Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/SexJ3iPGSVyePschc4tEJe48hJg.roa
File:                     SexJ3iPGSVyePschc4tEJe48hJg.roa (raw, json)
Hash identifier:          k6XEpEhkA/RFeAHG+O3HGWv4SqxxCM4SX4dVH2n1YVk=
Subject key identifier:   49:EC:49:DE:23:C6:49:5C:9E:3E:C7:21:73:8B:44:25:EE:3C:84:98
Certificate issuer:       /CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
Certificate serial:       0186CB9F2306C9FEF75A3B5A248F777C76DB
Authority key identifier: 64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/SexJ3iPGSVyePschc4tEJe48hJg.roa
Signing time:             Fri 10 Mar 2023 13:04:09 +0000
ROA not before:           Fri 10 Mar 2023 13:04:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47962
IP address blocks:        176.106.224.0/22 maxlen: 22
                          176.106.224.0/24 maxlen: 24
                          176.106.224.0/23 maxlen: 23
                          176.106.230.0/24 maxlen: 24
                          176.106.230.0/23 maxlen: 23
                          37.122.152.0/22 maxlen: 22
                          37.122.153.0/24 maxlen: 24
                          37.122.157.0/24 maxlen: 24
                          37.122.155.0/24 maxlen: 24
                          37.122.156.0/23 maxlen: 23
                          37.122.156.0/24 maxlen: 24
                          37.122.154.0/24 maxlen: 24
                          2a0f:6a80:1::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cb:9f:23:06:c9:fe:f7:5a:3b:5a:24:8f:77:7c:76:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
        Validity
            Not Before: Mar 10 13:04:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=49ec49de23c6495c9e3ec721738b4425ee3c8498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5a:d6:3a:5c:58:c4:26:8b:65:dc:29:8b:e3:
                    80:57:de:be:96:26:34:31:ce:f6:c1:81:1e:f8:67:
                    91:62:93:d0:c8:bf:25:77:fe:c9:84:5a:62:43:ae:
                    e8:ba:1f:99:42:55:3d:52:43:1d:6b:bb:03:ff:59:
                    e0:db:c2:bf:92:97:33:2f:13:d7:d4:68:eb:02:fd:
                    c1:f9:7d:e3:db:27:58:94:6b:72:6e:42:71:61:29:
                    ca:db:90:90:29:4a:83:7e:d1:b1:6a:f2:a9:cc:dd:
                    7d:92:b3:a0:18:a6:74:b4:d0:ea:72:46:7c:2e:31:
                    3b:80:f6:ec:36:b1:14:c7:7d:a1:cd:87:cf:a3:a6:
                    0b:7e:47:01:41:09:5f:06:1d:13:c8:a7:0d:c8:32:
                    17:52:b4:a3:b8:fc:fe:12:df:c4:be:8c:46:57:d3:
                    d8:d2:c1:52:be:2c:0f:0f:03:3e:fe:3f:8a:c9:bd:
                    48:21:8e:3f:07:e6:97:12:38:9c:ee:b2:73:d7:2e:
                    a4:20:73:7c:c9:a6:79:ab:0a:f6:9f:ad:f1:b5:6c:
                    51:73:ec:c4:55:27:19:82:a8:6a:2c:2a:02:e9:f8:
                    18:4b:5d:3f:fd:3c:5d:04:59:75:d4:32:1f:f8:24:
                    c6:d7:fe:46:a2:95:4b:80:41:53:da:12:f1:2c:e0:
                    e1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:EC:49:DE:23:C6:49:5C:9E:3E:C7:21:73:8B:44:25:EE:3C:84:98
            X509v3 Authority Key Identifier:
                keyid:64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/SexJ3iPGSVyePschc4tEJe48hJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.122.152.0-37.122.157.255
                  176.106.224.0/22
                  176.106.230.0/23
                IPv6:
                  2a0f:6a80:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:7f:1b:5a:3d:20:63:bb:13:22:57:52:cd:f1:1e:fd:25:ce:
         7a:6d:ce:b1:04:ca:c5:8b:29:b4:f5:04:2d:3d:bc:c6:c8:79:
         07:a1:80:9a:6a:34:79:26:2f:43:70:00:f3:14:f7:61:b6:14:
         c4:eb:5c:99:05:cb:9d:78:23:5f:39:ab:05:35:9a:91:1a:47:
         d4:6d:ee:05:43:8f:d3:d2:02:1c:ca:a3:07:e8:36:11:ec:38:
         14:34:48:d9:75:3d:f0:e4:60:d9:c4:35:43:6d:a2:89:e4:7b:
         dd:c9:68:1d:db:dc:1b:33:5b:51:d2:48:e1:3f:9d:5d:53:16:
         bf:b0:f4:46:5e:96:ce:35:43:83:18:83:4d:ad:21:4d:b3:3c:
         66:3f:80:37:c1:c6:fc:1f:e0:be:5d:39:5a:ae:0a:cf:40:cd:
         0e:b9:9c:50:4e:fb:b0:c0:a8:21:e6:b7:11:7e:08:64:66:5a:
         6c:bd:4a:cd:e3:70:be:ae:17:47:2b:04:4e:4c:df:27:96:4d:
         fd:8b:af:78:d9:da:6d:7e:be:89:51:2d:77:fe:b7:93:07:ce:
         9e:0a:60:5d:9f:e2:3d:7b:1d:1d:0b:ca:eb:d0:02:d7:3d:64:
         2a:ed:40:b7:d7:9c:49:e3:4d:1b:fe:01:5d:a3:93:ed:3d:ef:
         3a:1e:64:10
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYbLnyMGyf73WjtaJI93fHbbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDE3MWY5M2NjMWNhNzE2ZmM4MDZlMzZhNTU4NTJjZGY0
ZjFjMWMwHhcNMjMwMzEwMTMwNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWVjNDlkZTIzYzY0OTVjOWUzZWM3MjE3MzhiNDQyNWVlM2M4NDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFrWOlxYxCaLZdwpi+OAV96+liY0
Mc72wYEe+GeRYpPQyL8ld/7JhFpiQ67ouh+ZQlU9UkMda7sD/1ng28K/kpczLxPX
1GjrAv3B+X3j2ydYlGtybkJxYSnK25CQKUqDftGxavKpzN19krOgGKZ0tNDqckZ8
LjE7gPbsNrEUx32hzYfPo6YLfkcBQQlfBh0TyKcNyDIXUrSjuPz+Et/EvoxGV9PY
0sFSviwPDwM+/j+Kyb1IIY4/B+aXEjic7rJz1y6kIHN8yaZ5qwr2n63xtWxRc+zE
VScZgqhqLCoC6fgYS10//TxdBFl11DIf+CTG1/5GopVLgEFT2hLxLODh7wIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFEnsSd4jxklcnj7HIXOLRCXuPISYMB8GA1UdIwQY
MBaAFGTRcfk8wcpxb8gG42pVhSzfTxwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAt
YTQ2MzVkZjQ3ZDcwLzEvU2V4SjNpUEdTVnllUHNjaGM0dEVKZTQ4aEpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAtYTQ2MzVkZjQ3ZDcw
LzEvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaMAwDBAMlepgD
BAElepwDBAKwauADBAGwauYwDwQCAAIwCQMHACoPaoAAATANBgkqhkiG9w0BAQsF
AAOCAQEAcn8bWj0gY7sTIldSzfEe/SXOem3OsQTKxYsptPUELT28xsh5B6GAmmo0
eSYvQ3AA8xT3YbYUxOtcmQXLnXgjXzmrBTWakRpH1G3uBUOP09ICHMqjB+g2Eew4
FDRI2XU98ORg2cQ1Q22iieR73cloHdvcGzNbUdJI4T+dXVMWv7D0Rl6WzjVDgxiD
Ta0hTbM8Zj+AN8HG/B/gvl05Wq4Kz0DNDrmcUE77sMCoIea3EX4IZGZabL1KzeNw
vq4XRysETkzfJ5ZN/YuveNnabX6+iVEtd/63kwfOngpgXZ/iPXsdHQvK69AC1z1k
Ku1At9ecSeNNG/4BXaOT7T3vOh5kEA==
-----END CERTIFICATE-----