Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/jtzLUKFE1fmINbLAYU22Dl20F2M.roa
File:                     jtzLUKFE1fmINbLAYU22Dl20F2M.roa (raw, json)
Hash identifier:          2dYaJG2BfcZBCIKjZNdXL2astXmL5WpUkoNgk+sPpuQ=
Subject key identifier:   8E:DC:CB:50:A1:44:D5:F9:88:35:B2:C0:61:4D:B6:0E:5D:B4:17:63
Certificate issuer:       /CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
Certificate serial:       018CAFF01D90095FCE328B261DF6E219DB1F
Authority key identifier: D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/jtzLUKFE1fmINbLAYU22Dl20F2M.roa
Signing time:             Thu 28 Dec 2023 10:19:58 +0000
ROA not before:           Thu 28 Dec 2023 10:19:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42846
IP address blocks:        89.252.179.0/24 maxlen: 24
                          89.252.178.0/24 maxlen: 24
                          89.252.186.0/24 maxlen: 24
                          89.252.185.0/24 maxlen: 24
                          89.252.184.0/24 maxlen: 24
                          89.252.183.0/24 maxlen: 24
                          89.252.182.0/24 maxlen: 24
                          89.252.181.0/24 maxlen: 24
                          89.252.180.0/24 maxlen: 24
                          89.252.187.0/24 maxlen: 24
                          185.106.211.0/24 maxlen: 24
                          185.106.210.0/24 maxlen: 24
                          185.106.209.0/24 maxlen: 24
                          185.106.208.0/24 maxlen: 24
                          45.84.189.0/24 maxlen: 24
                          45.84.188.0/24 maxlen: 24
                          45.84.191.0/24 maxlen: 24
                          45.84.190.0/24 maxlen: 24
                          2a06:41c0:1::/48 maxlen: 48
                          2a06:41c0::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:af:f0:1d:90:09:5f:ce:32:8b:26:1d:f6:e2:19:db:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
        Validity
            Not Before: Dec 28 10:19:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8edccb50a144d5f98835b2c0614db60e5db41763
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:76:5e:b8:f2:ca:0f:a5:82:31:5e:15:75:65:
                    0e:db:55:47:09:6c:21:c8:c3:e6:ec:85:fa:7b:b6:
                    27:4a:59:53:48:86:f2:72:fc:ac:6a:fb:3b:38:9b:
                    6b:51:b4:fe:e2:20:7f:3c:3c:11:ce:fb:d8:e9:7e:
                    40:d2:40:28:a5:8a:c0:4a:8f:37:75:cb:cb:96:cb:
                    a6:6e:00:05:d3:50:e5:4f:9b:c6:42:f3:9a:2d:58:
                    fd:04:97:d5:ef:98:bc:44:67:fb:45:c6:2e:ab:38:
                    e4:1b:33:36:69:65:91:75:fc:85:17:ac:e5:24:f5:
                    6f:2a:c8:c5:67:31:f0:64:69:a2:76:bc:ff:e4:57:
                    27:74:8b:45:ff:18:09:1e:ff:49:8f:53:1c:2c:9f:
                    63:cf:e6:5c:fd:a1:a4:89:e2:f8:bc:65:47:96:9e:
                    74:8a:f6:58:6d:8a:07:db:04:bf:af:66:53:16:8b:
                    ab:f1:65:51:a8:32:c5:1e:00:c4:3d:98:ac:53:58:
                    6e:be:0b:a8:a2:2d:8d:5c:7a:f0:61:1e:5a:ed:54:
                    08:24:d3:77:b6:15:0f:e4:88:0e:b4:ab:5a:cf:53:
                    b0:b9:75:c5:94:c5:f9:70:4a:3f:0a:67:28:e6:a2:
                    1b:0b:e1:53:b6:8f:e0:31:92:93:fb:b0:55:1c:4a:
                    78:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:DC:CB:50:A1:44:D5:F9:88:35:B2:C0:61:4D:B6:0E:5D:B4:17:63
            X509v3 Authority Key Identifier:
                keyid:D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/jtzLUKFE1fmINbLAYU22Dl20F2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/0coacGq8--G4WGUjjYQ17jPnWCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.188.0/22
                  89.252.178.0-89.252.187.255
                  185.106.208.0/22
                IPv6:
                  2a06:41c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         0a:9f:ca:94:04:82:62:b8:56:a9:65:57:a7:07:06:a8:24:3b:
         5a:fd:b8:9e:56:f6:ec:48:5f:d2:bb:89:34:7e:c9:d7:f1:13:
         cd:c6:06:4a:af:5d:cf:a0:d2:b4:f4:9f:bc:a2:a0:21:2c:1a:
         49:68:5c:0d:8c:11:f7:5c:57:b4:a0:39:0e:ec:e4:1d:e9:aa:
         8b:e5:93:67:fc:c3:5d:1c:b5:d8:11:dc:89:1e:5c:24:0f:c5:
         90:52:0e:30:dd:2b:97:29:cb:ba:91:64:d9:b0:81:7c:5b:05:
         92:31:43:54:7f:9b:1e:20:5a:6d:31:60:90:30:eb:8e:1d:d7:
         82:65:67:4e:32:7a:fc:5f:68:aa:d7:58:98:54:0a:fd:32:10:
         50:48:6c:a5:00:5f:f4:bc:9b:df:18:73:23:01:04:89:bf:d7:
         97:e8:0f:c1:21:24:41:e8:25:05:32:c8:6a:ac:c7:e9:3a:db:
         5d:a6:32:ef:e7:3f:27:6a:12:66:65:40:53:5f:da:bf:11:99:
         6a:e0:e6:81:b0:b8:44:eb:1d:e3:2f:5e:0a:eb:37:0e:48:4e:
         79:8e:d0:fa:10:fc:c3:ed:4c:70:ff:74:55:d8:01:06:e4:81:
         ca:f1:4b:a2:58:6c:16:bf:b3:ba:c1:92:7d:18:ad:43:42:a2:
         f7:bf:8c:97
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYyv8B2QCV/OMosmHfbiGdsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2ExYTcwNmFiY2ZiZTFiODU4NjUyMzhkODQzNWVlMzNl
NzU4MjAwHhcNMjMxMjI4MTAxOTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWRjY2I1MGExNDRkNWY5ODgzNWIyYzA2MTRkYjYwZTVkYjQxNzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3ZeuPLKD6WCMV4VdWUO21VHCWwh
yMPm7IX6e7YnSllTSIbycvysavs7OJtrUbT+4iB/PDwRzvvY6X5A0kAopYrASo83
dcvLlsumbgAF01DlT5vGQvOaLVj9BJfV75i8RGf7RcYuqzjkGzM2aWWRdfyFF6zl
JPVvKsjFZzHwZGmidrz/5FcndItF/xgJHv9Jj1McLJ9jz+Zc/aGkieL4vGVHlp50
ivZYbYoH2wS/r2ZTFour8WVRqDLFHgDEPZisU1huvguooi2NXHrwYR5a7VQIJNN3
thUP5IgOtKtaz1OwuXXFlMX5cEo/Cmco5qIbC+FTto/gMZKT+7BVHEp43wIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFI7cy1ChRNX5iDWywGFNtg5dtBdjMB8GA1UdIwQY
MBaAFNHKGnBqvPvhuFhlI42ENe4z51ggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzIt
ZThmN2ZkM2E0MDc4LzEvanR6TFVLRkUxZm1JTmJMQVlVMjJEbDIwRjJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzItZThmN2ZkM2E0MDc4
LzEvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaAwQCLVS8MAwD
BAFZ/LIDBAJZ/LgDBAK5atAwDwQCAAIwCQMHASoGQcAAADANBgkqhkiG9w0BAQsF
AAOCAQEACp/KlASCYrhWqWVXpwcGqCQ7Wv24nlb27Ehf0ruJNH7J1/ETzcYGSq9d
z6DStPSfvKKgISwaSWhcDYwR91xXtKA5DuzkHemqi+WTZ/zDXRy12BHciR5cJA/F
kFIOMN0rlynLupFk2bCBfFsFkjFDVH+bHiBabTFgkDDrjh3XgmVnTjJ6/F9oqtdY
mFQK/TIQUEhspQBf9Lyb3xhzIwEEib/Xl+gPwSEkQeglBTLIaqzH6TrbXaYy7+c/
J2oSZmVAU1/avxGZauDmgbC4ROsd4y9eCus3DkhOeY7Q+hD8w+1McP90VdgBBuSB
yvFLolhsFr+zusGSfRitQ0Ki97+Mlw==
-----END CERTIFICATE-----