Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/e3qm2-BdbaXvZtshVmfUSXOXiI0.roa
File:                     e3qm2-BdbaXvZtshVmfUSXOXiI0.roa (raw, json)
Hash identifier:          /jnv31rcd6eYTSJzAXX9M/dRBLK0aEI72QgmMEz7brw=
Subject key identifier:   7B:7A:A6:DB:E0:5D:6D:A5:EF:66:DB:21:56:67:D4:49:73:97:88:8D
Certificate issuer:       /CN=ad243dcff0cb38211f7fe7db3f913169b44cf456
Certificate serial:       0187E08D3488CD2642A1CF741300D3C2A186
Authority key identifier: AD:24:3D:CF:F0:CB:38:21:1F:7F:E7:DB:3F:91:31:69:B4:4C:F4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/e3qm2-BdbaXvZtshVmfUSXOXiI0.roa
Signing time:             Wed 03 May 2023 07:39:23 +0000
ROA not before:           Wed 03 May 2023 07:39:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41164
IP address blocks:        46.212.128.0/17 maxlen: 17
                          46.249.230.0/23 maxlen: 23
                          46.212.0.0/17 maxlen: 17
                          46.249.233.0/24 maxlen: 24
                          46.249.238.0/24 maxlen: 24
                          46.249.236.0/23 maxlen: 23
                          46.249.234.0/23 maxlen: 23
                          46.249.252.0/22 maxlen: 22
                          178.232.0.0/16 maxlen: 16
                          46.249.224.0/22 maxlen: 22
                          46.249.224.0/19 maxlen: 19
                          2a02:fe0:dd05::/48 maxlen: 48
                          2a02:fe0::/29 maxlen: 40

Validation:               Failed, certificate revoked on Wed 03 May 2023 07:54:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e0:8d:34:88:cd:26:42:a1:cf:74:13:00:d3:c2:a1:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad243dcff0cb38211f7fe7db3f913169b44cf456
        Validity
            Not Before: May  3 07:39:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7b7aa6dbe05d6da5ef66db215667d4497397888d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a5:7f:18:d2:95:99:b8:26:c9:9a:8d:d4:43:
                    64:5e:4a:80:7f:54:8c:8a:54:f8:ce:82:56:db:59:
                    fa:5c:58:69:f5:89:6f:d3:48:b4:7c:72:b3:7b:1f:
                    04:46:d9:55:44:12:19:aa:94:2a:d8:04:fe:3b:f6:
                    34:4c:07:ad:41:5a:4d:e2:9d:24:81:3e:4b:dc:88:
                    d7:ec:14:40:95:a8:9c:6f:41:30:46:3c:b3:39:4e:
                    bd:17:02:90:51:e5:7c:5d:33:dc:c9:78:48:2f:d2:
                    e4:93:00:e4:19:bf:23:2e:08:69:9f:2f:bd:96:76:
                    88:24:be:c7:91:b2:ac:17:27:f4:c9:36:20:23:df:
                    83:dc:1a:78:a0:9f:69:4d:06:6f:08:7e:24:9d:18:
                    88:44:48:a0:f5:48:41:e3:de:2f:23:a4:0a:34:37:
                    cd:98:90:6e:22:d0:93:75:39:5d:29:3e:fb:14:90:
                    6e:2c:53:5d:19:38:62:7b:b1:0b:2d:8e:93:44:32:
                    2f:d4:4f:25:4b:ff:6e:0a:88:7b:bd:6e:d2:6c:c0:
                    3f:7f:c4:3e:8d:4d:28:01:4f:2c:71:be:6f:57:a3:
                    e9:94:f0:3c:c2:a8:e9:c8:83:23:79:22:3c:7d:34:
                    01:24:2c:e8:01:60:ea:3a:b4:bb:55:b2:e0:c5:2b:
                    8c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:7A:A6:DB:E0:5D:6D:A5:EF:66:DB:21:56:67:D4:49:73:97:88:8D
            X509v3 Authority Key Identifier:
                keyid:AD:24:3D:CF:F0:CB:38:21:1F:7F:E7:DB:3F:91:31:69:B4:4C:F4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/e3qm2-BdbaXvZtshVmfUSXOXiI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/rSQ9z_DLOCEff-fbP5ExabRM9FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.212.0.0/16
                  46.249.224.0/19
                  178.232.0.0/16
                IPv6:
                  2a02:fe0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:96:4d:0d:ac:e1:9f:7e:b3:2a:75:52:84:1a:df:25:71:3c:
         5c:71:bc:cd:e0:9f:54:06:da:ed:f0:16:9b:ed:49:d0:ca:0a:
         53:0a:9a:68:a9:92:ee:2f:9d:20:41:00:ac:80:4a:ce:a9:02:
         c6:8d:99:08:3c:32:0b:d3:60:38:b3:d4:53:3c:12:63:4b:80:
         44:89:83:12:eb:29:84:b5:e9:f8:4d:00:f7:b6:17:3e:4b:bb:
         3f:64:77:69:16:eb:b6:ce:6a:9c:95:bf:d3:ea:26:02:f2:93:
         70:98:95:cb:a7:5b:bb:d5:f8:f8:b9:c2:bb:ca:b1:b3:37:d2:
         b7:8a:8d:47:f1:d7:b9:cc:cf:8e:6a:d8:8c:c2:03:9f:b3:f8:
         18:dc:2b:2d:65:83:48:dd:d4:11:16:01:f1:08:f9:dc:37:25:
         df:13:37:66:ff:0b:18:de:f4:fe:47:30:1b:bc:d6:3a:58:19:
         34:5e:ca:0e:28:aa:b0:a5:b1:7b:f9:e9:8c:43:6a:37:a4:6e:
         eb:b0:df:76:9e:08:90:ad:f2:ed:4c:cf:b9:d9:7d:ca:35:38:
         6e:db:dd:eb:b4:bc:f8:68:72:b1:83:88:55:09:d9:83:1d:58:
         78:70:ec:12:51:f5:80:83:6f:b1:48:ce:08:96:02:06:2c:21:
         15:b9:37:6a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYfgjTSIzSZCoc90EwDTwqGGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMjQzZGNmZjBjYjM4MjExZjdmZTdkYjNmOTEzMTY5YjQ0
Y2Y0NTYwHhcNMjMwNTAzMDczOTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjdhYTZkYmUwNWQ2ZGE1ZWY2NmRiMjE1NjY3ZDQ0OTczOTc4ODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6V/GNKVmbgmyZqN1ENkXkqAf1SM
ilT4zoJW21n6XFhp9Ylv00i0fHKzex8ERtlVRBIZqpQq2AT+O/Y0TAetQVpN4p0k
gT5L3IjX7BRAlaicb0EwRjyzOU69FwKQUeV8XTPcyXhIL9LkkwDkGb8jLghpny+9
lnaIJL7HkbKsFyf0yTYgI9+D3Bp4oJ9pTQZvCH4knRiIREig9UhB494vI6QKNDfN
mJBuItCTdTldKT77FJBuLFNdGThie7ELLY6TRDIv1E8lS/9uCoh7vW7SbMA/f8Q+
jU0oAU8scb5vV6PplPA8wqjpyIMjeSI8fTQBJCzoAWDqOrS7VbLgxSuM7QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHt6ptvgXW2l72bbIVZn1Elzl4iNMB8GA1UdIwQY
MBaAFK0kPc/wyzghH3/n2z+RMWm0TPRWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclNROXpfRExPQ0VmZi1mYlA1RXhhYlJNOUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9hNWQyN2ItMjZjMC00ZWIzLTg5YmMt
YjlmMjk4YTc5OGU0LzEvZTNxbTItQmRiYVh2WnRzaFZtZlVTWE9YaUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9hNWQyN2ItMjZjMC00ZWIzLTg5YmMtYjlmMjk4YTc5OGU0
LzEvclNROXpfRExPQ0VmZi1mYlA1RXhhYlJNOUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAWBAIAATAQAwMALtQDBAUu
+eADAwCy6DANBAIAAjAHAwUDKgIP4DANBgkqhkiG9w0BAQsFAAOCAQEAtZZNDazh
n36zKnVShBrfJXE8XHG8zeCfVAba7fAWm+1J0MoKUwqaaKmS7i+dIEEArIBKzqkC
xo2ZCDwyC9NgOLPUUzwSY0uARImDEusphLXp+E0A97YXPku7P2R3aRbrts5qnJW/
0+omAvKTcJiVy6dbu9X4+LnCu8qxszfSt4qNR/HXuczPjmrYjMIDn7P4GNwrLWWD
SN3UERYB8Qj53Dcl3xM3Zv8LGN70/kcwG7zWOlgZNF7KDiiqsKWxe/npjENqN6Ru
67Dfdp4IkK3y7UzPudl9yjU4btvd67S8+GhysYOIVQnZgx1YeHDsElH1gINvsUjO
CJYCBiwhFbk3ag==
-----END CERTIFICATE-----