Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/W3blEmz-LVtd8Aq9RUKJWNJkksg.roa
File:                     W3blEmz-LVtd8Aq9RUKJWNJkksg.roa (raw, json)
Hash identifier:          jIEb6HdM1kuv4hXJ7z5cyyWAwO3m0Nt/iwHI9JhNP0Q=
Subject key identifier:   5B:76:E5:12:6C:FE:2D:5B:5D:F0:0A:BD:45:42:89:58:D2:64:92:C8
Certificate issuer:       /CN=e9e4dc968ed52935a04dee3b229c21ca9bfdbd7e
Certificate serial:       018601B50D4B35DCC8B1E3640084249CB458
Authority key identifier: E9:E4:DC:96:8E:D5:29:35:A0:4D:EE:3B:22:9C:21:CA:9B:FD:BD:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6eTclo7VKTWgTe47Ipwhypv9vX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/W3blEmz-LVtd8Aq9RUKJWNJkksg.roa
Signing time:             Mon 30 Jan 2023 08:04:48 +0000
ROA not before:           Mon 30 Jan 2023 08:04:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51248
IP address blocks:        158.255.39.0/24 maxlen: 24
                          5.43.224.0/21 maxlen: 24
                          185.8.56.0/22 maxlen: 24
                          93.183.100.0/22 maxlen: 24
                          93.183.120.0/22 maxlen: 24
                          176.74.216.0/21 maxlen: 24
                          91.241.168.0/21 maxlen: 24
                          158.255.32.0/21 maxlen: 24
                          188.124.56.0/21 maxlen: 24
                          193.161.84.0/22 maxlen: 24
                          2a03:1840:3::/48 maxlen: 64
                          2a03:1840:1::/48 maxlen: 64
                          2a03:1840:2::/48 maxlen: 64
                          2a03:1840::/48 maxlen: 64

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:01:b5:0d:4b:35:dc:c8:b1:e3:64:00:84:24:9c:b4:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9e4dc968ed52935a04dee3b229c21ca9bfdbd7e
        Validity
            Not Before: Jan 30 08:04:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5b76e5126cfe2d5b5df00abd45428958d26492c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f0:be:a1:51:43:0f:a6:16:e6:b5:19:e7:fb:
                    a2:94:a2:26:b2:3e:c3:dd:30:43:94:d0:25:ed:9a:
                    02:91:e9:df:b9:36:db:91:63:10:b0:00:98:43:13:
                    07:9b:c5:eb:cc:7b:cd:94:7f:f6:45:5e:4e:a3:2c:
                    80:1a:99:84:db:eb:13:c1:8c:92:19:51:e7:e3:7f:
                    6a:c6:4f:8c:0b:95:ae:aa:a5:39:9f:f0:c8:73:04:
                    89:56:95:f7:46:b7:d7:e8:96:c8:b6:02:36:3a:6e:
                    c5:70:9d:b3:85:a4:9d:d4:8a:2f:b1:b6:c7:30:fa:
                    09:0f:b5:53:69:64:ef:7d:ca:c8:7c:25:6e:c2:11:
                    db:4e:a7:84:ad:05:bb:b3:d8:0a:48:2d:32:d6:1b:
                    31:c6:8c:33:f2:20:16:51:0a:d0:6b:68:7e:3f:cf:
                    9f:c5:ed:43:a8:5e:f4:23:02:ba:ae:03:53:c6:12:
                    52:a6:9c:b0:ac:2e:d0:18:db:03:e0:ab:f6:31:ca:
                    3f:c3:79:e3:13:31:05:31:9a:8c:87:6f:68:bf:21:
                    e0:1d:f7:39:20:68:ba:41:eb:af:a7:e2:5c:cc:8c:
                    41:27:4a:8d:c8:ef:de:7c:81:3c:ad:04:32:01:b6:
                    0a:76:b7:3c:cd:b8:ca:3e:56:46:e2:1a:59:c4:88:
                    1e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:76:E5:12:6C:FE:2D:5B:5D:F0:0A:BD:45:42:89:58:D2:64:92:C8
            X509v3 Authority Key Identifier:
                keyid:E9:E4:DC:96:8E:D5:29:35:A0:4D:EE:3B:22:9C:21:CA:9B:FD:BD:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6eTclo7VKTWgTe47Ipwhypv9vX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/W3blEmz-LVtd8Aq9RUKJWNJkksg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/6eTclo7VKTWgTe47Ipwhypv9vX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.43.224.0/21
                  91.241.168.0/21
                  93.183.100.0/22
                  93.183.120.0/22
                  158.255.32.0/21
                  176.74.216.0/21
                  185.8.56.0/22
                  188.124.56.0/21
                  193.161.84.0/22
                IPv6:
                  2a03:1840::/46

    Signature Algorithm: sha256WithRSAEncryption
         8e:7a:11:15:1b:45:a7:01:b8:29:c5:b9:6b:95:73:68:b6:b7:
         48:03:3d:9f:a3:0f:5a:fe:bf:11:76:8d:1d:89:90:1b:d6:8e:
         fd:13:be:3a:bc:43:65:f3:a6:04:9e:20:1e:97:1e:6a:e9:69:
         9d:7a:6b:74:23:08:17:54:3b:50:3b:64:8f:5a:98:5f:b3:d1:
         c3:07:6d:5c:9f:15:d3:1a:53:c3:9f:dc:9b:b3:29:d2:4c:84:
         5b:60:c5:10:d4:74:ba:42:ea:44:61:cd:d5:7c:eb:ff:c3:13:
         6f:5e:b4:78:5a:b1:4c:83:09:1f:5d:50:c1:af:36:78:d8:d4:
         8b:1b:84:66:ef:09:90:18:68:eb:10:be:d6:79:4b:25:db:a1:
         56:fc:fb:56:dd:78:bf:8e:92:00:f7:84:38:ae:4e:cf:8c:a1:
         0b:3d:a8:2f:b3:f6:8e:15:52:f0:5f:de:ed:93:9d:8b:fb:db:
         bf:ac:b0:06:d4:78:f4:d5:3b:ad:06:36:33:1e:58:84:2f:45:
         07:c8:ba:35:0d:10:8a:25:ac:4b:bb:06:85:31:c4:0e:aa:1a:
         a5:17:55:c3:9d:b6:19:5a:e6:1a:b0:c3:4c:cb:b9:ff:0a:11:
         66:f3:92:79:63:be:bb:80:60:5f:96:83:c7:82:72:f0:ba:b7:
         4e:c0:78:17
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYYBtQ1LNdzIseNkAIQknLRYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZTRkYzk2OGVkNTI5MzVhMDRkZWUzYjIyOWMyMWNhOWJm
ZGJkN2UwHhcNMjMwMTMwMDgwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjc2ZTUxMjZjZmUyZDViNWRmMDBhYmQ0NTQyODk1OGQyNjQ5MmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvC+oVFDD6YW5rUZ5/uilKImsj7D
3TBDlNAl7ZoCkenfuTbbkWMQsACYQxMHm8XrzHvNlH/2RV5OoyyAGpmE2+sTwYyS
GVHn439qxk+MC5WuqqU5n/DIcwSJVpX3RrfX6JbItgI2Om7FcJ2zhaSd1IovsbbH
MPoJD7VTaWTvfcrIfCVuwhHbTqeErQW7s9gKSC0y1hsxxowz8iAWUQrQa2h+P8+f
xe1DqF70IwK6rgNTxhJSppywrC7QGNsD4Kv2Mco/w3njEzEFMZqMh29ovyHgHfc5
IGi6Qeuvp+JczIxBJ0qNyO/efIE8rQQyAbYKdrc8zbjKPlZG4hpZxIgeOQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFt25RJs/i1bXfAKvUVCiVjSZJLIMB8GA1UdIwQY
MBaAFOnk3JaO1Sk1oE3uOyKcIcqb/b1+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmVUY2xvN1ZLVFdnVGU0N0lwd2h5cHY5dlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8xYTEzNGYtMDMwYS00M2U3LWIwNDEt
NmM3ODU2ZWY3YjMxLzEvVzNibEVtei1MVnRkOEFxOVJVS0pXTkpra3NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8xYTEzNGYtMDMwYS00M2U3LWIwNDEtNmM3ODU2ZWY3YjMx
LzEvNmVUY2xvN1ZLVFdnVGU0N0lwd2h5cHY5dlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA8BAIAATA2AwQDBSvgAwQD
W/GoAwQCXbdkAwQCXbd4AwQDnv8gAwQDsErYAwQCuQg4AwQDvHw4AwQCwaFUMA8E
AgACMAkDBwIqAxhAAAAwDQYJKoZIhvcNAQELBQADggEBAI56ERUbRacBuCnFuWuV
c2i2t0gDPZ+jD1r+vxF2jR2JkBvWjv0Tvjq8Q2XzpgSeIB6XHmrpaZ16a3QjCBdU
O1A7ZI9amF+z0cMHbVyfFdMaU8Of3JuzKdJMhFtgxRDUdLpC6kRhzdV86//DE29e
tHhasUyDCR9dUMGvNnjY1IsbhGbvCZAYaOsQvtZ5SyXboVb8+1bdeL+OkgD3hDiu
Ts+MoQs9qC+z9o4VUvBf3u2TnYv727+ssAbUePTVO60GNjMeWIQvRQfIujUNEIol
rEu7BoUxxA6qGqUXVcOdthla5hqww0zLuf8KEWbzknljvruAYF+Wg8eCcvC6t07A
eBc=
-----END CERTIFICATE-----