Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/ac1253-0459-46cf-b1b9-9ac1a7e4c406/1/NXeB_syUmW5WnlsYI4-RfTvoBEs.roa
File:                     NXeB_syUmW5WnlsYI4-RfTvoBEs.roa (raw, json)
Hash identifier:          FeHNVgHee84UZur/ZiuEaID4prd+fKWsZ8pq7XP+i1A=
Subject key identifier:   35:77:81:FE:CC:94:99:6E:56:9E:5B:18:23:8F:91:7D:3B:E8:04:4B
Certificate issuer:       /CN=5e29c02d261f913ea5bf83c2bc7c33414a42bcca
Certificate serial:       018572A7DD91CDDA6F8EBCC21B730EEA8201
Authority key identifier: 5E:29:C0:2D:26:1F:91:3E:A5:BF:83:C2:BC:7C:33:41:4A:42:BC:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XinALSYfkT6lv4PCvHwzQUpCvMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/ac1253-0459-46cf-b1b9-9ac1a7e4c406/1/NXeB_syUmW5WnlsYI4-RfTvoBEs.roa
Signing time:             Mon 02 Jan 2023 13:24:41 +0000
ROA not before:           Mon 02 Jan 2023 13:24:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56571
IP address blocks:        176.10.79.0/24 maxlen: 24
                          185.191.41.0/24 maxlen: 24
                          185.191.40.0/24 maxlen: 24
                          185.191.40.0/22 maxlen: 22
                          185.191.42.0/24 maxlen: 24
                          185.191.43.0/24 maxlen: 24
                          176.10.64.0/20 maxlen: 20
                          176.10.64.0/24 maxlen: 24
                          176.10.69.0/24 maxlen: 24
                          176.10.70.0/24 maxlen: 24
                          176.10.67.0/24 maxlen: 24
                          176.10.68.0/24 maxlen: 24
                          176.10.65.0/24 maxlen: 24
                          176.10.66.0/24 maxlen: 24
                          176.10.71.0/24 maxlen: 24
                          176.10.76.0/24 maxlen: 24
                          176.10.77.0/24 maxlen: 24
                          176.10.74.0/24 maxlen: 24
                          176.10.75.0/24 maxlen: 24
                          176.10.72.0/24 maxlen: 24
                          176.10.73.0/24 maxlen: 24
                          176.10.78.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:a7:dd:91:cd:da:6f:8e:bc:c2:1b:73:0e:ea:82:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e29c02d261f913ea5bf83c2bc7c33414a42bcca
        Validity
            Not Before: Jan  2 13:24:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=357781fecc94996e569e5b18238f917d3be8044b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:39:62:5b:0a:c3:08:9a:8e:13:1a:2b:db:2b:
                    2c:ed:5f:86:72:00:4e:2b:98:43:76:b7:0b:d9:ba:
                    80:82:94:fb:35:64:05:94:08:89:f7:78:11:5b:05:
                    e4:52:6b:30:fa:62:2a:2c:ba:9a:18:9b:f2:66:07:
                    7d:fe:3f:43:58:4b:87:b0:44:59:3e:a2:63:41:fe:
                    64:2a:c5:14:ef:79:92:50:13:ac:3c:25:6f:b6:f2:
                    fd:15:4c:81:22:79:e4:22:e6:cd:6a:dc:8a:17:aa:
                    f6:26:27:c6:bd:fc:66:40:eb:ab:d3:c5:03:40:20:
                    0f:c3:05:1f:45:c6:33:6a:60:9b:a6:f1:5e:00:cb:
                    e8:5e:e7:80:99:90:c3:d9:7b:d5:43:05:73:8e:82:
                    35:e7:f5:dc:2c:2d:64:26:03:04:3a:ae:71:d7:1c:
                    ad:29:e8:76:1a:4e:64:13:1d:14:8d:29:5d:a3:38:
                    f6:7a:4f:05:6c:10:9d:e3:cb:8e:f2:8b:61:02:59:
                    57:be:bd:36:82:b1:63:de:fc:f5:5e:f5:0e:e9:cc:
                    d4:40:ae:d1:37:49:71:9f:c5:7d:35:1f:e2:e4:83:
                    15:8d:b3:c6:73:51:54:ed:a2:80:34:39:aa:2a:09:
                    b9:7f:55:ee:6e:db:bb:23:f6:0b:68:92:fc:04:55:
                    5b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:77:81:FE:CC:94:99:6E:56:9E:5B:18:23:8F:91:7D:3B:E8:04:4B
            X509v3 Authority Key Identifier:
                keyid:5E:29:C0:2D:26:1F:91:3E:A5:BF:83:C2:BC:7C:33:41:4A:42:BC:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XinALSYfkT6lv4PCvHwzQUpCvMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/ac1253-0459-46cf-b1b9-9ac1a7e4c406/1/NXeB_syUmW5WnlsYI4-RfTvoBEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/ac1253-0459-46cf-b1b9-9ac1a7e4c406/1/XinALSYfkT6lv4PCvHwzQUpCvMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.10.64.0/20
                  185.191.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:bc:e5:a5:3d:3b:f7:83:6f:f3:be:55:f5:fc:1e:6e:fe:0c:
         38:3c:eb:be:21:4c:53:7d:5a:ff:29:7f:8f:b3:20:b4:4e:92:
         e2:b4:27:e4:24:ac:25:24:54:2f:1b:16:50:42:07:b3:e0:0c:
         46:93:a8:fa:40:01:a2:0e:c4:0e:6a:46:65:10:d8:66:b7:33:
         12:c1:b4:05:4b:3a:79:f5:a8:b0:a8:1e:23:a0:af:10:21:5d:
         99:7f:16:94:3e:b9:83:ea:f2:06:5a:3d:dd:65:44:f7:00:e4:
         36:a8:9a:12:6b:de:95:78:f1:e6:76:74:e9:6e:16:a6:32:b4:
         d2:0e:0f:ea:cc:ff:9a:44:2f:13:0d:9c:1f:75:6f:47:b8:53:
         0c:51:ea:61:8f:47:96:b0:58:e4:0a:81:89:9f:4c:48:5f:ee:
         15:43:3b:b1:3a:13:ea:23:d2:33:49:9c:12:3a:f4:ce:51:57:
         34:4b:85:02:0d:a2:8b:d2:4d:b2:61:7c:f8:63:70:0c:fe:78:
         99:5b:c2:a1:42:16:9c:23:fc:5c:5b:60:e8:f4:41:6a:dc:ff:
         71:3f:4f:09:e0:aa:7d:fa:6f:5b:c4:17:1c:bf:cc:5c:58:ad:
         0e:69:a0:2b:4c:f0:58:51:7e:5a:58:84:a0:2f:81:a5:44:8c:
         cb:d2:a2:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVyp92RzdpvjrzCG3MO6oIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjljMDJkMjYxZjkxM2VhNWJmODNjMmJjN2MzMzQxNGE0
MmJjY2EwHhcNMjMwMTAyMTMyNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTc3ODFmZWNjOTQ5OTZlNTY5ZTViMTgyMzhmOTE3ZDNiZTgwNDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDliWwrDCJqOExor2yss7V+GcgBO
K5hDdrcL2bqAgpT7NWQFlAiJ93gRWwXkUmsw+mIqLLqaGJvyZgd9/j9DWEuHsERZ
PqJjQf5kKsUU73mSUBOsPCVvtvL9FUyBInnkIubNatyKF6r2JifGvfxmQOur08UD
QCAPwwUfRcYzamCbpvFeAMvoXueAmZDD2XvVQwVzjoI15/XcLC1kJgMEOq5x1xyt
Keh2Gk5kEx0UjSldozj2ek8FbBCd48uO8othAllXvr02grFj3vz1XvUO6czUQK7R
N0lxn8V9NR/i5IMVjbPGc1FU7aKANDmqKgm5f1Xubtu7I/YLaJL8BFVbgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDV3gf7MlJluVp5bGCOPkX076ARLMB8GA1UdIwQY
MBaAFF4pwC0mH5E+pb+Dwrx8M0FKQrzKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGluQUxTWWZrVDZsdjRQQ3ZId3pRVXBDdk1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9hYzEyNTMtMDQ1OS00NmNmLWIxYjkt
OWFjMWE3ZTRjNDA2LzEvTlhlQl9zeVVtVzVXbmxzWUk0LVJmVHZvQkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9hYzEyNTMtMDQ1OS00NmNmLWIxYjktOWFjMWE3ZTRjNDA2
LzEvWGluQUxTWWZrVDZsdjRQQ3ZId3pRVXBDdk1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEsApAAwQC
ub8oMA0GCSqGSIb3DQEBCwUAA4IBAQAZvOWlPTv3g2/zvlX1/B5u/gw4POu+IUxT
fVr/KX+PsyC0TpLitCfkJKwlJFQvGxZQQgez4AxGk6j6QAGiDsQOakZlENhmtzMS
wbQFSzp59aiwqB4joK8QIV2ZfxaUPrmD6vIGWj3dZUT3AOQ2qJoSa96VePHmdnTp
bhamMrTSDg/qzP+aRC8TDZwfdW9HuFMMUephj0eWsFjkCoGJn0xIX+4VQzuxOhPq
I9IzSZwSOvTOUVc0S4UCDaKL0k2yYXz4Y3AM/niZW8KhQhacI/xcW2Do9EFq3P9x
P08J4Kp9+m9bxBccv8xcWK0OaaArTPBYUX5aWISgL4GlRIzL0qKq
-----END CERTIFICATE-----