Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/d21d60-210f-40b3-9d89-25455a8ddd45/1/fDI--3LKmsucsiP2XeEfYwog-cw.roa
File:                     fDI--3LKmsucsiP2XeEfYwog-cw.roa (raw, json)
Hash identifier:          tflfs6SEyyuf0DhAlwJ1mOzmIOnMK0r9TkFYToYFYDg=
Subject key identifier:   7C:32:3E:FB:72:CA:9A:CB:9C:B2:23:F6:5D:E1:1F:63:0A:20:F9:CC
Certificate issuer:       /CN=df8877f3c55b528e1a29db3d79920656f0c66aeb
Certificate serial:       018AB7FD2CE5E2A5232539DAE6D2038C71B1
Authority key identifier: DF:88:77:F3:C5:5B:52:8E:1A:29:DB:3D:79:92:06:56:F0:C6:6A:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34h388VbUo4aKds9eZIGVvDGaus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/d21d60-210f-40b3-9d89-25455a8ddd45/1/fDI--3LKmsucsiP2XeEfYwog-cw.roa
Signing time:             Thu 21 Sep 2023 13:45:37 +0000
ROA not before:           Thu 21 Sep 2023 13:45:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50973
IP address blocks:        79.171.50.0/24 maxlen: 24
                          79.171.49.0/24 maxlen: 24
                          79.171.48.0/21 maxlen: 21
                          79.171.48.0/24 maxlen: 24
                          79.171.52.0/24 maxlen: 24
                          79.171.55.0/24 maxlen: 24
                          188.172.111.0/24 maxlen: 24
                          188.172.110.0/24 maxlen: 24
                          188.172.109.0/24 maxlen: 24
                          188.172.108.0/24 maxlen: 24
                          188.172.97.0/24 maxlen: 24
                          188.172.96.0/24 maxlen: 24
                          188.172.98.0/24 maxlen: 24
                          188.172.103.0/24 maxlen: 24
                          188.172.104.0/22 maxlen: 22
                          188.172.102.0/24 maxlen: 24
                          188.172.101.0/24 maxlen: 24
                          188.172.100.0/24 maxlen: 24
                          188.172.99.0/24 maxlen: 24
                          2a0a:a0c0::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b7:fd:2c:e5:e2:a5:23:25:39:da:e6:d2:03:8c:71:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df8877f3c55b528e1a29db3d79920656f0c66aeb
        Validity
            Not Before: Sep 21 13:45:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7c323efb72ca9acb9cb223f65de11f630a20f9cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6b:13:59:c8:09:fb:6e:30:96:6b:bf:00:dc:
                    09:85:17:79:ab:8a:7a:da:93:a8:9b:30:17:d9:9a:
                    c5:fc:06:2f:4a:c5:eb:a5:65:92:4f:d9:b7:df:36:
                    72:95:28:93:f0:d0:b7:66:bb:d2:df:39:dd:b6:a9:
                    a0:de:b4:94:5c:c6:5b:16:2f:0f:67:4e:33:cb:dd:
                    74:38:36:60:28:de:fd:bc:08:42:49:ed:b7:cf:4f:
                    48:1b:02:19:dd:94:48:fa:a4:b1:6f:49:fc:7f:49:
                    91:11:63:ae:b8:e8:3b:cd:9b:84:64:23:56:2c:bd:
                    52:fb:3f:1b:e0:d0:3e:4e:6d:e1:f2:77:da:c6:fc:
                    ca:6c:8c:73:16:ff:47:ab:d3:27:92:1e:e5:c0:9f:
                    5b:15:6a:39:b0:f5:b6:2d:5d:a7:85:c4:61:2a:5d:
                    38:78:1e:4b:65:e1:5f:dc:a0:7a:e0:10:f6:54:c3:
                    34:2f:f1:f8:74:cb:72:be:18:21:93:67:23:ed:d8:
                    05:33:1e:5c:59:2b:b3:a7:a9:a8:08:0b:f2:bb:d6:
                    14:21:84:30:14:ac:ca:e4:af:c3:1b:23:1f:15:66:
                    9d:0b:da:e7:f1:07:de:9e:95:fc:15:64:02:f2:6b:
                    d5:bc:80:f6:68:ef:81:d6:f2:3e:c9:34:94:ff:6b:
                    6b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:32:3E:FB:72:CA:9A:CB:9C:B2:23:F6:5D:E1:1F:63:0A:20:F9:CC
            X509v3 Authority Key Identifier:
                keyid:DF:88:77:F3:C5:5B:52:8E:1A:29:DB:3D:79:92:06:56:F0:C6:6A:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34h388VbUo4aKds9eZIGVvDGaus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d21d60-210f-40b3-9d89-25455a8ddd45/1/fDI--3LKmsucsiP2XeEfYwog-cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d21d60-210f-40b3-9d89-25455a8ddd45/1/34h388VbUo4aKds9eZIGVvDGaus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.171.48.0/21
                  188.172.96.0/20
                IPv6:
                  2a0a:a0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:e7:47:3e:51:3d:a7:f6:27:85:03:7d:36:fc:55:69:c4:fd:
         82:62:8a:fc:8a:a3:e9:5e:f1:93:48:ba:8f:c2:33:ec:fb:d2:
         c0:9f:76:f0:0b:aa:92:46:3b:c2:76:49:5d:ab:74:ad:46:56:
         99:ec:66:ef:0d:e9:cd:13:b3:ea:56:9d:73:87:97:83:fb:99:
         6b:74:5d:0f:97:92:d8:88:09:64:da:8c:6d:80:7a:85:8a:64:
         ca:79:eb:01:7a:85:db:f3:81:37:6d:20:1b:08:06:ac:9f:eb:
         1d:2a:69:b1:a7:e9:df:1a:28:2b:e7:4d:ee:3d:cf:27:9d:73:
         a8:65:5a:b2:4d:9d:47:1f:34:09:29:19:5b:23:7c:83:dc:e9:
         71:e0:e2:34:c4:c1:09:3e:9f:3c:08:cb:21:58:44:78:e4:e3:
         06:ce:44:8e:18:23:53:c5:7f:cb:93:0a:ce:41:5c:64:c0:d4:
         fb:bd:cf:42:bd:cb:a2:6c:26:27:ea:61:1b:3c:f2:29:fc:d7:
         fe:4f:ab:9e:01:d7:e6:29:a5:50:1d:39:57:df:3d:98:66:43:
         68:73:83:60:40:a3:1e:01:4f:83:0c:70:b1:83:83:60:4f:4e:
         98:06:6d:91:b8:36:20:4e:81:55:21:d0:9c:6e:0c:ef:d8:c1:
         a8:7b:0e:8d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYq3/Szl4qUjJTna5tIDjHGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmODg3N2YzYzU1YjUyOGUxYTI5ZGIzZDc5OTIwNjU2ZjBj
NjZhZWIwHhcNMjMwOTIxMTM0NTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzMyM2VmYjcyY2E5YWNiOWNiMjIzZjY1ZGUxMWY2MzBhMjBmOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGsTWcgJ+24wlmu/ANwJhRd5q4p6
2pOomzAX2ZrF/AYvSsXrpWWST9m33zZylSiT8NC3ZrvS3zndtqmg3rSUXMZbFi8P
Z04zy910ODZgKN79vAhCSe23z09IGwIZ3ZRI+qSxb0n8f0mREWOuuOg7zZuEZCNW
LL1S+z8b4NA+Tm3h8nfaxvzKbIxzFv9Hq9Mnkh7lwJ9bFWo5sPW2LV2nhcRhKl04
eB5LZeFf3KB64BD2VMM0L/H4dMtyvhghk2cj7dgFMx5cWSuzp6moCAvyu9YUIYQw
FKzK5K/DGyMfFWadC9rn8QfenpX8FWQC8mvVvID2aO+B1vI+yTSU/2tr+wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHwyPvtyyprLnLIj9l3hH2MKIPnMMB8GA1UdIwQY
MBaAFN+Id/PFW1KOGinbPXmSBlbwxmrrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzRoMzg4VmJVbzRhS2RzOWVaSUdWdkRHYXVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9kMjFkNjAtMjEwZi00MGIzLTlkODkt
MjU0NTVhOGRkZDQ1LzEvZkRJLS0zTEttc3Vjc2lQMlhlRWZZd29nLWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9kMjFkNjAtMjEwZi00MGIzLTlkODktMjU0NTVhOGRkZDQ1
LzEvMzRoMzg4VmJVbzRhS2RzOWVaSUdWdkRHYXVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDT6swAwQE
vKxgMA0EAgACMAcDBQMqCqDAMA0GCSqGSIb3DQEBCwUAA4IBAQAH50c+UT2n9ieF
A302/FVpxP2CYor8iqPpXvGTSLqPwjPs+9LAn3bwC6qSRjvCdkldq3StRlaZ7Gbv
DenNE7PqVp1zh5eD+5lrdF0Pl5LYiAlk2oxtgHqFimTKeesBeoXb84E3bSAbCAas
n+sdKmmxp+nfGigr503uPc8nnXOoZVqyTZ1HHzQJKRlbI3yD3Olx4OI0xMEJPp88
CMshWER45OMGzkSOGCNTxX/LkwrOQVxkwNT7vc9CvcuibCYn6mEbPPIp/Nf+T6ue
AdfmKaVQHTlX3z2YZkNoc4NgQKMeAU+DDHCxg4NgT06YBm2RuDYgToFVIdCcbgzv
2MGoew6N
-----END CERTIFICATE-----