Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/UaqgIGEhKaUPrjmoZYTxmVfcpp0.roa
File:                     UaqgIGEhKaUPrjmoZYTxmVfcpp0.roa (raw, json)
Hash identifier:          fND7R0MtOguRgns9a39DPTpzC2p3tUshlBn7vDdutAk=
Subject key identifier:   51:AA:A0:20:61:21:29:A5:0F:AE:39:A8:65:84:F1:99:57:DC:A6:9D
Certificate issuer:       /CN=aa2a58c697a1449976b0d11d6f126025e14089c6
Certificate serial:       018571277A478D13BBAF8948E4E14EABADDE
Authority key identifier: AA:2A:58:C6:97:A1:44:99:76:B0:D1:1D:6F:12:60:25:E1:40:89:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qipYxpehRJl2sNEdbxJgJeFAicY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/UaqgIGEhKaUPrjmoZYTxmVfcpp0.roa
Signing time:             Mon 02 Jan 2023 06:24:50 +0000
ROA not before:           Mon 02 Jan 2023 06:24:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44507
IP address blocks:        185.16.56.0/22 maxlen: 22
                          146.247.32.0/21 maxlen: 21
                          46.42.32.0/21 maxlen: 21
                          46.42.40.0/21 maxlen: 21
                          46.228.96.0/20 maxlen: 20
                          5.175.88.0/21 maxlen: 21
                          178.57.32.0/21 maxlen: 21
                          46.42.0.0/18 maxlen: 18
                          178.57.40.0/21 maxlen: 21
                          46.42.8.0/21 maxlen: 21
                          178.57.48.0/21 maxlen: 21
                          46.42.16.0/21 maxlen: 21
                          46.42.24.0/21 maxlen: 21
                          134.90.152.0/21 maxlen: 21
                          194.58.160.0/21 maxlen: 21
                          194.58.176.0/21 maxlen: 21
                          188.120.48.0/20 maxlen: 20

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:27:7a:47:8d:13:bb:af:89:48:e4:e1:4e:ab:ad:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa2a58c697a1449976b0d11d6f126025e14089c6
        Validity
            Not Before: Jan  2 06:24:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=51aaa020612129a50fae39a86584f19957dca69d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f1:db:b3:e3:89:24:0a:1d:4a:89:89:5f:d9:
                    17:e1:83:a9:5d:89:35:2b:6e:60:8b:93:de:21:61:
                    72:03:05:24:76:2f:67:3b:bb:23:92:4e:b1:c5:9f:
                    b1:0a:12:e1:c4:31:6a:a7:e6:52:e1:7a:e9:58:cd:
                    1e:c8:1a:c2:e5:b8:3f:66:33:bc:99:d7:20:17:21:
                    ca:38:39:c1:ee:63:fb:1e:7e:f1:2c:ba:0d:86:ab:
                    b8:a2:56:0f:2c:44:53:a1:6a:94:0e:07:fc:f7:0a:
                    cc:80:91:f5:5b:7a:53:1e:9e:6e:13:cd:dc:b2:6a:
                    52:53:ea:91:a2:0b:6f:ca:b8:ef:10:8b:f4:51:a8:
                    bf:48:f8:e1:b6:c3:3c:c0:e4:7b:75:01:ae:b5:3f:
                    fa:3b:51:c8:97:65:67:e3:4c:d2:19:87:a0:19:25:
                    37:7f:23:d7:d0:eb:d8:8d:e4:f5:f6:7d:b2:dd:c9:
                    c9:a4:aa:b5:b0:8d:5d:d3:f0:bf:4d:3e:d9:c1:d0:
                    63:7f:d1:27:3b:e2:35:52:a7:06:2b:59:61:e7:fc:
                    8c:d2:41:a8:b1:d1:56:12:b3:3c:e7:65:e7:f6:83:
                    ef:89:e1:5e:3c:ce:d0:db:bd:3f:4c:4b:93:60:95:
                    9c:8e:40:2b:17:a4:a0:97:71:45:29:a5:06:e0:70:
                    8c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:AA:A0:20:61:21:29:A5:0F:AE:39:A8:65:84:F1:99:57:DC:A6:9D
            X509v3 Authority Key Identifier:
                keyid:AA:2A:58:C6:97:A1:44:99:76:B0:D1:1D:6F:12:60:25:E1:40:89:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qipYxpehRJl2sNEdbxJgJeFAicY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/UaqgIGEhKaUPrjmoZYTxmVfcpp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3142a5-d92d-4d06-8228-be622c3132df/1/qipYxpehRJl2sNEdbxJgJeFAicY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.88.0/21
                  46.42.0.0/18
                  46.228.96.0/20
                  134.90.152.0/21
                  146.247.32.0/21
                  178.57.32.0-178.57.55.255
                  185.16.56.0/22
                  188.120.48.0/20
                  194.58.160.0/21
                  194.58.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5f:3e:e2:2d:39:70:80:bf:ac:a8:db:4c:04:19:2e:49:ee:c9:
         cf:83:92:46:ef:75:42:2e:59:56:11:b1:d1:34:2f:3b:bc:e4:
         a5:b2:e6:0b:73:ca:ac:2c:3e:b1:24:6c:26:b5:c5:f7:9d:2e:
         64:aa:28:3e:1e:19:41:59:80:b2:a3:be:28:f9:24:67:91:b1:
         20:8c:3a:3a:f7:52:f3:ee:17:28:ef:5a:17:cb:42:6c:63:62:
         ea:20:87:45:a9:db:af:92:ef:33:70:30:a3:69:db:00:47:f5:
         66:30:a3:51:93:14:dd:82:48:13:67:df:d2:d6:33:6d:4c:01:
         51:c7:ab:8a:ee:81:5f:e5:f3:4f:d3:c6:87:ff:52:c4:45:12:
         d3:aa:02:ae:c2:af:f4:c2:c7:c8:e8:72:e1:05:82:d2:07:67:
         bf:f7:16:6d:d1:d1:8d:44:d1:51:57:f2:6a:e6:78:37:9e:e8:
         28:be:c3:e6:eb:e9:b9:3e:11:1f:b0:4a:ec:37:5c:28:3d:15:
         a7:98:5e:15:45:67:73:f4:ee:30:c8:d2:dc:d9:06:bf:43:92:
         d7:73:c4:66:21:27:67:09:19:c5:69:36:62:07:72:24:77:d9:
         2d:c9:6d:11:12:70:d2:d1:b1:15:27:21:cb:8b:22:15:a2:df:
         6f:aa:c3:20
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYVxJ3pHjRO7r4lI5OFOq63eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMmE1OGM2OTdhMTQ0OTk3NmIwZDExZDZmMTI2MDI1ZTE0
MDg5YzYwHhcNMjMwMTAyMDYyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWFhYTAyMDYxMjEyOWE1MGZhZTM5YTg2NTg0ZjE5OTU3ZGNhNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofHbs+OJJAodSomJX9kX4YOpXYk1
K25gi5PeIWFyAwUkdi9nO7sjkk6xxZ+xChLhxDFqp+ZS4XrpWM0eyBrC5bg/ZjO8
mdcgFyHKODnB7mP7Hn7xLLoNhqu4olYPLERToWqUDgf89wrMgJH1W3pTHp5uE83c
smpSU+qRogtvyrjvEIv0Uai/SPjhtsM8wOR7dQGutT/6O1HIl2Vn40zSGYegGSU3
fyPX0OvYjeT19n2y3cnJpKq1sI1d0/C/TT7ZwdBjf9EnO+I1UqcGK1lh5/yM0kGo
sdFWErM852Xn9oPvieFePM7Q270/TEuTYJWcjkArF6Sgl3FFKaUG4HCM2QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFFGqoCBhISmlD645qGWE8ZlX3KadMB8GA1UdIwQY
MBaAFKoqWMaXoUSZdrDRHW8SYCXhQInGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWlwWXhwZWhSSmwyc05FZGJ4SmdKZUZBaWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8zMTQyYTUtZDkyZC00ZDA2LTgyMjgt
YmU2MjJjMzEzMmRmLzEvVWFxZ0lHRWhLYVVQcmptb1pZVHhtVmZjcHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8zMTQyYTUtZDkyZC00ZDA2LTgyMjgtYmU2MjJjMzEzMmRm
LzEvcWlwWXhwZWhSSmwyc05FZGJ4SmdKZUZBaWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDBa9YAwQG
LioAAwQELuRgAwQDhlqYAwQDkvcgMAwDBAWyOSADBAOyOTADBAK5EDgDBAS8eDAD
BAPCOqADBAPCOrAwDQYJKoZIhvcNAQELBQADggEBAF8+4i05cIC/rKjbTAQZLknu
yc+DkkbvdUIuWVYRsdE0Lzu85KWy5gtzyqwsPrEkbCa1xfedLmSqKD4eGUFZgLKj
vij5JGeRsSCMOjr3UvPuFyjvWhfLQmxjYuogh0Wp26+S7zNwMKNp2wBH9WYwo1GT
FN2CSBNn39LWM21MAVHHq4rugV/l80/Txof/UsRFEtOqAq7Cr/TCx8jocuEFgtIH
Z7/3Fm3R0Y1E0VFX8mrmeDee6Ci+w+br6bk+ER+wSuw3XCg9FaeYXhVFZ3P07jDI
0tzZBr9DktdzxGYhJ2cJGcVpNmIHciR32S3JbREScNLRsRUnIcuLIhWi32+qwyA=
-----END CERTIFICATE-----