Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/9PFAs7LdwiV5J9XZ2QYoXYear78.roa
File:                     9PFAs7LdwiV5J9XZ2QYoXYear78.roa (raw, json)
Hash identifier:          2bFmDtVgfFlg0a7YnyomnU8T0rnBGE/Lgpz4LmtUNJU=
Subject key identifier:   F4:F1:40:B3:B2:DD:C2:25:79:27:D5:D9:D9:06:28:5D:87:9A:AF:BF
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018991C1D996EA5F068A3A5089988126309C
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/9PFAs7LdwiV5J9XZ2QYoXYear78.roa
Signing time:             Wed 26 Jul 2023 10:32:27 +0000
ROA not before:           Wed 26 Jul 2023 10:32:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59729
IP address blocks:        91.243.44.0/22 maxlen: 22
                          5.188.10.0/23 maxlen: 23
                          46.161.26.0/24 maxlen: 24
                          5.8.66.0/23 maxlen: 23
                          91.243.52.0/22 maxlen: 22
                          91.243.56.0/22 maxlen: 22
                          46.161.28.0/22 maxlen: 22
                          5.101.92.0/22 maxlen: 22
                          46.161.41.0/24 maxlen: 24
                          5.188.48.0/23 maxlen: 23
                          5.188.60.0/23 maxlen: 23
                          91.243.32.0/22 maxlen: 22

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:91:c1:d9:96:ea:5f:06:8a:3a:50:89:98:81:26:30:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jul 26 10:32:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f4f140b3b2ddc2257927d5d9d906285d879aafbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f4:ae:1f:5d:bc:b5:db:32:6b:52:59:48:b7:
                    6a:72:94:73:a6:ed:c6:62:ff:0f:6b:a3:f5:ab:d9:
                    38:2c:ae:a7:a2:3c:25:a0:81:33:e3:4d:7e:02:5a:
                    6f:c9:a3:d9:48:e4:2b:d3:85:29:43:d4:e6:2b:9b:
                    b1:48:3f:4f:e5:5a:22:cf:d8:63:ee:39:b9:be:2f:
                    c2:61:b2:57:36:5b:bb:9c:89:f8:bb:ca:4e:72:d7:
                    19:2d:68:24:d9:24:a6:eb:0f:0a:f3:02:76:94:ba:
                    d0:e5:e3:cd:47:68:22:48:25:b7:26:5d:02:55:94:
                    72:af:85:4c:b0:01:90:75:f3:19:cd:99:22:a0:6f:
                    8a:8b:55:da:58:19:6d:2b:8b:e3:27:d1:41:d9:a2:
                    72:b8:71:3f:d7:18:70:37:33:90:6e:fc:07:52:22:
                    89:c4:ec:06:31:40:a2:4f:06:8c:97:9c:56:e8:eb:
                    e3:e8:61:73:2e:6f:60:ce:a6:b6:8c:e1:aa:de:f7:
                    da:65:77:d2:a7:64:c9:1e:52:ee:89:74:c3:dc:d4:
                    5d:49:54:76:38:46:bd:7a:28:99:70:2f:f4:ad:2e:
                    67:af:f6:2f:b3:b5:12:8e:a3:50:0f:f9:58:83:57:
                    81:b7:90:74:1f:d8:c1:48:da:b9:f4:70:00:44:a4:
                    02:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:F1:40:B3:B2:DD:C2:25:79:27:D5:D9:D9:06:28:5D:87:9A:AF:BF
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/9PFAs7LdwiV5J9XZ2QYoXYear78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.66.0/23
                  5.101.92.0/22
                  5.188.10.0/23
                  5.188.48.0/23
                  5.188.60.0/23
                  46.161.26.0/24
                  46.161.28.0/22
                  46.161.41.0/24
                  91.243.32.0/22
                  91.243.44.0/22
                  91.243.52.0-91.243.59.255

    Signature Algorithm: sha256WithRSAEncryption
         02:b4:5e:e8:9b:81:9e:62:1a:c7:96:a9:02:9a:2f:e4:5a:48:
         70:9c:72:20:fd:b8:be:fb:46:7b:54:b2:50:2a:80:bc:80:4b:
         34:a2:2a:e9:8a:81:1b:fd:49:49:61:af:69:81:1b:cc:8f:a7:
         97:76:8c:59:b7:07:1d:b5:4b:bf:49:98:e9:01:f3:76:65:3a:
         2a:a2:45:6b:ea:1f:58:bd:e7:40:49:4e:ab:12:dc:de:8f:be:
         c3:a5:d3:8a:a2:cf:63:b9:b6:5b:7f:7f:f6:7c:d0:e7:53:ba:
         f0:ef:ab:1b:20:18:eb:c5:a6:ac:93:31:d4:1d:08:a0:53:40:
         20:3e:10:70:2e:26:4f:3e:4e:b8:a9:b7:bb:d7:a9:fe:a4:c2:
         58:4a:9d:99:72:9a:a5:f7:e1:37:2a:6d:d9:b6:f4:99:bc:3c:
         c7:b2:b0:6f:bd:16:64:fb:4e:cf:d4:95:21:7d:19:7e:bc:c8:
         45:1b:f0:93:c2:b4:d7:d6:a2:92:98:bb:01:44:24:de:3a:c9:
         ae:14:44:bc:b5:08:2d:92:5c:f6:b3:8d:bc:b9:62:2d:93:cf:
         63:42:82:ea:bd:8e:51:21:13:db:38:80:56:9a:04:bb:fc:4c:
         eb:04:e3:db:ff:7f:70:94:a8:49:f1:24:a6:34:8e:2a:80:df:
         e5:da:46:b7
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYmRwdmW6l8GijpQiZiBJjCcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjMwNzI2MTAzMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGYxNDBiM2IyZGRjMjI1NzkyN2Q1ZDlkOTA2Mjg1ZDg3OWFhZmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvSuH128tdsya1JZSLdqcpRzpu3G
Yv8Pa6P1q9k4LK6nojwloIEz401+AlpvyaPZSOQr04UpQ9TmK5uxSD9P5Voiz9hj
7jm5vi/CYbJXNlu7nIn4u8pOctcZLWgk2SSm6w8K8wJ2lLrQ5ePNR2giSCW3Jl0C
VZRyr4VMsAGQdfMZzZkioG+Ki1XaWBltK4vjJ9FB2aJyuHE/1xhwNzOQbvwHUiKJ
xOwGMUCiTwaMl5xW6Ovj6GFzLm9gzqa2jOGq3vfaZXfSp2TJHlLuiXTD3NRdSVR2
OEa9eiiZcC/0rS5nr/Yvs7USjqNQD/lYg1eBt5B0H9jBSNq59HAARKQCNQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFPTxQLOy3cIleSfV2dkGKF2Hmq+/MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvOVBGQXM3TGR3aVY1SjlYWjJRWW9YWWVhcjc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQBBQhCAwQC
BWVcAwQBBbwKAwQBBbwwAwQBBbw8AwQALqEaAwQCLqEcAwQALqEpAwQCW/MgAwQC
W/MsMAwDBAJb8zQDBAJb8zgwDQYJKoZIhvcNAQELBQADggEBAAK0XuibgZ5iGseW
qQKaL+RaSHCcciD9uL77RntUslAqgLyASzSiKumKgRv9SUlhr2mBG8yPp5d2jFm3
Bx21S79JmOkB83ZlOiqiRWvqH1i950BJTqsS3N6PvsOl04qiz2O5tlt/f/Z80OdT
uvDvqxsgGOvFpqyTMdQdCKBTQCA+EHAuJk8+Tript7vXqf6kwlhKnZlymqX34Tcq
bdm29Jm8PMeysG+9FmT7Ts/UlSF9GX68yEUb8JPCtNfWopKYuwFEJN46ya4URLy1
CC2SXPazjby5Yi2Tz2NCguq9jlEhE9s4gFaaBLv8TOsE49v/f3CUqEnxJKY0jiqA
3+XaRrc=
-----END CERTIFICATE-----