Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/f5ihr9cbFQVykMRXS9uUo-1Pxt0.roa
File:                     f5ihr9cbFQVykMRXS9uUo-1Pxt0.roa (raw, json)
Hash identifier:          zTtYLwCuoZBsvqR3dc1i8ZiShW/lY4tuMFXQHFNxov8=
Subject key identifier:   7F:98:A1:AF:D7:1B:15:05:72:90:C4:57:4B:DB:94:A3:ED:4F:C6:DD
Certificate issuer:       /CN=d9f866fb0aa83a271a0cb7dc9030188c89d23e5d
Certificate serial:       018570672695017E49D19FD04D7253E9C649
Authority key identifier: D9:F8:66:FB:0A:A8:3A:27:1A:0C:B7:DC:90:30:18:8C:89:D2:3E:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fhm-wqoOicaDLfckDAYjInSPl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/f5ihr9cbFQVykMRXS9uUo-1Pxt0.roa
Signing time:             Mon 02 Jan 2023 02:54:46 +0000
ROA not before:           Mon 02 Jan 2023 02:54:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206451
IP address blocks:        176.97.232.0/22 maxlen: 22
                          176.97.232.0/21 maxlen: 21
                          176.97.236.0/22 maxlen: 22
                          212.85.232.0/22 maxlen: 22
                          212.85.232.0/23 maxlen: 23
                          212.85.234.0/23 maxlen: 23
                          89.33.180.0/22 maxlen: 22
                          89.36.168.0/24 maxlen: 24
                          89.39.160.0/24 maxlen: 24
                          185.155.4.0/22 maxlen: 24
                          89.36.175.0/24 maxlen: 24
                          31.14.24.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:67:26:95:01:7e:49:d1:9f:d0:4d:72:53:e9:c6:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9f866fb0aa83a271a0cb7dc9030188c89d23e5d
        Validity
            Not Before: Jan  2 02:54:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7f98a1afd71b15057290c4574bdb94a3ed4fc6dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:21:75:8d:0a:7d:bc:88:f6:f4:f1:5c:f5:60:
                    e9:2d:e6:c7:99:7d:27:2b:9f:e2:b5:99:e2:d2:61:
                    b6:61:d4:8e:98:de:78:14:51:11:69:42:07:3a:3c:
                    fc:6a:5d:97:ba:68:1c:87:c9:ae:e7:1b:4d:27:08:
                    74:29:fa:8e:f8:76:56:c3:7e:71:ac:e1:34:0a:1c:
                    dd:41:d3:15:8e:9a:b3:49:b0:ad:2e:b0:01:5d:05:
                    77:6b:10:f1:b8:d3:35:c5:70:19:9c:ae:79:5f:e5:
                    12:ac:f8:8d:6b:a2:8f:8c:2e:e3:bc:9d:cf:3c:e8:
                    56:78:b1:60:75:de:f9:6d:72:58:1a:76:70:48:9f:
                    bf:83:c5:50:5d:da:90:e8:87:2f:28:7e:ee:7a:a5:
                    d2:23:0c:34:ae:c9:ae:19:a8:0f:49:18:9d:2f:ae:
                    d6:30:57:48:5d:9b:2e:38:0c:c0:77:cd:d8:ad:3a:
                    d9:95:37:e0:c0:98:5b:ae:6d:15:d2:e5:23:4d:bf:
                    ad:3e:46:aa:38:29:b6:fe:41:06:61:12:65:d5:37:
                    72:e3:e3:39:8e:80:80:d1:e6:58:35:f2:a2:d7:aa:
                    0c:8e:06:af:60:b7:90:e7:95:8f:87:bc:6c:e1:26:
                    05:11:27:50:fb:b6:44:d8:d9:f6:e0:d0:d5:95:6e:
                    63:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:98:A1:AF:D7:1B:15:05:72:90:C4:57:4B:DB:94:A3:ED:4F:C6:DD
            X509v3 Authority Key Identifier:
                keyid:D9:F8:66:FB:0A:A8:3A:27:1A:0C:B7:DC:90:30:18:8C:89:D2:3E:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fhm-wqoOicaDLfckDAYjInSPl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/f5ihr9cbFQVykMRXS9uUo-1Pxt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/2fhm-wqoOicaDLfckDAYjInSPl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.24.0/24
                  89.33.180.0/22
                  89.36.168.0/24
                  89.36.175.0/24
                  89.39.160.0/24
                  176.97.232.0/21
                  185.155.4.0/22
                  212.85.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:7d:44:af:7d:0e:88:78:db:09:86:7f:c1:2a:f2:12:9e:e7:
         10:8e:61:1c:4e:e2:5c:29:57:09:c0:71:72:ea:82:50:dd:1a:
         92:6e:8c:67:12:b8:b8:3d:d9:29:96:10:81:8a:30:e7:41:77:
         49:b4:df:69:c0:2c:66:f2:0b:03:b8:81:f0:7e:e4:30:fd:7a:
         d8:3d:dd:10:26:f3:84:44:22:ba:6c:3e:70:f0:bb:c7:94:f3:
         a5:a3:11:ee:cc:f8:e6:1c:5e:c6:e1:cb:83:bc:12:3c:df:6f:
         5a:10:37:9b:50:78:3c:37:f7:18:9f:01:cf:54:35:16:9c:3c:
         25:eb:a0:13:da:62:da:6e:26:17:21:3f:81:ac:ea:ce:53:71:
         af:2e:39:0b:62:04:7e:26:76:23:de:61:de:8a:70:e7:28:cf:
         59:6b:a9:49:2a:2a:1e:fd:d3:a2:41:0d:da:ab:e6:ff:e5:f2:
         22:c7:33:29:0e:a8:f2:5d:48:f1:32:13:da:6c:a6:b8:97:fb:
         4d:52:57:9b:05:49:41:6e:c1:f8:2c:de:cf:dd:6e:0e:f9:79:
         76:9a:9a:08:74:e0:fa:a2:e1:df:8f:c9:8d:e6:04:62:1e:ee:
         b5:2e:da:7b:cb:83:19:af:7b:20:b3:2a:2e:97:19:7f:01:58:
         8a:75:90:4f
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVwZyaVAX5J0Z/QTXJT6cZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5Zjg2NmZiMGFhODNhMjcxYTBjYjdkYzkwMzAxODhjODlk
MjNlNWQwHhcNMjMwMTAyMDI1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjk4YTFhZmQ3MWIxNTA1NzI5MGM0NTc0YmRiOTRhM2VkNGZjNmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCF1jQp9vIj29PFc9WDpLebHmX0n
K5/itZni0mG2YdSOmN54FFERaUIHOjz8al2Xumgch8mu5xtNJwh0KfqO+HZWw35x
rOE0ChzdQdMVjpqzSbCtLrABXQV3axDxuNM1xXAZnK55X+USrPiNa6KPjC7jvJ3P
POhWeLFgdd75bXJYGnZwSJ+/g8VQXdqQ6IcvKH7ueqXSIww0rsmuGagPSRidL67W
MFdIXZsuOAzAd83YrTrZlTfgwJhbrm0V0uUjTb+tPkaqOCm2/kEGYRJl1Tdy4+M5
joCA0eZYNfKi16oMjgavYLeQ55WPh7xs4SYFESdQ+7ZE2Nn24NDVlW5jTQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFH+Yoa/XGxUFcpDEV0vblKPtT8bdMB8GA1UdIwQY
MBaAFNn4ZvsKqDonGgy33JAwGIyJ0j5dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZobS13cW9PaWNhRExmY2tEQVlqSW5TUGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81MjczYTQtMTBjOC00MGJmLWIyNGYt
NWMxZDVhNjk5MmQ4LzEvZjVpaHI5Y2JGUVZ5a01SWFM5dVVvLTFQeHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81MjczYTQtMTBjOC00MGJmLWIyNGYtNWMxZDVhNjk5MmQ4
LzEvMmZobS13cW9PaWNhRExmY2tEQVlqSW5TUGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAHw4YAwQC
WSG0AwQAWSSoAwQAWSSvAwQAWSegAwQDsGHoAwQCuZsEAwQC1FXoMA0GCSqGSIb3
DQEBCwUAA4IBAQB6fUSvfQ6IeNsJhn/BKvISnucQjmEcTuJcKVcJwHFy6oJQ3RqS
boxnEri4PdkplhCBijDnQXdJtN9pwCxm8gsDuIHwfuQw/XrYPd0QJvOERCK6bD5w
8LvHlPOloxHuzPjmHF7G4cuDvBI8329aEDebUHg8N/cYnwHPVDUWnDwl66AT2mLa
biYXIT+BrOrOU3GvLjkLYgR+JnYj3mHeinDnKM9Za6lJKioe/dOiQQ3aq+b/5fIi
xzMpDqjyXUjxMhPabKa4l/tNUlebBUlBbsH4LN7P3W4O+Xl2mpoIdOD6ouHfj8mN
5gRiHu61Ltp7y4MZr3sgsyoulxl/AViKdZBP
-----END CERTIFICATE-----