Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/E2m4inRtPLXDvPkMfKG1NS5JlEQ.roa
File:                     E2m4inRtPLXDvPkMfKG1NS5JlEQ.roa (raw, json)
Hash identifier:          5XOOs6p/tgsZw9ZhJmDjt8v1LNAMSLRulqO0rfZz1E8=
Subject key identifier:   13:69:B8:8A:74:6D:3C:B5:C3:BC:F9:0C:7C:A1:B5:35:2E:49:94:44
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       0187E24DD00309BDEDAD8E7FFFAE6D845DE8
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/E2m4inRtPLXDvPkMfKG1NS5JlEQ.roa
Signing time:             Wed 03 May 2023 15:49:22 +0000
ROA not before:           Wed 03 May 2023 15:49:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21502
IP address blocks:        77.128.0.0/13 maxlen: 24
                          87.231.0.0/16 maxlen: 24
                          77.140.0.0/14 maxlen: 24
                          81.64.0.0/14 maxlen: 24
                          89.157.88.0/21 maxlen: 21
                          89.157.96.0/19 maxlen: 19
                          84.4.0.0/14 maxlen: 24
                          79.80.0.0/12 maxlen: 24
                          77.144.0.0/12 maxlen: 24
                          78.112.0.0/12 maxlen: 24
                          77.192.0.0/12 maxlen: 24
                          77.136.0.0/16 maxlen: 24
                          85.168.0.0/14 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e2:4d:d0:03:09:bd:ed:ad:8e:7f:ff:ae:6d:84:5d:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: May  3 15:49:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1369b88a746d3cb5c3bcf90c7ca1b5352e499444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b1:ce:25:3f:8b:d4:f3:5d:84:65:ed:77:d1:
                    a5:0a:cb:b3:0c:44:62:7c:bb:8f:59:ec:c9:b2:53:
                    c8:3d:73:71:1b:53:a9:23:a8:51:36:21:1c:f1:6d:
                    ab:09:88:79:4a:22:28:c3:81:a7:81:1a:6f:97:b6:
                    0e:f7:c9:60:b8:94:76:58:3c:6f:a1:c7:c4:fb:9c:
                    2e:8d:94:d5:45:aa:86:09:04:3d:1b:ab:64:aa:d2:
                    4c:7a:f3:70:03:2d:7c:bf:1a:b6:7d:bd:e7:dd:04:
                    46:32:c4:a6:50:25:ae:5c:1a:c6:c6:37:8a:b2:63:
                    bf:af:e8:5a:60:b3:cf:1f:dc:ba:5c:dc:3f:eb:29:
                    f7:62:70:20:60:0b:68:ad:cd:55:4f:78:33:79:01:
                    7b:77:55:32:7b:96:83:49:36:93:f9:40:15:e2:e9:
                    35:cb:07:7e:28:55:02:a4:06:6e:86:18:08:88:b1:
                    71:bb:8c:87:5b:81:aa:dd:30:e3:7f:df:9a:4f:f9:
                    77:80:e8:79:1e:54:77:3b:fc:46:f3:e2:1e:76:ca:
                    b3:8f:95:53:84:3c:8f:b8:35:81:f1:f1:dd:b4:3b:
                    d2:ea:f1:95:45:25:98:9e:28:ff:19:d1:64:bf:ec:
                    31:ae:e8:84:e5:a6:59:9d:cd:92:76:d1:51:9d:77:
                    b5:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:69:B8:8A:74:6D:3C:B5:C3:BC:F9:0C:7C:A1:B5:35:2E:49:94:44
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/E2m4inRtPLXDvPkMfKG1NS5JlEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.128.0.0-77.136.255.255
                  77.140.0.0-77.159.255.255
                  77.192.0.0/12
                  78.112.0.0/12
                  79.80.0.0/12
                  81.64.0.0/14
                  84.4.0.0/14
                  85.168.0.0/14
                  87.231.0.0/16
                  89.157.88.0-89.157.127.255

    Signature Algorithm: sha256WithRSAEncryption
         9a:a2:57:fc:8b:30:eb:6a:45:73:67:91:a2:b7:f8:d2:4b:23:
         6a:bf:02:e8:a3:30:d0:2f:15:a1:e8:88:89:0f:6e:27:a4:45:
         61:0c:4d:d7:19:09:95:5c:4f:f5:c0:89:38:fd:cc:1e:d5:55:
         6e:e4:cf:3f:cf:3a:61:55:8f:95:47:24:03:e2:2f:30:48:45:
         a6:7c:9c:26:21:d3:6d:d4:ca:a2:11:e8:b9:ae:76:40:3b:06:
         5a:59:41:2f:11:19:b5:e8:32:f3:22:bb:c0:21:45:f4:6e:35:
         4c:65:5f:48:ba:99:f0:16:ce:b1:51:97:e1:71:8d:a0:8f:a2:
         21:c6:ca:6d:20:a9:28:60:14:63:9a:f4:af:bf:d2:42:75:35:
         a7:4e:e5:38:94:5e:a2:56:ca:18:ca:9c:d0:c1:0c:f2:13:8e:
         6b:43:c5:f1:24:7c:79:e5:c2:40:ac:2c:80:ab:4d:f8:fa:94:
         b3:5b:ef:97:69:62:02:51:7d:54:e0:df:8d:5e:fc:16:c9:22:
         b6:4a:50:e1:e0:10:ca:00:67:9e:74:03:62:9a:74:a2:54:c2:
         80:72:3c:80:36:45:49:65:c7:b8:01:47:7a:f4:a7:35:28:07:
         18:2e:dd:84:4f:88:99:48:1e:23:1c:c7:6c:3c:ec:2c:c3:c8:
         7c:0a:0b:db
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYfiTdADCb3trY5//65thF3oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjMwNTAzMTU0OTIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzY5Yjg4YTc0NmQzY2I1YzNiY2Y5MGM3Y2ExYjUzNTJlNDk5NDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7HOJT+L1PNdhGXtd9GlCsuzDERi
fLuPWezJslPIPXNxG1OpI6hRNiEc8W2rCYh5SiIow4GngRpvl7YO98lguJR2WDxv
ocfE+5wujZTVRaqGCQQ9G6tkqtJMevNwAy18vxq2fb3n3QRGMsSmUCWuXBrGxjeK
smO/r+haYLPPH9y6XNw/6yn3YnAgYAtorc1VT3gzeQF7d1Uye5aDSTaT+UAV4uk1
ywd+KFUCpAZuhhgIiLFxu4yHW4Gq3TDjf9+aT/l3gOh5HlR3O/xG8+Iedsqzj5VT
hDyPuDWB8fHdtDvS6vGVRSWYnij/GdFkv+wxruiE5aZZnc2SdtFRnXe1GQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFBNpuIp0bTy1w7z5DHyhtTUuSZREMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvRTJtNGluUnRQTFhEdlBrTWZLRzFOUzVKbEVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTBPBAIAATBJMAoDAwdNgAMD
AE2IMAoDAwJNjAMDBU2AAwMETcADAwROcAMDBE9QAwMCUUADAwJUBAMDAlWoAwMA
V+cwDAMEA1mdWAMEB1mdADANBgkqhkiG9w0BAQsFAAOCAQEAmqJX/Isw62pFc2eR
orf40ksjar8C6KMw0C8VoeiIiQ9uJ6RFYQxN1xkJlVxP9cCJOP3MHtVVbuTPP886
YVWPlUckA+IvMEhFpnycJiHTbdTKohHoua52QDsGWllBLxEZtegy8yK7wCFF9G41
TGVfSLqZ8BbOsVGX4XGNoI+iIcbKbSCpKGAUY5r0r7/SQnU1p07lOJReolbKGMqc
0MEM8hOOa0PF8SR8eeXCQKwsgKtN+PqUs1vvl2liAlF9VODfjV78FskitkpQ4eAQ
ygBnnnQDYpp0olTCgHI8gDZFSWXHuAFHevSnNSgHGC7dhE+ImUgeIxzHbDzsLMPI
fAoL2w==
-----END CERTIFICATE-----