Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/WDEtsxAhp-2j9ZMr4JAu7NJxe6E.roa
File:                     WDEtsxAhp-2j9ZMr4JAu7NJxe6E.roa (raw, json)
Hash identifier:          wHWXFZlEyz2JgfiP2YDZ9iYwREjX76DNvGt9A9fFtVQ=
Subject key identifier:   58:31:2D:B3:10:21:A7:ED:A3:F5:93:2B:E0:90:2E:EC:D2:71:7B:A1
Certificate issuer:       /CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Certificate serial:       018DC542211CBA5591F57E52332B94BD51D8
Authority key identifier: A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/WDEtsxAhp-2j9ZMr4JAu7NJxe6E.roa
Signing time:             Tue 20 Feb 2024 06:44:21 +0000
ROA not before:           Tue 20 Feb 2024 06:44:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216134
IP address blocks:        149.238.0.0/16 maxlen: 24
                          149.238.0.0/19 maxlen: 24
                          149.238.32.0/19 maxlen: 24
                          149.238.64.0/19 maxlen: 24
                          149.238.96.0/19 maxlen: 24
                          149.238.128.0/19 maxlen: 24
                          149.238.159.0/24 maxlen: 24
                          149.238.160.0/19 maxlen: 24
                          149.238.192.0/19 maxlen: 24
                          149.238.224.0/19 maxlen: 24
                          192.77.114.0/23 maxlen: 24
                          192.112.208.0/24 maxlen: 24
                          193.33.52.0/23 maxlen: 24
                          2a13:cb40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 14 May 2024 15:20:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:42:21:1c:ba:55:91:f5:7e:52:33:2b:94:bd:51:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
        Validity
            Not Before: Feb 20 06:44:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58312db31021a7eda3f5932be0902eecd2717ba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:90:d4:1c:de:8e:e7:9e:9e:4b:8d:ff:ac:e6:
                    33:2b:65:06:05:89:88:af:72:6a:61:c3:9b:7e:cf:
                    c5:17:ea:d6:c2:6c:2c:5e:e1:3a:fb:67:0a:03:88:
                    eb:8f:85:e9:29:2e:91:56:cb:ef:a5:b9:41:41:2e:
                    8f:e5:4c:91:fe:65:94:c6:36:ef:84:5c:4d:20:dc:
                    ca:32:94:48:5b:97:3d:77:ba:2d:ad:97:16:5e:24:
                    06:a8:42:65:76:1b:75:4b:04:ef:eb:90:28:8b:44:
                    a2:e7:ab:45:ae:7a:c4:36:97:05:ce:1b:54:7e:da:
                    ad:f8:bb:bf:a8:50:bc:57:47:4f:15:45:4f:34:7c:
                    b5:a7:84:72:17:29:12:ac:ba:4f:2d:a4:1b:35:b3:
                    8a:18:7f:2a:1a:53:7a:8e:fd:ab:40:92:a5:87:49:
                    87:b8:c5:6c:ec:9a:90:d9:81:9f:24:d9:bb:8a:ea:
                    6c:8e:28:21:e7:58:1b:2a:a4:48:f2:34:81:87:ec:
                    cb:68:b1:b9:0d:39:6a:04:1c:14:c6:fe:0c:f3:0b:
                    09:7f:9d:50:95:73:00:03:9e:14:a3:2d:33:b4:b9:
                    82:62:0c:08:87:ec:b6:38:27:52:51:8a:63:9e:3d:
                    9f:f6:2b:25:05:97:61:03:ce:05:f1:93:9f:eb:78:
                    ac:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:31:2D:B3:10:21:A7:ED:A3:F5:93:2B:E0:90:2E:EC:D2:71:7B:A1
            X509v3 Authority Key Identifier:
                keyid:A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/WDEtsxAhp-2j9ZMr4JAu7NJxe6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/pDJ8VulBFx6jvrom67niP031vPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.238.0.0/16
                  192.77.114.0/23
                  192.112.208.0/24
                  193.33.52.0/23
                IPv6:
                  2a13:cb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         61:41:29:09:91:1e:4b:c6:bc:69:1c:e3:f4:4b:72:2f:66:47:
         2d:2b:36:77:b8:0f:d6:c2:3e:ef:b5:c6:82:96:b5:4b:3d:8c:
         a2:c6:52:04:c7:63:80:f9:dc:f0:c3:77:a9:3f:cf:9f:3f:ed:
         10:6e:70:af:24:8e:74:bd:81:5b:3c:cf:64:0a:3d:50:bc:08:
         f5:4c:63:a3:dd:77:7c:b7:58:b4:cf:6d:03:fb:c0:80:e6:9f:
         c9:e9:e1:c9:a6:a7:f7:1c:ca:e3:cb:d9:56:24:7a:0e:44:1d:
         1c:ed:ff:9d:4f:6c:42:bc:f5:ac:21:88:ba:8e:89:be:b9:7c:
         41:e0:60:99:ce:54:8b:8a:ec:35:f8:ee:ad:08:9b:9e:fe:a1:
         59:8b:3c:0b:8f:15:5b:06:0f:fc:df:53:3e:a4:38:92:db:e0:
         94:62:d7:c6:16:80:af:47:cb:44:b5:47:90:4a:32:12:12:ef:
         59:f1:bd:56:2e:c1:f3:57:5a:a1:2d:73:03:fe:7e:4a:fc:e0:
         18:e1:c3:8d:30:e8:8d:13:1c:d9:74:07:b1:26:c7:5d:3d:4d:
         bf:66:7b:78:e7:03:e2:1b:01:08:c5:f4:79:f0:a0:39:a2:ba:
         dd:09:cc:b8:75:d2:fd:b0:82:aa:84:c2:91:5c:38:df:e8:68:
         1d:29:b9:35
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAY3FQiEculWR9X5SMyuUvVHYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzI3YzU2ZTk0MTE3MWVhM2JlYmEyNmViYjllMjNmNGRm
NWJjZjMwHhcNMjQwMjIwMDY0NDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODMxMmRiMzEwMjFhN2VkYTNmNTkzMmJlMDkwMmVlY2QyNzE3YmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpDUHN6O556eS43/rOYzK2UGBYmI
r3JqYcObfs/FF+rWwmwsXuE6+2cKA4jrj4XpKS6RVsvvpblBQS6P5UyR/mWUxjbv
hFxNINzKMpRIW5c9d7otrZcWXiQGqEJldht1SwTv65Aoi0Si56tFrnrENpcFzhtU
ftqt+Lu/qFC8V0dPFUVPNHy1p4RyFykSrLpPLaQbNbOKGH8qGlN6jv2rQJKlh0mH
uMVs7JqQ2YGfJNm7iupsjigh51gbKqRI8jSBh+zLaLG5DTlqBBwUxv4M8wsJf51Q
lXMAA54Uoy0ztLmCYgwIh+y2OCdSUYpjnj2f9islBZdhA84F8ZOf63ispwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFFgxLbMQIafto/WTK+CQLuzScXuhMB8GA1UdIwQY
MBaAFKQyfFbpQRceo766Juu54j9N9bzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWIt
MjhjMzQzY2U5ZDVkLzEvV0RFdHN4QWhwLTJqOVpNcjRKQXU3Tkp4ZTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWItMjhjMzQzY2U5ZDVk
LzEvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAdBAIAATAXAwMAle4DBAHA
TXIDBADAcNADBAHBITQwDQQCAAIwBwMFAyoTy0AwDQYJKoZIhvcNAQELBQADggEB
AGFBKQmRHkvGvGkc4/RLci9mRy0rNne4D9bCPu+1xoKWtUs9jKLGUgTHY4D53PDD
d6k/z58/7RBucK8kjnS9gVs8z2QKPVC8CPVMY6Pdd3y3WLTPbQP7wIDmn8np4cmm
p/ccyuPL2VYkeg5EHRzt/51PbEK89awhiLqOib65fEHgYJnOVIuK7DX47q0Im57+
oVmLPAuPFVsGD/zfUz6kOJLb4JRi18YWgK9Hy0S1R5BKMhIS71nxvVYuwfNXWqEt
cwP+fkr84Bjhw40w6I0THNl0B7Emx109Tb9me3jnA+IbAQjF9HnwoDmiut0JzLh1
0v2wgqqEwpFcON/oaB0puTU=
-----END CERTIFICATE-----