Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/wf5ZLRxqKNf2t3_2Q6D-aC2FlOc.roa
File:                     wf5ZLRxqKNf2t3_2Q6D-aC2FlOc.roa (raw, json)
Hash identifier:          aZB6IghdGgp2ffpDrobYljpvKGDQZ3ttrO8YDaxUnIQ=
Subject key identifier:   C1:FE:59:2D:1C:6A:28:D7:F6:B7:7F:F6:43:A0:FE:68:2D:85:94:E7
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018BC398248060C56CABB619129D2B335B02
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/wf5ZLRxqKNf2t3_2Q6D-aC2FlOc.roa
Signing time:             Sun 12 Nov 2023 12:53:29 +0000
ROA not before:           Sun 12 Nov 2023 12:53:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        193.30.241.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          45.94.171.0/24 maxlen: 24
                          2.56.110.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:c3:98:24:80:60:c5:6c:ab:b6:19:12:9d:2b:33:5b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov 12 12:53:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c1fe592d1c6a28d7f6b77ff643a0fe682d8594e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:11:f4:60:8e:7c:13:db:a7:80:76:35:b0:ba:
                    fc:cd:b5:5c:fe:c5:64:ce:43:c0:7e:7b:52:b4:4a:
                    8b:18:61:76:a2:c3:c7:5c:31:b7:ae:b6:d9:4e:5e:
                    75:d8:10:09:27:6b:14:1a:4f:ee:aa:74:a6:52:d5:
                    e8:b1:67:03:62:be:c5:85:ac:b1:ed:60:62:b9:36:
                    0b:ad:be:28:0a:81:d2:8b:c4:06:df:5a:3b:f1:45:
                    4b:89:0e:2e:20:0a:fa:c6:4f:9e:76:43:c6:8b:9e:
                    ea:fb:9f:c0:71:2a:f7:28:74:c6:6d:81:4e:a2:74:
                    ba:02:75:0e:f9:7d:b2:d7:2e:c0:f2:65:40:0e:74:
                    d0:c7:d0:de:34:b1:c3:dd:95:30:d2:ba:5b:e0:22:
                    32:e6:1e:ff:74:e7:fa:23:8a:e6:88:e9:7e:fd:b1:
                    4d:f4:90:3c:76:c8:ac:d9:d3:7e:32:9f:1a:c2:36:
                    d4:9d:cc:56:84:84:12:dd:8f:65:69:97:c4:25:ca:
                    e2:6d:c4:7a:58:44:32:63:f1:65:cd:07:0e:51:e2:
                    ca:9f:58:5a:01:2b:e7:96:76:d1:d0:b7:93:08:6a:
                    60:1e:74:8c:c9:7f:58:e6:c0:ba:8b:89:be:76:36:
                    86:cf:b7:4d:46:eb:70:eb:b9:cb:2a:4a:91:7f:c1:
                    55:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:FE:59:2D:1C:6A:28:D7:F6:B7:7F:F6:43:A0:FE:68:2D:85:94:E7
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/wf5ZLRxqKNf2t3_2Q6D-aC2FlOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.110.0/24
                  45.81.113.0/24
                  45.81.115.0/24
                  45.88.139.0/24
                  45.94.171.0/24
                  77.83.39.0/24
                  85.209.120.0/23
                  193.30.241.0/24
                  193.57.41.0/24
                  195.62.24.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:04:22:a0:2a:cc:bf:7c:26:0a:3b:60:e6:70:06:ff:03:e8:
         0b:d3:57:dd:9f:71:3e:5b:40:3b:5d:6c:17:6d:40:58:15:2e:
         76:cc:79:d7:d4:b7:0f:14:2a:8a:9f:61:84:34:54:f3:71:15:
         82:c6:85:1a:ce:07:85:9f:9e:27:ee:64:6b:3b:11:98:d5:7c:
         07:80:a9:d5:b5:48:cc:fc:db:cc:00:9a:82:31:f1:9b:ca:34:
         51:b9:8d:94:6a:b9:ab:27:d6:c1:a6:45:60:ae:4c:bf:d6:9b:
         e3:d4:11:4a:14:1d:d5:14:5b:5e:94:a2:0e:78:50:df:12:8f:
         42:0e:be:90:10:6e:3e:41:ae:af:c8:75:f1:7c:3b:35:c8:b1:
         fb:22:5c:36:87:7e:b8:33:dd:a3:b3:d2:19:ed:30:75:b0:53:
         bc:dd:76:b5:fd:ed:c4:30:a3:80:2a:6c:41:7d:4b:55:b0:ba:
         c4:6e:79:a0:ae:87:c6:b2:4d:c3:9a:df:bc:8d:cd:d2:17:bb:
         6f:29:a9:7f:45:d8:5f:51:db:6a:ef:ef:18:ec:0b:a5:25:4c:
         da:b0:65:4e:2b:b7:07:3d:e7:b7:ad:39:65:7b:00:d2:5c:02:
         0f:d9:06:43:d9:0c:fb:2b:2b:3e:bc:36:c1:1f:8b:35:89:6c:
         27:55:d3:13
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYvDmCSAYMVsq7YZEp0rM1sCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMTEyMTI1MzI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWZlNTkyZDFjNmEyOGQ3ZjZiNzdmZjY0M2EwZmU2ODJkODU5NGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxH0YI58E9ungHY1sLr8zbVc/sVk
zkPAfntStEqLGGF2osPHXDG3rrbZTl512BAJJ2sUGk/uqnSmUtXosWcDYr7Fhayx
7WBiuTYLrb4oCoHSi8QG31o78UVLiQ4uIAr6xk+edkPGi57q+5/AcSr3KHTGbYFO
onS6AnUO+X2y1y7A8mVADnTQx9DeNLHD3ZUw0rpb4CIy5h7/dOf6I4rmiOl+/bFN
9JA8dsis2dN+Mp8awjbUncxWhIQS3Y9laZfEJcribcR6WEQyY/FlzQcOUeLKn1ha
ASvnlnbR0LeTCGpgHnSMyX9Y5sC6i4m+djaGz7dNRutw67nLKkqRf8FVcwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFMH+WS0caijX9rd/9kOg/mgthZTnMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvd2Y1WkxSeHFLTmYydDNfMlE2RC1hQzJGbE9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAAjhuAwQA
LVFxAwQALVFzAwQALViLAwQALV6rAwQATVMnAwQBVdF4AwQAwR7xAwQAwTkpAwQA
wz4YAwQAw7FfMA0GCSqGSIb3DQEBCwUAA4IBAQBbBCKgKsy/fCYKO2DmcAb/A+gL
01fdn3E+W0A7XWwXbUBYFS52zHnX1LcPFCqKn2GENFTzcRWCxoUazgeFn54n7mRr
OxGY1XwHgKnVtUjM/NvMAJqCMfGbyjRRuY2UarmrJ9bBpkVgrky/1pvj1BFKFB3V
FFtelKIOeFDfEo9CDr6QEG4+Qa6vyHXxfDs1yLH7Ilw2h364M92js9IZ7TB1sFO8
3Xa1/e3EMKOAKmxBfUtVsLrEbnmgrofGsk3Dmt+8jc3SF7tvKal/RdhfUdtq7+8Y
7AulJUzasGVOK7cHPee3rTllewDSXAIP2QZD2Qz7Kys+vDbBH4s1iWwnVdMT
-----END CERTIFICATE-----