Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/Zbhe5-g0yCTPQYv49DHQEm7KxcY.roa
File:                     Zbhe5-g0yCTPQYv49DHQEm7KxcY.roa (raw, json)
Hash identifier:          g7PO22EJjcuy8heHicasj2jXq+fR/MzXFk0tnhQNFv4=
Subject key identifier:   65:B8:5E:E7:E8:34:C8:24:CF:41:8B:F8:F4:31:D0:12:6E:CA:C5:C6
Certificate issuer:       /CN=1cee91296c94992d151a232240e6cf3a176d2039
Certificate serial:       01857102CE2EECD4924BFCFB2F2440EC9BB3
Authority key identifier: 1C:EE:91:29:6C:94:99:2D:15:1A:23:22:40:E6:CF:3A:17:6D:20:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/Zbhe5-g0yCTPQYv49DHQEm7KxcY.roa
Signing time:             Mon 02 Jan 2023 05:44:47 +0000
ROA not before:           Mon 02 Jan 2023 05:44:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48422
IP address blocks:        46.172.67.0/24 maxlen: 24
                          46.172.68.0/24 maxlen: 24
                          46.172.75.0/24 maxlen: 24
                          46.172.77.0/24 maxlen: 24
                          46.172.72.0/24 maxlen: 24
                          46.172.73.0/24 maxlen: 24
                          46.172.79.0/24 maxlen: 24
                          46.172.81.0/24 maxlen: 24
                          46.172.85.0/24 maxlen: 24
                          46.172.83.0/24 maxlen: 24
                          46.172.82.0/24 maxlen: 24
                          46.172.84.0/24 maxlen: 24
                          46.172.89.0/24 maxlen: 24
                          46.172.91.0/24 maxlen: 24
                          46.172.88.0/24 maxlen: 24
                          2a04:5e40:1::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:02:ce:2e:ec:d4:92:4b:fc:fb:2f:24:40:ec:9b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cee91296c94992d151a232240e6cf3a176d2039
        Validity
            Not Before: Jan  2 05:44:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=65b85ee7e834c824cf418bf8f431d0126ecac5c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1a:57:8c:3a:4d:73:2a:0d:68:53:2d:89:fe:
                    1a:30:f5:9d:1a:ed:66:ca:24:27:2a:6c:74:ca:17:
                    32:4e:1f:b7:9d:bf:38:f6:c1:ac:d4:77:54:c5:15:
                    83:f4:87:b8:4c:36:10:7a:76:d1:4f:38:5b:13:77:
                    b0:fc:9a:e8:14:8d:21:61:d3:58:9e:d0:b4:f4:e7:
                    5e:64:3b:17:39:6c:09:01:f4:0c:08:c2:e9:04:ee:
                    04:f1:e8:07:0d:72:3b:3b:70:d9:ae:eb:6e:15:d8:
                    ef:05:f5:50:b1:ca:06:71:3b:cb:b4:51:85:39:b9:
                    93:2f:8c:e8:d6:45:92:12:72:8d:ae:92:ae:da:b4:
                    60:35:fe:3f:f6:9e:2a:a8:c5:3b:13:5a:f2:76:da:
                    48:4e:4d:38:c0:67:a4:08:18:0e:72:96:f0:a0:0a:
                    42:f5:62:76:f4:33:06:d7:bb:4d:fc:08:1d:3c:a0:
                    18:46:92:4c:32:0b:22:34:79:c6:da:59:74:56:57:
                    9d:bb:de:4e:b0:3d:6c:00:28:72:3b:26:30:13:91:
                    a6:54:e8:ca:94:3f:91:c6:04:d9:bb:0a:98:00:11:
                    1a:c1:dd:be:7a:d1:ca:20:72:30:27:be:54:c6:82:
                    d9:19:5c:ac:bc:3a:65:93:91:5d:59:3b:e6:f0:dc:
                    ce:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:B8:5E:E7:E8:34:C8:24:CF:41:8B:F8:F4:31:D0:12:6E:CA:C5:C6
            X509v3 Authority Key Identifier:
                keyid:1C:EE:91:29:6C:94:99:2D:15:1A:23:22:40:E6:CF:3A:17:6D:20:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/Zbhe5-g0yCTPQYv49DHQEm7KxcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/HO6RKWyUmS0VGiMiQObPOhdtIDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.172.67.0-46.172.68.255
                  46.172.72.0/23
                  46.172.75.0/24
                  46.172.77.0/24
                  46.172.79.0/24
                  46.172.81.0-46.172.85.255
                  46.172.88.0/23
                  46.172.91.0/24
                IPv6:
                  2a04:5e40:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:43:6a:50:68:3c:96:2d:5d:1f:6b:80:07:a2:e1:71:d5:3b:
         16:bf:e2:de:15:7f:6e:ac:fb:35:a1:09:66:40:a5:04:3a:2c:
         23:39:58:cc:c0:fa:5e:55:04:79:10:26:05:6c:da:ed:d1:0c:
         84:f0:dd:02:27:27:19:98:83:a1:73:70:1a:bf:99:5a:62:cc:
         ca:ff:1f:9d:7f:39:c0:81:8f:e1:03:db:28:15:31:08:29:82:
         9c:44:99:c0:48:02:4f:ff:5c:5f:4d:a3:48:07:ca:81:77:32:
         c8:cd:f2:c8:8c:bc:38:e7:68:bf:e7:1f:9b:6b:62:be:89:a6:
         78:69:a1:69:73:90:19:e5:f7:03:60:33:b7:7a:9f:74:38:df:
         40:5f:57:ef:eb:70:8d:22:82:a5:c7:d0:e0:36:4c:f1:5a:bb:
         ac:93:80:75:82:41:0c:0a:ca:ad:65:a1:7b:75:60:1f:12:80:
         5c:c1:f3:68:9e:af:46:fe:4e:a0:3b:cb:46:a6:39:eb:07:9d:
         a5:f8:b7:a7:b0:f8:86:13:97:68:58:99:18:b3:93:63:fb:d9:
         ee:4f:27:26:57:a4:1f:a9:a5:10:03:86:70:89:b7:49:1b:85:
         32:f5:38:d3:90:ff:fb:f1:d1:9d:63:30:5f:5f:3b:ba:26:5f:
         bb:2e:3a:30
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVxAs4u7NSSS/z7LyRA7JuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZWU5MTI5NmM5NDk5MmQxNTFhMjMyMjQwZTZjZjNhMTc2
ZDIwMzkwHhcNMjMwMTAyMDU0NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWI4NWVlN2U4MzRjODI0Y2Y0MThiZjhmNDMxZDAxMjZlY2FjNWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRpXjDpNcyoNaFMtif4aMPWdGu1m
yiQnKmx0yhcyTh+3nb849sGs1HdUxRWD9Ie4TDYQenbRTzhbE3ew/JroFI0hYdNY
ntC09OdeZDsXOWwJAfQMCMLpBO4E8egHDXI7O3DZrutuFdjvBfVQscoGcTvLtFGF
ObmTL4zo1kWSEnKNrpKu2rRgNf4/9p4qqMU7E1rydtpITk04wGekCBgOcpbwoApC
9WJ29DMG17tN/AgdPKAYRpJMMgsiNHnG2ll0Vledu95OsD1sAChyOyYwE5GmVOjK
lD+RxgTZuwqYABEawd2+etHKIHIwJ75UxoLZGVysvDplk5FdWTvm8NzOJwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFGW4XufoNMgkz0GL+PQx0BJuysXGMB8GA1UdIwQY
MBaAFBzukSlslJktFRojIkDmzzoXbSA5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE82UktXeVVtUzBWR2lNaVFPYlBPaGR0SURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9jOTFlYzMtMjgyMC00MTdiLTlhYWQt
YmFjYWI0NzVlNmNjLzEvWmJoZTUtZzB5Q1RQUVl2NDlESFFFbTdLeGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9jOTFlYzMtMjgyMC00MTdiLTlhYWQtYmFjYWI0NzVlNmNj
LzEvSE82UktXeVVtUzBWR2lNaVFPYlBPaGR0SURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBGBAIAATBAMAwDBAAurEMD
BAAurEQDBAEurEgDBAAurEsDBAAurE0DBAAurE8wDAMEAC6sUQMEAS6sVAMEAS6s
WAMEAC6sWzAPBAIAAjAJAwcAKgReQAABMA0GCSqGSIb3DQEBCwUAA4IBAQAAQ2pQ
aDyWLV0fa4AHouFx1TsWv+LeFX9urPs1oQlmQKUEOiwjOVjMwPpeVQR5ECYFbNrt
0QyE8N0CJycZmIOhc3Aav5laYszK/x+dfznAgY/hA9soFTEIKYKcRJnASAJP/1xf
TaNIB8qBdzLIzfLIjLw452i/5x+ba2K+iaZ4aaFpc5AZ5fcDYDO3ep90ON9AX1fv
63CNIoKlx9DgNkzxWrusk4B1gkEMCsqtZaF7dWAfEoBcwfNonq9G/k6gO8tGpjnr
B52l+LensPiGE5doWJkYs5Nj+9nuTycmV6QfqaUQA4ZwibdJG4Uy9TjTkP/78dGd
YzBfXzu6Jl+7Ljow
-----END CERTIFICATE-----