Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TFV9d8-ZLsielYa5vy3n4jKfmpw.roa
File:                     TFV9d8-ZLsielYa5vy3n4jKfmpw.roa (raw, json)
Hash identifier:          NS5DjjnfqgrDbniOkd5+8PqHBiXnY5itLjNRjS3MUvI=
Subject key identifier:   4C:55:7D:77:CF:99:2E:C8:9E:95:86:B9:BF:2D:E7:E2:32:9F:9A:9C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0187E5C7B4B2B339830A4DD771FCED4FE31C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TFV9d8-ZLsielYa5vy3n4jKfmpw.roa
Signing time:             Thu 04 May 2023 08:01:23 +0000
ROA not before:           Thu 04 May 2023 08:01:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203639
IP address blocks:        212.193.14.0/24 maxlen: 24
                          194.87.208.0/24 maxlen: 24
                          194.87.226.0/24 maxlen: 24
                          194.87.231.0/24 maxlen: 24
                          212.192.4.0/24 maxlen: 24
                          195.133.15.0/24 maxlen: 24
                          195.133.25.0/24 maxlen: 24
                          195.133.27.0/24 maxlen: 24
                          192.124.180.0/24 maxlen: 24
                          194.87.76.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e5:c7:b4:b2:b3:39:83:0a:4d:d7:71:fc:ed:4f:e3:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May  4 08:01:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c557d77cf992ec89e9586b9bf2de7e2329f9a9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fa:7c:aa:3a:14:78:6c:9c:25:d0:7a:03:97:
                    9d:78:b4:85:3b:1d:96:b5:08:d7:6a:f9:37:7c:e9:
                    12:59:45:44:1f:30:44:d6:5b:3b:be:1b:0b:c4:32:
                    89:2c:09:76:cd:5a:bf:90:2c:b1:44:3f:2a:ca:e1:
                    fb:36:d7:4d:6f:6c:dd:21:38:c6:04:dc:c2:f1:40:
                    bd:78:c0:d8:8a:79:f2:62:df:ec:27:be:6e:d5:94:
                    7c:83:00:fd:19:05:4d:2d:3e:9b:d6:4a:52:d2:ab:
                    95:c4:82:04:ba:d4:01:b1:f1:c8:17:10:81:5e:1c:
                    44:ef:2f:1d:bc:0b:de:c2:70:15:d6:bf:71:cc:10:
                    30:11:5e:d9:52:71:64:86:24:df:b0:e6:59:d8:a1:
                    6f:ab:73:df:f3:a0:7f:9f:ad:4e:45:f5:b4:14:9e:
                    4e:0b:17:ea:38:29:98:26:72:ab:3b:e1:ba:04:0d:
                    23:dc:6c:a2:00:93:28:61:5b:db:35:7b:77:f2:bf:
                    a6:94:7a:52:82:02:a0:3d:b6:c3:2e:f5:59:ff:db:
                    78:6b:af:bd:b1:5e:82:3a:8b:5e:10:3a:d6:0d:c1:
                    1d:d4:17:2b:8b:0e:7e:b0:b3:66:8d:af:00:1d:5d:
                    10:30:31:cf:db:45:34:5a:02:0a:2c:fd:5e:e1:c0:
                    75:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:55:7D:77:CF:99:2E:C8:9E:95:86:B9:BF:2D:E7:E2:32:9F:9A:9C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TFV9d8-ZLsielYa5vy3n4jKfmpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.180.0/24
                  194.87.76.0/24
                  194.87.208.0/24
                  194.87.226.0/24
                  194.87.231.0/24
                  195.133.15.0/24
                  195.133.25.0/24
                  195.133.27.0/24
                  212.192.4.0/24
                  212.193.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c3:cf:28:d3:8d:bd:7c:23:7f:92:47:ce:35:0e:6d:43:3d:
         59:19:db:c3:ca:bd:c9:8f:b5:0f:a6:11:7a:30:e8:48:51:2d:
         f5:de:01:3d:9c:86:48:0b:f4:d4:bf:85:31:d0:f9:eb:24:37:
         2b:78:e2:95:39:54:3c:70:a7:e6:ad:57:3d:58:65:a2:9d:2d:
         6c:c2:ac:b0:d2:26:0f:01:d5:dc:6c:1c:1e:95:2e:43:18:50:
         70:4d:25:cc:be:c4:e8:82:a5:7e:76:c0:1f:ae:3c:19:1f:90:
         07:39:e0:12:db:41:31:ac:f5:ac:8b:69:28:dd:ff:04:27:cf:
         2a:42:34:55:e3:18:6c:63:74:7d:cf:24:5a:9f:f7:f7:32:6d:
         d8:c9:83:fa:33:af:07:b0:90:d5:c8:5b:9a:58:7c:fc:2f:98:
         68:bf:b4:8e:bd:0e:4d:8d:ea:fa:0d:11:7b:b0:de:db:04:46:
         cd:fd:8d:a2:dc:ab:48:fa:7c:27:24:af:3c:17:2e:da:00:95:
         b6:77:d5:79:fd:a5:c1:14:44:8e:f6:b5:f6:ae:df:b2:05:57:
         52:3e:d3:01:61:7b:c0:bd:bb:7b:44:d0:b0:12:0b:e7:09:9e:
         52:84:31:2b:85:da:82:91:1a:94:83:e2:2c:12:c7:ca:a9:6c:
         16:ad:fc:9b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYflx7SyszmDCk3XcfztT+McMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNTA0MDgwMTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzU1N2Q3N2NmOTkyZWM4OWU5NTg2YjliZjJkZTdlMjMyOWY5YTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPp8qjoUeGycJdB6A5edeLSFOx2W
tQjXavk3fOkSWUVEHzBE1ls7vhsLxDKJLAl2zVq/kCyxRD8qyuH7NtdNb2zdITjG
BNzC8UC9eMDYinnyYt/sJ75u1ZR8gwD9GQVNLT6b1kpS0quVxIIEutQBsfHIFxCB
XhxE7y8dvAvewnAV1r9xzBAwEV7ZUnFkhiTfsOZZ2KFvq3Pf86B/n61ORfW0FJ5O
CxfqOCmYJnKrO+G6BA0j3GyiAJMoYVvbNXt38r+mlHpSggKgPbbDLvVZ/9t4a6+9
sV6COoteEDrWDcEd1Bcriw5+sLNmja8AHV0QMDHP20U0WgIKLP1e4cB15wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFExVfXfPmS7InpWGub8t5+Iyn5qcMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVEZWOWQ4LVpMc2llbFlhNXZ5M240aktmbXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwHy0AwQA
wldMAwQAwlfQAwQAwlfiAwQAwlfnAwQAw4UPAwQAw4UZAwQAw4UbAwQA1MAEAwQA
1MEOMA0GCSqGSIb3DQEBCwUAA4IBAQBnw88o0429fCN/kkfONQ5tQz1ZGdvDyr3J
j7UPphF6MOhIUS313gE9nIZIC/TUv4Ux0PnrJDcreOKVOVQ8cKfmrVc9WGWinS1s
wqyw0iYPAdXcbBwelS5DGFBwTSXMvsTogqV+dsAfrjwZH5AHOeAS20ExrPWsi2ko
3f8EJ88qQjRV4xhsY3R9zyRan/f3Mm3YyYP6M68HsJDVyFuaWHz8L5hov7SOvQ5N
jer6DRF7sN7bBEbN/Y2i3KtI+nwnJK88Fy7aAJW2d9V5/aXBFESO9rX2rt+yBVdS
PtMBYXvAvbt7RNCwEgvnCZ5ShDErhdqCkRqUg+IsEsfKqWwWrfyb
-----END CERTIFICATE-----