Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/dYmsA42RCh06JUis80iTPE-l-Bk.roa
File:                     dYmsA42RCh06JUis80iTPE-l-Bk.roa (raw, json)
Hash identifier:          u4S4SNux5uee5QP7dVYwzkM5YygSK4DYP+JW195q0II=
Subject key identifier:   75:89:AC:03:8D:91:0A:1D:3A:25:48:AC:F3:48:93:3C:4F:A5:F8:19
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018ABE4D1501D4524F828DE4CAF18A87DBA1
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/dYmsA42RCh06JUis80iTPE-l-Bk.roa
Signing time:             Fri 22 Sep 2023 19:10:37 +0000
ROA not before:           Fri 22 Sep 2023 19:10:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34458
IP address blocks:        46.20.106.0/24 maxlen: 24
                          46.20.111.0/24 maxlen: 24
                          185.100.170.0/24 maxlen: 24
                          185.100.171.0/24 maxlen: 24
                          185.100.168.0/24 maxlen: 24
                          185.100.169.0/24 maxlen: 24
                          46.20.97.0/24 maxlen: 24
                          46.20.104.0/24 maxlen: 24
                          185.169.222.0/24 maxlen: 24
                          185.169.223.0/24 maxlen: 24
                          46.20.105.0/24 maxlen: 24
                          46.20.101.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:be:4d:15:01:d4:52:4f:82:8d:e4:ca:f1:8a:87:db:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Sep 22 19:10:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7589ac038d910a1d3a2548acf348933c4fa5f819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9e:f0:40:c0:cd:98:94:9b:5d:7a:99:a4:84:
                    ca:ca:f6:19:84:65:96:e4:04:d7:a8:89:ed:16:ef:
                    e1:bc:56:14:34:3b:87:ec:4d:06:44:d7:2f:47:54:
                    92:54:ff:7a:77:2d:f6:8a:57:56:1a:a5:b6:2a:0d:
                    b9:e6:b7:18:8d:d0:27:5c:88:f0:04:4a:8f:82:36:
                    cd:2a:5a:d6:86:61:86:2d:68:49:00:de:11:89:11:
                    94:86:95:1e:0d:98:17:c2:75:2c:55:0c:2b:e1:1c:
                    ee:46:80:10:ab:d1:12:99:ba:33:73:47:12:81:f0:
                    18:59:59:74:6b:4e:88:b7:6b:b0:4e:82:7d:e2:8b:
                    fb:ee:5e:26:03:bb:84:3a:aa:70:b5:a6:8f:27:3d:
                    ef:62:1d:62:a8:30:4b:d8:3f:cf:05:dd:0a:73:55:
                    2e:7a:f7:cb:66:28:4a:8a:0c:a0:a6:c3:01:a5:10:
                    3d:3f:b2:61:fd:99:96:74:2f:a7:4c:d3:27:05:57:
                    d8:9f:bf:c9:09:f3:f0:17:cb:78:d5:3d:de:a3:06:
                    f0:dc:2c:39:87:72:7b:4b:66:e2:e1:75:33:eb:ec:
                    07:ca:b4:2b:c5:ca:a9:dd:fd:ca:fb:b0:12:0d:ee:
                    76:5f:5f:a8:ab:5a:de:26:78:7f:bc:e8:82:32:13:
                    92:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:89:AC:03:8D:91:0A:1D:3A:25:48:AC:F3:48:93:3C:4F:A5:F8:19
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/dYmsA42RCh06JUis80iTPE-l-Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0/24
                  46.20.101.0/24
                  46.20.104.0-46.20.106.255
                  46.20.111.0/24
                  185.100.168.0/22
                  185.169.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:00:7e:20:7f:17:87:70:88:e0:29:9d:c2:c6:c2:5b:39:f9:
         da:38:d9:22:4f:b6:d9:db:34:43:2c:d6:d1:94:28:09:27:ac:
         84:fe:3e:6f:48:f6:52:38:89:1b:14:2e:d2:0a:2e:50:7a:cf:
         76:02:c6:23:b9:50:ef:d7:4a:7a:6a:c7:16:6a:eb:14:b7:bc:
         47:2d:01:73:93:52:16:24:44:c9:16:c1:2a:a5:e8:93:21:b8:
         fa:da:13:86:d8:84:0b:d0:5c:a6:5d:45:d9:eb:71:df:30:41:
         03:26:48:a7:77:56:78:27:9b:b5:49:73:61:5e:0d:73:b1:af:
         38:63:0b:5a:25:e4:47:57:14:93:7f:0d:e1:bd:cc:af:54:28:
         44:ec:13:7d:28:33:fc:10:ea:67:ae:28:4b:b0:f6:61:d9:51:
         82:15:59:44:76:84:09:02:10:78:00:38:55:07:ce:c1:36:88:
         d9:3a:41:a1:02:e9:7f:9c:33:05:93:6f:2a:4b:76:33:08:de:
         f4:2a:82:05:d4:c0:3e:08:09:a2:87:c5:c0:c1:1e:ee:f5:6e:
         c3:3f:49:e6:82:2e:0e:96:a1:6f:2c:31:58:ad:69:41:3a:a0:
         33:e9:91:41:8f:9f:24:b9:bb:cb:fa:f5:cf:dc:1f:ea:8c:dc:
         18:d2:a2:cf
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYq+TRUB1FJPgo3kyvGKh9uhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjMwOTIyMTkxMDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTg5YWMwMzhkOTEwYTFkM2EyNTQ4YWNmMzQ4OTMzYzRmYTVmODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn57wQMDNmJSbXXqZpITKyvYZhGWW
5ATXqIntFu/hvFYUNDuH7E0GRNcvR1SSVP96dy32ildWGqW2Kg255rcYjdAnXIjw
BEqPgjbNKlrWhmGGLWhJAN4RiRGUhpUeDZgXwnUsVQwr4RzuRoAQq9ESmbozc0cS
gfAYWVl0a06It2uwToJ94ov77l4mA7uEOqpwtaaPJz3vYh1iqDBL2D/PBd0Kc1Uu
evfLZihKigygpsMBpRA9P7Jh/ZmWdC+nTNMnBVfYn7/JCfPwF8t41T3eowbw3Cw5
h3J7S2bi4XUz6+wHyrQrxcqp3f3K+7ASDe52X1+oq1reJnh/vOiCMhOSRQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFHWJrAONkQodOiVIrPNIkzxPpfgZMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvZFltc0E0MlJDaDA2SlVpczgwaVRQRS1sLUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQALhRhAwQA
LhRlMAwDBAMuFGgDBAAuFGoDBAAuFG8DBAK5ZKgDBAG5qd4wDQYJKoZIhvcNAQEL
BQADggEBAGcAfiB/F4dwiOApncLGwls5+do42SJPttnbNEMs1tGUKAknrIT+Pm9I
9lI4iRsULtIKLlB6z3YCxiO5UO/XSnpqxxZq6xS3vEctAXOTUhYkRMkWwSql6JMh
uPraE4bYhAvQXKZdRdnrcd8wQQMmSKd3Vngnm7VJc2FeDXOxrzhjC1ol5EdXFJN/
DeG9zK9UKETsE30oM/wQ6meuKEuw9mHZUYIVWUR2hAkCEHgAOFUHzsE2iNk6QaEC
6X+cMwWTbypLdjMI3vQqggXUwD4ICaKHxcDBHu71bsM/SeaCLg6WoW8sMVitaUE6
oDPpkUGPnyS5u8v69c/cH+qM3BjSos8=
-----END CERTIFICATE-----