Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/wYIEXflsBZDjWz7YX_9CkghxTUM.roa
File:                     wYIEXflsBZDjWz7YX_9CkghxTUM.roa (raw, json)
Hash identifier:          4n4Oe8jshLLfntOg7QRTxaV5yEIrtklpEeq7OBBJPq8=
Subject key identifier:   C1:82:04:5D:F9:6C:05:90:E3:5B:3E:D8:5F:FF:42:92:08:71:4D:43
Certificate issuer:       /CN=f7b50c7e81d8cf264d1209b6ad5a3ccb82c16fdd
Certificate serial:       01873295DAD644A0EC15EB621F2D943488E9
Authority key identifier: F7:B5:0C:7E:81:D8:CF:26:4D:12:09:B6:AD:5A:3C:CB:82:C1:6F:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/97UMfoHYzyZNEgm2rVo8y4LBb90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/wYIEXflsBZDjWz7YX_9CkghxTUM.roa
Signing time:             Thu 30 Mar 2023 12:54:54 +0000
ROA not before:           Thu 30 Mar 2023 12:54:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     63473
IP address blocks:        194.29.186.0/24 maxlen: 24
                          194.29.187.0/24 maxlen: 24
                          45.132.74.0/24 maxlen: 24
                          45.132.75.0/24 maxlen: 24
                          185.223.207.0/24 maxlen: 24
                          194.29.100.0/24 maxlen: 24
                          194.29.101.0/24 maxlen: 24
                          45.91.95.0/24 maxlen: 24
                          45.91.92.0/24 maxlen: 24
                          45.91.93.0/24 maxlen: 24
                          45.91.94.0/24 maxlen: 24
                          109.205.61.0/24 maxlen: 24
                          2a0e:dc0:4::/48 maxlen: 48
                          2a0e:dc0:5::/48 maxlen: 48
                          2a0e:dc0:8::/48 maxlen: 48
                          2a0e:dc0:3::/48 maxlen: 48
                          2a0e:dc0:9::/48 maxlen: 48
                          2a0e:dc0:6::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:32:95:da:d6:44:a0:ec:15:eb:62:1f:2d:94:34:88:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7b50c7e81d8cf264d1209b6ad5a3ccb82c16fdd
        Validity
            Not Before: Mar 30 12:54:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c182045df96c0590e35b3ed85fff429208714d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b0:6e:4c:e2:15:02:1b:bc:3d:5c:3e:bc:1a:
                    43:a6:83:c0:c3:28:d8:cd:3e:9e:b4:52:cf:7c:fe:
                    88:d3:e1:20:3f:08:ea:58:1e:e1:49:a1:e2:cd:3b:
                    ca:ef:97:9b:06:f3:96:dd:09:86:07:8f:77:3e:2f:
                    dc:ba:3b:19:ed:27:e8:67:42:36:cf:e0:1b:c8:a1:
                    99:4e:14:ee:57:78:4b:30:05:26:d3:a3:54:c0:11:
                    ec:54:d2:87:8a:22:07:2a:44:bc:9a:87:16:07:f0:
                    8e:0a:dd:6f:a6:a6:55:cf:94:98:fd:53:a3:7b:c4:
                    6f:5a:15:3c:fc:68:8f:49:f1:e7:52:4d:60:38:d2:
                    6b:07:b0:7b:7c:7c:57:14:4d:33:e7:50:d8:85:48:
                    77:dc:af:05:e5:bc:f6:11:ef:fa:f7:82:e8:a6:3e:
                    0d:47:d5:c4:6d:47:e0:67:9a:a5:ee:2e:9f:5b:5f:
                    1f:3e:47:cb:ed:ba:8a:72:40:8f:bc:cd:72:d6:b4:
                    58:8c:12:f2:f6:74:78:bd:4a:3e:7e:f2:4e:56:a1:
                    f2:8e:76:65:d6:c7:a9:88:09:3f:0d:09:d0:41:bf:
                    66:08:5d:13:09:3c:e0:64:1d:82:9a:b5:a4:3b:ad:
                    83:ca:b5:e7:ee:fa:fd:6a:a2:38:46:9e:24:c3:95:
                    ad:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:82:04:5D:F9:6C:05:90:E3:5B:3E:D8:5F:FF:42:92:08:71:4D:43
            X509v3 Authority Key Identifier:
                keyid:F7:B5:0C:7E:81:D8:CF:26:4D:12:09:B6:AD:5A:3C:CB:82:C1:6F:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/97UMfoHYzyZNEgm2rVo8y4LBb90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/wYIEXflsBZDjWz7YX_9CkghxTUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/732a87-4db0-4ef1-bafb-ac4016120cb9/1/97UMfoHYzyZNEgm2rVo8y4LBb90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.92.0/22
                  45.132.74.0/23
                  109.205.61.0/24
                  185.223.207.0/24
                  194.29.100.0/23
                  194.29.186.0/23
                IPv6:
                  2a0e:dc0:3::-2a0e:dc0:6:ffff:ffff:ffff:ffff:ffff
                  2a0e:dc0:8::/47

    Signature Algorithm: sha256WithRSAEncryption
         9f:b5:2c:d1:7d:7e:d3:8c:6f:2f:25:87:57:15:1c:af:e8:a0:
         c0:e8:33:d9:69:6e:01:95:b3:01:34:43:f3:04:d0:db:87:13:
         89:38:06:6b:6b:e2:5f:6f:36:0d:0d:f6:e4:c5:a6:b5:c1:53:
         fe:33:7c:a7:d4:db:a6:80:01:a5:64:d1:08:10:3d:f1:04:2f:
         c7:22:59:83:b1:bc:09:93:b7:6c:80:6e:2e:ce:d8:ab:73:1e:
         c1:a2:d0:f7:23:96:13:fe:15:43:c1:18:c4:7c:f9:d8:fd:8d:
         3f:3c:c3:80:78:df:21:1e:a1:7e:e6:d9:fa:df:e8:86:b0:20:
         27:4d:41:a0:52:85:ef:fb:0e:ad:90:f5:f7:cf:c4:a8:1c:71:
         a6:17:df:5d:46:b2:ed:2a:ee:b4:32:f3:f2:ad:3b:a3:83:32:
         73:48:6a:9b:b5:00:ec:ef:38:e7:c6:65:ff:7e:9a:7f:72:5f:
         54:d0:80:29:f1:8c:6b:b7:0c:ac:cc:97:eb:c7:1b:d9:8f:0c:
         51:bd:6c:2f:10:d4:e3:21:59:ec:d4:d7:d8:71:7e:b2:f0:ca:
         58:67:ee:e1:26:84:e2:fb:ea:62:2f:de:4f:3b:42:15:eb:6b:
         36:6d:bb:e6:65:1c:6a:73:47:0d:2e:d9:6f:05:11:54:b4:bc:
         7e:45:51:17
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYcyldrWRKDsFetiHy2UNIjpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YjUwYzdlODFkOGNmMjY0ZDEyMDliNmFkNWEzY2NiODJj
MTZmZGQwHhcNMjMwMzMwMTI1NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTgyMDQ1ZGY5NmMwNTkwZTM1YjNlZDg1ZmZmNDI5MjA4NzE0ZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrBuTOIVAhu8PVw+vBpDpoPAwyjY
zT6etFLPfP6I0+EgPwjqWB7hSaHizTvK75ebBvOW3QmGB493Pi/cujsZ7SfoZ0I2
z+AbyKGZThTuV3hLMAUm06NUwBHsVNKHiiIHKkS8mocWB/COCt1vpqZVz5SY/VOj
e8RvWhU8/GiPSfHnUk1gONJrB7B7fHxXFE0z51DYhUh33K8F5bz2Ee/694Lopj4N
R9XEbUfgZ5ql7i6fW18fPkfL7bqKckCPvM1y1rRYjBLy9nR4vUo+fvJOVqHyjnZl
1sepiAk/DQnQQb9mCF0TCTzgZB2CmrWkO62DyrXn7vr9aqI4Rp4kw5WtkwIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFMGCBF35bAWQ41s+2F//QpIIcU1DMB8GA1UdIwQY
MBaAFPe1DH6B2M8mTRIJtq1aPMuCwW/dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTdVTWZvSFl6eVpORWdtMnJWbzh5NExCYjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi83MzJhODctNGRiMC00ZWYxLWJhZmIt
YWM0MDE2MTIwY2I5LzEvd1lJRVhmbHNCWkRqV3o3WVhfOUNrZ2h4VFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi83MzJhODctNGRiMC00ZWYxLWJhZmItYWM0MDE2MTIwY2I5
LzEvOTdVTWZvSFl6eVpORWdtMnJWbzh5NExCYjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTAqBAIAATAkAwQCLVtcAwQB
LYRKAwQAbc09AwQAud/PAwQBwh1kAwQBwh26MCMEAgACMB0wEgMHACoODcAAAwMH
ACoODcAABgMHASoODcAACDANBgkqhkiG9w0BAQsFAAOCAQEAn7Us0X1+04xvLyWH
VxUcr+igwOgz2WluAZWzATRD8wTQ24cTiTgGa2viX282DQ325MWmtcFT/jN8p9Tb
poABpWTRCBA98QQvxyJZg7G8CZO3bIBuLs7Yq3MewaLQ9yOWE/4VQ8EYxHz52P2N
PzzDgHjfIR6hfubZ+t/ohrAgJ01BoFKF7/sOrZD198/EqBxxphffXUay7SrutDLz
8q07o4Myc0hqm7UA7O8458Zl/36af3JfVNCAKfGMa7cMrMyX68cb2Y8MUb1sLxDU
4yFZ7NTX2HF+svDKWGfu4SaE4vvqYi/eTztCFetrNm275mUcanNHDS7ZbwURVLS8
fkVRFw==
-----END CERTIFICATE-----