Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/iAp1ODJO0UGeVhiQVfpurUdce50.roa
File:                     iAp1ODJO0UGeVhiQVfpurUdce50.roa (raw, json)
Hash identifier:          ADnP9I9UwM+xGF+yTbpUouPapMQaR7iYyRrz/YokTZw=
Subject key identifier:   88:0A:75:38:32:4E:D1:41:9E:56:18:90:55:FA:6E:AD:47:5C:7B:9D
Certificate issuer:       /CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
Certificate serial:       01856C415A39463E22C483B3CC7C869995C5
Authority key identifier: D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/iAp1ODJO0UGeVhiQVfpurUdce50.roa
Signing time:             Sun 01 Jan 2023 07:35:00 +0000
ROA not before:           Sun 01 Jan 2023 07:35:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203020
IP address blocks:        83.229.66.0/24 maxlen: 32
                          193.32.96.0/23 maxlen: 32
                          193.32.98.0/23 maxlen: 32
                          80.240.98.0/23 maxlen: 32
                          217.194.136.0/23 maxlen: 32
                          217.194.136.0/24 maxlen: 32
                          193.47.56.0/22 maxlen: 32
                          195.216.128.0/22 maxlen: 32
                          103.14.104.0/22 maxlen: 32
                          194.99.60.0/23 maxlen: 32
                          194.99.62.0/23 maxlen: 32
                          80.240.116.0/22 maxlen: 32
                          212.103.56.0/22 maxlen: 32
                          80.240.120.0/22 maxlen: 32
                          185.18.40.0/22 maxlen: 32
                          31.12.76.0/23 maxlen: 32
                          31.12.78.0/23 maxlen: 32
                          46.149.160.0/22 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:41:5a:39:46:3e:22:c4:83:b3:cc:7c:86:99:95:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
        Validity
            Not Before: Jan  1 07:35:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=880a7538324ed1419e56189055fa6ead475c7b9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:23:69:8d:90:69:ac:fe:48:28:b1:1e:a8:e2:
                    97:91:0f:0e:5c:e0:b8:da:37:3c:b2:c5:0b:ff:07:
                    4f:e9:ce:57:4f:73:e4:9c:77:28:23:9f:26:37:07:
                    37:15:16:4c:85:a2:e9:98:a3:63:18:9e:3a:71:af:
                    2d:be:71:f9:01:0e:cb:71:6f:bf:46:29:15:5b:ad:
                    b9:87:1e:8c:09:a0:24:de:01:04:d4:32:8e:eb:29:
                    8d:13:57:2d:f9:88:cd:a9:09:d4:ac:ff:5e:9e:cb:
                    6f:61:7e:e2:03:b2:5f:6f:82:d3:25:43:db:f2:c7:
                    36:41:5d:9d:9b:77:a9:d5:ab:17:36:74:bc:c1:ba:
                    3c:1e:8b:dd:96:49:36:a0:2b:42:1f:cb:2c:79:a1:
                    d2:47:46:38:99:57:d9:04:de:d6:bd:4c:0d:2c:11:
                    93:d9:cb:ce:e7:cd:ac:a5:bc:81:73:70:e7:7a:fa:
                    35:5e:68:99:5c:15:91:ce:be:98:8a:dc:e4:a0:9d:
                    e9:1e:3f:3b:d7:f0:62:7e:54:18:b7:5b:a8:21:85:
                    6c:c3:49:21:34:76:c5:74:80:8a:69:27:83:e7:f5:
                    68:42:9e:00:29:05:bb:84:c4:a8:4b:4b:d5:7f:84:
                    3d:72:93:30:16:51:be:1e:f3:17:fc:57:d5:d4:62:
                    7f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:0A:75:38:32:4E:D1:41:9E:56:18:90:55:FA:6E:AD:47:5C:7B:9D
            X509v3 Authority Key Identifier:
                keyid:D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/iAp1ODJO0UGeVhiQVfpurUdce50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.12.76.0/22
                  46.149.160.0/22
                  80.240.98.0/23
                  80.240.116.0-80.240.123.255
                  83.229.66.0/24
                  103.14.104.0/22
                  185.18.40.0/22
                  193.32.96.0/22
                  193.47.56.0/22
                  194.99.60.0/22
                  195.216.128.0/22
                  212.103.56.0/22
                  217.194.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:a4:5d:f9:7d:32:aa:7b:c9:97:12:c4:62:c2:bd:98:4a:28:
         7a:81:7b:ec:35:15:a8:e5:5f:b6:91:81:da:ae:6e:f6:9f:61:
         ff:a2:5d:05:9f:40:2c:54:c2:1c:25:f5:e7:25:65:1a:4d:4b:
         22:58:f2:c8:7e:69:ce:e5:ad:1b:ac:17:33:00:c8:d4:99:e9:
         88:6d:ef:ca:e9:05:00:82:08:a7:57:c2:10:de:dd:aa:2e:08:
         81:a0:39:19:3b:e1:81:f1:75:ae:79:40:64:72:9f:97:1e:7e:
         4d:90:78:ae:a4:5e:d0:f8:27:f0:00:3c:fa:d9:69:ad:54:32:
         38:d0:8f:72:0f:82:e8:77:c3:35:9b:ae:b4:8a:f8:f1:6e:c1:
         eb:f3:4d:2e:f0:cb:a5:03:c0:07:ed:cc:36:9c:db:9c:17:9f:
         5f:e6:10:41:61:b8:49:dc:b3:ac:aa:69:89:5d:04:c2:0e:8a:
         07:61:ca:19:4e:76:1e:d0:a1:58:d3:b4:5d:db:2f:3d:be:fa:
         de:85:a9:e5:47:63:e5:b4:c9:d3:07:6e:6b:71:00:55:e6:24:
         35:1e:45:37:8c:3d:4c:94:3d:3b:01:4e:3d:b3:1f:cf:d0:3c:
         a2:31:ab:72:cc:84:9a:ed:76:c7:1f:6c:3f:5d:3d:31:c6:d9:
         16:20:8b:70
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYVsQVo5Rj4ixIOzzHyGmZXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDYzMTU2YzE4MzZmMTZjM2I0MzBlZmZiYjcyYWM2OTkz
MmVhOWIwHhcNMjMwMTAxMDczNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODBhNzUzODMyNGVkMTQxOWU1NjE4OTA1NWZhNmVhZDQ3NWM3YjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSNpjZBprP5IKLEeqOKXkQ8OXOC4
2jc8ssUL/wdP6c5XT3PknHcoI58mNwc3FRZMhaLpmKNjGJ46ca8tvnH5AQ7LcW+/
RikVW625hx6MCaAk3gEE1DKO6ymNE1ct+YjNqQnUrP9enstvYX7iA7Jfb4LTJUPb
8sc2QV2dm3ep1asXNnS8wbo8Hovdlkk2oCtCH8sseaHSR0Y4mVfZBN7WvUwNLBGT
2cvO582spbyBc3Dnevo1XmiZXBWRzr6YitzkoJ3pHj871/BiflQYt1uoIYVsw0kh
NHbFdICKaSeD5/VoQp4AKQW7hMSoS0vVf4Q9cpMwFlG+HvMX/FfV1GJ/7QIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFIgKdTgyTtFBnlYYkFX6bq1HXHudMB8GA1UdIwQY
MBaAFNnWMVbBg28Ww7Qw7/u3KsaZMuqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMt
ZmRhMDExZTVjOTcyLzEvaUFwMU9ESk8wVUdlVmhpUVZmcHVyVWRjZTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMtZmRhMDExZTVjOTcy
LzEvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQCHwxMAwQC
LpWgAwQBUPBiMAwDBAJQ8HQDBAJQ8HgDBABT5UIDBAJnDmgDBAK5EigDBALBIGAD
BALBLzgDBALCYzwDBALD2IADBALUZzgDBAHZwogwDQYJKoZIhvcNAQELBQADggEB
AD+kXfl9Mqp7yZcSxGLCvZhKKHqBe+w1FajlX7aRgdqubvafYf+iXQWfQCxUwhwl
9eclZRpNSyJY8sh+ac7lrRusFzMAyNSZ6Yht78rpBQCCCKdXwhDe3aouCIGgORk7
4YHxda55QGRyn5cefk2QeK6kXtD4J/AAPPrZaa1UMjjQj3IPguh3wzWbrrSK+PFu
wevzTS7wy6UDwAftzDac25wXn1/mEEFhuEncs6yqaYldBMIOigdhyhlOdh7QoVjT
tF3bLz2++t6FqeVHY+W0ydMHbmtxAFXmJDUeRTeMPUyUPTsBTj2zH8/QPKIxq3LM
hJrtdscfbD9dPTHG2RYgi3A=
-----END CERTIFICATE-----