Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/WnetmCHuVONf0BtIDw6snAQJFYQ.roa
File:                     WnetmCHuVONf0BtIDw6snAQJFYQ.roa (raw, json)
Hash identifier:          W5OyWD5X9zBy9Wp0kjpMPtz89M9/qOb07ssU+bL96LQ=
Subject key identifier:   5A:77:AD:98:21:EE:54:E3:5F:D0:1B:48:0F:0E:AC:9C:04:09:15:84
Certificate issuer:       /CN=9955c5a7137eb5d47ea24e17d27fa92d0b42fbd8
Certificate serial:       01881FD1115E85614FB61F99A984AFE32966
Authority key identifier: 99:55:C5:A7:13:7E:B5:D4:7E:A2:4E:17:D2:7F:A9:2D:0B:42:FB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mVXFpxN-tdR-ok4X0n-pLQtC-9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/WnetmCHuVONf0BtIDw6snAQJFYQ.roa
Signing time:             Mon 15 May 2023 14:29:35 +0000
ROA not before:           Mon 15 May 2023 14:29:35 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12361
IP address blocks:        195.97.52.0/24 maxlen: 24
                          62.74.128.0/17 maxlen: 17
                          77.69.38.0/24 maxlen: 24
                          213.249.32.0/19 maxlen: 19
                          62.74.0.0/17 maxlen: 22
                          62.74.0.0/16 maxlen: 24
                          213.249.59.0/24 maxlen: 24
                          195.46.0.0/19 maxlen: 24
                          195.46.0.0/20 maxlen: 20
                          185.158.220.0/22 maxlen: 22
                          185.158.220.0/23 maxlen: 23
                          185.158.222.0/23 maxlen: 23
                          213.249.0.0/18 maxlen: 18
                          213.249.0.0/19 maxlen: 19
                          213.249.0.0/21 maxlen: 21
                          195.46.16.0/20 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:1f:d1:11:5e:85:61:4f:b6:1f:99:a9:84:af:e3:29:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9955c5a7137eb5d47ea24e17d27fa92d0b42fbd8
        Validity
            Not Before: May 15 14:29:35 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5a77ad9821ee54e35fd01b480f0eac9c04091584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:41:5e:56:2c:3b:b9:ca:95:75:6a:33:ec:7e:
                    55:eb:32:4b:a8:12:48:41:92:d0:85:c0:dd:6c:60:
                    fa:f2:7d:70:f1:44:62:10:12:be:24:e7:51:8c:e3:
                    42:67:2f:7f:54:e1:7e:e4:59:1a:72:3a:0c:50:70:
                    1d:a7:c3:46:9a:39:b9:a8:74:28:bd:17:80:fe:de:
                    20:b8:2b:4a:38:07:68:e9:01:9d:32:d7:0d:3e:f9:
                    0b:25:b4:11:35:b1:78:ce:ac:96:d2:e8:14:e3:14:
                    b5:4f:12:d4:cd:e5:65:2e:64:e2:94:2c:9b:3f:db:
                    15:1e:da:87:f6:af:fe:a5:69:8a:1e:9e:5b:d8:9a:
                    16:8a:2c:82:3e:42:e4:13:c4:1d:f9:aa:9f:64:36:
                    6d:55:e6:66:ac:45:28:5d:d5:39:d1:ea:e0:80:03:
                    ab:45:cb:f4:b1:96:73:bb:b8:52:97:bb:a6:8b:66:
                    bd:7c:18:68:12:03:83:1e:1b:3e:68:9c:ac:d0:48:
                    ba:11:1e:40:0e:5c:a5:1e:f6:4b:fc:b3:d7:73:36:
                    5a:f7:79:d8:6a:6e:4c:98:47:fb:bc:c5:30:97:a5:
                    a2:fd:c7:75:66:86:90:1f:b5:db:42:5a:ae:18:6b:
                    8d:a5:8a:83:76:72:b6:b6:d0:bb:da:fe:c3:3a:80:
                    22:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:77:AD:98:21:EE:54:E3:5F:D0:1B:48:0F:0E:AC:9C:04:09:15:84
            X509v3 Authority Key Identifier:
                keyid:99:55:C5:A7:13:7E:B5:D4:7E:A2:4E:17:D2:7F:A9:2D:0B:42:FB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mVXFpxN-tdR-ok4X0n-pLQtC-9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/WnetmCHuVONf0BtIDw6snAQJFYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9453a0-e655-480e-b6a9-e39524e7a6ed/1/mVXFpxN-tdR-ok4X0n-pLQtC-9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.74.0.0/16
                  77.69.38.0/24
                  185.158.220.0/22
                  195.46.0.0/19
                  195.97.52.0/24
                  213.249.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         7f:22:5c:81:a5:c6:2e:02:1c:a1:85:6a:f4:48:ba:3f:14:05:
         4e:f4:d9:57:48:5d:28:8a:43:82:16:39:1d:d8:44:e8:c6:e2:
         0a:6e:b6:2e:cb:f9:29:75:ca:11:58:21:a4:e4:4a:b3:b0:1d:
         5f:63:de:e5:5c:6a:e2:65:ac:c9:fe:76:c4:7b:8f:1f:d5:08:
         0f:ca:6f:06:6c:4f:a2:d4:99:a4:cf:f9:15:c9:43:66:46:30:
         2e:61:68:ad:49:90:ed:2f:25:d4:de:fc:c4:38:8b:94:d0:b3:
         15:e2:8f:69:ab:2b:ce:86:c3:b4:d8:27:e5:54:37:92:74:db:
         41:b5:b3:a6:98:d1:4a:b4:2a:ed:a9:1c:0a:86:94:3b:8c:ff:
         d5:0e:7f:34:c9:8f:aa:1d:b8:b0:0d:fe:25:7d:db:b2:3e:38:
         a0:91:d2:bb:8b:5b:25:f8:9d:b8:6f:08:08:67:0f:4c:a2:c7:
         7c:49:44:88:54:ef:12:33:09:b9:ba:90:7f:65:68:c0:8d:be:
         70:47:ae:bf:e1:d6:b3:fd:9a:01:0b:22:e0:85:d0:dd:53:a3:
         d0:08:a6:02:f5:c1:c9:0f:3d:f3:22:53:2b:b2:c3:43:2a:d0:
         76:93:85:99:d5:dc:58:44:7b:93:92:d4:b8:91:91:d7:8a:30:
         9b:57:69:d5
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYgf0RFehWFPth+ZqYSv4ylmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NTVjNWE3MTM3ZWI1ZDQ3ZWEyNGUxN2QyN2ZhOTJkMGI0
MmZiZDgwHhcNMjMwNTE1MTQyOTM1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTc3YWQ5ODIxZWU1NGUzNWZkMDFiNDgwZjBlYWM5YzA0MDkxNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUFeViw7ucqVdWoz7H5V6zJLqBJI
QZLQhcDdbGD68n1w8URiEBK+JOdRjONCZy9/VOF+5FkacjoMUHAdp8NGmjm5qHQo
vReA/t4guCtKOAdo6QGdMtcNPvkLJbQRNbF4zqyW0ugU4xS1TxLUzeVlLmTilCyb
P9sVHtqH9q/+pWmKHp5b2JoWiiyCPkLkE8Qd+aqfZDZtVeZmrEUoXdU50erggAOr
Rcv0sZZzu7hSl7umi2a9fBhoEgODHhs+aJys0Ei6ER5ADlylHvZL/LPXczZa93nY
am5MmEf7vMUwl6Wi/cd1ZoaQH7XbQlquGGuNpYqDdnK2ttC72v7DOoAiYQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFFp3rZgh7lTjX9AbSA8OrJwECRWEMB8GA1UdIwQY
MBaAFJlVxacTfrXUfqJOF9J/qS0LQvvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVZYRnB4Ti10ZFItb2s0WDBuLXBMUXRDLTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy85NDUzYTAtZTY1NS00ODBlLWI2YTkt
ZTM5NTI0ZTdhNmVkLzEvV25ldG1DSHVWT05mMEJ0SUR3NnNuQVFKRllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy85NDUzYTAtZTY1NS00ODBlLWI2YTktZTM5NTI0ZTdhNmVk
LzEvbVZYRnB4Ti10ZFItb2s0WDBuLXBMUXRDLTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAATAjAwMAPkoDBABN
RSYDBAK5ntwDBAXDLgADBADDYTQDBAbV+QAwDQYJKoZIhvcNAQELBQADggEBAH8i
XIGlxi4CHKGFavRIuj8UBU702VdIXSiKQ4IWOR3YROjG4gputi7L+Sl1yhFYIaTk
SrOwHV9j3uVcauJlrMn+dsR7jx/VCA/KbwZsT6LUmaTP+RXJQ2ZGMC5haK1JkO0v
JdTe/MQ4i5TQsxXij2mrK86Gw7TYJ+VUN5J020G1s6aY0Uq0Ku2pHAqGlDuM/9UO
fzTJj6oduLAN/iV927I+OKCR0ruLWyX4nbhvCAhnD0yix3xJRIhU7xIzCbm6kH9l
aMCNvnBHrr/h1rP9mgELIuCF0N1To9AIpgL1wckPPfMiUyuyw0Mq0HaThZnV3FhE
e5OS1LiRkdeKMJtXadU=
-----END CERTIFICATE-----