Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/83535a-e1bd-4fb7-9f09-7b7e976c8412/1/doJv225Fa8R6MhuArE8ziQne25U.roa
File:                     doJv225Fa8R6MhuArE8ziQne25U.roa (raw, json)
Hash identifier:          bl9lTqz9GU6H4/2u+7KS+s7aF6H4hxQodD61fZFHSTg=
Subject key identifier:   76:82:6F:DB:6E:45:6B:C4:7A:32:1B:80:AC:4F:33:89:09:DE:DB:95
Certificate issuer:       /CN=1fa795167d2d9fb420941f17287bdf3c5eed8df9
Certificate serial:       018AEF9BCDC0FEE14E35A58E1E26057041BA
Authority key identifier: 1F:A7:95:16:7D:2D:9F:B4:20:94:1F:17:28:7B:DF:3C:5E:ED:8D:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H6eVFn0tn7QglB8XKHvfPF7tjfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/83535a-e1bd-4fb7-9f09-7b7e976c8412/1/doJv225Fa8R6MhuArE8ziQne25U.roa
Signing time:             Mon 02 Oct 2023 08:57:59 +0000
ROA not before:           Mon 02 Oct 2023 08:57:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43571
IP address blocks:        178.19.48.0/20 maxlen: 24
                          91.220.138.0/24 maxlen: 24
                          213.181.96.0/19 maxlen: 24
                          46.182.184.0/21 maxlen: 24
                          185.111.36.0/22 maxlen: 24
                          149.126.80.0/21 maxlen: 24
                          185.152.116.0/22 maxlen: 24
                          185.40.120.0/22 maxlen: 24
                          78.40.248.0/21 maxlen: 24
                          157.97.0.0/19 maxlen: 24
                          2a01:6f00::/29 maxlen: 48
                          2a01:8280::/32 maxlen: 64

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ef:9b:cd:c0:fe:e1:4e:35:a5:8e:1e:26:05:70:41:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fa795167d2d9fb420941f17287bdf3c5eed8df9
        Validity
            Not Before: Oct  2 08:57:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=76826fdb6e456bc47a321b80ac4f338909dedb95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:37:b4:cb:03:a1:0e:84:fb:2f:a4:79:b3:6a:
                    4a:c3:60:02:f2:6b:3e:aa:1f:40:40:7e:e5:98:4e:
                    6d:7a:b5:91:58:95:dd:f7:e9:6f:81:07:f9:e7:9c:
                    da:81:3b:b6:7c:e2:eb:39:f6:b1:2f:31:c1:c2:3a:
                    d3:7f:79:3b:fb:c8:07:24:1f:fc:e1:a1:2d:7f:a4:
                    8a:b7:49:ef:5b:54:68:61:62:06:53:f6:39:4f:75:
                    ba:2b:c3:f2:d6:09:2b:82:d4:64:49:a0:c0:17:5f:
                    a4:ab:65:68:80:17:9c:ee:e7:a3:74:d2:48:4b:6f:
                    2a:0a:84:e0:91:bb:be:f3:be:87:be:78:f3:d4:a3:
                    f7:e0:40:74:30:b3:a6:d6:b8:9c:33:30:3c:d0:6f:
                    9a:a9:ee:67:71:3c:32:d1:d0:4c:8d:58:5d:d2:b3:
                    fe:16:7a:aa:47:c3:0f:48:7a:3d:da:93:8a:f9:7b:
                    57:8b:06:1d:8a:22:35:47:9c:e2:25:19:60:94:08:
                    90:41:b9:6b:75:1a:8f:fa:80:98:0d:f1:9a:7b:e4:
                    9b:4c:99:32:db:16:ca:6b:f2:93:f1:1f:6a:94:04:
                    89:dc:b1:92:2c:70:e0:f8:14:9a:58:8a:a3:50:99:
                    95:86:75:ed:25:8b:97:14:7d:02:3b:34:db:52:85:
                    4e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:82:6F:DB:6E:45:6B:C4:7A:32:1B:80:AC:4F:33:89:09:DE:DB:95
            X509v3 Authority Key Identifier:
                keyid:1F:A7:95:16:7D:2D:9F:B4:20:94:1F:17:28:7B:DF:3C:5E:ED:8D:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H6eVFn0tn7QglB8XKHvfPF7tjfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/83535a-e1bd-4fb7-9f09-7b7e976c8412/1/doJv225Fa8R6MhuArE8ziQne25U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/83535a-e1bd-4fb7-9f09-7b7e976c8412/1/H6eVFn0tn7QglB8XKHvfPF7tjfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.184.0/21
                  78.40.248.0/21
                  91.220.138.0/24
                  149.126.80.0/21
                  157.97.0.0/19
                  178.19.48.0/20
                  185.40.120.0/22
                  185.111.36.0/22
                  185.152.116.0/22
                  213.181.96.0/19
                IPv6:
                  2a01:6f00::/29
                  2a01:8280::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:3b:21:31:a7:c9:3d:a6:e1:d1:7d:a0:a7:01:a2:53:89:59:
         e0:1c:2d:26:c7:da:5b:a2:ff:b7:9a:bc:5c:67:5c:23:ee:c9:
         5d:b1:79:87:c4:5e:8f:a5:52:4c:01:fb:f6:6f:d6:56:c9:f8:
         6e:89:ed:f7:5c:0c:95:69:dc:09:f6:b9:4b:43:68:ce:8e:09:
         79:0c:7b:16:82:9f:11:42:df:99:ed:16:70:fb:9e:eb:e4:74:
         9b:97:e1:63:ed:4f:41:5f:8b:2a:db:c9:04:cf:69:a6:02:b5:
         18:b7:4b:96:e8:04:91:a7:4b:c9:18:b4:d9:b1:e3:d7:ac:95:
         30:d8:69:ba:18:da:87:0d:16:f4:8b:7f:ba:f2:28:d9:25:c6:
         ab:be:8c:40:7a:0c:d2:1b:ec:b8:94:bd:ca:bf:ea:78:3b:b5:
         c9:e6:d4:16:6d:32:73:d4:5b:30:03:f2:6d:2c:f8:95:8f:ed:
         7d:d2:eb:c1:9b:42:9a:29:c8:8b:de:2e:98:70:bc:12:9e:0a:
         2e:11:8a:7e:d7:31:11:d7:e2:f4:bf:0e:f8:9e:ed:d1:54:0d:
         cc:79:d5:e9:94:5f:d1:ec:19:0f:57:1f:9e:87:25:93:6e:06:
         c4:58:74:10:ff:88:3b:c9:18:ae:60:32:e2:36:7d:88:ff:a2:
         97:82:b5:27
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYrvm83A/uFONaWOHiYFcEG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYTc5NTE2N2QyZDlmYjQyMDk0MWYxNzI4N2JkZjNjNWVl
ZDhkZjkwHhcNMjMxMDAyMDg1NzU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjgyNmZkYjZlNDU2YmM0N2EzMjFiODBhYzRmMzM4OTA5ZGVkYjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDe0ywOhDoT7L6R5s2pKw2AC8ms+
qh9AQH7lmE5terWRWJXd9+lvgQf555zagTu2fOLrOfaxLzHBwjrTf3k7+8gHJB/8
4aEtf6SKt0nvW1RoYWIGU/Y5T3W6K8Py1gkrgtRkSaDAF1+kq2VogBec7uejdNJI
S28qCoTgkbu+876Hvnjz1KP34EB0MLOm1ricMzA80G+aqe5ncTwy0dBMjVhd0rP+
FnqqR8MPSHo92pOK+XtXiwYdiiI1R5ziJRlglAiQQblrdRqP+oCYDfGae+SbTJky
2xbKa/KT8R9qlASJ3LGSLHDg+BSaWIqjUJmVhnXtJYuXFH0COzTbUoVOAwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFHaCb9tuRWvEejIbgKxPM4kJ3tuVMB8GA1UdIwQY
MBaAFB+nlRZ9LZ+0IJQfFyh73zxe7Y35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDZlVkZuMHRuN1FnbEI4WEtIdmZQRjd0amZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC84MzUzNWEtZTFiZC00ZmI3LTlmMDkt
N2I3ZTk3NmM4NDEyLzEvZG9KdjIyNUZhOFI2TWh1QXJFOHppUW5lMjVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC84MzUzNWEtZTFiZC00ZmI3LTlmMDktN2I3ZTk3NmM4NDEy
LzEvSDZlVkZuMHRuN1FnbEI4WEtIdmZQRjd0amZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQDLra4AwQD
Tij4AwQAW9yKAwQDlX5QAwQFnWEAAwQEshMwAwQCuSh4AwQCuW8kAwQCuZh0AwQF
1bVgMBQEAgACMA4DBQMqAW8AAwUAKgGCgDANBgkqhkiG9w0BAQsFAAOCAQEALjsh
MafJPabh0X2gpwGiU4lZ4BwtJsfaW6L/t5q8XGdcI+7JXbF5h8Rej6VSTAH79m/W
Vsn4bont91wMlWncCfa5S0Nozo4JeQx7FoKfEULfme0WcPue6+R0m5fhY+1PQV+L
KtvJBM9ppgK1GLdLlugEkadLyRi02bHj16yVMNhpuhjahw0W9It/uvIo2SXGq76M
QHoM0hvsuJS9yr/qeDu1yebUFm0yc9RbMAPybSz4lY/tfdLrwZtCminIi94umHC8
Ep4KLhGKftcxEdfi9L8O+J7t0VQNzHnV6ZRf0ewZD1cfnoclk24GxFh0EP+IO8kY
rmAy4jZ9iP+il4K1Jw==
-----END CERTIFICATE-----