Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/Tyil8PTPVsp6FApzZoY8YTbBhf4.roa
File:                     Tyil8PTPVsp6FApzZoY8YTbBhf4.roa (raw, json)
Hash identifier:          3Q/8Rrmv4iABg+ff4fPsfOR7QESHd+alQZcEDbc+OxY=
Subject key identifier:   4F:28:A5:F0:F4:CF:56:CA:7A:14:0A:73:66:86:3C:61:36:C1:85:FE
Certificate issuer:       /CN=f08fba5263519b7c3a2155c69878217776defba0
Certificate serial:       0189B592679CF4D77440C54BA7FFA7A8D899
Authority key identifier: F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/Tyil8PTPVsp6FApzZoY8YTbBhf4.roa
Signing time:             Wed 02 Aug 2023 09:26:58 +0000
ROA not before:           Wed 02 Aug 2023 09:26:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48847
IP address blocks:        185.12.223.0/24 maxlen: 24
                          185.12.222.0/24 maxlen: 24
                          185.12.221.0/24 maxlen: 24
                          185.12.220.0/22 maxlen: 22
                          185.12.221.152/29 maxlen: 29
                          109.233.21.92/30 maxlen: 30
                          109.233.17.0/24 maxlen: 24
                          109.233.16.0/24 maxlen: 24
                          109.233.16.0/21 maxlen: 21
                          109.233.20.0/24 maxlen: 24
                          109.233.19.128/25 maxlen: 25
                          109.233.19.0/24 maxlen: 24
                          109.233.18.0/24 maxlen: 24
                          109.233.23.0/24 maxlen: 24
                          109.233.22.0/24 maxlen: 24
                          109.233.21.0/24 maxlen: 24
                          109.233.23.0/30 maxlen: 30
                          109.233.19.128/30 maxlen: 30
                          109.233.23.152/29 maxlen: 29
                          109.233.20.196/30 maxlen: 30
                          109.233.21.100/30 maxlen: 30
                          2a03:6900::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:b5:92:67:9c:f4:d7:74:40:c5:4b:a7:ff:a7:a8:d8:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f08fba5263519b7c3a2155c69878217776defba0
        Validity
            Not Before: Aug  2 09:26:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4f28a5f0f4cf56ca7a140a7366863c6136c185fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:da:f9:ce:c2:58:24:c2:e6:8f:1c:35:27:50:
                    d0:2f:a9:55:dd:c1:99:94:d1:f3:ec:bd:d8:48:de:
                    ea:cc:4c:0c:06:b4:8a:98:2c:cf:81:c4:67:c0:be:
                    33:ae:82:bb:7e:c8:1b:61:d2:d1:bd:de:95:6b:11:
                    4f:56:3b:aa:e2:38:12:1c:04:96:94:f1:d3:dc:0b:
                    c2:07:01:90:bf:9a:87:51:51:69:1b:d4:55:79:7f:
                    66:bd:c4:6a:da:f2:a0:ff:81:a1:1a:1c:eb:1a:0b:
                    79:08:0c:dd:72:76:3e:da:7b:2c:07:08:02:f9:e2:
                    a9:6b:8e:d4:ea:23:ff:40:3e:45:e9:d2:5c:60:b2:
                    09:c5:c4:a9:41:8e:50:9b:25:de:80:d6:aa:9b:b1:
                    5f:87:5a:22:4f:f3:76:cb:60:43:a5:21:b5:af:c6:
                    a8:ee:2b:9a:ef:97:1e:00:0b:27:e1:c4:de:3e:5d:
                    9b:3e:c2:71:20:b8:26:87:bc:1f:5f:db:f9:d2:91:
                    15:be:34:0e:2e:2e:58:60:2e:69:9a:e0:b1:67:b2:
                    b5:69:ef:2b:3d:ea:cb:22:2b:ee:67:e4:3a:f8:5c:
                    71:52:3d:68:ed:e7:71:03:9b:88:f0:4b:f9:81:58:
                    a6:68:4d:ae:dc:47:f1:8c:7f:ff:bc:c3:0f:7f:67:
                    f0:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:28:A5:F0:F4:CF:56:CA:7A:14:0A:73:66:86:3C:61:36:C1:85:FE
            X509v3 Authority Key Identifier:
                keyid:F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/Tyil8PTPVsp6FApzZoY8YTbBhf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.16.0/21
                  185.12.220.0/22
                IPv6:
                  2a03:6900::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:21:53:6d:f4:47:64:2a:9b:0e:55:aa:0c:64:97:e9:bd:cf:
         f6:ae:d0:63:87:d1:3d:3e:c4:d3:c5:49:c6:68:97:3d:b2:7a:
         f7:f1:44:fd:62:94:49:e5:f0:e4:8a:3d:21:ff:1c:04:1c:9c:
         73:38:2d:98:a2:3d:c2:18:59:9d:5e:4b:50:03:91:2d:0b:48:
         82:9e:68:4d:8d:eb:59:7c:75:91:ca:ed:2e:75:8e:79:90:a9:
         09:05:81:62:fc:01:ce:ee:62:ea:fc:07:e6:61:b4:5e:2f:6a:
         14:72:80:60:b9:9f:31:ca:fa:b4:c1:12:3c:54:a1:55:ea:cd:
         e7:c6:ea:b2:e1:bf:af:99:b2:0a:4e:19:c2:08:9f:cf:0e:03:
         2c:f2:79:e2:10:81:25:37:29:86:92:ef:14:62:66:6e:0c:a8:
         74:2c:e1:e5:86:a1:c4:46:e4:0e:c4:68:22:84:54:d3:d8:79:
         05:fd:45:43:76:dc:9b:1d:bb:fa:41:04:73:bd:6b:dd:62:b8:
         d7:0d:77:0a:86:09:9c:8f:d9:35:0a:d1:4b:d1:b7:e5:f8:81:
         f6:8d:9b:90:0c:3d:d1:f3:04:ab:5d:32:12:de:76:90:bc:2b:
         87:fb:38:9c:fa:ca:5a:83:ea:27:fe:88:b4:72:01:f8:b0:7c:
         a9:1f:42:0a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYm1kmec9Nd0QMVLp/+nqNiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGZiYTUyNjM1MTliN2MzYTIxNTVjNjk4NzgyMTc3NzZk
ZWZiYTAwHhcNMjMwODAyMDkyNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjI4YTVmMGY0Y2Y1NmNhN2ExNDBhNzM2Njg2M2M2MTM2YzE4NWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtr5zsJYJMLmjxw1J1DQL6lV3cGZ
lNHz7L3YSN7qzEwMBrSKmCzPgcRnwL4zroK7fsgbYdLRvd6VaxFPVjuq4jgSHASW
lPHT3AvCBwGQv5qHUVFpG9RVeX9mvcRq2vKg/4GhGhzrGgt5CAzdcnY+2nssBwgC
+eKpa47U6iP/QD5F6dJcYLIJxcSpQY5QmyXegNaqm7Ffh1oiT/N2y2BDpSG1r8ao
7iua75ceAAsn4cTePl2bPsJxILgmh7wfX9v50pEVvjQOLi5YYC5pmuCxZ7K1ae8r
PerLIivuZ+Q6+FxxUj1o7edxA5uI8Ev5gVimaE2u3EfxjH//vMMPf2fw2wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE8opfD0z1bKehQKc2aGPGE2wYX+MB8GA1UdIwQY
MBaAFPCPulJjUZt8OiFVxph4IXd23vugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgt
MDY0MTNjZWVmY2UwLzEvVHlpbDhQVFBWc3A2RkFwelpvWThZVGJCaGY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgtMDY0MTNjZWVmY2Uw
LzEvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbekQAwQC
uQzcMA0EAgACMAcDBQAqA2kAMA0GCSqGSIb3DQEBCwUAA4IBAQBTIVNt9EdkKpsO
VaoMZJfpvc/2rtBjh9E9PsTTxUnGaJc9snr38UT9YpRJ5fDkij0h/xwEHJxzOC2Y
oj3CGFmdXktQA5EtC0iCnmhNjetZfHWRyu0udY55kKkJBYFi/AHO7mLq/AfmYbRe
L2oUcoBguZ8xyvq0wRI8VKFV6s3nxuqy4b+vmbIKThnCCJ/PDgMs8nniEIElNymG
ku8UYmZuDKh0LOHlhqHERuQOxGgihFTT2HkF/UVDdtybHbv6QQRzvWvdYrjXDXcK
hgmcj9k1CtFL0bfl+IH2jZuQDD3R8wSrXTIS3naQvCuH+zic+spag+on/oi0cgH4
sHypH0IK
-----END CERTIFICATE-----