Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/v25pR7I1H9MhjF9h16Ul2KtiliI.roa
File:                     v25pR7I1H9MhjF9h16Ul2KtiliI.roa (raw, json)
Hash identifier:          9c8ZkggxDIpJ1jnGJ0bqycldFPrR8JddPNqY/HinYEg=
Subject key identifier:   BF:6E:69:47:B2:35:1F:D3:21:8C:5F:61:D7:A5:25:D8:AB:62:96:22
Certificate issuer:       /CN=d44de659759b0274124a7b481d0976840b7ade06
Certificate serial:       0188964879ECDEC1BD5B1D769E0B57A4789C
Authority key identifier: D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/v25pR7I1H9MhjF9h16Ul2KtiliI.roa
Signing time:             Wed 07 Jun 2023 14:35:12 +0000
ROA not before:           Wed 07 Jun 2023 14:35:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52023
IP address blocks:        91.212.148.0/24 maxlen: 24
                          37.143.165.0/24 maxlen: 24
                          37.143.166.0/24 maxlen: 24
                          37.143.162.0/24 maxlen: 24
                          37.143.164.0/24 maxlen: 24
                          37.143.163.0/24 maxlen: 24
                          37.143.167.0/24 maxlen: 24
                          37.143.171.0/24 maxlen: 24
                          37.143.170.0/24 maxlen: 24
                          37.143.172.0/24 maxlen: 24
                          193.32.141.0/24 maxlen: 24
                          193.32.142.0/23 maxlen: 23
                          2a03:8f84::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:96:48:79:ec:de:c1:bd:5b:1d:76:9e:0b:57:a4:78:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d44de659759b0274124a7b481d0976840b7ade06
        Validity
            Not Before: Jun  7 14:35:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bf6e6947b2351fd3218c5f61d7a525d8ab629622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fb:6e:4c:d9:7b:bf:c8:2c:b5:f8:51:8e:8d:
                    09:36:c0:43:1c:02:13:b6:26:b3:30:eb:7d:09:b0:
                    4f:5e:a2:71:55:24:d4:3f:f1:bc:17:a2:32:0f:64:
                    4c:97:44:94:de:69:9b:0a:5e:84:78:00:fd:66:d0:
                    dc:0e:a7:11:3c:f2:a4:18:fd:a5:46:b3:e6:a6:e3:
                    9f:c3:dc:19:3e:00:ac:62:af:5b:60:34:a0:70:24:
                    50:b5:64:0c:ea:22:ad:de:af:f4:0e:bd:a6:8f:4c:
                    a8:b1:6d:4c:e8:b8:20:e0:6a:d6:8e:d5:b3:92:b9:
                    73:59:8c:dd:cc:7c:ef:30:da:51:53:fe:b6:92:7a:
                    a3:2d:8d:2a:b2:ec:56:37:5d:7c:5f:4c:89:2c:a7:
                    70:d6:a3:84:5a:96:09:4a:82:74:16:21:e5:8f:2d:
                    51:01:2a:7e:92:8c:e2:56:19:1d:58:6e:fc:1f:e5:
                    57:bb:3f:4d:71:a5:48:7c:5b:16:ee:66:a4:2e:07:
                    4b:23:60:a6:27:4a:cf:53:b2:ee:09:2e:f5:f2:7f:
                    5a:b8:fa:82:fb:38:db:0c:02:d7:9a:19:ab:45:a4:
                    4e:03:46:9b:04:24:23:84:33:36:38:8e:b1:d2:5e:
                    be:f7:db:19:9a:e2:0c:b8:80:60:5c:59:1d:b2:d0:
                    da:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:6E:69:47:B2:35:1F:D3:21:8C:5F:61:D7:A5:25:D8:AB:62:96:22
            X509v3 Authority Key Identifier:
                keyid:D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/v25pR7I1H9MhjF9h16Ul2KtiliI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.162.0-37.143.167.255
                  37.143.170.0-37.143.172.255
                  91.212.148.0/24
                  193.32.141.0-193.32.143.255
                IPv6:
                  2a03:8f84::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:98:57:90:3f:46:85:8b:6e:04:12:91:d4:cc:fd:e7:7e:a1:
         36:69:4c:9b:61:e3:cc:28:41:ce:55:b4:07:50:4a:8b:b1:fe:
         e8:da:94:6b:3d:55:dd:3b:5b:0f:e3:7a:61:f4:29:59:f8:ba:
         3e:99:c4:d0:6d:ba:57:1a:e0:25:b6:32:6a:1d:59:1f:ab:4c:
         84:84:93:ff:5c:93:ee:c2:be:20:01:0c:b6:fe:16:ea:f9:66:
         1f:2e:fe:50:e4:68:fe:0f:18:6a:dd:9a:1a:06:a5:8a:3c:cc:
         0a:5f:e7:6d:50:89:b0:59:1c:9c:b2:4e:d7:72:58:87:3e:1d:
         b3:44:27:5c:39:c1:a7:9b:01:46:40:9e:4b:12:77:75:e2:f7:
         1a:c6:b3:9e:bb:13:ce:91:10:e8:c8:c0:05:5e:ae:4b:27:01:
         1e:fa:8e:f8:92:5b:ae:7e:f0:eb:0c:63:f3:a2:a3:a7:ef:5e:
         f8:0d:58:9a:61:6f:df:13:c5:00:b6:74:16:bc:16:42:e7:81:
         c9:5e:0a:cd:0d:11:c6:a6:3a:c6:b6:4c:bc:69:9d:39:21:c4:
         3c:e6:53:2d:3a:50:09:33:a6:35:db:71:fa:a8:a9:06:ed:1a:
         1e:db:fb:39:bb:44:ac:a5:1b:cb:bb:30:b6:13:ce:39:29:e6:
         61:11:ba:ce
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYiWSHns3sG9Wx12ngtXpHicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NGRlNjU5NzU5YjAyNzQxMjRhN2I0ODFkMDk3Njg0MGI3
YWRlMDYwHhcNMjMwNjA3MTQzNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjZlNjk0N2IyMzUxZmQzMjE4YzVmNjFkN2E1MjVkOGFiNjI5NjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/tuTNl7v8gstfhRjo0JNsBDHAIT
tiazMOt9CbBPXqJxVSTUP/G8F6IyD2RMl0SU3mmbCl6EeAD9ZtDcDqcRPPKkGP2l
RrPmpuOfw9wZPgCsYq9bYDSgcCRQtWQM6iKt3q/0Dr2mj0yosW1M6Lgg4GrWjtWz
krlzWYzdzHzvMNpRU/62knqjLY0qsuxWN118X0yJLKdw1qOEWpYJSoJ0FiHljy1R
ASp+koziVhkdWG78H+VXuz9NcaVIfFsW7makLgdLI2CmJ0rPU7LuCS718n9auPqC
+zjbDALXmhmrRaROA0abBCQjhDM2OI6x0l6+99sZmuIMuIBgXFkdstDaJQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFL9uaUeyNR/TIYxfYdelJdirYpYiMB8GA1UdIwQY
MBaAFNRN5ll1mwJ0Ekp7SB0JdoQLet4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUt
ZGI0ZDM5ZGM0ZWM3LzEvdjI1cFI3STFIOU1oakY5aDE2VWwyS3RpbGlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUtZGI0ZDM5ZGM0ZWM3
LzEvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwMAwDBAElj6ID
BAMlj6AwDAMEASWPqgMEACWPrAMEAFvUlDAMAwQAwSCNAwQEwSCAMA0EAgACMAcD
BQAqA4+EMA0GCSqGSIb3DQEBCwUAA4IBAQBNmFeQP0aFi24EEpHUzP3nfqE2aUyb
YePMKEHOVbQHUEqLsf7o2pRrPVXdO1sP43ph9ClZ+Lo+mcTQbbpXGuAltjJqHVkf
q0yEhJP/XJPuwr4gAQy2/hbq+WYfLv5Q5Gj+Dxhq3ZoaBqWKPMwKX+dtUImwWRyc
sk7XcliHPh2zRCdcOcGnmwFGQJ5LEnd14vcaxrOeuxPOkRDoyMAFXq5LJwEe+o74
kluufvDrDGPzoqOn7174DViaYW/fE8UAtnQWvBZC54HJXgrNDRHGpjrGtky8aZ05
IcQ85lMtOlAJM6Y123H6qKkG7Roe2/s5u0SspRvLuzC2E845KeZhEbrO
-----END CERTIFICATE-----