Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/gY_wWrLQ_qabJJ2wbdoq45Hy-QA.roa
File:                     gY_wWrLQ_qabJJ2wbdoq45Hy-QA.roa (raw, json)
Hash identifier:          y2JZmX23RXoc4AtDtGNLR7Lh3tl+dDcU1QkZfSgWXuo=
Subject key identifier:   81:8F:F0:5A:B2:D0:FE:A6:9B:24:9D:B0:6D:DA:2A:E3:91:F2:F9:00
Certificate issuer:       /CN=94d98e8fec680775a157266e0c6b78b141a34f5e
Certificate serial:       01867045F18BC0D0622828B6B06862703A7A
Authority key identifier: 94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/gY_wWrLQ_qabJJ2wbdoq45Hy-QA.roa
Signing time:             Mon 20 Feb 2023 19:21:17 +0000
ROA not before:           Mon 20 Feb 2023 19:21:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204957
IP address blocks:        195.211.98.0/23 maxlen: 23
                          195.211.96.0/23 maxlen: 23
                          82.117.252.0/23 maxlen: 23
                          45.90.56.0/22 maxlen: 22
                          82.117.254.0/24 maxlen: 24
                          195.123.232.0/22 maxlen: 22
                          82.117.255.0/24 maxlen: 24
                          195.123.236.0/22 maxlen: 22
                          195.123.240.0/22 maxlen: 22
                          195.123.244.0/22 maxlen: 22
                          62.233.57.0/24 maxlen: 24
                          2a05:9400::/32 maxlen: 32
                          2a12:6fc0::/32 maxlen: 32
                          2a05:9403::/32 maxlen: 32
                          2a05:9405::/32 maxlen: 32
                          2a05:9406::/32 maxlen: 32
                          2a05:9402::/32 maxlen: 32
                          2a05:9401::/32 maxlen: 32
                          2a12:6fc1::/32 maxlen: 32
                          2a05:9404::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:70:45:f1:8b:c0:d0:62:28:28:b6:b0:68:62:70:3a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94d98e8fec680775a157266e0c6b78b141a34f5e
        Validity
            Not Before: Feb 20 19:21:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=818ff05ab2d0fea69b249db06dda2ae391f2f900
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3b:bc:e7:60:0a:25:04:6a:1d:7f:89:8b:57:
                    6d:f8:df:eb:b6:d1:19:fb:f0:fc:0a:7d:5b:f7:ee:
                    93:72:2b:ad:7c:0f:63:8c:f6:bf:a9:b5:50:47:cb:
                    38:bb:33:68:d8:6d:6a:37:ec:a6:3e:91:70:68:cc:
                    1c:97:9a:46:1f:0a:ba:d4:20:cc:35:f8:5f:27:9a:
                    c7:51:78:5c:d1:c2:a4:bf:f6:36:f6:c0:a2:eb:c0:
                    2a:51:9a:f0:9d:bd:e2:98:67:e9:61:c3:f8:5d:d3:
                    01:4d:9c:13:67:2f:ac:d8:08:1c:c6:b1:c0:89:7d:
                    69:51:61:60:40:70:0e:d9:58:a8:8c:fa:0c:d7:8c:
                    e6:7d:ba:79:62:5e:e5:3b:94:40:13:91:a8:99:ed:
                    3c:95:6d:31:e2:a2:13:2a:e6:05:61:4e:94:dd:48:
                    39:38:42:2f:15:fc:cd:9d:88:91:c2:66:2c:e0:5b:
                    e8:cf:c1:b0:e5:94:d1:de:d4:2f:46:f5:c4:cd:c9:
                    a0:aa:c4:cd:ea:96:74:48:65:5b:c7:f9:59:57:ff:
                    64:d8:fb:ad:5b:c8:32:2f:0f:13:e9:f8:a7:1a:a8:
                    1f:21:a4:2c:64:3c:62:67:51:b4:8a:c0:b2:4c:cf:
                    11:26:35:78:ca:0c:91:57:44:9e:45:24:63:12:97:
                    fc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:8F:F0:5A:B2:D0:FE:A6:9B:24:9D:B0:6D:DA:2A:E3:91:F2:F9:00
            X509v3 Authority Key Identifier:
                keyid:94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/gY_wWrLQ_qabJJ2wbdoq45Hy-QA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.56.0/22
                  62.233.57.0/24
                  82.117.252.0/22
                  195.123.232.0-195.123.247.255
                  195.211.96.0/22
                IPv6:
                  2a05:9400::-2a05:9406:ffff:ffff:ffff:ffff:ffff:ffff
                  2a12:6fc0::/31

    Signature Algorithm: sha256WithRSAEncryption
         87:af:bc:49:71:15:73:50:b1:ba:0d:9a:b8:f5:5d:20:72:a8:
         0d:dd:a2:a1:b9:a2:52:b8:b7:98:43:35:87:d4:39:7a:dc:cc:
         14:82:80:f5:ba:15:21:74:23:69:2d:46:69:96:ac:2a:3d:3d:
         fe:76:3c:5f:3a:08:99:8c:e6:70:dc:06:6b:0b:b8:99:0b:3b:
         60:7e:b8:88:32:22:01:af:19:c0:0b:b1:f4:66:57:7f:c7:29:
         7e:39:0f:c6:14:3c:0c:75:66:14:12:d8:c4:0b:65:a8:50:83:
         87:b3:df:e7:00:ba:71:0e:42:84:4f:3f:93:82:ca:c8:8d:05:
         3f:26:e6:64:eb:fd:d6:a6:ec:42:8c:8a:4f:9d:c9:8f:48:6b:
         3c:19:28:f8:35:ab:54:a2:26:61:21:32:e1:d3:1c:6b:88:a1:
         ba:e7:cc:60:c9:48:2f:35:24:17:a9:4a:de:a3:65:ed:77:4b:
         6c:98:66:34:04:fc:2a:e2:60:6e:33:c9:87:ad:c7:80:6a:82:
         a8:4f:6a:89:74:2b:7a:dc:eb:b4:a1:ee:bf:ee:c0:c0:a7:6f:
         6a:fe:7d:d3:ab:cb:73:5b:d6:31:d8:f5:bb:91:70:99:9d:e1:
         4d:b7:ce:00:d0:bc:a0:43:09:71:01:72:28:b3:12:f8:d3:89:
         7c:60:90:e8
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYZwRfGLwNBiKCi2sGhicDp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZDk4ZThmZWM2ODA3NzVhMTU3MjY2ZTBjNmI3OGIxNDFh
MzRmNWUwHhcNMjMwMjIwMTkyMTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MThmZjA1YWIyZDBmZWE2OWIyNDlkYjA2ZGRhMmFlMzkxZjJmOTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkju852AKJQRqHX+Ji1dt+N/rttEZ
+/D8Cn1b9+6TciutfA9jjPa/qbVQR8s4uzNo2G1qN+ymPpFwaMwcl5pGHwq61CDM
NfhfJ5rHUXhc0cKkv/Y29sCi68AqUZrwnb3imGfpYcP4XdMBTZwTZy+s2AgcxrHA
iX1pUWFgQHAO2ViojPoM14zmfbp5Yl7lO5RAE5Gome08lW0x4qITKuYFYU6U3Ug5
OEIvFfzNnYiRwmYs4Fvoz8Gw5ZTR3tQvRvXEzcmgqsTN6pZ0SGVbx/lZV/9k2Put
W8gyLw8T6finGqgfIaQsZDxiZ1G0isCyTM8RJjV4ygyRV0SeRSRjEpf8UQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFIGP8Fqy0P6mmySdsG3aKuOR8vkAMB8GA1UdIwQY
MBaAFJTZjo/saAd1oVcmbgxreLFBo09eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzkt
ODdkMTdkZjc0YzdlLzEvZ1lfd1dyTFFfcWFiSkoyd2Jkb3E0NUh5LVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzktODdkMTdkZjc0Yzdl
LzEvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAsBAIAATAmAwQCLVo4AwQA
Puk5AwQCUnX8MAwDBAPDe+gDBAPDe/ADBALD02AwHAQCAAIwFjANAwQCKgWUAwUA
KgWUBgMFASoSb8AwDQYJKoZIhvcNAQELBQADggEBAIevvElxFXNQsboNmrj1XSBy
qA3doqG5olK4t5hDNYfUOXrczBSCgPW6FSF0I2ktRmmWrCo9Pf52PF86CJmM5nDc
BmsLuJkLO2B+uIgyIgGvGcALsfRmV3/HKX45D8YUPAx1ZhQS2MQLZahQg4ez3+cA
unEOQoRPP5OCysiNBT8m5mTr/dam7EKMik+dyY9IazwZKPg1q1SiJmEhMuHTHGuI
obrnzGDJSC81JBepSt6jZe13S2yYZjQE/CriYG4zyYetx4BqgqhPaol0K3rc67Sh
7r/uwMCnb2r+fdOry3Nb1jHY9buRcJmd4U23zgDQvKBDCXEBciizEvjTiXxgkOg=
-----END CERTIFICATE-----