Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/YyewI_C2YCF5Byd7Fu1q75KIjpE.roa
File:                     YyewI_C2YCF5Byd7Fu1q75KIjpE.roa (raw, json)
Hash identifier:          d/vu+QJwiamKVxe/yQrKWhzP1xtwIF1q5DCa5B1rC1M=
Subject key identifier:   63:27:B0:23:F0:B6:60:21:79:07:27:7B:16:ED:6A:EF:92:88:8E:91
Certificate issuer:       /CN=d9f866fb0aa83a271a0cb7dc9030188c89d23e5d
Certificate serial:       0185ED43AD9B328AD7117EBBBCA49068B481
Authority key identifier: D9:F8:66:FB:0A:A8:3A:27:1A:0C:B7:DC:90:30:18:8C:89:D2:3E:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fhm-wqoOicaDLfckDAYjInSPl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/YyewI_C2YCF5Byd7Fu1q75KIjpE.roa
Signing time:             Thu 26 Jan 2023 08:48:33 +0000
ROA not before:           Thu 26 Jan 2023 08:48:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206451
IP address blocks:        176.97.232.0/22 maxlen: 22
                          176.97.232.0/21 maxlen: 21
                          176.97.236.0/22 maxlen: 22
                          212.85.232.0/22 maxlen: 22
                          212.85.232.0/23 maxlen: 23
                          212.85.234.0/23 maxlen: 23
                          89.33.180.0/22 maxlen: 22
                          185.155.4.0/22 maxlen: 24
                          89.39.160.0/24 maxlen: 24
                          89.36.168.0/24 maxlen: 24
                          89.36.175.0/24 maxlen: 24
                          31.14.24.0/24 maxlen: 24
                          2a0d:bf01::/32 maxlen: 32
                          2a0d:bf00::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:ed:43:ad:9b:32:8a:d7:11:7e:bb:bc:a4:90:68:b4:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9f866fb0aa83a271a0cb7dc9030188c89d23e5d
        Validity
            Not Before: Jan 26 08:48:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6327b023f0b660217907277b16ed6aef92888e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:92:e7:d4:98:50:51:47:13:02:01:53:15:43:
                    f4:07:30:b5:cb:19:9a:50:07:66:b0:54:a6:0c:54:
                    f1:09:4f:8d:3d:6f:c4:59:d9:08:be:df:37:4e:41:
                    8f:4a:ae:24:e8:3f:d6:c4:11:66:15:ff:8c:ce:b1:
                    c5:77:9d:15:d0:33:4d:0f:ac:0f:61:89:9b:a8:98:
                    08:d1:bc:6b:7f:1e:a0:d4:8e:94:68:99:40:cf:b0:
                    db:f5:92:9e:c9:ee:85:4b:50:f1:9c:4b:17:9e:1d:
                    61:08:2a:c0:8a:3a:aa:c6:5e:f8:25:f7:da:4b:87:
                    5d:84:fc:5d:79:32:62:4a:05:eb:7f:bf:89:a7:9a:
                    78:52:c3:73:5c:90:f5:10:7d:f0:2e:08:b6:45:3f:
                    39:03:42:22:c0:f0:0d:fe:84:68:28:c7:01:90:7c:
                    17:90:f7:e3:fb:97:49:57:d6:6e:75:a5:ae:e9:e3:
                    54:44:cf:d0:f7:11:ff:fa:fe:4f:e3:7f:99:8b:8a:
                    f4:6d:48:25:c7:5b:36:a4:c3:24:c6:aa:94:9e:6a:
                    1a:09:35:d3:7a:99:3e:7d:83:cf:f4:91:3d:5a:fb:
                    93:c6:6e:90:f7:0d:5e:bd:f2:c1:70:a5:71:c2:36:
                    74:f5:77:72:5f:51:cc:d8:99:f7:09:30:81:d9:eb:
                    4b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:27:B0:23:F0:B6:60:21:79:07:27:7B:16:ED:6A:EF:92:88:8E:91
            X509v3 Authority Key Identifier:
                keyid:D9:F8:66:FB:0A:A8:3A:27:1A:0C:B7:DC:90:30:18:8C:89:D2:3E:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fhm-wqoOicaDLfckDAYjInSPl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/YyewI_C2YCF5Byd7Fu1q75KIjpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/2fhm-wqoOicaDLfckDAYjInSPl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.24.0/24
                  89.33.180.0/22
                  89.36.168.0/24
                  89.36.175.0/24
                  89.39.160.0/24
                  176.97.232.0/21
                  185.155.4.0/22
                  212.85.232.0/22
                IPv6:
                  2a0d:bf00::/31

    Signature Algorithm: sha256WithRSAEncryption
         87:c2:f1:7f:dd:c1:b3:04:4d:94:03:6a:f9:31:eb:cc:ac:29:
         4d:86:4b:91:98:b7:b5:89:01:7a:8a:df:78:11:36:69:24:c5:
         18:eb:0c:33:e0:2c:68:56:c9:71:9e:c4:5f:6f:23:ae:90:59:
         9d:9e:87:29:b4:ea:30:55:b7:7b:a2:33:61:3e:3d:59:46:0f:
         59:99:fc:76:c5:03:ab:b1:a8:ca:11:77:34:50:57:4b:49:87:
         ab:5a:40:1b:82:93:1d:da:f1:c8:22:87:f0:7a:65:60:cc:cf:
         a0:f6:cf:6e:af:ec:c8:ec:88:18:cb:de:0b:8a:e4:f6:70:0a:
         4f:a4:a7:2c:f6:ae:93:a4:15:7c:90:6d:45:52:7a:0f:5f:a2:
         b3:8a:19:f6:54:d5:bd:80:35:a1:f7:13:d7:0e:25:b3:0f:d0:
         7c:e5:08:45:6f:e1:32:7c:51:0d:ce:b4:e2:15:0c:9a:c2:4f:
         48:c7:bd:4f:f4:a2:67:ee:d7:36:a3:1c:52:7d:8d:be:2f:b4:
         eb:20:59:46:18:e6:bc:36:d8:7f:1a:53:09:6d:97:6b:07:7a:
         d7:f7:ad:2d:40:f7:3a:0b:d8:bf:22:3c:5e:d4:33:83:41:98:
         19:82:57:7a:44:54:f2:ef:a7:8f:4f:89:a1:71:29:50:be:38:
         fa:86:f3:db
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYXtQ62bMorXEX67vKSQaLSBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5Zjg2NmZiMGFhODNhMjcxYTBjYjdkYzkwMzAxODhjODlk
MjNlNWQwHhcNMjMwMTI2MDg0ODMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzI3YjAyM2YwYjY2MDIxNzkwNzI3N2IxNmVkNmFlZjkyODg4ZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJLn1JhQUUcTAgFTFUP0BzC1yxma
UAdmsFSmDFTxCU+NPW/EWdkIvt83TkGPSq4k6D/WxBFmFf+MzrHFd50V0DNND6wP
YYmbqJgI0bxrfx6g1I6UaJlAz7Db9ZKeye6FS1DxnEsXnh1hCCrAijqqxl74Jffa
S4ddhPxdeTJiSgXrf7+Jp5p4UsNzXJD1EH3wLgi2RT85A0IiwPAN/oRoKMcBkHwX
kPfj+5dJV9ZudaWu6eNURM/Q9xH/+v5P43+Zi4r0bUglx1s2pMMkxqqUnmoaCTXT
epk+fYPP9JE9WvuTxm6Q9w1evfLBcKVxwjZ09XdyX1HM2Jn3CTCB2etLMQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFGMnsCPwtmAheQcnexbtau+SiI6RMB8GA1UdIwQY
MBaAFNn4ZvsKqDonGgy33JAwGIyJ0j5dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZobS13cW9PaWNhRExmY2tEQVlqSW5TUGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81MjczYTQtMTBjOC00MGJmLWIyNGYt
NWMxZDVhNjk5MmQ4LzEvWXlld0lfQzJZQ0Y1QnlkN0Z1MXE3NUtJanBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81MjczYTQtMTBjOC00MGJmLWIyNGYtNWMxZDVhNjk5MmQ4
LzEvMmZobS13cW9PaWNhRExmY2tEQVlqSW5TUGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQAHw4YAwQC
WSG0AwQAWSSoAwQAWSSvAwQAWSegAwQDsGHoAwQCuZsEAwQC1FXoMA0EAgACMAcD
BQEqDb8AMA0GCSqGSIb3DQEBCwUAA4IBAQCHwvF/3cGzBE2UA2r5MevMrClNhkuR
mLe1iQF6it94ETZpJMUY6wwz4CxoVslxnsRfbyOukFmdnocptOowVbd7ojNhPj1Z
Rg9Zmfx2xQOrsajKEXc0UFdLSYerWkAbgpMd2vHIIofwemVgzM+g9s9ur+zI7IgY
y94LiuT2cApPpKcs9q6TpBV8kG1FUnoPX6Kzihn2VNW9gDWh9xPXDiWzD9B85QhF
b+EyfFENzrTiFQyawk9Ix71P9KJn7tc2oxxSfY2+L7TrIFlGGOa8Nth/GlMJbZdr
B3rX960tQPc6C9i/Ijxe1DODQZgZgld6RFTy76ePT4mhcSlQvjj6hvPb
-----END CERTIFICATE-----