Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JSqGV684SYVhC2_orchL3oW0Xdo.roa
File:                     JSqGV684SYVhC2_orchL3oW0Xdo.roa (raw, json)
Hash identifier:          LtZn71UivVT1z6bv4ZPsDHadp4DakpiTP8h1qTE/0Rw=
Subject key identifier:   25:2A:86:57:AF:38:49:85:61:0B:6F:E8:AD:C8:4B:DE:85:B4:5D:DA
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0188BE4886709B2DFC5F509C98587D78BDCD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JSqGV684SYVhC2_orchL3oW0Xdo.roa
Signing time:             Thu 15 Jun 2023 09:00:04 +0000
ROA not before:           Thu 15 Jun 2023 09:00:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        85.209.132.0/24 maxlen: 24
                          83.143.112.0/24 maxlen: 24
                          85.217.145.0/24 maxlen: 24
                          83.143.113.0/24 maxlen: 24
                          185.222.163.0/24 maxlen: 24
                          45.128.99.0/24 maxlen: 24
                          87.121.69.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          176.125.252.0/24 maxlen: 24
                          193.47.60.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:be:48:86:70:9b:2d:fc:5f:50:9c:98:58:7d:78:bd:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 15 09:00:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=252a8657af384985610b6fe8adc84bde85b45dda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:50:ed:f3:96:7b:d7:37:12:8a:05:c9:ab:14:
                    7f:30:69:c4:29:48:3a:92:f5:ae:de:62:dd:ae:97:
                    d4:f1:4a:95:82:40:48:9c:77:91:50:b0:37:0c:f6:
                    30:f1:0b:83:59:78:d9:29:c2:00:08:be:aa:7b:37:
                    59:87:51:30:89:fc:4e:cd:bf:c1:b5:09:d5:c8:91:
                    1d:d3:de:bd:fd:1c:83:a1:e7:47:63:f7:f8:f8:9e:
                    c1:83:65:23:c4:c3:8b:30:24:6d:c3:f8:9f:58:a2:
                    3a:73:1a:4e:7e:2a:2c:1c:71:c0:3a:9c:14:6a:2b:
                    a7:2c:59:7b:d3:d0:b8:55:24:0c:34:49:47:56:62:
                    37:97:1c:7b:4c:cb:71:d7:b4:92:58:1d:37:0b:fb:
                    f7:a3:16:f4:f1:12:82:a4:15:92:a4:c1:ff:10:eb:
                    b8:bd:fa:19:9a:da:98:b8:da:54:a8:27:b5:e2:47:
                    44:0d:91:7d:54:b7:89:28:d3:2c:b7:1d:30:07:47:
                    9e:fc:59:f6:e2:5f:87:36:22:18:1b:0a:ee:d6:34:
                    6c:11:0c:ba:e9:e0:f8:c4:f2:b7:f0:6f:65:49:7c:
                    6b:82:79:37:85:4c:c7:30:7b:0e:36:47:bb:4d:01:
                    ad:2f:ed:d0:d9:8a:dd:3d:15:64:df:18:0e:04:0f:
                    36:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:2A:86:57:AF:38:49:85:61:0B:6F:E8:AD:C8:4B:DE:85:B4:5D:DA
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JSqGV684SYVhC2_orchL3oW0Xdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.99.0/24
                  83.143.112.0/23
                  85.209.132.0/24
                  85.217.145.0/24
                  87.121.69.0/24
                  176.125.252.0/24
                  185.222.163.0/24
                  193.42.34.0/24
                  193.47.60.0/24
                  193.47.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:95:3e:58:26:2a:ef:e9:7b:1f:97:8a:73:66:99:53:92:b1:
         d0:c9:ac:6f:b3:fe:a1:5c:f2:57:5d:16:3d:9b:4a:6c:3e:3e:
         91:04:40:6c:d8:72:ae:43:a3:13:a6:77:67:a3:85:47:dc:04:
         53:ed:d6:e1:a3:6a:77:a6:eb:bb:ea:ba:3f:d3:1f:4a:eb:86:
         5e:75:24:d3:9b:00:e5:96:45:f8:a1:c9:df:4d:8d:95:7e:15:
         d5:fe:df:44:d5:6d:e9:9a:63:7c:24:09:77:67:b1:74:d0:07:
         92:d8:c0:01:c3:68:c2:58:f6:7e:7f:9e:7c:2a:f3:9a:e6:5b:
         11:10:5c:b8:d9:a8:b8:6d:8e:9e:51:15:30:8f:7b:80:0a:4b:
         55:14:c7:87:90:1c:fd:31:e0:00:0d:48:98:ef:41:71:f2:67:
         c9:76:ad:90:28:40:35:c2:d0:4c:e6:15:42:0f:54:e9:a0:3f:
         f9:e3:dd:63:32:28:64:8b:7a:48:c0:53:12:66:88:8b:cc:0c:
         f2:4d:32:33:d0:0f:bf:18:b0:2f:3e:3a:2d:2d:80:f9:99:d5:
         50:f8:ac:4d:05:a3:21:11:6b:4d:2c:1d:0d:d5:53:58:d9:7e:
         2a:70:24:37:88:02:3d:62:ef:b7:ae:7c:80:75:31:7b:0a:4a:
         46:63:e0:eb
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYi+SIZwmy38X1CcmFh9eL3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjE1MDkwMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTJhODY1N2FmMzg0OTg1NjEwYjZmZThhZGM4NGJkZTg1YjQ1ZGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lDt85Z71zcSigXJqxR/MGnEKUg6
kvWu3mLdrpfU8UqVgkBInHeRULA3DPYw8QuDWXjZKcIACL6qezdZh1EwifxOzb/B
tQnVyJEd0969/RyDoedHY/f4+J7Bg2UjxMOLMCRtw/ifWKI6cxpOfiosHHHAOpwU
aiunLFl709C4VSQMNElHVmI3lxx7TMtx17SSWB03C/v3oxb08RKCpBWSpMH/EOu4
vfoZmtqYuNpUqCe14kdEDZF9VLeJKNMstx0wB0ee/Fn24l+HNiIYGwru1jRsEQy6
6eD4xPK38G9lSXxrgnk3hUzHMHsONke7TQGtL+3Q2YrdPRVk3xgOBA82HwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCUqhlevOEmFYQtv6K3IS96FtF3aMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSlNxR1Y2ODRTWVZoQzJfb3JjaEwzb1cwWGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALYBjAwQB
U49wAwQAVdGEAwQAVdmRAwQAV3lFAwQAsH38AwQAud6jAwQAwSoiAwQAwS88AwQA
wS8/MA0GCSqGSIb3DQEBCwUAA4IBAQB1lT5YJirv6Xsfl4pzZplTkrHQyaxvs/6h
XPJXXRY9m0psPj6RBEBs2HKuQ6MTpndno4VH3ART7dbho2p3puu76ro/0x9K64Ze
dSTTmwDllkX4ocnfTY2VfhXV/t9E1W3pmmN8JAl3Z7F00AeS2MABw2jCWPZ+f558
KvOa5lsREFy42ai4bY6eURUwj3uACktVFMeHkBz9MeAADUiY70Fx8mfJdq2QKEA1
wtBM5hVCD1TpoD/5491jMihki3pIwFMSZoiLzAzyTTIz0A+/GLAvPjotLYD5mdVQ
+KxNBaMhEWtNLB0N1VNY2X4qcCQ3iAI9Yu+3rnyAdTF7CkpGY+Dr
-----END CERTIFICATE-----