Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/wwVrQ_vlpUelCh6RawjMn0paPwc.roa
File:                     wwVrQ_vlpUelCh6RawjMn0paPwc.roa (raw, json)
Hash identifier:          nbTV3ZfcFUamK2W79KK4TtDZFj9glRBOx6eP9TeHI9s=
Subject key identifier:   C3:05:6B:43:FB:E5:A5:47:A5:0A:1E:91:6B:08:CC:9F:4A:5A:3F:07
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01856F825AD9B0533BF75C4A8A41799112C9
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/wwVrQ_vlpUelCh6RawjMn0paPwc.roa
Signing time:             Sun 01 Jan 2023 22:44:51 +0000
ROA not before:           Sun 01 Jan 2023 22:44:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62240
IP address blocks:        213.209.137.0/24 maxlen: 24
                          213.209.139.0/24 maxlen: 24
                          213.209.141.0/24 maxlen: 24
                          213.209.152.0/24 maxlen: 24
                          213.209.155.0/24 maxlen: 24
                          213.209.154.0/24 maxlen: 24
                          213.209.153.0/24 maxlen: 24
                          77.90.158.0/24 maxlen: 24
                          77.90.163.0/24 maxlen: 24
                          77.90.162.0/24 maxlen: 24
                          77.90.161.0/24 maxlen: 24
                          77.90.160.0/24 maxlen: 24
                          77.90.165.0/24 maxlen: 24
                          77.90.170.0/24 maxlen: 24
                          77.90.169.0/24 maxlen: 24
                          77.90.172.0/24 maxlen: 24
                          77.90.171.0/24 maxlen: 24
                          77.90.175.0/24 maxlen: 24
                          77.90.182.0/24 maxlen: 24
                          77.90.186.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:82:5a:d9:b0:53:3b:f7:5c:4a:8a:41:79:91:12:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  1 22:44:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c3056b43fbe5a547a50a1e916b08cc9f4a5a3f07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1d:01:eb:da:76:3b:a1:c2:b0:f7:51:f7:42:
                    14:ad:15:bb:7f:6a:26:de:79:f6:8a:32:a2:3f:c2:
                    6e:c7:d1:7d:57:7a:ce:a5:4d:d3:a7:32:46:b0:9e:
                    b0:3e:07:14:99:cb:dc:ba:44:88:1c:54:a7:c1:1c:
                    7c:35:c6:67:39:90:93:0b:3f:9c:66:62:08:a3:97:
                    a9:dc:76:fb:c1:e6:9c:7e:70:2f:78:23:ee:54:37:
                    c2:44:4c:30:1e:a9:cb:a3:49:d5:6a:f7:db:27:d0:
                    65:ab:d1:ad:85:ef:f3:a0:8c:75:60:03:c8:5d:d4:
                    6b:a1:b8:ad:fc:6b:0b:a9:a1:fd:88:7b:f6:3d:02:
                    6a:9f:ed:54:b8:d0:80:cd:ae:d2:f4:db:e5:4d:6a:
                    6d:e9:a1:4a:9e:da:02:05:ed:c2:19:49:3d:00:5b:
                    44:ec:5a:3d:74:0c:3e:0a:f4:6c:1e:49:96:8e:3a:
                    7a:e5:8c:19:5b:f9:07:31:9b:16:44:1e:09:7c:e3:
                    7b:3e:db:ba:e4:e9:6b:20:1e:9e:c7:6b:2c:fb:e9:
                    e4:41:7d:ac:e8:21:0f:28:59:eb:64:e1:f3:40:28:
                    44:65:29:6a:fb:f9:de:bd:57:f8:2d:c8:cb:b0:e1:
                    a2:94:62:fb:bb:7b:76:66:65:d6:ba:b8:45:ac:e3:
                    5f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:05:6B:43:FB:E5:A5:47:A5:0A:1E:91:6B:08:CC:9F:4A:5A:3F:07
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/wwVrQ_vlpUelCh6RawjMn0paPwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.158.0/24
                  77.90.160.0/22
                  77.90.165.0/24
                  77.90.169.0-77.90.172.255
                  77.90.175.0/24
                  77.90.182.0/24
                  77.90.186.0/24
                  213.209.137.0/24
                  213.209.139.0/24
                  213.209.141.0/24
                  213.209.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:4c:26:3e:81:7b:7a:c4:02:b0:b7:63:b8:a0:d1:50:ba:ae:
         e8:8a:72:4c:d0:31:bb:6a:72:ff:11:49:7e:92:11:32:95:2c:
         4d:83:ce:b4:ed:57:5b:07:e3:07:68:b0:db:cf:95:fa:d5:28:
         f1:d1:b9:19:50:ef:39:65:dc:fc:82:ab:40:55:54:06:75:37:
         da:d5:6c:24:56:c5:64:93:f3:1f:8e:4b:1d:ab:65:ce:76:7d:
         f6:ce:5f:8c:d2:7a:03:14:a1:89:c9:a9:3e:f8:f0:64:3a:ec:
         d4:cb:06:27:ad:b9:4d:1d:3b:70:40:e4:db:68:26:f8:cd:a7:
         51:cc:5e:22:0f:b1:29:18:b6:2c:20:18:5e:e6:98:ec:e7:ff:
         91:f3:4b:4f:17:e9:c3:2d:0a:38:2a:d9:a4:93:82:71:38:e1:
         56:ca:96:82:b3:d4:b8:f1:df:34:5e:9d:77:ff:83:2b:a0:b3:
         db:96:ce:a0:a7:ea:23:c8:f4:ae:64:44:af:1c:d8:3a:07:d0:
         73:90:a5:50:53:06:cf:df:9e:3d:4d:12:19:7b:c1:c5:ac:8c:
         48:e9:50:28:cb:c2:3b:2d:98:90:c2:db:38:af:a5:4d:4f:cd:
         72:64:1c:52:0c:c7:41:58:ba:9b:16:56:3f:14:8d:d4:d7:99:
         1d:c5:90:93
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVvglrZsFM791xKikF5kRLJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjMwMTAxMjI0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzA1NmI0M2ZiZTVhNTQ3YTUwYTFlOTE2YjA4Y2M5ZjRhNWEzZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmB0B69p2O6HCsPdR90IUrRW7f2om
3nn2ijKiP8Jux9F9V3rOpU3TpzJGsJ6wPgcUmcvcukSIHFSnwRx8NcZnOZCTCz+c
ZmIIo5ep3Hb7weacfnAveCPuVDfCREwwHqnLo0nVavfbJ9Blq9Gthe/zoIx1YAPI
XdRrobit/GsLqaH9iHv2PQJqn+1UuNCAza7S9NvlTWpt6aFKntoCBe3CGUk9AFtE
7Fo9dAw+CvRsHkmWjjp65YwZW/kHMZsWRB4JfON7Ptu65OlrIB6ex2ss++nkQX2s
6CEPKFnrZOHzQChEZSlq+/nevVf4LcjLsOGilGL7u3t2ZmXWurhFrONfTwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFMMFa0P75aVHpQoekWsIzJ9KWj8HMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvd3dWclFfdmxwVWVsQ2g2UmF3ak1uMHBhUHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQATVqeAwQC
TVqgAwQATVqlMAwDBABNWqkDBABNWqwDBABNWq8DBABNWrYDBABNWroDBADV0YkD
BADV0YsDBADV0Y0DBALV0ZgwDQYJKoZIhvcNAQELBQADggEBADVMJj6Be3rEArC3
Y7ig0VC6ruiKckzQMbtqcv8RSX6SETKVLE2DzrTtV1sH4wdosNvPlfrVKPHRuRlQ
7zll3PyCq0BVVAZ1N9rVbCRWxWST8x+OSx2rZc52ffbOX4zSegMUoYnJqT748GQ6
7NTLBietuU0dO3BA5NtoJvjNp1HMXiIPsSkYtiwgGF7mmOzn/5HzS08X6cMtCjgq
2aSTgnE44VbKloKz1Ljx3zRenXf/gyugs9uWzqCn6iPI9K5kRK8c2DoH0HOQpVBT
Bs/fnj1NEhl7wcWsjEjpUCjLwjstmJDC2zivpU1PzXJkHFIMx0FYupsWVj8UjdTX
mR3FkJM=
-----END CERTIFICATE-----