Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/tSiOUsDVAFj6PuflnAeR9uUZAFA.roa
File:                     tSiOUsDVAFj6PuflnAeR9uUZAFA.roa (raw, json)
Hash identifier:          qhNfsu1wmspHp/5hYIEU+iODY0EcL15ISWktGa8Zn3U=
Subject key identifier:   B5:28:8E:52:C0:D5:00:58:FA:3E:E7:E5:9C:07:91:F6:E5:19:00:50
Certificate issuer:       /CN=ef4f78947341ce55888b7ebf3690143b0cbff3d6
Certificate serial:       018B42397FC6D278080231311C776BCA5F2A
Authority key identifier: EF:4F:78:94:73:41:CE:55:88:8B:7E:BF:36:90:14:3B:0C:BF:F3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/tSiOUsDVAFj6PuflnAeR9uUZAFA.roa
Signing time:             Wed 18 Oct 2023 09:59:06 +0000
ROA not before:           Wed 18 Oct 2023 09:59:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15954
IP address blocks:        185.49.184.0/22 maxlen: 22
                          31.24.120.0/21 maxlen: 21
                          185.203.224.0/22 maxlen: 22
                          31.47.72.0/21 maxlen: 21
                          193.247.194.0/24 maxlen: 24
                          37.247.120.0/21 maxlen: 21
                          91.216.219.0/24 maxlen: 24
                          217.18.32.0/20 maxlen: 20
                          194.176.119.0/24 maxlen: 24
                          185.57.196.0/22 maxlen: 22
                          185.66.73.0/24 maxlen: 24
                          185.66.74.0/24 maxlen: 24
                          2a01:a941::/32 maxlen: 32
                          2a01:a942::/32 maxlen: 32
                          2a02:2810::/32 maxlen: 32
                          2a01:a940::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:42:39:7f:c6:d2:78:08:02:31:31:1c:77:6b:ca:5f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef4f78947341ce55888b7ebf3690143b0cbff3d6
        Validity
            Not Before: Oct 18 09:59:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b5288e52c0d50058fa3ee7e59c0791f6e5190050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a5:ba:20:da:f7:1e:4b:3a:90:44:e5:00:9a:
                    5f:51:d1:cd:1a:04:15:89:97:87:ec:24:48:c1:5e:
                    e4:29:2e:77:04:4b:18:00:56:89:8d:99:e6:6d:4c:
                    7a:f2:07:2a:7d:83:7c:99:34:0e:bd:e4:5b:ed:f4:
                    f1:11:f7:39:3e:33:88:f9:dd:03:94:c3:bb:4d:5f:
                    08:11:72:d4:f3:c3:69:95:48:f9:99:3e:3b:75:b2:
                    ad:c0:d0:e8:c1:c1:d8:fd:b9:98:b4:92:de:25:04:
                    41:98:38:b1:63:c5:6a:d3:f0:4c:e6:5e:b6:31:f5:
                    48:6f:a5:d8:98:b7:bc:5c:ed:83:98:d1:f6:6e:69:
                    4e:4f:b6:de:e5:2b:bf:e4:71:2e:05:2b:8d:99:38:
                    8b:d7:e3:1a:5e:9a:d6:66:5e:07:91:95:36:3d:5d:
                    c2:4c:3e:b5:e9:a5:41:19:f1:23:57:92:82:08:8f:
                    a6:69:b2:68:00:5e:56:62:e7:d7:83:66:bf:a4:3f:
                    0c:6a:4a:43:ae:f6:43:5d:7b:96:3d:ba:7d:ab:86:
                    1d:ec:6c:ae:06:5c:a2:64:5a:ba:51:0f:d1:d5:2a:
                    04:e6:be:63:a5:12:cf:d4:86:3b:e0:33:5c:31:2a:
                    87:20:8d:fc:fb:f3:af:5b:b8:54:c4:db:36:94:95:
                    49:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:28:8E:52:C0:D5:00:58:FA:3E:E7:E5:9C:07:91:F6:E5:19:00:50
            X509v3 Authority Key Identifier:
                keyid:EF:4F:78:94:73:41:CE:55:88:8B:7E:BF:36:90:14:3B:0C:BF:F3:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/tSiOUsDVAFj6PuflnAeR9uUZAFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/7094lHNBzlWIi36_NpAUOwy_89Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.120.0/21
                  31.47.72.0/21
                  37.247.120.0/21
                  91.216.219.0/24
                  185.49.184.0/22
                  185.57.196.0/22
                  185.66.73.0-185.66.74.255
                  185.203.224.0/22
                  193.247.194.0/24
                  194.176.119.0/24
                  217.18.32.0/20
                IPv6:
                  2a01:a940::-2a01:a942:ffff:ffff:ffff:ffff:ffff:ffff
                  2a02:2810::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:2a:68:f4:44:0d:d4:97:34:37:c6:70:7a:64:10:0d:11:48:
         72:93:c9:5b:69:ea:77:2f:9d:32:5c:cb:82:81:70:a7:eb:d8:
         4b:cc:87:f9:ff:15:71:bc:ce:9a:04:e2:b7:14:23:de:02:72:
         ea:47:95:0f:81:0b:ce:6b:40:7c:ae:f0:f9:1a:80:8d:af:99:
         ef:02:a3:fb:4a:35:82:86:68:72:7d:13:e2:c5:87:88:2c:11:
         8e:ac:9d:41:ae:25:72:42:47:66:c5:3c:04:86:d9:4a:4d:d5:
         f6:e1:eb:d7:9d:43:f4:b5:93:1b:20:76:1a:0e:32:36:90:65:
         1e:75:10:77:af:03:82:3c:a1:0a:50:34:3b:ce:c4:b3:b6:c5:
         f9:dd:21:f5:de:a7:33:5f:76:58:5b:27:04:c1:01:a3:5e:2f:
         b5:45:2a:2c:07:e1:90:57:5a:71:04:ad:22:a6:b6:65:43:db:
         52:ba:e3:10:fd:8a:76:a8:f3:7f:1e:ca:b0:4e:7b:fa:b5:c5:
         9e:48:37:ed:19:3b:ab:29:8d:07:aa:a3:21:05:6a:a0:b8:74:
         35:6c:0f:7e:8e:da:b2:cd:36:c5:0e:ee:28:2c:f3:2f:d6:87:
         b2:d3:b8:df:36:b2:f7:cc:c1:73:d3:8f:82:e2:18:c6:69:73:
         f5:79:e9:c7
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAYtCOX/G0ngIAjExHHdryl8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNGY3ODk0NzM0MWNlNTU4ODhiN2ViZjM2OTAxNDNiMGNi
ZmYzZDYwHhcNMjMxMDE4MDk1OTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTI4OGU1MmMwZDUwMDU4ZmEzZWU3ZTU5YzA3OTFmNmU1MTkwMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqW6INr3Hks6kETlAJpfUdHNGgQV
iZeH7CRIwV7kKS53BEsYAFaJjZnmbUx68gcqfYN8mTQOveRb7fTxEfc5PjOI+d0D
lMO7TV8IEXLU88NplUj5mT47dbKtwNDowcHY/bmYtJLeJQRBmDixY8Vq0/BM5l62
MfVIb6XYmLe8XO2DmNH2bmlOT7be5Su/5HEuBSuNmTiL1+MaXprWZl4HkZU2PV3C
TD616aVBGfEjV5KCCI+mabJoAF5WYufXg2a/pD8MakpDrvZDXXuWPbp9q4Yd7Gyu
BlyiZFq6UQ/R1SoE5r5jpRLP1IY74DNcMSqHII38+/OvW7hUxNs2lJVJtwIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFLUojlLA1QBY+j7n5ZwHkfblGQBQMB8GA1UdIwQY
MBaAFO9PeJRzQc5ViIt+vzaQFDsMv/PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzA5NGxITkJ6bFdJaTM2X05wQVVPd3lfODlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wMDVjOWUtZmU3Yy00NjlhLWI2ZjAt
OWJhYTY2Y2ExNDA0LzEvdFNpT1VzRFZBRmo2UHVmbG5BZVI5dVVaQUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wMDVjOWUtZmU3Yy00NjlhLWI2ZjAtOWJhYTY2Y2ExNDA0
LzEvNzA5NGxITkJ6bFdJaTM2X05wQVVPd3lfODlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwUAQCAAEwSgMEAx8YeAME
Ax8vSAMEAyX3eAMEAFvY2wMEArkxuAMEArk5xDAMAwQAuUJJAwQAuUJKAwQCucvg
AwQAwffCAwQAwrB3AwQE2RIgMB0EAgACMBcwDgMFBioBqUADBQAqAalCAwUAKgIo
EDANBgkqhkiG9w0BAQsFAAOCAQEAhCpo9EQN1Jc0N8ZwemQQDRFIcpPJW2nqdy+d
MlzLgoFwp+vYS8yH+f8VcbzOmgTitxQj3gJy6keVD4ELzmtAfK7w+RqAja+Z7wKj
+0o1goZocn0T4sWHiCwRjqydQa4lckJHZsU8BIbZSk3V9uHr151D9LWTGyB2Gg4y
NpBlHnUQd68DgjyhClA0O87Es7bF+d0h9d6nM192WFsnBMEBo14vtUUqLAfhkFda
cQStIqa2ZUPbUrrjEP2Kdqjzfx7KsE57+rXFnkg37Rk7qymNB6qjIQVqoLh0NWwP
fo7ass02xQ7uKCzzL9aHstO43zay98zBc9OPguIYxmlz9Xnpxw==
-----END CERTIFICATE-----