Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/DbY8Lu7UkQprX75Pp2oKVawnawY.roa
File:                     DbY8Lu7UkQprX75Pp2oKVawnawY.roa (raw, json)
Hash identifier:          bArUsEpnxYINe5U3f3l66w0aWGN82MwQn385X5c3jIM=
Subject key identifier:   0D:B6:3C:2E:EE:D4:91:0A:6B:5F:BE:4F:A7:6A:0A:55:AC:27:6B:06
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01856FCB98FE248FC2AF51C8365BE40DB45B
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/DbY8Lu7UkQprX75Pp2oKVawnawY.roa
Signing time:             Mon 02 Jan 2023 00:04:51 +0000
ROA not before:           Mon 02 Jan 2023 00:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21769
IP address blocks:        185.199.116.0/22 maxlen: 22
                          103.41.44.0/22 maxlen: 22
                          103.63.28.0/22 maxlen: 22
                          194.93.4.0/22 maxlen: 22
                          45.127.248.0/22 maxlen: 22
                          185.195.212.0/22 maxlen: 22
                          103.47.56.0/22 maxlen: 22
                          103.71.61.0/24 maxlen: 24
                          185.195.220.0/22 maxlen: 22
                          185.196.188.0/22 maxlen: 22
                          14.102.224.0/20 maxlen: 20
                          2a09:1e80::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:cb:98:fe:24:8f:c2:af:51:c8:36:5b:e4:0d:b4:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  2 00:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0db63c2eeed4910a6b5fbe4fa76a0a55ac276b06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6e:8f:dd:d9:7e:50:96:db:fe:11:9e:dc:4d:
                    33:73:55:8e:fb:a0:b4:dc:e2:fc:20:78:46:29:ee:
                    ab:5a:0b:b6:61:50:2a:9d:30:0a:ed:f0:04:13:b4:
                    c5:d8:26:ff:d1:b2:71:71:1c:59:4a:c7:bb:58:77:
                    16:8d:94:1b:89:58:d7:1b:df:c4:01:d7:3b:8c:b2:
                    d6:6f:1b:5e:b5:d3:e2:7a:a1:6f:b5:c7:cd:3c:14:
                    1d:44:b2:e6:e9:c6:44:66:73:7d:8e:a7:09:bf:34:
                    58:c4:7d:6d:9b:cd:d5:67:69:34:c0:ad:56:10:67:
                    16:bb:34:db:4a:85:3b:84:9f:7e:75:d3:54:f4:c4:
                    b9:23:9c:d4:e2:bc:f9:76:9b:f1:a6:5a:5a:d0:99:
                    ad:90:e7:c8:b0:99:fc:d8:3e:80:ed:d1:0a:22:73:
                    49:dd:19:4a:48:d4:d4:c1:f7:a4:34:62:3c:9a:e3:
                    59:5a:5f:40:74:c8:ab:b8:a5:a3:41:8a:92:df:5d:
                    15:4d:19:91:b0:35:50:b6:a3:81:4c:cf:9c:54:4b:
                    a5:05:b0:c0:a6:03:ee:eb:a7:df:ea:3b:12:64:b6:
                    6f:cd:d6:03:ea:7f:20:35:a4:e5:89:54:9a:3b:cc:
                    54:a5:b1:6e:c9:35:4a:27:96:3f:50:37:c1:17:07:
                    74:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B6:3C:2E:EE:D4:91:0A:6B:5F:BE:4F:A7:6A:0A:55:AC:27:6B:06
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/DbY8Lu7UkQprX75Pp2oKVawnawY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.224.0/20
                  45.127.248.0/22
                  103.41.44.0/22
                  103.47.56.0/22
                  103.63.28.0/22
                  103.71.61.0/24
                  185.195.212.0/22
                  185.195.220.0/22
                  185.196.188.0/22
                  185.199.116.0/22
                  194.93.4.0/22
                IPv6:
                  2a09:1e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b4:07:aa:b1:9c:c0:3d:7d:fd:b8:a4:d5:e6:8c:ee:fe:d7:13:
         73:94:9e:fe:4f:ae:21:af:7c:fc:d4:ba:ff:e8:f1:8a:ff:6b:
         81:9c:f2:f5:8c:af:e8:cd:f6:ce:8e:d0:b8:31:aa:c6:5e:71:
         b0:8e:a0:e2:21:9c:78:20:38:f2:26:bc:8f:c4:72:a1:47:33:
         af:0b:1c:9b:d2:15:5d:7b:77:74:b4:d1:c5:d7:65:ab:66:83:
         3a:31:64:2f:8d:10:4d:86:04:af:97:5f:ef:c9:54:7f:f5:c7:
         12:14:27:49:45:08:8a:26:68:0a:25:b3:e9:9c:b6:2b:f9:4c:
         5d:88:c3:22:66:57:e3:b0:e0:fc:ce:04:4a:ed:4f:cf:ea:9a:
         2f:b3:cb:db:fb:d0:93:d0:b3:ec:4c:7b:eb:d2:0e:df:5e:69:
         9a:64:75:83:a5:70:61:f5:10:99:f7:2e:05:4c:65:08:9a:5c:
         08:ed:7b:b8:fc:e0:e0:13:0b:09:18:e2:96:5b:d7:8b:78:d7:
         ed:f0:66:a5:c6:ab:a0:5f:c8:e1:f7:28:d9:8f:36:7e:ed:70:
         c3:30:e1:3e:b7:93:62:41:a2:29:ae:9c:5d:14:ac:0e:58:e3:
         70:ec:a1:f7:c7:92:60:a3:66:73:ea:e5:5d:36:a0:a3:d8:99:
         80:2a:c1:a6
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVvy5j+JI/Cr1HINlvkDbRbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjMwMTAyMDAwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI2M2MyZWVlZDQ5MTBhNmI1ZmJlNGZhNzZhMGE1NWFjMjc2YjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz26P3dl+UJbb/hGe3E0zc1WO+6C0
3OL8IHhGKe6rWgu2YVAqnTAK7fAEE7TF2Cb/0bJxcRxZSse7WHcWjZQbiVjXG9/E
Adc7jLLWbxtetdPieqFvtcfNPBQdRLLm6cZEZnN9jqcJvzRYxH1tm83VZ2k0wK1W
EGcWuzTbSoU7hJ9+ddNU9MS5I5zU4rz5dpvxplpa0JmtkOfIsJn82D6A7dEKInNJ
3RlKSNTUwfekNGI8muNZWl9AdMiruKWjQYqS310VTRmRsDVQtqOBTM+cVEulBbDA
pgPu66ff6jsSZLZvzdYD6n8gNaTliVSaO8xUpbFuyTVKJ5Y/UDfBFwd0NwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFA22PC7u1JEKa1++T6dqClWsJ2sGMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvRGJZOEx1N1VrUXByWDc1UHAyb0tWYXduYXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQEDmbgAwQC
LX/4AwQCZyksAwQCZy84AwQCZz8cAwQAZ0c9AwQCucPUAwQCucPcAwQCucS8AwQC
ucd0AwQCwl0EMA0EAgACMAcDBQMqCR6AMA0GCSqGSIb3DQEBCwUAA4IBAQC0B6qx
nMA9ff24pNXmjO7+1xNzlJ7+T64hr3z81Lr/6PGK/2uBnPL1jK/ozfbOjtC4MarG
XnGwjqDiIZx4IDjyJryPxHKhRzOvCxyb0hVde3d0tNHF12WrZoM6MWQvjRBNhgSv
l1/vyVR/9ccSFCdJRQiKJmgKJbPpnLYr+UxdiMMiZlfjsOD8zgRK7U/P6povs8vb
+9CT0LPsTHvr0g7fXmmaZHWDpXBh9RCZ9y4FTGUImlwI7Xu4/ODgEwsJGOKWW9eL
eNft8GalxqugX8jh9yjZjzZ+7XDDMOE+t5NiQaIprpxdFKwOWONw7KH3x5Jgo2Zz
6uVdNqCj2JmAKsGm
-----END CERTIFICATE-----