Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/5WIYKfM66bnfBcFBzpaP3DNrodM.roa
File:                     5WIYKfM66bnfBcFBzpaP3DNrodM.roa (raw, json)
Hash identifier:          Z1n9OQ3tbVGMEs6s+MAIn1zUKwGl++iG2gZrng8vv74=
Subject key identifier:   E5:62:18:29:F3:3A:E9:B9:DF:05:C1:41:CE:96:8F:DC:33:6B:A1:D3
Certificate issuer:       /CN=1501c845f13dd4ad6e9dae470d5ff69c5cca3771
Certificate serial:       01856C53AB7AC925ADA2F30303D63775ED30
Authority key identifier: 15:01:C8:45:F1:3D:D4:AD:6E:9D:AE:47:0D:5F:F6:9C:5C:CA:37:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/5WIYKfM66bnfBcFBzpaP3DNrodM.roa
Signing time:             Sun 01 Jan 2023 07:55:00 +0000
ROA not before:           Sun 01 Jan 2023 07:55:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     33942
IP address blocks:        82.213.67.0/24 maxlen: 24
                          82.213.68.0/23 maxlen: 23
                          82.213.72.0/22 maxlen: 22
                          82.213.76.0/22 maxlen: 22
                          82.213.84.0/22 maxlen: 22
                          82.213.102.0/24 maxlen: 24
                          82.213.104.0/21 maxlen: 21
                          82.213.103.0/24 maxlen: 24
                          83.139.201.0/24 maxlen: 24
                          83.139.208.0/24 maxlen: 24
                          82.213.64.0/23 maxlen: 23
                          83.139.192.0/23 maxlen: 23
                          83.139.197.0/24 maxlen: 24
                          83.139.196.0/22 maxlen: 22
                          83.139.195.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:53:ab:7a:c9:25:ad:a2:f3:03:03:d6:37:75:ed:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1501c845f13dd4ad6e9dae470d5ff69c5cca3771
        Validity
            Not Before: Jan  1 07:55:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e5621829f33ae9b9df05c141ce968fdc336ba1d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e9:b5:fa:9c:19:e4:b0:cc:a9:48:4b:3e:9b:
                    aa:c2:82:70:e4:cc:e3:10:04:e2:b9:16:86:8c:da:
                    d9:52:e0:af:63:f0:89:5f:07:45:96:47:2c:d5:41:
                    40:62:eb:4a:ec:2f:6e:ab:ed:34:5e:bc:ea:33:64:
                    13:5a:56:1d:0e:e7:34:da:a7:ef:e8:d3:33:40:b3:
                    a3:b0:4f:90:b4:e7:3b:b7:b2:5a:f2:41:9a:a5:9a:
                    3d:8f:0c:8f:de:60:2e:a8:ee:b5:5b:c0:f6:62:75:
                    3b:33:f4:01:f8:bc:6b:f4:17:34:b6:9d:44:53:ff:
                    64:94:f6:8d:8c:21:71:96:82:96:01:a3:78:e9:95:
                    eb:86:8f:6c:03:cb:8f:22:9b:01:f4:e6:f8:af:8c:
                    bb:fc:51:c6:91:5a:76:91:2d:e8:32:32:ae:89:fa:
                    24:08:8a:85:c4:7b:d7:97:c7:03:38:8d:60:6e:3f:
                    31:b6:1d:8d:1c:96:67:d5:e0:da:8a:39:c4:3f:14:
                    76:a7:51:ae:1a:b1:5b:ee:ca:f3:d1:ff:81:a2:af:
                    98:f4:52:b1:74:dc:64:b7:fd:bb:ab:ef:d7:9b:41:
                    bb:fb:8b:32:0f:b8:76:9c:cc:3b:34:9e:29:7c:88:
                    5d:66:66:99:92:3c:b0:d2:1b:4d:36:ea:c9:01:d5:
                    e2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:62:18:29:F3:3A:E9:B9:DF:05:C1:41:CE:96:8F:DC:33:6B:A1:D3
            X509v3 Authority Key Identifier:
                keyid:15:01:C8:45:F1:3D:D4:AD:6E:9D:AE:47:0D:5F:F6:9C:5C:CA:37:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/5WIYKfM66bnfBcFBzpaP3DNrodM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/FQHIRfE91K1una5HDV_2nFzKN3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.213.64.0/23
                  82.213.67.0-82.213.69.255
                  82.213.72.0/21
                  82.213.84.0/22
                  82.213.102.0-82.213.111.255
                  83.139.192.0/23
                  83.139.195.0-83.139.199.255
                  83.139.201.0/24
                  83.139.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:f5:49:e1:37:ab:0f:2b:0a:8e:39:b2:1e:1f:9d:4a:e9:e6:
         86:95:b7:39:ab:ed:99:c2:47:c4:50:c2:c5:0c:f1:d6:52:31:
         85:ae:01:e3:6b:f2:58:c5:bb:3d:22:6c:a5:13:3d:41:d8:86:
         0b:69:80:30:ba:f8:b2:24:8b:ef:a7:48:ff:1f:29:67:1c:4b:
         7c:0c:ed:3b:b9:a3:94:35:63:ba:9c:f5:59:62:c0:cd:f9:26:
         16:69:26:a2:c4:b5:9b:64:53:ec:c9:01:2b:db:3b:c5:eb:a7:
         4c:ac:b6:f8:a7:a1:07:9f:4a:30:b2:11:6b:4a:f9:b9:89:c8:
         5c:ec:51:ef:e1:5d:52:56:17:33:fe:7a:af:25:4b:f4:ba:ee:
         e2:17:45:00:6e:43:1e:ad:2a:9a:fd:a7:b1:2f:ee:93:82:75:
         8b:52:bd:56:2a:59:f0:33:86:2d:6b:13:17:e6:ef:5a:3b:c3:
         65:11:be:48:2c:94:ef:1a:0f:50:1f:18:c3:74:ce:9e:80:31:
         d0:8e:11:d1:84:43:58:ad:9d:63:b3:7d:c9:10:5b:1e:43:21:
         26:07:3d:31:40:b1:81:31:17:bc:32:cd:8e:f0:6f:f3:ae:7b:
         7b:ef:0a:0b:3f:ba:05:04:7f:c7:58:bc:da:b4:82:c7:e9:24:
         b1:ea:93:30
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYVsU6t6ySWtovMDA9Y3de0wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDFjODQ1ZjEzZGQ0YWQ2ZTlkYWU0NzBkNWZmNjljNWNj
YTM3NzEwHhcNMjMwMTAxMDc1NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTYyMTgyOWYzM2FlOWI5ZGYwNWMxNDFjZTk2OGZkYzMzNmJhMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOm1+pwZ5LDMqUhLPpuqwoJw5Mzj
EATiuRaGjNrZUuCvY/CJXwdFlkcs1UFAYutK7C9uq+00XrzqM2QTWlYdDuc02qfv
6NMzQLOjsE+QtOc7t7Ja8kGapZo9jwyP3mAuqO61W8D2YnU7M/QB+Lxr9Bc0tp1E
U/9klPaNjCFxloKWAaN46ZXrho9sA8uPIpsB9Ob4r4y7/FHGkVp2kS3oMjKuifok
CIqFxHvXl8cDOI1gbj8xth2NHJZn1eDaijnEPxR2p1GuGrFb7srz0f+Boq+Y9FKx
dNxkt/27q+/Xm0G7+4syD7h2nMw7NJ4pfIhdZmaZkjyw0htNNurJAdXiCQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFOViGCnzOum53wXBQc6Wj9wza6HTMB8GA1UdIwQY
MBaAFBUByEXxPdStbp2uRw1f9pxcyjdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFISVJmRTkxSzF1bmE1SERWXzJuRnpLTjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8wMzc2YTEtNDlkNi00YTRkLThjMmEt
ZWQ3OTE1NDM2YjI3LzEvNVdJWUtmTTY2Ym5mQmNGQnpwYVAzRE5yb2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8wMzc2YTEtNDlkNi00YTRkLThjMmEtZWQ3OTE1NDM2YjI3
LzEvRlFISVJmRTkxSzF1bmE1SERWXzJuRnpLTjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQBUtVAMAwD
BABS1UMDBAFS1UQDBANS1UgDBAJS1VQwDAMEAVLVZgMEBFLVYAMEAVOLwDAMAwQA
U4vDAwQDU4vAAwQAU4vJAwQAU4vQMA0GCSqGSIb3DQEBCwUAA4IBAQCG9UnhN6sP
KwqOObIeH51K6eaGlbc5q+2ZwkfEUMLFDPHWUjGFrgHja/JYxbs9ImylEz1B2IYL
aYAwuviyJIvvp0j/HylnHEt8DO07uaOUNWO6nPVZYsDN+SYWaSaixLWbZFPsyQEr
2zvF66dMrLb4p6EHn0owshFrSvm5ichc7FHv4V1SVhcz/nqvJUv0uu7iF0UAbkMe
rSqa/aexL+6TgnWLUr1WKlnwM4YtaxMX5u9aO8NlEb5ILJTvGg9QHxjDdM6egDHQ
jhHRhENYrZ1js33JEFseQyEmBz0xQLGBMRe8Ms2O8G/zrnt77woLP7oFBH/HWLza
tILH6SSx6pMw
-----END CERTIFICATE-----