Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/6285f1-8c1d-4844-be0e-be8e651c51f6/1/a-OWKGBaw6T8OlyQ7s0eh5RYgg0.roa
File:                     a-OWKGBaw6T8OlyQ7s0eh5RYgg0.roa (raw, json)
Hash identifier:          L8f+ifhVSF2pmkStQyjmJIbUVpZNS3ywZcvGDA/oS5o=
Subject key identifier:   6B:E3:96:28:60:5A:C3:A4:FC:3A:5C:90:EE:CD:1E:87:94:58:82:0D
Certificate issuer:       /CN=5eafc60f4d3409fb46c8a5bf95d3981f14a143b0
Certificate serial:       018570D545E13A877BC5D40907C6E3843C9C
Authority key identifier: 5E:AF:C6:0F:4D:34:09:FB:46:C8:A5:BF:95:D3:98:1F:14:A1:43:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xq_GD000CftGyKW_ldOYHxShQ7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/6285f1-8c1d-4844-be0e-be8e651c51f6/1/a-OWKGBaw6T8OlyQ7s0eh5RYgg0.roa
Signing time:             Mon 02 Jan 2023 04:55:03 +0000
ROA not before:           Mon 02 Jan 2023 04:55:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206460
IP address blocks:        185.186.71.0/24 maxlen: 24
                          185.186.69.0/24 maxlen: 24
                          185.186.70.0/24 maxlen: 24
                          185.186.68.0/24 maxlen: 24
                          185.186.68.0/22 maxlen: 22
                          109.205.16.0/24 maxlen: 24
                          109.205.16.0/21 maxlen: 21
                          109.205.17.0/24 maxlen: 24
                          109.205.18.0/24 maxlen: 24
                          109.205.19.0/24 maxlen: 24
                          109.205.20.0/24 maxlen: 24
                          185.201.186.0/24 maxlen: 24
                          185.201.184.0/22 maxlen: 22
                          109.205.23.0/24 maxlen: 24
                          185.201.185.0/24 maxlen: 24
                          109.205.21.0/24 maxlen: 24
                          185.201.184.0/24 maxlen: 24
                          109.205.22.0/24 maxlen: 24
                          185.201.187.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:d5:45:e1:3a:87:7b:c5:d4:09:07:c6:e3:84:3c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eafc60f4d3409fb46c8a5bf95d3981f14a143b0
        Validity
            Not Before: Jan  2 04:55:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6be39628605ac3a4fc3a5c90eecd1e879458820d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b5:13:0a:97:19:e8:5a:11:78:a4:34:f2:49:
                    89:2a:17:0a:77:af:fd:cb:8e:a4:48:d9:01:76:c2:
                    a7:f4:12:48:22:02:78:fe:bb:b3:15:75:ee:6c:34:
                    e5:55:43:db:25:4e:6f:d4:cb:a0:71:1a:9f:d9:23:
                    07:d7:f2:17:72:c9:7d:49:3f:0b:c6:67:1b:74:f0:
                    2b:a5:25:a3:96:43:08:ea:b9:ea:d6:3c:3d:4f:81:
                    23:1e:0b:6f:86:78:ef:d8:1c:c6:7d:8c:17:29:ba:
                    02:e8:b3:1e:90:78:5c:5f:29:df:a7:4e:b4:ee:74:
                    e6:5f:82:7e:6b:74:08:14:55:5f:fb:1e:58:ce:b5:
                    fa:01:25:6e:dd:62:eb:c5:6b:22:5b:78:6d:fe:96:
                    5e:fc:c3:10:1e:18:52:0b:59:e8:84:f0:c1:6f:7b:
                    03:5b:96:7f:c7:88:50:89:20:8e:47:aa:0c:58:65:
                    9c:5f:bd:ed:5e:da:cb:ea:1a:9c:56:2c:7a:42:af:
                    8e:0e:7b:a9:54:b8:4f:64:ba:89:18:a3:08:65:91:
                    be:47:f2:a9:a0:95:f3:f5:42:67:f1:da:b6:d4:fb:
                    1c:b2:4e:ae:ae:09:93:0f:9a:8c:4a:05:29:f5:bb:
                    94:2c:55:19:c2:c5:7a:50:56:26:d8:31:5c:10:0c:
                    05:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:E3:96:28:60:5A:C3:A4:FC:3A:5C:90:EE:CD:1E:87:94:58:82:0D
            X509v3 Authority Key Identifier:
                keyid:5E:AF:C6:0F:4D:34:09:FB:46:C8:A5:BF:95:D3:98:1F:14:A1:43:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xq_GD000CftGyKW_ldOYHxShQ7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/6285f1-8c1d-4844-be0e-be8e651c51f6/1/a-OWKGBaw6T8OlyQ7s0eh5RYgg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/6285f1-8c1d-4844-be0e-be8e651c51f6/1/Xq_GD000CftGyKW_ldOYHxShQ7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.16.0/21
                  185.186.68.0/22
                  185.201.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:43:3f:d3:b1:52:70:82:d8:af:fe:98:5d:a7:6b:f6:66:60:
         81:7f:f9:af:02:e8:42:df:05:a6:44:a9:1d:9f:76:2d:a7:df:
         4f:7f:74:fb:cc:59:73:15:8b:82:2d:a9:8b:17:21:c9:1b:73:
         2c:da:c1:3f:96:92:ab:9b:16:b9:47:fd:f9:9f:4e:92:46:27:
         ef:c5:2f:02:aa:53:cf:38:4e:56:43:e4:5b:ee:a4:30:3c:23:
         b0:90:56:99:69:36:ea:e2:e0:4d:9c:b8:87:78:7d:15:39:bd:
         e7:94:6e:ca:8c:b4:ec:27:84:b6:59:80:f7:37:4e:91:dc:29:
         d0:58:64:6d:f0:d2:dc:11:77:79:7c:39:9b:b1:cb:1a:a0:a5:
         f9:aa:3e:60:59:7b:d9:06:a6:fd:7e:17:7d:2b:09:9d:76:c9:
         77:c2:1e:cd:c7:76:a9:61:6b:6a:45:13:b9:7d:1b:d9:6a:56:
         1b:2b:29:da:96:2d:56:76:cd:4f:4d:83:52:02:6a:36:36:44:
         9b:80:0b:d8:fa:a4:a2:da:ee:47:cd:0b:00:be:3c:2b:24:c2:
         0e:a7:0b:9f:39:10:86:e8:b7:7c:fa:56:aa:a2:d4:eb:17:52:
         98:a5:c8:a8:5c:09:78:d4:98:d2:02:27:d0:4a:9f:7c:73:82:
         0a:a9:f7:56
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVw1UXhOod7xdQJB8bjhDycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYWZjNjBmNGQzNDA5ZmI0NmM4YTViZjk1ZDM5ODFmMTRh
MTQzYjAwHhcNMjMwMTAyMDQ1NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmUzOTYyODYwNWFjM2E0ZmMzYTVjOTBlZWNkMWU4Nzk0NTg4MjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrUTCpcZ6FoReKQ08kmJKhcKd6/9
y46kSNkBdsKn9BJIIgJ4/ruzFXXubDTlVUPbJU5v1MugcRqf2SMH1/IXcsl9ST8L
xmcbdPArpSWjlkMI6rnq1jw9T4EjHgtvhnjv2BzGfYwXKboC6LMekHhcXynfp060
7nTmX4J+a3QIFFVf+x5YzrX6ASVu3WLrxWsiW3ht/pZe/MMQHhhSC1nohPDBb3sD
W5Z/x4hQiSCOR6oMWGWcX73tXtrL6hqcVix6Qq+ODnupVLhPZLqJGKMIZZG+R/Kp
oJXz9UJn8dq21Pscsk6urgmTD5qMSgUp9buULFUZwsV6UFYm2DFcEAwFXQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGvjlihgWsOk/DpckO7NHoeUWIINMB8GA1UdIwQY
MBaAFF6vxg9NNAn7Rsilv5XTmB8UoUOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHFfR0QwMDBDZnRHeUtXX2xkT1lIeFNoUTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82Mjg1ZjEtOGMxZC00ODQ0LWJlMGUt
YmU4ZTY1MWM1MWY2LzEvYS1PV0tHQmF3NlQ4T2x5UTdzMGVoNVJZZ2cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82Mjg1ZjEtOGMxZC00ODQ0LWJlMGUtYmU4ZTY1MWM1MWY2
LzEvWHFfR0QwMDBDZnRHeUtXX2xkT1lIeFNoUTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDbc0QAwQC
ubpEAwQCucm4MA0GCSqGSIb3DQEBCwUAA4IBAQB1Qz/TsVJwgtiv/phdp2v2ZmCB
f/mvAuhC3wWmRKkdn3Ytp99Pf3T7zFlzFYuCLamLFyHJG3Ms2sE/lpKrmxa5R/35
n06SRifvxS8CqlPPOE5WQ+Rb7qQwPCOwkFaZaTbq4uBNnLiHeH0VOb3nlG7KjLTs
J4S2WYD3N06R3CnQWGRt8NLcEXd5fDmbscsaoKX5qj5gWXvZBqb9fhd9Kwmddsl3
wh7Nx3apYWtqRRO5fRvZalYbKynali1Wds1PTYNSAmo2NkSbgAvY+qSi2u5HzQsA
vjwrJMIOpwufORCG6Ld8+laqotTrF1KYpcioXAl41JjSAifQSp98c4IKqfdW
-----END CERTIFICATE-----