Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/dWVfwApNbP9MzYEku7L9v-4Ul8c.roa
File:                     dWVfwApNbP9MzYEku7L9v-4Ul8c.roa (raw, json)
Hash identifier:          QzfjT2+R/8cQeMKn6/kcojr7IpSAuBdVashIajxX0wc=
Subject key identifier:   75:65:5F:C0:0A:4D:6C:FF:4C:CD:81:24:BB:B2:FD:BF:EE:14:97:C7
Certificate issuer:       /CN=ddead919b85a13051d0208b7e28ddccb398b14d6
Certificate serial:       018779DFC73422E4DD95699AC3E5AD19DEA7
Authority key identifier: DD:EA:D9:19:B8:5A:13:05:1D:02:08:B7:E2:8D:DC:CB:39:8B:14:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/dWVfwApNbP9MzYEku7L9v-4Ul8c.roa
Signing time:             Thu 13 Apr 2023 09:08:41 +0000
ROA not before:           Thu 13 Apr 2023 09:08:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42845
IP address blocks:        193.28.233.0/24 maxlen: 24
                          45.137.144.0/22 maxlen: 22
                          77.74.208.0/21 maxlen: 24
                          185.135.124.0/22 maxlen: 22
                          37.157.224.0/21 maxlen: 24
                          185.232.224.0/22 maxlen: 22
                          185.40.224.0/22 maxlen: 22
                          194.150.92.0/22 maxlen: 22
                          95.128.144.0/21 maxlen: 24
                          185.185.116.0/22 maxlen: 22
                          2a00:7200::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:79:df:c7:34:22:e4:dd:95:69:9a:c3:e5:ad:19:de:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddead919b85a13051d0208b7e28ddccb398b14d6
        Validity
            Not Before: Apr 13 09:08:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=75655fc00a4d6cff4ccd8124bbb2fdbfee1497c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1b:fa:0a:e7:f3:00:d6:41:43:35:24:37:b1:
                    eb:5f:bb:99:76:78:d8:1e:02:50:a7:ab:a2:bf:e1:
                    d3:b6:dd:7c:e4:53:2a:3e:02:a2:6c:92:6f:df:7c:
                    5d:e1:99:10:f4:c1:da:29:5a:fa:b4:f1:a1:62:98:
                    82:a7:1c:78:f5:04:6b:ec:4f:83:e1:fd:14:2d:81:
                    5d:cf:39:09:3f:e8:c1:88:6c:0a:c3:6c:7e:f1:90:
                    b4:52:8d:d7:24:23:f7:2c:3c:dd:bb:9b:1e:ac:1b:
                    2b:88:03:d9:fc:59:eb:a9:0f:63:14:f5:da:92:0a:
                    13:fa:c5:75:5f:ec:28:c2:d9:d7:8d:14:9e:52:71:
                    f9:93:5b:93:a0:72:78:41:c7:dc:eb:a4:cb:ee:e4:
                    ce:9e:0d:87:75:c9:22:ab:b7:23:4a:d3:b7:3e:fa:
                    a8:ed:5b:d4:61:93:98:e2:2d:28:3b:9a:44:ca:14:
                    46:c7:0b:ff:f0:e1:bb:5c:f9:75:d5:fe:f3:c6:75:
                    0e:04:3f:92:6a:70:e5:9a:d5:8b:59:78:0a:1a:66:
                    2e:78:b7:e2:1d:ac:f6:d3:24:52:03:ca:74:9b:bb:
                    06:e3:2d:8f:39:ec:f4:a3:fe:0f:d6:d8:35:c7:69:
                    b3:1b:c7:03:b6:fb:5e:ed:f8:ba:25:e9:aa:ca:e6:
                    2f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:65:5F:C0:0A:4D:6C:FF:4C:CD:81:24:BB:B2:FD:BF:EE:14:97:C7
            X509v3 Authority Key Identifier:
                keyid:DD:EA:D9:19:B8:5A:13:05:1D:02:08:B7:E2:8D:DC:CB:39:8B:14:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/dWVfwApNbP9MzYEku7L9v-4Ul8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/3erZGbhaEwUdAgi34o3cyzmLFNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.224.0/21
                  45.137.144.0/22
                  77.74.208.0/21
                  95.128.144.0/21
                  185.40.224.0/22
                  185.135.124.0/22
                  185.185.116.0/22
                  185.232.224.0/22
                  193.28.233.0/24
                  194.150.92.0/22
                IPv6:
                  2a00:7200::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:bf:8b:7f:39:2b:e8:84:5c:3b:82:3e:f9:7a:be:95:4f:56:
         1b:82:27:8b:f5:4f:0e:d9:93:60:e9:c9:55:bb:83:c5:64:ac:
         33:b7:46:21:3e:97:fd:db:d1:87:38:55:4d:d0:64:97:ad:ba:
         7f:0a:9c:43:aa:49:2e:00:31:c2:83:04:5f:47:b4:e8:94:29:
         c6:c5:6c:f1:61:be:b2:43:08:c9:11:f3:04:17:ab:82:18:c3:
         f5:fe:03:c8:33:38:65:e1:3f:48:df:34:9d:0f:3c:44:18:1f:
         e1:8d:d8:a2:3f:19:dd:dc:87:9b:87:78:d9:a4:3d:f5:c2:36:
         f5:58:6b:ff:1a:b1:45:6b:f1:2c:73:73:1e:5f:f6:47:68:0f:
         3b:53:4a:7b:e3:c8:63:13:e2:0e:fc:f3:cd:0c:5b:b8:f8:ce:
         9d:cf:d7:bd:21:d2:46:71:f2:1e:41:97:78:2f:bc:f4:30:28:
         6d:77:5b:31:ee:18:56:5d:8b:6d:97:ac:e5:17:1a:ec:85:65:
         17:67:87:e7:36:b5:2c:bd:95:f2:73:2d:51:77:0b:17:f1:55:
         df:d4:29:50:a6:40:db:57:89:74:67:6d:4a:38:08:8b:42:73:
         e0:eb:65:c1:be:d1:6a:76:39:7f:f0:2c:a2:4b:57:60:33:a9:
         b0:8e:3a:a0
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYd538c0IuTdlWmaw+WtGd6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZWFkOTE5Yjg1YTEzMDUxZDAyMDhiN2UyOGRkY2NiMzk4
YjE0ZDYwHhcNMjMwNDEzMDkwODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTY1NWZjMDBhNGQ2Y2ZmNGNjZDgxMjRiYmIyZmRiZmVlMTQ5N2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRv6CufzANZBQzUkN7HrX7uZdnjY
HgJQp6uiv+HTtt185FMqPgKibJJv33xd4ZkQ9MHaKVr6tPGhYpiCpxx49QRr7E+D
4f0ULYFdzzkJP+jBiGwKw2x+8ZC0Uo3XJCP3LDzdu5serBsriAPZ/FnrqQ9jFPXa
kgoT+sV1X+wowtnXjRSeUnH5k1uToHJ4Qcfc66TL7uTOng2Hdckiq7cjStO3Pvqo
7VvUYZOY4i0oO5pEyhRGxwv/8OG7XPl11f7zxnUOBD+SanDlmtWLWXgKGmYueLfi
Haz20yRSA8p0m7sG4y2POez0o/4P1tg1x2mzG8cDtvte7fi6JemqyuYvMwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFHVlX8AKTWz/TM2BJLuy/b/uFJfHMB8GA1UdIwQY
MBaAFN3q2Rm4WhMFHQIIt+KN3Ms5ixTWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2VyWkdiaGFFd1VkQWdpMzRvM2N5em1MRk5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84ZWZmZTQtZWRiYi00ZGQ0LTg1ZDQt
NDhiOGI1YTliNDExLzEvZFdWZndBcE5iUDlNellFa3U3TDl2LTRVbDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84ZWZmZTQtZWRiYi00ZGQ0LTg1ZDQtNDhiOGI1YTliNDEx
LzEvM2VyWkdiaGFFd1VkQWdpMzRvM2N5em1MRk5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDJZ3gAwQC
LYmQAwQDTUrQAwQDX4CQAwQCuSjgAwQCuYd8AwQCubl0AwQCuejgAwQAwRzpAwQC
wpZcMA0EAgACMAcDBQAqAHIAMA0GCSqGSIb3DQEBCwUAA4IBAQCQv4t/OSvohFw7
gj75er6VT1YbgieL9U8O2ZNg6clVu4PFZKwzt0YhPpf929GHOFVN0GSXrbp/CpxD
qkkuADHCgwRfR7TolCnGxWzxYb6yQwjJEfMEF6uCGMP1/gPIMzhl4T9I3zSdDzxE
GB/hjdiiPxnd3Iebh3jZpD31wjb1WGv/GrFFa/Esc3MeX/ZHaA87U0p748hjE+IO
/PPNDFu4+M6dz9e9IdJGcfIeQZd4L7z0MChtd1sx7hhWXYttl6zlFxrshWUXZ4fn
NrUsvZXycy1RdwsX8VXf1ClQpkDbV4l0Z21KOAiLQnPg62XBvtFqdjl/8CyiS1dg
M6mwjjqg