Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/wYP4kg2soGqK0qk4YBa4f1TBGpc.roa
File:                     wYP4kg2soGqK0qk4YBa4f1TBGpc.roa (raw, json)
Hash identifier:          GsFAQrknnsIEDZMH/Mg74Ee6deXmz6lr+rSOCEk2fLA=
Subject key identifier:   C1:83:F8:92:0D:AC:A0:6A:8A:D2:A9:38:60:16:B8:7F:54:C1:1A:97
Certificate issuer:       /CN=1f0614e195c1656a28e8b19b22784e8b55bb4533
Certificate serial:       01856B9376B03D62F089B84E75536FEB4BC8
Authority key identifier: 1F:06:14:E1:95:C1:65:6A:28:E8:B1:9B:22:78:4E:8B:55:BB:45:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HwYU4ZXBZWoo6LGbInhOi1W7RTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/wYP4kg2soGqK0qk4YBa4f1TBGpc.roa
Signing time:             Sun 01 Jan 2023 04:25:04 +0000
ROA not before:           Sun 01 Jan 2023 04:25:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51373
IP address blocks:        185.44.217.0/24 maxlen: 24
                          185.44.216.0/24 maxlen: 24
                          185.44.216.0/22 maxlen: 22
                          185.44.219.0/24 maxlen: 24
                          185.44.218.0/24 maxlen: 24
                          185.80.59.0/24 maxlen: 24
                          193.33.8.0/23 maxlen: 23
                          94.24.79.0/24 maxlen: 24
                          91.218.159.0/24 maxlen: 24
                          91.218.158.0/24 maxlen: 24
                          91.218.157.0/24 maxlen: 24
                          91.218.156.0/24 maxlen: 24
                          91.218.156.0/22 maxlen: 22
                          94.24.28.0/24 maxlen: 24
                          178.251.120.0/24 maxlen: 24
                          2a04:9a40::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:93:76:b0:3d:62:f0:89:b8:4e:75:53:6f:eb:4b:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f0614e195c1656a28e8b19b22784e8b55bb4533
        Validity
            Not Before: Jan  1 04:25:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c183f8920daca06a8ad2a9386016b87f54c11a97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:65:64:9d:7f:c7:ae:b2:d4:aa:cc:76:e6:50:
                    fd:88:d3:77:17:e2:9c:5e:d6:a9:0e:a8:f2:b5:92:
                    e1:ed:3f:5c:27:9d:dd:13:a1:ca:38:13:41:5c:1f:
                    32:e5:96:f1:64:42:fa:82:31:bb:94:11:90:e6:84:
                    53:db:e6:09:73:31:f5:18:ec:bc:30:e5:f0:be:d1:
                    1b:cb:10:fc:a6:02:6b:95:f3:9a:fd:64:b0:a9:1c:
                    a4:06:6e:02:13:60:5a:a5:e9:9f:d4:f7:df:52:1a:
                    8f:54:b9:f1:be:af:b9:42:56:2f:0c:0d:ac:ea:e5:
                    1b:57:be:69:83:83:d1:51:b1:71:9f:9d:43:61:a3:
                    52:a7:cd:7c:20:66:64:fc:5b:0e:9c:84:ad:4d:b0:
                    fd:ae:0e:a9:67:82:4f:f0:17:3e:22:74:82:4b:51:
                    0f:a0:c0:f0:ab:fc:34:90:0d:b0:ab:12:be:77:0c:
                    ab:e6:91:99:85:24:d6:ec:43:bb:93:4b:cb:e8:d8:
                    49:b0:cb:40:3e:40:0d:27:b5:3d:8d:e2:9e:29:ab:
                    be:81:3c:31:52:04:d5:17:c5:5b:2b:0d:10:78:91:
                    81:7d:61:4b:0f:9e:c1:10:09:27:7c:a2:6a:29:51:
                    fd:6c:77:36:78:64:30:8e:39:71:04:da:0b:37:bc:
                    a3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:83:F8:92:0D:AC:A0:6A:8A:D2:A9:38:60:16:B8:7F:54:C1:1A:97
            X509v3 Authority Key Identifier:
                keyid:1F:06:14:E1:95:C1:65:6A:28:E8:B1:9B:22:78:4E:8B:55:BB:45:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HwYU4ZXBZWoo6LGbInhOi1W7RTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/wYP4kg2soGqK0qk4YBa4f1TBGpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/10ebcc-c832-4d33-88b5-bef872daece7/1/HwYU4ZXBZWoo6LGbInhOi1W7RTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.156.0/22
                  94.24.28.0/24
                  94.24.79.0/24
                  178.251.120.0/24
                  185.44.216.0/22
                  185.80.59.0/24
                  193.33.8.0/23
                IPv6:
                  2a04:9a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:a6:05:4d:b9:8a:6a:b8:de:7b:37:0f:21:70:35:50:47:c2:
         9c:ea:de:b4:41:57:e5:a8:24:b6:0f:62:3d:70:8d:bb:7d:10:
         b5:17:32:69:57:84:13:85:13:03:d7:0d:2c:64:70:3d:b3:90:
         16:c1:29:16:38:d1:bb:7e:e6:2e:a1:af:ba:8c:83:ce:33:c4:
         dd:88:eb:61:ca:a0:74:1b:a0:53:79:09:04:d6:14:9f:ab:de:
         72:9f:be:55:29:6c:c3:c5:a6:4a:a2:ba:bc:95:b2:50:24:a5:
         ac:37:f4:d7:64:48:08:b7:85:3e:46:d8:c5:96:d0:07:a0:a5:
         37:94:62:5f:9e:12:cc:f1:e4:bb:04:c5:22:64:39:a5:ea:a8:
         c5:48:18:f7:15:77:b4:19:db:86:fa:50:e8:bd:af:7e:4f:ec:
         74:45:db:2d:1a:0c:67:f7:d4:a5:94:d8:36:5c:19:0e:55:8c:
         76:3a:4f:f2:00:aa:7e:01:cd:bd:1d:08:d9:f2:d0:a2:07:45:
         41:af:83:9d:64:83:c6:5b:2f:54:e2:a5:12:e6:8b:8e:8c:27:
         7a:d3:5d:f1:a3:1d:78:10:41:2d:0c:3d:85:21:45:c7:07:ff:
         0c:6a:f0:2d:89:5a:84:b0:5a:d1:1e:0a:a4:bb:81:d9:ed:fd:
         84:fa:6e:44
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVrk3awPWLwibhOdVNv60vIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMDYxNGUxOTVjMTY1NmEyOGU4YjE5YjIyNzg0ZThiNTVi
YjQ1MzMwHhcNMjMwMTAxMDQyNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTgzZjg5MjBkYWNhMDZhOGFkMmE5Mzg2MDE2Yjg3ZjU0YzExYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2VknX/HrrLUqsx25lD9iNN3F+Kc
XtapDqjytZLh7T9cJ53dE6HKOBNBXB8y5ZbxZEL6gjG7lBGQ5oRT2+YJczH1GOy8
MOXwvtEbyxD8pgJrlfOa/WSwqRykBm4CE2Bapemf1PffUhqPVLnxvq+5QlYvDA2s
6uUbV75pg4PRUbFxn51DYaNSp818IGZk/FsOnIStTbD9rg6pZ4JP8Bc+InSCS1EP
oMDwq/w0kA2wqxK+dwyr5pGZhSTW7EO7k0vL6NhJsMtAPkANJ7U9jeKeKau+gTwx
UgTVF8VbKw0QeJGBfWFLD57BEAknfKJqKVH9bHc2eGQwjjlxBNoLN7yjJQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFMGD+JINrKBqitKpOGAWuH9UwRqXMB8GA1UdIwQY
MBaAFB8GFOGVwWVqKOixmyJ4TotVu0UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHdZVTRaWEJaV29vNkxHYkluaE9pMVc3UlRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xMGViY2MtYzgzMi00ZDMzLTg4YjUt
YmVmODcyZGFlY2U3LzEvd1lQNGtnMnNvR3FLMHFrNFlCYTRmMVRCR3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xMGViY2MtYzgzMi00ZDMzLTg4YjUtYmVmODcyZGFlY2U3
LzEvSHdZVTRaWEJaV29vNkxHYkluaE9pMVc3UlRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCW9qcAwQA
XhgcAwQAXhhPAwQAsvt4AwQCuSzYAwQAuVA7AwQBwSEIMA0EAgACMAcDBQMqBJpA
MA0GCSqGSIb3DQEBCwUAA4IBAQBRpgVNuYpquN57Nw8hcDVQR8Kc6t60QVflqCS2
D2I9cI27fRC1FzJpV4QThRMD1w0sZHA9s5AWwSkWONG7fuYuoa+6jIPOM8TdiOth
yqB0G6BTeQkE1hSfq95yn75VKWzDxaZKorq8lbJQJKWsN/TXZEgIt4U+RtjFltAH
oKU3lGJfnhLM8eS7BMUiZDml6qjFSBj3FXe0GduG+lDova9+T+x0RdstGgxn99Sl
lNg2XBkOVYx2Ok/yAKp+Ac29HQjZ8tCiB0VBr4OdZIPGWy9U4qUS5ouOjCd6013x
ox14EEEtDD2FIUXHB/8MavAtiVqEsFrRHgqku4HZ7f2E+m5E
-----END CERTIFICATE-----