Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/3CIElQICfFDg2Vn2rrM82t-GK8I.roa
File:                     3CIElQICfFDg2Vn2rrM82t-GK8I.roa (raw, json)
Hash identifier:          VU0VcpC82VRKTv5FJi+AahO5zNqxE2tpSXZh1SYm4f8=
Subject key identifier:   DC:22:04:95:02:02:7C:50:E0:D9:59:F6:AE:B3:3C:DA:DF:86:2B:C2
Certificate issuer:       /CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
Certificate serial:       0188DE5D9A9C3B71E44D77429493BD464257
Authority key identifier: E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/3CIElQICfFDg2Vn2rrM82t-GK8I.roa
Signing time:             Wed 21 Jun 2023 14:30:56 +0000
ROA not before:           Wed 21 Jun 2023 14:30:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        151.186.192.0/24 maxlen: 24
                          151.186.192.0/20 maxlen: 24
                          151.186.193.0/24 maxlen: 24
                          151.186.196.0/24 maxlen: 24
                          151.186.194.0/24 maxlen: 24
                          151.186.195.0/24 maxlen: 24
                          151.186.199.0/24 maxlen: 24
                          151.186.197.0/24 maxlen: 24
                          151.186.198.0/24 maxlen: 24
                          151.186.203.0/24 maxlen: 24
                          151.186.201.0/24 maxlen: 24
                          151.186.202.0/24 maxlen: 24
                          151.186.206.0/24 maxlen: 24
                          151.186.204.0/24 maxlen: 24
                          151.186.205.0/24 maxlen: 24
                          151.186.200.0/24 maxlen: 24
                          151.186.207.0/24 maxlen: 24
                          2a04:e4c4:5::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 20 Sep 2023 21:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:de:5d:9a:9c:3b:71:e4:4d:77:42:94:93:bd:46:42:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
        Validity
            Not Before: Jun 21 14:30:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc22049502027c50e0d959f6aeb33cdadf862bc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:df:39:02:cf:ff:ce:c2:e1:05:19:07:5e:aa:
                    3f:b2:62:ff:fe:a8:f2:d5:d0:1d:a6:f2:8b:a1:a0:
                    fb:e4:28:cf:24:c9:79:7a:3b:11:8b:1b:84:c0:b7:
                    e4:ef:1c:29:ed:5b:75:2f:d5:67:6b:66:be:9b:fb:
                    7d:bb:36:ad:3d:dd:e0:6e:70:8a:10:85:5b:e6:b3:
                    ea:c5:45:82:3f:6d:2d:91:2d:54:45:d2:0c:7c:21:
                    47:89:d1:ba:0d:9a:42:ef:e1:25:44:83:15:28:ba:
                    d0:40:a2:ce:28:e0:b6:f1:c3:c3:47:3d:c4:02:5e:
                    df:76:04:86:df:27:96:fe:08:7c:db:9d:fb:a9:b9:
                    5e:cd:50:d1:6d:fb:1a:4f:93:9f:94:b1:43:0a:fb:
                    92:11:d3:a5:95:1a:9f:37:63:c6:5b:fa:c9:f9:f2:
                    74:9a:52:a9:2d:6c:24:aa:83:a3:6d:7e:62:ed:93:
                    26:1c:7d:78:49:00:40:eb:c4:23:ca:ba:2c:42:0f:
                    0f:52:fa:66:93:a4:df:a7:dc:5e:48:c7:5c:ab:9a:
                    41:ee:e8:f5:d2:56:df:0c:a8:fe:c8:da:a7:b9:66:
                    de:de:c2:37:c9:9d:56:1c:c6:55:69:5d:10:33:aa:
                    29:e2:d6:69:3b:65:33:d7:d8:5e:71:e2:2e:7a:2b:
                    75:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:22:04:95:02:02:7C:50:E0:D9:59:F6:AE:B3:3C:DA:DF:86:2B:C2
            X509v3 Authority Key Identifier:
                keyid:E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/3CIElQICfFDg2Vn2rrM82t-GK8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.186.192.0/20
                IPv6:
                  2a04:e4c4:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:aa:33:f4:c5:8f:2a:64:69:c7:e6:3c:0e:10:36:46:8f:ac:
         04:83:75:27:13:d0:ef:91:53:ef:bc:46:5c:f9:3c:43:cd:1e:
         ba:36:a0:a7:c5:50:d7:62:86:6e:9f:82:1f:f7:1f:0e:99:3a:
         a3:f4:92:a4:00:e7:f5:5d:f2:d0:af:ee:c0:f4:1c:8e:13:ea:
         77:1e:64:53:1e:2a:1d:8e:f7:d3:50:a8:c8:af:8c:b1:db:d7:
         fd:7b:82:76:f7:46:f2:8e:12:63:55:ad:eb:7f:92:8e:6e:14:
         84:09:1e:8a:86:c1:99:04:d4:b4:b0:d8:5c:cd:ce:5f:20:19:
         0b:27:75:ec:c1:19:9a:5e:79:20:7b:df:5c:0b:d4:e3:f4:b6:
         0a:a3:b6:f1:c1:46:9b:63:fc:95:c3:46:47:2c:96:3e:d0:a3:
         a3:b9:4f:41:9e:cf:79:6e:8b:71:dc:57:a1:e7:21:ac:18:06:
         b9:1a:c3:a7:25:d2:c5:22:2c:fb:ee:f6:e2:2f:b9:b0:dd:97:
         97:04:b3:e0:82:8a:87:7b:e4:f6:44:89:e6:d0:1c:55:08:2d:
         f3:83:dd:56:f1:06:49:ed:03:bf:4a:29:f5:8f:f1:cb:ce:f3:
         af:dd:24:58:74:d9:a9:a3:c4:d4:e4:aa:65:5a:64:00:c0:6e:
         ad:90:d7:1e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjeXZqcO3HkTXdClJO9RkJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTMzZGNhZjJiMWViZjVkYWRlNWEzM2FhMWIyZmI5OWQy
Njg5YmEwHhcNMjMwNjIxMTQzMDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzIyMDQ5NTAyMDI3YzUwZTBkOTU5ZjZhZWIzM2NkYWRmODYyYmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyt85As//zsLhBRkHXqo/smL//qjy
1dAdpvKLoaD75CjPJMl5ejsRixuEwLfk7xwp7Vt1L9Vna2a+m/t9uzatPd3gbnCK
EIVb5rPqxUWCP20tkS1URdIMfCFHidG6DZpC7+ElRIMVKLrQQKLOKOC28cPDRz3E
Al7fdgSG3yeW/gh82537qblezVDRbfsaT5OflLFDCvuSEdOllRqfN2PGW/rJ+fJ0
mlKpLWwkqoOjbX5i7ZMmHH14SQBA68QjyrosQg8PUvpmk6Tfp9xeSMdcq5pB7uj1
0lbfDKj+yNqnuWbe3sI3yZ1WHMZVaV0QM6op4tZpO2Uz19heceIueit1VwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNwiBJUCAnxQ4NlZ9q6zPNrfhivCMB8GA1UdIwQY
MBaAFOcTPcrysev12t5aM6obL7mdJom6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUt
MTljZTQ2YTQyZmE0LzEvM0NJRWxRSUNmRkRnMlZuMnJyTTgydC1HSzhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUtMTljZTQ2YTQyZmE0
LzEvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQEl7rAMA8E
AgACMAkDBwAqBOTEAAUwDQYJKoZIhvcNAQELBQADggEBAJmqM/TFjypkacfmPA4Q
NkaPrASDdScT0O+RU++8Rlz5PEPNHro2oKfFUNdihm6fgh/3Hw6ZOqP0kqQA5/Vd
8tCv7sD0HI4T6nceZFMeKh2O99NQqMivjLHb1/17gnb3RvKOEmNVret/ko5uFIQJ
HoqGwZkE1LSw2FzNzl8gGQsndezBGZpeeSB731wL1OP0tgqjtvHBRptj/JXDRkcs
lj7Qo6O5T0Gez3lui3HcV6HnIawYBrkaw6cl0sUiLPvu9uIvubDdl5cEs+CCiod7
5PZEiebQHFUILfOD3VbxBkntA79KKfWP8cvO86/dJFh02amjxNTkqmVaZADAbq2Q
1x4=
-----END CERTIFICATE-----