Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/338605-4db4-4ede-a310-5642353d431a/1/3wqZhKxcvNkqsje2IMpg7wsB-2A.roa
File:                     3wqZhKxcvNkqsje2IMpg7wsB-2A.roa (raw, json)
Hash identifier:          7dcIbnviKokzzKSzVNYHojaie5OJugTgFm1cjqQ3zpg=
Subject key identifier:   DF:0A:99:84:AC:5C:BC:D9:2A:B2:37:B6:20:CA:60:EF:0B:01:FB:60
Certificate issuer:       /CN=4ad467f16d0951e430713832c6c759561e76041f
Certificate serial:       018B198C21731FC0360E04225733B832203D
Authority key identifier: 4A:D4:67:F1:6D:09:51:E4:30:71:38:32:C6:C7:59:56:1E:76:04:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/StRn8W0JUeQwcTgyxsdZVh52BB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/338605-4db4-4ede-a310-5642353d431a/1/3wqZhKxcvNkqsje2IMpg7wsB-2A.roa
Signing time:             Tue 10 Oct 2023 12:24:55 +0000
ROA not before:           Tue 10 Oct 2023 12:24:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9074
IP address blocks:        185.248.108.0/24 maxlen: 24
                          185.248.109.0/24 maxlen: 24
                          185.248.110.0/24 maxlen: 24
                          37.131.254.0/24 maxlen: 24
                          37.131.255.0/24 maxlen: 24
                          37.131.251.0/24 maxlen: 24
                          37.131.252.0/24 maxlen: 24
                          37.131.253.0/24 maxlen: 24
                          37.131.248.0/24 maxlen: 24
                          37.131.249.0/24 maxlen: 24
                          37.131.250.0/24 maxlen: 24
                          2a0b:9bc0:1::/48 maxlen: 48
                          2a0b:9bc0:2::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:19:8c:21:73:1f:c0:36:0e:04:22:57:33:b8:32:20:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ad467f16d0951e430713832c6c759561e76041f
        Validity
            Not Before: Oct 10 12:24:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=df0a9984ac5cbcd92ab237b620ca60ef0b01fb60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7d:e6:02:b4:73:2e:24:cb:78:a6:fe:56:73:
                    6d:ac:b0:ff:a5:48:e3:dc:f0:7c:59:a6:5f:f9:ec:
                    74:c3:68:84:14:d4:1c:b8:19:98:e7:65:9c:7c:f7:
                    3d:78:d9:84:2f:87:9b:74:f7:ad:8b:e8:6d:39:1f:
                    9a:77:99:b1:28:e6:0f:f8:16:e6:38:c4:08:64:02:
                    45:07:74:9e:1a:48:50:db:d9:39:ed:2d:65:39:a1:
                    1c:b8:2b:5a:a8:16:42:d3:41:0d:a7:d6:af:6f:40:
                    5e:10:c9:ee:a9:15:45:3f:43:7c:04:96:f0:44:f4:
                    04:e1:cd:66:6b:ae:ad:12:61:10:03:5d:23:3d:2e:
                    e5:6c:ec:1e:18:47:61:84:89:49:c5:2f:93:4d:5b:
                    92:38:6e:c2:7f:79:23:a1:d4:a6:b4:28:76:2f:7b:
                    17:92:c0:eb:b2:df:7c:5a:02:64:b3:7b:a7:33:23:
                    17:2b:c4:a4:f4:86:9f:8a:8e:a5:7f:09:c5:20:e0:
                    41:ae:b9:e4:1e:54:a5:d4:91:74:8e:66:fa:ad:14:
                    87:a1:ad:e0:10:23:88:3d:c0:8a:1d:68:95:27:79:
                    cb:3d:5d:7f:14:85:30:8c:59:7f:2c:34:03:c7:c4:
                    20:43:dd:7c:d0:ea:8c:0b:0f:51:81:b2:a2:b5:31:
                    08:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:0A:99:84:AC:5C:BC:D9:2A:B2:37:B6:20:CA:60:EF:0B:01:FB:60
            X509v3 Authority Key Identifier:
                keyid:4A:D4:67:F1:6D:09:51:E4:30:71:38:32:C6:C7:59:56:1E:76:04:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/StRn8W0JUeQwcTgyxsdZVh52BB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/338605-4db4-4ede-a310-5642353d431a/1/3wqZhKxcvNkqsje2IMpg7wsB-2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/338605-4db4-4ede-a310-5642353d431a/1/StRn8W0JUeQwcTgyxsdZVh52BB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.131.248.0/21
                  185.248.108.0-185.248.110.255
                IPv6:
                  2a0b:9bc0:1::-2a0b:9bc0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         93:d1:12:8e:ce:bf:eb:e6:c3:95:0d:9b:62:da:3b:82:5a:a2:
         2a:08:ca:83:b5:3f:fc:fc:b1:a4:af:c4:cb:de:fd:c1:30:40:
         d1:5b:53:3c:0e:80:88:58:66:c3:67:05:a2:2c:5b:52:85:6c:
         11:98:51:a4:dc:a2:16:ea:2d:77:d5:4b:c2:f7:ff:5a:eb:c8:
         7c:a2:d7:32:90:a1:39:1c:61:1e:18:8e:d1:36:66:2d:6e:1b:
         fd:2f:59:17:a8:87:01:34:2c:72:ee:59:c3:d6:81:db:83:77:
         33:71:1d:1f:3d:03:e7:ef:c5:40:0b:2e:f9:26:18:8d:63:1d:
         07:77:1a:36:7c:e0:5b:8e:65:ba:8c:8b:88:94:c4:b0:c6:f7:
         b1:8e:e1:64:bb:9d:82:e4:47:61:fb:34:e4:a8:db:4a:5c:28:
         29:a5:6c:0a:7e:51:b7:eb:48:85:41:ce:fa:86:14:a2:48:c2:
         32:2d:91:5b:b3:53:df:9a:ec:7d:b6:e5:f3:df:48:d8:03:b5:
         6d:0d:58:ae:31:8e:a3:be:a0:b1:a5:f2:bd:cc:38:54:3c:11:
         ef:09:2e:93:85:1e:8f:e0:5f:3b:81:bc:a9:6b:c4:f6:98:cf:
         28:f3:d5:25:90:55:96:ad:db:58:81:15:62:aa:aa:70:f1:f0:
         08:45:e9:39
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYsZjCFzH8A2DgQiVzO4MiA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZDQ2N2YxNmQwOTUxZTQzMDcxMzgzMmM2Yzc1OTU2MWU3
NjA0MWYwHhcNMjMxMDEwMTIyNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjBhOTk4NGFjNWNiY2Q5MmFiMjM3YjYyMGNhNjBlZjBiMDFmYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH3mArRzLiTLeKb+VnNtrLD/pUjj
3PB8WaZf+ex0w2iEFNQcuBmY52WcfPc9eNmEL4ebdPeti+htOR+ad5mxKOYP+Bbm
OMQIZAJFB3SeGkhQ29k57S1lOaEcuCtaqBZC00ENp9avb0BeEMnuqRVFP0N8BJbw
RPQE4c1ma66tEmEQA10jPS7lbOweGEdhhIlJxS+TTVuSOG7Cf3kjodSmtCh2L3sX
ksDrst98WgJks3unMyMXK8Sk9Iafio6lfwnFIOBBrrnkHlSl1JF0jmb6rRSHoa3g
ECOIPcCKHWiVJ3nLPV1/FIUwjFl/LDQDx8QgQ9180OqMCw9RgbKitTEIXwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFN8KmYSsXLzZKrI3tiDKYO8LAftgMB8GA1UdIwQY
MBaAFErUZ/FtCVHkMHE4MsbHWVYedgQfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3RSbjhXMEpVZVF3Y1RneXhzZFpWaDUyQkI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8zMzg2MDUtNGRiNC00ZWRlLWEzMTAt
NTY0MjM1M2Q0MzFhLzEvM3dxWmhLeGN2Tmtxc2plMklNcGc3d3NCLTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8zMzg2MDUtNGRiNC00ZWRlLWEzMTAtNTY0MjM1M2Q0MzFh
LzEvU3RSbjhXMEpVZVF3Y1RneXhzZFpWaDUyQkI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAaBAIAATAUAwQDJYP4MAwD
BAK5+GwDBAC5+G4wGgQCAAIwFDASAwcAKgubwAABAwcAKgubwAACMA0GCSqGSIb3
DQEBCwUAA4IBAQCT0RKOzr/r5sOVDZti2juCWqIqCMqDtT/8/LGkr8TL3v3BMEDR
W1M8DoCIWGbDZwWiLFtShWwRmFGk3KIW6i131UvC9/9a68h8otcykKE5HGEeGI7R
NmYtbhv9L1kXqIcBNCxy7lnD1oHbg3czcR0fPQPn78VACy75JhiNYx0Hdxo2fOBb
jmW6jIuIlMSwxvexjuFku52C5Edh+zTkqNtKXCgppWwKflG360iFQc76hhSiSMIy
LZFbs1Pfmux9tuXz30jYA7VtDViuMY6jvqCxpfK9zDhUPBHvCS6ThR6P4F87gbyp
a8T2mM8o89UlkFWWrdtYgRViqqpw8fAIRek5
-----END CERTIFICATE-----