Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/zhiUK3fohjwY3stQBnwHVYAjACQ.roa
File:                     zhiUK3fohjwY3stQBnwHVYAjACQ.roa (raw, json)
Hash identifier:          g6RKYKyuGPIy2dY6lhvt06cLUa3g5nTuSIA+uakVqY0=
Subject key identifier:   CE:18:94:2B:77:E8:86:3C:18:DE:CB:50:06:7C:07:55:80:23:00:24
Certificate issuer:       /CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
Certificate serial:       018AB4B4B8F0A91256191202C2E40DF45B38
Authority key identifier: E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/zhiUK3fohjwY3stQBnwHVYAjACQ.roa
Signing time:             Wed 20 Sep 2023 22:27:37 +0000
ROA not before:           Wed 20 Sep 2023 22:27:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        151.186.192.0/24 maxlen: 24
                          151.186.192.0/20 maxlen: 24
                          151.186.193.0/24 maxlen: 24
                          151.186.196.0/24 maxlen: 24
                          151.186.194.0/24 maxlen: 24
                          151.186.195.0/24 maxlen: 24
                          151.186.199.0/24 maxlen: 24
                          151.186.197.0/24 maxlen: 24
                          151.186.198.0/24 maxlen: 24
                          151.186.203.0/24 maxlen: 24
                          151.186.201.0/24 maxlen: 24
                          151.186.202.0/24 maxlen: 24
                          151.186.206.0/24 maxlen: 24
                          151.186.204.0/24 maxlen: 24
                          151.186.205.0/24 maxlen: 24
                          151.186.200.0/24 maxlen: 24
                          151.186.207.0/24 maxlen: 24
                          151.186.172.0/22 maxlen: 24
                          151.186.172.0/24 maxlen: 24
                          151.186.175.0/24 maxlen: 24
                          151.186.173.0/24 maxlen: 24
                          151.186.174.0/24 maxlen: 24
                          151.186.176.0/20 maxlen: 24
                          2a04:e4c4:5::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b4:b4:b8:f0:a9:12:56:19:12:02:c2:e4:0d:f4:5b:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
        Validity
            Not Before: Sep 20 22:27:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ce18942b77e8863c18decb50067c075580230024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:57:eb:0b:94:31:78:c0:76:66:82:70:3c:ca:
                    c1:4d:3a:77:4c:a5:85:fc:e9:e7:24:59:72:d7:f1:
                    8e:f1:86:54:92:4c:4a:c8:3b:95:e6:be:4d:53:cb:
                    60:e2:91:64:b9:74:39:af:25:5e:62:37:d5:fb:11:
                    e3:ba:f8:2e:8d:35:2c:f4:ab:c0:b9:13:89:3f:25:
                    19:88:3f:90:c5:e5:60:78:0b:7b:24:ff:f5:66:a1:
                    1e:d1:62:0f:b8:5e:c7:5a:bc:cf:2e:00:ea:0d:1a:
                    bb:0a:30:17:13:17:29:a3:ce:38:55:18:c9:c7:f1:
                    64:51:38:37:9e:6d:24:8e:42:84:a6:91:d7:b5:6f:
                    96:e1:2f:db:8a:de:f1:cf:1d:0e:74:3d:fc:16:26:
                    d1:fa:6e:99:c5:85:1d:f2:d9:b3:8a:3d:17:32:3d:
                    83:93:16:2a:a4:dd:06:cb:83:c2:ba:3f:9a:d5:0c:
                    b1:0b:ea:db:6a:46:02:ca:47:c9:ed:e4:ed:48:1e:
                    62:88:ee:c0:1e:d1:a4:3a:be:f0:a9:b2:90:18:3e:
                    d6:c5:6c:74:1d:e0:72:da:43:5d:33:f6:36:17:59:
                    57:58:5f:cd:9d:54:ed:bc:55:5f:b8:d3:66:ad:e0:
                    df:29:1d:00:96:f7:c4:bd:5d:61:a4:41:de:11:23:
                    44:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:18:94:2B:77:E8:86:3C:18:DE:CB:50:06:7C:07:55:80:23:00:24
            X509v3 Authority Key Identifier:
                keyid:E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/zhiUK3fohjwY3stQBnwHVYAjACQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.186.172.0-151.186.207.255
                IPv6:
                  2a04:e4c4:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:3c:89:e2:19:1c:63:f4:19:0a:86:6c:fa:75:20:7e:b2:07:
         6e:9f:e8:9f:91:75:7c:a7:ca:d2:3a:b7:31:de:e1:e2:f6:4d:
         63:15:83:d1:5e:3d:9e:78:c6:0d:fb:bc:ef:84:6d:22:c7:b0:
         b6:15:14:2c:d2:e6:96:48:75:21:c3:f5:94:34:2b:a5:80:5e:
         b2:bb:b3:c0:dc:af:cc:63:93:b6:39:fa:4f:1c:eb:45:e8:c3:
         47:90:98:84:f7:ee:fc:cf:6b:1d:db:bb:06:06:72:c2:15:13:
         8b:d3:4e:70:fe:c2:81:4f:d9:48:ae:13:c3:8e:83:0a:d3:7f:
         9e:58:7e:4a:7b:6d:6c:7f:91:03:9c:d6:04:a5:48:e8:45:6d:
         0a:5b:be:75:6b:86:f2:dd:0f:43:64:c4:1d:cf:d2:28:49:ea:
         79:13:f8:46:43:2b:c4:1d:ac:12:66:af:6c:40:11:35:c4:cd:
         1c:3a:84:1b:c5:7f:91:ce:17:ee:3e:6d:0f:35:6e:50:b6:75:
         b5:bd:76:56:15:8b:fd:fc:79:b3:73:35:08:14:83:16:0b:ab:
         f5:0b:46:2b:7e:9f:c7:03:fa:a3:dc:ce:31:d5:2d:35:0a:e1:
         28:ed:05:5b:eb:f7:f9:e1:9d:fc:db:59:1a:bb:f1:84:0b:fe:
         23:89:1a:68
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYq0tLjwqRJWGRICwuQN9Fs4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTMzZGNhZjJiMWViZjVkYWRlNWEzM2FhMWIyZmI5OWQy
Njg5YmEwHhcNMjMwOTIwMjIyNzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTE4OTQyYjc3ZTg4NjNjMThkZWNiNTAwNjdjMDc1NTgwMjMwMDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVfrC5QxeMB2ZoJwPMrBTTp3TKWF
/OnnJFly1/GO8YZUkkxKyDuV5r5NU8tg4pFkuXQ5ryVeYjfV+xHjuvgujTUs9KvA
uROJPyUZiD+QxeVgeAt7JP/1ZqEe0WIPuF7HWrzPLgDqDRq7CjAXExcpo844VRjJ
x/FkUTg3nm0kjkKEppHXtW+W4S/bit7xzx0OdD38FibR+m6ZxYUd8tmzij0XMj2D
kxYqpN0Gy4PCuj+a1QyxC+rbakYCykfJ7eTtSB5iiO7AHtGkOr7wqbKQGD7WxWx0
HeBy2kNdM/Y2F1lXWF/NnVTtvFVfuNNmreDfKR0AlvfEvV1hpEHeESNEgQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFM4YlCt36IY8GN7LUAZ8B1WAIwAkMB8GA1UdIwQY
MBaAFOcTPcrysev12t5aM6obL7mdJom6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUt
MTljZTQ2YTQyZmE0LzEvemhpVUszZm9oandZM3N0UUJud0hWWUFqQUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUtMTljZTQ2YTQyZmE0
LzEvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAKXuqwD
BASXusAwDwQCAAIwCQMHACoE5MQABTANBgkqhkiG9w0BAQsFAAOCAQEAMDyJ4hkc
Y/QZCoZs+nUgfrIHbp/on5F1fKfK0jq3Md7h4vZNYxWD0V49nnjGDfu874RtIsew
thUULNLmlkh1IcP1lDQrpYBesruzwNyvzGOTtjn6TxzrRejDR5CYhPfu/M9rHdu7
BgZywhUTi9NOcP7CgU/ZSK4Tw46DCtN/nlh+SnttbH+RA5zWBKVI6EVtClu+dWuG
8t0PQ2TEHc/SKEnqeRP4RkMrxB2sEmavbEARNcTNHDqEG8V/kc4X7j5tDzVuULZ1
tb12VhWL/fx5s3M1CBSDFgur9QtGK36fxwP6o9zOMdUtNQrhKO0FW+v3+eGd/NtZ
GrvxhAv+I4kaaA==
-----END CERTIFICATE-----