Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/EsfQiR4rSaPqyvFbTjRJ_wVXrxY.roa
File:                     EsfQiR4rSaPqyvFbTjRJ_wVXrxY.roa (raw, json)
Hash identifier:          PVvk/b9VPnAdgdfZiEg2IxZzCtpTM/aNlzMMCeMMxsM=
Subject key identifier:   12:C7:D0:89:1E:2B:49:A3:EA:CA:F1:5B:4E:34:49:FF:05:57:AF:16
Certificate issuer:       /CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Certificate serial:       01856F021239969DE032CC1B3A69013D2E2F
Authority key identifier: BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/EsfQiR4rSaPqyvFbTjRJ_wVXrxY.roa
Signing time:             Sun 01 Jan 2023 20:24:44 +0000
ROA not before:           Sun 01 Jan 2023 20:24:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20904
IP address blocks:        84.240.64.0/19 maxlen: 19
                          149.126.176.0/21 maxlen: 21
                          84.240.96.0/19 maxlen: 19
                          188.64.0.0/21 maxlen: 21
                          185.25.76.0/22 maxlen: 22
                          5.61.88.0/21 maxlen: 24
                          185.67.80.0/22 maxlen: 22
                          37.35.80.0/21 maxlen: 21
                          80.75.96.0/20 maxlen: 20
                          93.174.192.0/21 maxlen: 22
                          80.75.106.0/24 maxlen: 24
                          46.254.208.0/21 maxlen: 21
                          2a00:74a0::/32 maxlen: 32
                          2a00:1a58::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:02:12:39:96:9d:e0:32:cc:1b:3a:69:01:3d:2e:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
        Validity
            Not Before: Jan  1 20:24:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=12c7d0891e2b49a3eacaf15b4e3449ff0557af16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f6:b4:c7:7b:dd:d1:34:cf:40:05:71:4d:71:
                    ff:49:8a:52:14:79:9e:a7:41:6b:c8:2f:73:ec:37:
                    e1:7a:ff:81:db:d5:72:8e:0a:89:b7:2b:1c:2c:6a:
                    c0:2a:70:14:df:7f:18:7c:c7:4b:e7:df:df:91:6d:
                    8e:8b:00:b9:4a:e1:ac:6d:72:64:55:b7:dd:bf:c5:
                    2f:e0:42:f0:8f:c1:a1:91:9e:f4:ca:d1:db:d4:88:
                    72:aa:b1:fa:8d:97:77:9a:17:13:99:9f:32:32:c6:
                    43:27:02:9b:5f:59:06:7e:af:6a:d0:ff:ba:61:50:
                    1d:14:fb:3f:21:ce:49:e4:11:01:1d:be:ca:ce:c5:
                    18:3d:de:99:69:23:f4:43:06:48:3b:5d:27:e4:15:
                    f2:ac:c8:9b:6c:06:41:97:4e:94:42:39:c5:48:90:
                    5e:1e:b8:15:5d:96:61:42:9e:92:b3:a7:ae:d1:74:
                    ff:f7:75:2b:37:fc:73:7b:fc:ee:35:0c:df:5b:7c:
                    19:60:91:2d:3e:d5:74:fb:bb:c5:1e:4e:86:d3:79:
                    03:16:a5:2b:c4:6e:52:d0:17:f7:13:c7:51:d5:f7:
                    c6:56:fc:17:40:01:a7:4c:fe:ae:fb:0a:d1:fd:25:
                    3c:be:f6:c7:ac:b7:bb:da:0e:2b:b7:7d:b6:8e:54:
                    3f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C7:D0:89:1E:2B:49:A3:EA:CA:F1:5B:4E:34:49:FF:05:57:AF:16
            X509v3 Authority Key Identifier:
                keyid:BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/EsfQiR4rSaPqyvFbTjRJ_wVXrxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.88.0/21
                  37.35.80.0/21
                  46.254.208.0/21
                  80.75.96.0/20
                  84.240.64.0/18
                  93.174.192.0/21
                  149.126.176.0/21
                  185.25.76.0/22
                  185.67.80.0/22
                  188.64.0.0/21
                IPv6:
                  2a00:1a58::/32
                  2a00:74a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:b4:3c:5e:44:74:aa:64:9f:63:8e:0b:1a:68:e7:2c:e7:0f:
         4d:06:78:5c:df:3c:ad:ae:73:1a:c8:ab:37:ab:c0:ac:20:32:
         cd:fe:70:22:bb:6c:e2:cd:0d:39:a3:ec:59:d9:a6:c4:9a:08:
         db:2f:fd:73:cb:7e:80:bf:ac:cf:a8:bf:c9:2c:8c:87:16:fd:
         c9:8a:5d:60:15:59:3e:0f:40:d3:9c:df:4c:4b:e5:30:59:f8:
         69:7e:94:31:f3:c0:ff:c5:ad:39:c8:4b:b4:31:d5:93:2a:e5:
         1c:5e:95:52:fe:35:35:f4:84:12:46:9e:ff:13:ee:80:e9:89:
         8b:06:3a:aa:9a:8f:80:1d:6e:08:63:9d:ec:38:18:ba:c0:17:
         e1:f5:54:98:c3:5d:cf:76:af:2f:55:2c:ef:fe:c2:99:23:1e:
         ba:c7:09:85:9b:6e:10:29:db:8b:16:76:ab:51:2a:c9:28:b0:
         ab:e0:c4:8f:44:b3:34:9c:0b:c3:ad:d6:a0:9b:e7:be:a2:35:
         fb:4f:db:26:54:a1:05:19:97:17:33:c2:0d:2c:0f:f0:0d:c0:
         99:18:fe:8a:7f:c7:98:bf:01:73:a8:b5:36:ad:8f:07:2d:9a:
         6c:a4:e2:dc:79:94:f3:c4:d1:ad:b7:39:58:1f:d6:18:a9:05:
         b4:c3:c6:b0
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYVvAhI5lp3gMswbOmkBPS4vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMzFiY2Y5MjNjNWYyNWNhZmJkYWJkZmRkNDZlNTExZjk1
ZGYwZDEwHhcNMjMwMTAxMjAyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmM3ZDA4OTFlMmI0OWEzZWFjYWYxNWI0ZTM0NDlmZjA1NTdhZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/a0x3vd0TTPQAVxTXH/SYpSFHme
p0FryC9z7Dfhev+B29VyjgqJtyscLGrAKnAU338YfMdL59/fkW2OiwC5SuGsbXJk
Vbfdv8Uv4ELwj8GhkZ70ytHb1IhyqrH6jZd3mhcTmZ8yMsZDJwKbX1kGfq9q0P+6
YVAdFPs/Ic5J5BEBHb7KzsUYPd6ZaSP0QwZIO10n5BXyrMibbAZBl06UQjnFSJBe
HrgVXZZhQp6Ss6eu0XT/93UrN/xze/zuNQzfW3wZYJEtPtV0+7vFHk6G03kDFqUr
xG5S0Bf3E8dR1ffGVvwXQAGnTP6u+wrR/SU8vvbHrLe72g4rt322jlQ/JQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFBLH0IkeK0mj6srxW040Sf8FV68WMB8GA1UdIwQY
MBaAFLoxvPkjxfJcr72r391G5RH5XfDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYt
MWJhMzQzZjE3ZWMyLzEvRXNmUWlSNHJTYVBxeXZGYlRqUkpfd1ZYcnhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYtMWJhMzQzZjE3ZWMy
LzEvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQDBT1YAwQD
JSNQAwQDLv7QAwQEUEtgAwQGVPBAAwQDXa7AAwQDlX6wAwQCuRlMAwQCuUNQAwQD
vEAAMBQEAgACMA4DBQAqABpYAwUAKgB0oDANBgkqhkiG9w0BAQsFAAOCAQEAT7Q8
XkR0qmSfY44LGmjnLOcPTQZ4XN88ra5zGsirN6vArCAyzf5wIrts4s0NOaPsWdmm
xJoI2y/9c8t+gL+sz6i/ySyMhxb9yYpdYBVZPg9A05zfTEvlMFn4aX6UMfPA/8Wt
OchLtDHVkyrlHF6VUv41NfSEEkae/xPugOmJiwY6qpqPgB1uCGOd7DgYusAX4fVU
mMNdz3avL1Us7/7CmSMeuscJhZtuECnbixZ2q1EqySiwq+DEj0SzNJwLw63WoJvn
vqI1+0/bJlShBRmXFzPCDSwP8A3AmRj+in/HmL8Bc6i1Nq2PBy2abKTi3HmU88TR
rbc5WB/WGKkFtMPGsA==
-----END CERTIFICATE-----