Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/wpOZDghMtFSqZEFFsnx25-CSfM4.roa
File:                     wpOZDghMtFSqZEFFsnx25-CSfM4.roa (raw, json)
Hash identifier:          kZVysvamkeRLxcGn0MrMMEkxrIozdVqXZWqS43Tgcr0=
Subject key identifier:   C2:93:99:0E:08:4C:B4:54:AA:64:41:45:B2:7C:76:E7:E0:92:7C:CE
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       01872D6D92768361BB84F8FC3742FAE07316
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/wpOZDghMtFSqZEFFsnx25-CSfM4.roa
Signing time:             Wed 29 Mar 2023 12:52:48 +0000
ROA not before:           Wed 29 Mar 2023 12:52:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209408
IP address blocks:        80.71.225.0/24 maxlen: 24
                          80.71.228.0/24 maxlen: 24
                          45.66.224.0/22 maxlen: 22
                          80.71.237.0/24 maxlen: 24
                          81.29.145.0/24 maxlen: 24
                          81.29.146.0/24 maxlen: 24
                          81.29.149.0/24 maxlen: 24
                          81.29.148.0/24 maxlen: 24
                          81.29.147.0/24 maxlen: 24
                          81.29.156.0/24 maxlen: 24
                          81.29.158.0/24 maxlen: 24
                          2a09:6c40::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2d:6d:92:76:83:61:bb:84:f8:fc:37:42:fa:e0:73:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Mar 29 12:52:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c293990e084cb454aa644145b27c76e7e0927cce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b9:ec:bb:48:fe:6e:23:9a:31:0c:43:ad:fc:
                    41:33:66:26:25:aa:a1:18:fd:6f:a3:fe:0a:59:a6:
                    d7:fb:e6:f8:71:40:f9:d3:85:1e:ca:a0:d4:e3:2c:
                    82:00:33:a5:d2:d1:1d:7c:e7:31:6c:ae:56:22:58:
                    7e:a0:ae:3a:15:d7:c1:33:69:0a:cb:fd:5f:24:d6:
                    71:7e:61:2f:bc:e5:a6:5b:b6:c0:4e:4d:a1:93:2a:
                    21:97:88:59:ff:7b:f3:af:e0:3b:45:f9:e4:e6:67:
                    8b:93:ef:04:31:14:59:8d:e1:b8:67:52:74:e7:d0:
                    f4:40:34:79:d9:cc:f0:64:43:db:c8:b2:60:27:b1:
                    47:25:63:3d:84:4c:f0:fd:fb:3b:ee:0e:ff:c4:3c:
                    40:82:86:f3:96:00:25:df:43:f5:4c:a2:96:d4:aa:
                    1c:9a:88:4f:60:16:b5:50:8a:d4:57:0e:06:66:c3:
                    fb:f7:0d:92:d2:75:09:e5:f2:fc:dd:40:ef:08:ba:
                    24:46:50:dc:e4:8e:9b:b6:4d:69:f4:95:4a:a0:ae:
                    66:d5:09:35:14:1c:23:c9:aa:8c:5e:31:9d:cc:21:
                    cb:37:dc:88:1c:22:90:68:6d:8b:f7:e0:11:e9:8b:
                    91:f5:f9:68:eb:80:be:ac:11:02:f1:7c:4e:8b:eb:
                    43:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:93:99:0E:08:4C:B4:54:AA:64:41:45:B2:7C:76:E7:E0:92:7C:CE
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/wpOZDghMtFSqZEFFsnx25-CSfM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.224.0/22
                  80.71.225.0/24
                  80.71.228.0/24
                  80.71.237.0/24
                  81.29.145.0-81.29.149.255
                  81.29.156.0/24
                  81.29.158.0/24
                IPv6:
                  2a09:6c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:21:27:ed:91:69:39:e9:eb:c3:6c:7d:ac:ae:2e:4d:27:87:
         a8:1e:5a:d9:f7:00:e3:9b:0c:f2:3e:86:44:5a:38:82:c9:bd:
         0c:67:42:0e:75:da:b7:51:ee:e9:24:25:62:f2:09:5c:82:df:
         ca:77:a4:bd:3d:25:cc:00:aa:28:23:3a:71:38:cf:88:95:68:
         d2:d6:77:37:f8:21:c7:a6:f1:a9:73:d3:22:9f:4b:a8:32:00:
         79:75:44:ce:d4:b1:78:0a:98:82:e2:f3:1a:82:75:90:3f:e6:
         cc:14:7c:24:f2:1d:a7:54:c3:64:95:60:3b:68:0f:a2:55:51:
         94:14:fe:10:9b:39:ce:dc:f4:ef:d2:fe:69:4e:be:8a:37:1b:
         6b:52:ef:97:ad:f9:99:1c:a9:bc:05:2b:1a:2e:18:67:62:cb:
         74:83:cd:15:b3:5f:cb:68:35:2f:78:fe:b1:b7:c7:0a:fd:0f:
         4a:68:8e:29:d0:5a:c7:d2:6a:09:07:4e:2b:32:c2:d3:fa:5b:
         78:02:27:5d:4a:07:93:26:46:28:3d:33:be:ba:cb:dc:7b:fb:
         fe:4b:d1:5c:fb:e3:88:f3:7f:08:00:3a:74:d9:00:d8:dc:ae:
         4c:95:5c:99:52:b9:1b:7f:c2:4a:23:c3:dd:1e:3d:57:04:99:
         db:f3:24:0e
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYctbZJ2g2G7hPj8N0L64HMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjMwMzI5MTI1MjQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjkzOTkwZTA4NGNiNDU0YWE2NDQxNDViMjdjNzZlN2UwOTI3Y2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7nsu0j+biOaMQxDrfxBM2YmJaqh
GP1vo/4KWabX++b4cUD504UeyqDU4yyCADOl0tEdfOcxbK5WIlh+oK46FdfBM2kK
y/1fJNZxfmEvvOWmW7bATk2hkyohl4hZ/3vzr+A7Rfnk5meLk+8EMRRZjeG4Z1J0
59D0QDR52czwZEPbyLJgJ7FHJWM9hEzw/fs77g7/xDxAgobzlgAl30P1TKKW1Koc
mohPYBa1UIrUVw4GZsP79w2S0nUJ5fL83UDvCLokRlDc5I6btk1p9JVKoK5m1Qk1
FBwjyaqMXjGdzCHLN9yIHCKQaG2L9+AR6YuR9flo64C+rBEC8XxOi+tDEwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFMKTmQ4ITLRUqmRBRbJ8dufgknzOMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvd3BPWkRnaE10RlNxWkVGRnNueDI1LUNTZk00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQCLULgAwQA
UEfhAwQAUEfkAwQAUEftMAwDBABRHZEDBAFRHZQDBABRHZwDBABRHZ4wDQQCAAIw
BwMFAyoJbEAwDQYJKoZIhvcNAQELBQADggEBAKUhJ+2RaTnp68NsfayuLk0nh6ge
Wtn3AOObDPI+hkRaOILJvQxnQg512rdR7ukkJWLyCVyC38p3pL09JcwAqigjOnE4
z4iVaNLWdzf4Icem8alz0yKfS6gyAHl1RM7UsXgKmILi8xqCdZA/5swUfCTyHadU
w2SVYDtoD6JVUZQU/hCbOc7c9O/S/mlOvoo3G2tS75et+ZkcqbwFKxouGGdiy3SD
zRWzX8toNS94/rG3xwr9D0pojinQWsfSagkHTisywtP6W3gCJ11KB5MmRig9M766
y9x7+/5L0Vz744jzfwgAOnTZANjcrkyVXJlSuRt/wkojw90ePVcEmdvzJA4=
-----END CERTIFICATE-----