b:18:ab:d3:65:6c:c7:7c:50:26:8d:dd:5a:bb:22:c0:4e:
         51:12:63:a8:da:a3:7c:6a:09:56:24:12:a9:78:da:41:17:3d:
         a8:16:34:85:30:7f:6d:01:0e:7b:b8:04:fd:43:50:ec:f3:91:
         6d:1f:b3:59:15:ce:af:68:a2:ec:e5:ea:98:72:41:34:e1:a7:
         75:3d:bd:46:2f:a4:5a:c2:0f:c7:17:a2:9c:da:58:b8:59:c9:
         1b:e8:01:23:9f:22:7d:31:80:8c:5c:04:11:06:01:c3:20:e7:
         15:07:96:05:96:ac:41:a6:8d:aa:29:3d:87:1a:2e:b2:70:00:
         0a:0e:21:ae:6a:10:fb:f8:49:1f:5e:a4:61:1c:8f:a0:dd:ee:
         dc:d4:35:05:ff:f5:06:87:91:fa:80:a9:a9:e7:6f:d3:50:b9:
         70:7a:e2:9e:58:f7:c0:a9:db:ee:1d:99:d3:d0:76:70:99:b0:
         68:5a:23:8f:88:3a:a7:64:8e:ee:53:bf:6c:d5:c9:89:1f:3e:
         08:cd:82:7d
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYyihCT9cFwZOkhDUJ3TdUs7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2ExYTcwNmFiY2ZiZTFiODU4NjUyMzhkODQzNWVlMzNl
NzU4MjAwHhcNMjMxMjI1MTk0NjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODZhYzU4NmVjZDcyZWRhZmFjODljZDI2ZDZhMTdjODUzY2NkNzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0X5mEjdKw/xd9zEv0Hs0Zdc10iwD
sgeJTBZmrJ1K7NFDTRmhp7JDQ+3u9bJGmbjJJL+KTBxqrVRECIYd1SSJddXjJrJx
+4JgONCk3QnjRx6clAOal0IFfOv7YxizomyBwk0bnjXG1s+ug56vFJwavn+yzuXl
ZQKeF2X6wWhFMruHCyyX+d3nLle9a2bFdyCBhUBQ/0mdHPIgneJh2akKSpjcYZ4V
BFpnyPctuWL0Npz9ZeqqaHTPKj5HwPu3tiupEC3Cuqu8UapGULbMsHi1x4e7uc4O
gY1FsnyuS1EKaMQo7uKmdHo8gP1wRf8cKaZHH9/+F5r2eLp21ntmuqJBQQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFAhqxYbs1y7a+sic0m1qF8hTzNcrMB8GA1UdIwQY
MBaAFNHKGnBqvPvhuFhlI42ENe4z51ggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzIt
ZThmN2ZkM2E0MDc4LzEvQ0dyRmh1elhMdHI2eUp6U2JXb1h5RlBNMXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzItZThmN2ZkM2E0MDc4
LzEvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQALVS8AwQB
LVS+MAwDBAFZ/LIDBAJZ/LgDBAK5atAwDwQCAAIwCQMHASoGQcAAADANBgkqhkiG
9w0BAQsFAAOCAQEAMDBVMJEEtgwh/oaF8yrbY1i3Z0xLHFRfAFdJw+5PCRBgtIPN
vSHdLc7KVK/V/P2AnvdXlj7AuHsYq9NlbMd8UCaN3Vq7IsBOURJjqNqjfGoJViQS
qXjaQRc9qBY0hTB/bQEOe7gE/UNQ7PORbR+zWRXOr2ii7OXqmHJBNOGndT29Ri+k
WsIPxxeinNpYuFnJG+gBI58ifTGAjFwEEQYBwyDnFQeWBZasQaaNqik9hxousnAA
Cg4hrmoQ+/hJH16kYRyPoN3u3NQ1Bf/1BoeR+oCpqedv01C5cHrinlj3wKnb7h2Z
09B2cJmwaFojj4g6p2SO7lO/bNXJiR8+CM2CfQ==
-----END CERTIFICATE-----