Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/O6AFVRj8doU0X8JKrLYZi6A8My4.roa
File:                     O6AFVRj8doU0X8JKrLYZi6A8My4.roa (raw, json)
Hash identifier:          bSS9SKwR0iHstFuPK4n8ZYyydOTq5JEj0taQefbU3FM=
Subject key identifier:   3B:A0:05:55:18:FC:76:85:34:5F:C2:4A:AC:B6:19:8B:A0:3C:33:2E
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       01890D4C66BA41E76262D47304095EA8DBAE
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/O6AFVRj8doU0X8JKrLYZi6A8My4.roa
Signing time:             Fri 30 Jun 2023 17:14:17 +0000
ROA not before:           Fri 30 Jun 2023 17:14:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30938
IP address blocks:        45.12.216.0/24 maxlen: 24
                          45.12.217.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
                          5.39.248.0/24 maxlen: 24
                          5.39.251.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.253.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22
                          31.192.240.0/21 maxlen: 21
                          5.178.97.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          5.144.176.0/21 maxlen: 21
                          5.178.99.0/24 maxlen: 24
                          5.178.105.0/24 maxlen: 24
                          5.178.104.0/24 maxlen: 24
                          5.178.106.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.39.255.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:0d:4c:66:ba:41:e7:62:62:d4:73:04:09:5e:a8:db:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jun 30 17:14:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3ba0055518fc7685345fc24aacb6198ba03c332e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a7:7a:da:4c:57:c9:04:39:d9:8f:ac:c1:65:
                    9d:14:3f:f1:f5:50:3d:65:54:2b:fc:d7:e8:d5:cf:
                    b3:71:4b:0a:aa:1f:ff:79:45:3b:ab:b8:3f:2a:68:
                    51:61:ea:cf:a9:61:37:07:ee:d9:a2:8a:e1:f3:23:
                    e9:a5:df:99:93:3e:e5:b4:6a:28:89:c0:9a:5b:00:
                    5f:79:10:03:97:6a:5d:e1:d6:b7:c2:57:d8:30:f0:
                    71:9a:a4:76:a4:f4:8e:97:9b:de:3b:b0:fb:e9:70:
                    60:7b:8f:7b:86:a4:c4:96:b3:93:17:8f:ea:d9:4d:
                    89:44:ad:a7:d0:27:3c:e4:f8:b9:15:20:bd:bc:7d:
                    b1:76:fa:37:92:93:1b:3a:31:00:10:40:b7:10:7b:
                    ac:0f:c3:06:0f:d4:cd:fb:b1:dd:6d:78:8f:28:f8:
                    e7:22:36:4e:46:14:5e:9e:01:14:54:41:c1:ec:ae:
                    63:94:07:f5:0c:33:f2:c7:02:86:5c:e2:a5:bf:e1:
                    3e:a9:56:33:ca:d0:53:a6:12:51:08:e5:15:54:b4:
                    54:37:49:20:db:d1:29:a5:29:1e:4f:b4:bf:00:25:
                    89:13:1b:24:64:0a:55:c5:b4:40:70:37:1f:a7:07:
                    de:62:b9:3a:4d:44:cc:f2:7f:ba:53:7e:38:98:3e:
                    21:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:A0:05:55:18:FC:76:85:34:5F:C2:4A:AC:B6:19:8B:A0:3C:33:2E
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/O6AFVRj8doU0X8JKrLYZi6A8My4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/24
                  5.39.250.0-5.39.255.255
                  5.144.176.0/21
                  5.178.96.0/23
                  5.178.99.0/24
                  5.178.104.0-5.178.106.255
                  31.192.240.0/21
                  45.12.216.0/22
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:a3:5a:dd:fd:f6:61:80:05:0c:cf:44:c6:6e:be:fb:40:f2:
         be:d3:b5:d9:eb:cd:55:00:51:ca:66:c5:27:9f:f7:2a:4a:38:
         6a:77:a5:ac:04:06:7c:97:f4:18:ab:c5:1f:3c:9d:c6:ad:6a:
         35:c1:ed:d0:76:01:1c:88:fb:83:bd:ca:6e:e3:3b:41:1c:3a:
         cd:de:0c:2b:e3:e2:6c:2b:9b:22:e3:a2:bb:49:51:af:b3:b4:
         8a:d9:c4:03:d5:f4:01:3d:ef:77:cd:58:df:80:c6:c0:96:c9:
         8b:7e:56:e9:59:3d:9c:c4:ef:4a:fb:af:cd:71:f9:3b:75:a2:
         5a:c4:d1:5b:c1:28:2c:4f:d7:eb:c5:95:3c:d2:36:1b:38:57:
         9c:d8:48:40:98:bf:86:37:0b:17:f0:07:7b:f9:40:77:b5:5e:
         3f:61:2b:29:46:f7:30:80:93:9c:b3:4c:a7:ee:58:d1:3f:4f:
         06:4a:af:81:72:7e:49:5e:9d:51:93:89:86:79:0e:fc:ac:47:
         df:df:90:9e:86:5a:66:1f:8d:ac:15:ab:93:26:f9:74:6a:c4:
         fc:ef:66:72:7a:ee:f2:d0:cb:02:54:1e:7a:fd:5b:8d:8f:a4:
         ca:a0:c8:b1:55:4b:9b:6f:c8:bd:01:b6:a1:48:9b:5b:68:63:
         ee:ba:6a:7c
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYkNTGa6QediYtRzBAleqNuuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjMwNjMwMTcxNDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmEwMDU1NTE4ZmM3Njg1MzQ1ZmMyNGFhY2I2MTk4YmEwM2MzMzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqd62kxXyQQ52Y+swWWdFD/x9VA9
ZVQr/Nfo1c+zcUsKqh//eUU7q7g/KmhRYerPqWE3B+7Zoorh8yPppd+Zkz7ltGoo
icCaWwBfeRADl2pd4da3wlfYMPBxmqR2pPSOl5veO7D76XBge497hqTElrOTF4/q
2U2JRK2n0Cc85Pi5FSC9vH2xdvo3kpMbOjEAEEC3EHusD8MGD9TN+7HdbXiPKPjn
IjZORhRengEUVEHB7K5jlAf1DDPyxwKGXOKlv+E+qVYzytBTphJRCOUVVLRUN0kg
29EppSkeT7S/ACWJExskZApVxbRAcDcfpwfeYrk6TUTM8n+6U344mD4hPwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDugBVUY/HaFNF/CSqy2GYugPDMuMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvTzZBRlZSajhkb1UwWDhKS3JMWVppNkE4TXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTBLBAIAATBFAwQABSf4MAsD
BAEFJ/oDAwMFIAMEAwWQsAMEAQWyYAMEAAWyYzAMAwQDBbJoAwQABbJqAwQDH8Dw
AwQCLQzYAwQCuQUkMA0GCSqGSIb3DQEBCwUAA4IBAQCJo1rd/fZhgAUMz0TGbr77
QPK+07XZ681VAFHKZsUnn/cqSjhqd6WsBAZ8l/QYq8UfPJ3GrWo1we3QdgEciPuD
vcpu4ztBHDrN3gwr4+JsK5si46K7SVGvs7SK2cQD1fQBPe93zVjfgMbAlsmLflbp
WT2cxO9K+6/Ncfk7daJaxNFbwSgsT9frxZU80jYbOFec2EhAmL+GNwsX8Ad7+UB3
tV4/YSspRvcwgJOcs0yn7ljRP08GSq+Bcn5JXp1Rk4mGeQ78rEff35CehlpmH42s
FauTJvl0asT872Zyeu7y0MsCVB56/VuNj6TKoMixVUubb8i9AbahSJtbaGPuump8