Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/PXw3pxI7DfuXgQ3rahjs36Z2v6g.roa
File:                     PXw3pxI7DfuXgQ3rahjs36Z2v6g.roa (raw, json)
Hash identifier:          wpewrU6+pZ5udYs7YUbwTOX6uwIeNJVJ1/aArTDvSb0=
Subject key identifier:   3D:7C:37:A7:12:3B:0D:FB:97:81:0D:EB:6A:18:EC:DF:A6:76:BF:A8
Certificate issuer:       /CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
Certificate serial:       0188DA14020B183F781120E948F69488AA70
Authority key identifier: E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/PXw3pxI7DfuXgQ3rahjs36Z2v6g.roa
Signing time:             Tue 20 Jun 2023 18:32:04 +0000
ROA not before:           Tue 20 Jun 2023 18:32:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        151.186.192.0/24 maxlen: 24
                          151.186.194.0/24 maxlen: 24
                          151.186.193.0/24 maxlen: 24
                          151.186.197.0/24 maxlen: 24
                          151.186.196.0/24 maxlen: 24
                          151.186.195.0/24 maxlen: 24
                          151.186.199.0/24 maxlen: 24
                          151.186.198.0/24 maxlen: 24
                          151.186.204.0/24 maxlen: 24
                          151.186.203.0/24 maxlen: 24
                          151.186.202.0/24 maxlen: 24
                          151.186.206.0/24 maxlen: 24
                          151.186.205.0/24 maxlen: 24
                          151.186.201.0/24 maxlen: 24
                          151.186.200.0/24 maxlen: 24
                          151.186.207.0/24 maxlen: 24
                          2a04:e4c4:5::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 21 Jun 2023 14:30:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:da:14:02:0b:18:3f:78:11:20:e9:48:f6:94:88:aa:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
        Validity
            Not Before: Jun 20 18:32:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3d7c37a7123b0dfb97810deb6a18ecdfa676bfa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:9a:96:20:98:47:b2:ec:f6:15:89:31:d3:3d:
                    b2:d7:05:03:10:2c:d6:cb:82:1c:ab:84:b8:9a:a9:
                    2b:39:7d:3f:c1:6d:9b:c8:84:1b:0f:bd:07:3f:81:
                    08:3f:0c:a6:f6:f0:fc:c2:b4:67:db:48:0d:e6:49:
                    3d:f2:2e:1f:e2:33:40:d8:30:e9:00:61:16:a7:db:
                    ca:ad:13:4e:ba:6f:b1:98:de:7f:67:c3:ac:51:be:
                    21:ca:39:32:e2:14:97:ec:1e:43:32:63:e9:a0:3e:
                    2e:c4:aa:08:81:0a:a8:88:d9:54:c2:58:be:66:24:
                    3f:20:f6:71:3a:71:21:c9:2c:84:e2:d9:2d:41:7e:
                    0e:fb:48:be:b1:34:46:ba:d9:35:c8:47:00:b6:cb:
                    32:85:18:4e:b0:84:c3:49:ce:11:27:93:1e:8d:49:
                    fe:6c:d5:62:a7:d4:eb:b4:fd:83:43:b1:a0:02:69:
                    33:e1:c9:88:e3:e2:57:34:6b:b0:2b:84:d3:37:57:
                    a7:54:c2:24:2f:26:63:1e:67:e4:0d:38:10:8b:11:
                    1c:1e:0f:86:83:24:8f:e0:05:bf:00:5c:51:7f:72:
                    89:27:4b:d6:3a:70:ca:3f:8a:54:8a:c5:b7:3e:e4:
                    64:72:16:52:e0:23:8b:f3:33:3b:3d:94:22:0e:70:
                    f2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:7C:37:A7:12:3B:0D:FB:97:81:0D:EB:6A:18:EC:DF:A6:76:BF:A8
            X509v3 Authority Key Identifier:
                keyid:E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/PXw3pxI7DfuXgQ3rahjs36Z2v6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.186.192.0/20
                IPv6:
                  2a04:e4c4:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:5d:b6:a6:ff:9b:a2:46:28:e1:c7:fe:c0:8e:34:82:ce:c4:
         e2:39:83:62:d4:4c:77:3a:52:17:d4:08:61:76:93:fb:ed:6a:
         b9:1d:52:9a:f1:db:e1:59:eb:35:03:7a:0a:de:26:d4:75:7b:
         9b:28:bc:7f:54:e8:dd:13:c5:59:dd:9d:d7:97:79:0c:ce:97:
         76:b9:15:de:b0:72:c0:31:b2:4e:3f:ba:f0:82:07:32:36:63:
         8f:f7:2f:7a:f3:af:8e:87:5b:59:36:fe:09:46:a4:f8:05:b6:
         73:db:3e:43:b2:27:ec:02:6e:b3:21:7f:a1:2e:12:44:0d:29:
         ee:fe:0a:13:d9:c7:f8:99:ff:64:64:09:af:47:4a:19:ff:54:
         cd:06:fa:73:2a:51:95:e7:98:a9:27:17:45:4b:91:10:37:a3:
         4c:5a:fc:ad:f7:1f:7c:f6:31:23:59:5c:bc:83:c0:51:01:99:
         1c:04:78:0c:8d:ee:82:59:75:ff:47:a6:80:39:ec:b7:d5:3e:
         53:81:1a:1d:90:cd:df:51:c5:62:50:29:1d:16:15:64:8f:79:
         18:37:c3:3c:b4:b1:c6:0b:e0:d1:8a:b4:80:6b:29:a5:5a:58:
         c8:11:d2:2e:6a:94:d2:29:41:ee:d7:3d:bc:4f:fd:61:e7:a8:
         5c:ef:3f:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjaFAILGD94ESDpSPaUiKpwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTMzZGNhZjJiMWViZjVkYWRlNWEzM2FhMWIyZmI5OWQy
Njg5YmEwHhcNMjMwNjIwMTgzMjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDdjMzdhNzEyM2IwZGZiOTc4MTBkZWI2YTE4ZWNkZmE2NzZiZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJqWIJhHsuz2FYkx0z2y1wUDECzW
y4Icq4S4mqkrOX0/wW2byIQbD70HP4EIPwym9vD8wrRn20gN5kk98i4f4jNA2DDp
AGEWp9vKrRNOum+xmN5/Z8OsUb4hyjky4hSX7B5DMmPpoD4uxKoIgQqoiNlUwli+
ZiQ/IPZxOnEhySyE4tktQX4O+0i+sTRGutk1yEcAtssyhRhOsITDSc4RJ5MejUn+
bNVip9TrtP2DQ7GgAmkz4cmI4+JXNGuwK4TTN1enVMIkLyZjHmfkDTgQixEcHg+G
gySP4AW/AFxRf3KJJ0vWOnDKP4pUisW3PuRkchZS4COL8zM7PZQiDnDymwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD18N6cSOw37l4EN62oY7N+mdr+oMB8GA1UdIwQY
MBaAFOcTPcrysev12t5aM6obL7mdJom6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUt
MTljZTQ2YTQyZmE0LzEvUFh3M3B4STdEZnVYZ1EzcmFoanMzNloydjZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUtMTljZTQ2YTQyZmE0
LzEvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQEl7rAMA8E
AgACMAkDBwAqBOTEAAUwDQYJKoZIhvcNAQELBQADggEBACRdtqb/m6JGKOHH/sCO
NILOxOI5g2LUTHc6UhfUCGF2k/vtarkdUprx2+FZ6zUDegreJtR1e5sovH9U6N0T
xVndndeXeQzOl3a5Fd6wcsAxsk4/uvCCBzI2Y4/3L3rzr46HW1k2/glGpPgFtnPb
PkOyJ+wCbrMhf6EuEkQNKe7+ChPZx/iZ/2RkCa9HShn/VM0G+nMqUZXnmKknF0VL
kRA3o0xa/K33H3z2MSNZXLyDwFEBmRwEeAyN7oJZdf9HpoA57LfVPlOBGh2Qzd9R
xWJQKR0WFWSPeRg3wzy0scYL4NGKtIBrKaVaWMgR0i5qlNIpQe7XPbxP/WHnqFzv
Pwg=
-----END CERTIFICATE-----