Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/IFm-4Y0VdRnGbknQH6KG1MIxGoA.roa
File:                     IFm-4Y0VdRnGbknQH6KG1MIxGoA.roa (raw, json)
Hash identifier:          nLanAc00XzlAOVv+veL1RF6+XNXT/cC7bejYGRJBWBo=
Subject key identifier:   20:59:BE:E1:8D:15:75:19:C6:6E:49:D0:1F:A2:86:D4:C2:31:1A:80
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0187EAF49CA4E1C13B7D5250720522B3BB39
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/IFm-4Y0VdRnGbknQH6KG1MIxGoA.roa
Signing time:             Fri 05 May 2023 08:08:32 +0000
ROA not before:           Fri 05 May 2023 08:08:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41745
IP address blocks:        195.133.75.0/24 maxlen: 24
                          194.87.219.0/24 maxlen: 24
                          193.124.33.0/24 maxlen: 24
                          194.87.35.0/24 maxlen: 24
                          194.87.252.0/24 maxlen: 24
                          212.192.9.0/24 maxlen: 24
                          195.58.50.0/24 maxlen: 24
                          194.87.62.0/24 maxlen: 24
                          194.87.191.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ea:f4:9c:a4:e1:c1:3b:7d:52:50:72:05:22:b3:bb:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May  5 08:08:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2059bee18d157519c66e49d01fa286d4c2311a80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:bf:7b:0a:93:df:db:77:e8:fa:86:93:9d:4a:
                    45:fe:98:56:70:9a:40:cc:9b:a5:12:5a:c6:1f:8e:
                    d4:24:72:19:e3:dd:e6:eb:17:5d:2d:11:a6:66:23:
                    50:94:7d:70:90:b5:c1:7e:95:bc:d7:70:b6:4a:96:
                    c0:8d:72:07:6b:bf:86:8b:44:d9:0f:ab:c4:be:06:
                    09:6f:2e:c2:fa:be:b3:0a:2b:c6:69:fa:53:56:46:
                    86:1e:9d:1c:46:db:33:92:0a:3f:6d:82:57:6d:bb:
                    9d:5e:88:7c:b3:75:ba:38:80:28:fc:8d:0f:5f:51:
                    05:59:bd:ce:33:d1:12:40:d2:5a:76:68:a8:2b:3f:
                    50:c1:50:50:99:8f:6a:16:db:76:6e:58:d4:96:cd:
                    b1:b8:6f:a1:c6:a7:21:47:c7:db:02:32:0f:f1:13:
                    ad:b2:a7:a7:63:36:15:73:3d:31:fb:a6:95:88:aa:
                    a1:d8:fd:ab:13:38:35:42:fe:2b:ab:bb:ac:c3:4c:
                    e2:01:79:2a:56:6f:97:77:bb:6f:03:1f:51:0c:b5:
                    cb:e9:b6:a1:60:01:89:40:fd:d5:28:01:b0:3c:35:
                    dd:32:a5:f6:c1:de:18:0e:17:2b:62:6f:a5:f3:18:
                    92:b9:fb:db:d3:72:61:dd:62:c2:38:12:2e:5a:ba:
                    b0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:59:BE:E1:8D:15:75:19:C6:6E:49:D0:1F:A2:86:D4:C2:31:1A:80
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/IFm-4Y0VdRnGbknQH6KG1MIxGoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.33.0/24
                  194.87.35.0/24
                  194.87.62.0/24
                  194.87.82.0/24
                  194.87.191.0/24
                  194.87.219.0/24
                  194.87.252.0/24
                  195.58.50.0/24
                  195.133.75.0/24
                  212.192.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:30:61:0d:4d:26:e2:e6:26:43:2d:de:c2:07:40:27:12:68:
         bc:32:15:a5:b0:7a:a9:87:2e:e5:24:53:da:f3:97:7a:2c:56:
         90:13:db:c9:03:e5:4b:67:52:0e:f7:96:15:5b:79:85:8c:d5:
         6e:b4:5b:44:62:73:41:a7:20:53:d5:7a:d5:fc:8c:6b:95:37:
         5d:db:fd:87:4e:fb:01:1a:cf:b8:50:a4:51:b5:39:83:bd:f1:
         77:d5:a2:9c:02:98:b4:91:39:d8:d6:4e:cc:78:ed:ce:b1:11:
         2d:48:45:52:3e:0d:db:0f:7f:cf:8b:dc:ab:12:eb:04:3c:d4:
         36:27:ed:17:59:56:f4:40:c4:3d:2f:00:3b:7c:4b:eb:a1:58:
         8c:df:93:96:9d:ca:69:23:b5:90:fe:36:e5:23:52:be:9a:95:
         2b:72:56:e2:01:a3:7a:47:f0:a6:59:7c:d8:99:2d:f1:b4:1c:
         b7:6d:67:42:62:8f:49:0e:5b:e0:58:58:18:4c:74:ab:c3:b4:
         61:e1:03:be:e6:ce:46:e2:7e:aa:be:99:ef:b4:25:4a:3a:0d:
         c9:2c:15:e9:0e:9e:32:1f:c0:bb:7e:dd:c0:7b:43:6e:b4:d5:
         fe:8d:06:a1:97:fd:9a:c2:1c:70:6d:7d:36:50:95:cb:20:f4:
         85:be:76:9f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYfq9Jyk4cE7fVJQcgUis7s5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNTA1MDgwODMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDU5YmVlMThkMTU3NTE5YzY2ZTQ5ZDAxZmEyODZkNGMyMzExYTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmL97CpPf23fo+oaTnUpF/phWcJpA
zJulElrGH47UJHIZ493m6xddLRGmZiNQlH1wkLXBfpW813C2SpbAjXIHa7+Gi0TZ
D6vEvgYJby7C+r6zCivGafpTVkaGHp0cRtszkgo/bYJXbbudXoh8s3W6OIAo/I0P
X1EFWb3OM9ESQNJadmioKz9QwVBQmY9qFtt2bljUls2xuG+hxqchR8fbAjIP8ROt
sqenYzYVcz0x+6aViKqh2P2rEzg1Qv4rq7usw0ziAXkqVm+Xd7tvAx9RDLXL6bah
YAGJQP3VKAGwPDXdMqX2wd4YDhcrYm+l8xiSufvb03Jh3WLCOBIuWrqwgwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCBZvuGNFXUZxm5J0B+ihtTCMRqAMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSUZtLTRZMFZkUm5HYmtuUUg2S0cxTUl4R29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwXwhAwQA
wlcjAwQAwlc+AwQAwldSAwQAwle/AwQAwlfbAwQAwlf8AwQAwzoyAwQAw4VLAwQA
1MAJMA0GCSqGSIb3DQEBCwUAA4IBAQAMMGENTSbi5iZDLd7CB0AnEmi8MhWlsHqp
hy7lJFPa85d6LFaQE9vJA+VLZ1IO95YVW3mFjNVutFtEYnNBpyBT1XrV/IxrlTdd
2/2HTvsBGs+4UKRRtTmDvfF31aKcApi0kTnY1k7MeO3OsREtSEVSPg3bD3/Pi9yr
EusEPNQ2J+0XWVb0QMQ9LwA7fEvroViM35OWncppI7WQ/jblI1K+mpUrclbiAaN6
R/CmWXzYmS3xtBy3bWdCYo9JDlvgWFgYTHSrw7Rh4QO+5s5G4n6qvpnvtCVKOg3J
LBXpDp4yH8C7ft3Ae0NutNX+jQahl/2awhxwbX02UJXLIPSFvnaf
-----END CERTIFICATE-----