Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/zpUBgwM59HD371W8pFRc_9guzFo.roa
File:                     zpUBgwM59HD371W8pFRc_9guzFo.roa (raw, json)
Hash identifier:          PC93OE14DE2Le80QNK8S26Icv5+dQUz0h4yJ6h2KLcM=
Subject key identifier:   CE:95:01:83:03:39:F4:70:F7:EF:55:BC:A4:54:5C:FF:D8:2E:CC:5A
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       01865B07B5C8504C14730AD6D61A28301EF7
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/zpUBgwM59HD371W8pFRc_9guzFo.roa
Signing time:             Thu 16 Feb 2023 16:21:17 +0000
ROA not before:           Thu 16 Feb 2023 16:21:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199839
IP address blocks:        31.24.249.0/24 maxlen: 32
                          2a12:4942:4009::/48 maxlen: 48
                          2001:678:f30::/48 maxlen: 48
                          2a12:4942:174::/48 maxlen: 48
                          2a12:4946:46::/48 maxlen: 48
                          2a12:4940::/32 maxlen: 48
                          2a12:4946:1655::/48 maxlen: 48
                          2a12:4946:1650::/48 maxlen: 48
                          2a12:4946:3000::/48 maxlen: 48
                          2a12:4946:1900::/48 maxlen: 48
                          2a12:4946:1800::/48 maxlen: 48
                          2a12:4946:1700::/48 maxlen: 48
                          2a12:4946:1600::/48 maxlen: 48
                          2a12:4946:1658::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:5b:07:b5:c8:50:4c:14:73:0a:d6:d6:1a:28:30:1e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Feb 16 16:21:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ce9501830339f470f7ef55bca4545cffd82ecc5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:37:78:19:e3:d2:08:28:50:54:67:1b:ee:6c:
                    c7:ff:2f:02:83:c1:57:f5:3e:68:45:37:e7:9b:cb:
                    cd:2e:17:81:d3:5b:b2:5d:ec:1f:c5:a2:ef:3f:0e:
                    7a:5a:28:34:d6:15:23:d6:f3:35:5d:4b:36:cb:b6:
                    3a:9d:fb:76:0f:38:bb:e6:e5:92:6c:de:ef:8b:08:
                    34:02:96:d5:72:b7:e7:3c:a6:19:4b:fb:c3:c3:2f:
                    3a:13:1d:e6:b3:bd:ff:6b:f3:17:17:0a:51:ab:27:
                    10:9c:9a:53:f9:07:b0:7d:c5:6d:8d:70:e5:a2:0a:
                    04:25:72:3c:d3:e2:f4:33:15:0d:25:15:9d:8b:51:
                    c4:18:28:56:ae:80:e8:f9:ad:28:e4:94:a2:1a:20:
                    4e:7a:53:7f:07:72:e5:45:18:62:5c:0b:95:9a:3e:
                    50:2b:7f:32:2e:c5:38:9b:4e:0e:75:00:f4:ad:6d:
                    84:7d:25:c9:ff:4e:c5:5b:e3:5f:76:6c:12:9f:dc:
                    43:ae:74:bf:1f:0d:41:9e:64:77:e9:a5:3a:63:b9:
                    fd:00:69:80:e1:5b:e5:fc:ae:89:03:5b:66:c4:c9:
                    b2:ad:ce:2c:8c:ea:34:10:4e:9a:cc:a8:14:25:46:
                    5c:21:34:4d:a3:f6:d4:cb:ed:50:f0:cc:ee:ff:ec:
                    63:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:95:01:83:03:39:F4:70:F7:EF:55:BC:A4:54:5C:FF:D8:2E:CC:5A
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/zpUBgwM59HD371W8pFRc_9guzFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.249.0/24
                IPv6:
                  2001:678:f30::/48
                  2a12:4940::/32
                  2a12:4942:174::/48
                  2a12:4942:4009::/48
                  2a12:4946:46::/48
                  2a12:4946:1600::/48
                  2a12:4946:1650::/48
                  2a12:4946:1655::/48
                  2a12:4946:1658::/48
                  2a12:4946:1700::/48
                  2a12:4946:1800::/48
                  2a12:4946:1900::/48
                  2a12:4946:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:e7:18:dd:60:5a:11:7d:e8:55:e9:8e:45:db:b8:71:f5:da:
         47:5e:83:ab:29:d4:f6:46:e7:fe:3f:50:6a:63:71:19:4f:ac:
         a5:00:09:f3:e4:8e:8a:62:f8:3e:66:b8:52:d6:79:dc:9b:d1:
         a6:c7:4a:45:17:c9:a1:b9:0f:89:2c:33:6c:af:4e:63:91:d8:
         f1:ef:82:93:99:0d:88:32:29:a9:47:39:12:78:80:cc:6d:ea:
         48:4e:de:d2:70:74:8b:36:6e:90:12:d4:50:90:93:78:43:08:
         dd:dc:28:ef:d1:1b:09:a1:29:81:b8:77:e0:d8:e0:34:3f:51:
         a2:c7:df:7a:80:52:d4:f7:2e:b5:18:47:5f:23:79:11:d2:75:
         e5:d5:0e:57:c9:06:36:0a:91:40:5e:e7:fa:e7:a7:6b:6d:5b:
         68:1c:74:0b:91:a7:91:5f:71:00:d3:4a:08:3c:5b:76:e2:f4:
         96:30:38:7f:ed:40:25:00:de:77:c9:10:5e:37:f3:02:0b:20:
         70:97:b5:7d:4a:7e:6c:bf:66:46:db:a5:a1:b2:97:e8:34:b3:
         d9:26:1a:41:3b:75:bb:4c:b0:6b:33:3a:3c:eb:89:11:be:96:
         1c:16:b1:94:dd:bd:d8:8e:54:66:dc:f8:1b:02:c0:cb:e6:10:
         37:e0:1c:b0
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYZbB7XIUEwUcwrW1hooMB73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjMwMjE2MTYyMTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTk1MDE4MzAzMzlmNDcwZjdlZjU1YmNhNDU0NWNmZmQ4MmVjYzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDd4GePSCChQVGcb7mzH/y8Cg8FX
9T5oRTfnm8vNLheB01uyXewfxaLvPw56Wig01hUj1vM1XUs2y7Y6nft2Dzi75uWS
bN7viwg0ApbVcrfnPKYZS/vDwy86Ex3ms73/a/MXFwpRqycQnJpT+QewfcVtjXDl
ogoEJXI80+L0MxUNJRWdi1HEGChWroDo+a0o5JSiGiBOelN/B3LlRRhiXAuVmj5Q
K38yLsU4m04OdQD0rW2EfSXJ/07FW+NfdmwSn9xDrnS/Hw1BnmR36aU6Y7n9AGmA
4Vvl/K6JA1tmxMmyrc4sjOo0EE6azKgUJUZcITRNo/bUy+1Q8Mzu/+xjYQIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFM6VAYMDOfRw9+9VvKRUXP/YLsxaMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvenBVQmd3TTU5SEQzNzFXOHBGUmNfOWd1ekZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGcBggrBgEFBQcBBwEB/wSBjDCBiTAMBAIAATAGAwQAHxj5
MHkEAgACMHMDBwAgAQZ4DzADBQAqEklAAwcAKhJJQgF0AwcAKhJJQkAJAwcAKhJJ
RgBGAwcAKhJJRhYAAwcAKhJJRhZQAwcAKhJJRhZVAwcAKhJJRhZYAwcAKhJJRhcA
AwcAKhJJRhgAAwcAKhJJRhkAAwcAKhJJRjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCX
5xjdYFoRfehV6Y5F27hx9dpHXoOrKdT2Ruf+P1BqY3EZT6ylAAnz5I6KYvg+ZrhS
1nncm9Gmx0pFF8mhuQ+JLDNsr05jkdjx74KTmQ2IMimpRzkSeIDMbepITt7ScHSL
Nm6QEtRQkJN4Qwjd3Cjv0RsJoSmBuHfg2OA0P1Gix996gFLU9y61GEdfI3kR0nXl
1Q5XyQY2CpFAXuf656drbVtoHHQLkaeRX3EA00oIPFt24vSWMDh/7UAlAN53yRBe
N/MCCyBwl7V9Sn5sv2ZG26WhspfoNLPZJhpBO3W7TLBrMzo864kRvpYcFrGU3b3Y
jlRm3PgbAsDL5hA34Byw
-----END CERTIFICATE-----