Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/1UxtyTu0jReTqvsniWb-hlPwsIE.roa
File:                     1UxtyTu0jReTqvsniWb-hlPwsIE.roa (raw, json)
Hash identifier:          JqgH5cRUOzR4bha6xLNPBTuC4pRaH09srjBAazjOOco=
Subject key identifier:   D5:4C:6D:C9:3B:B4:8D:17:93:AA:FB:27:89:66:FE:86:53:F0:B0:81
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       01856CAF06446C3F2E9A1E8786AFA2D07E87
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/1UxtyTu0jReTqvsniWb-hlPwsIE.roa
Signing time:             Sun 01 Jan 2023 09:34:47 +0000
ROA not before:           Sun 01 Jan 2023 09:34:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62874
IP address blocks:        2a03:f87:daa4::/48 maxlen: 48
                          2a03:f87:caac::/48 maxlen: 48
                          2a03:f87:daac::/48 maxlen: 48
                          2a03:f87:daa1::/48 maxlen: 48
                          2a03:f87:daa3::/48 maxlen: 48
                          2a03:f87:caab::/48 maxlen: 48
                          2a03:f87:daab::/48 maxlen: 48
                          2a03:f87:caad::/48 maxlen: 48
                          2a03:f87:daad::/48 maxlen: 48
                          2a03:f87:daa2::/48 maxlen: 48
                          2a03:f87:daaa::/48 maxlen: 48
                          2a03:f87:caaa::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:af:06:44:6c:3f:2e:9a:1e:87:86:af:a2:d0:7e:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 09:34:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d54c6dc93bb48d1793aafb278966fe8653f0b081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0c:1d:52:53:40:18:54:76:ae:db:82:62:0a:
                    d5:97:77:d0:dc:39:59:5d:3e:31:69:c4:ba:da:fa:
                    9b:d3:45:80:58:5f:29:71:3e:a5:93:b7:f7:72:70:
                    8a:8c:cf:8c:71:04:3f:c4:dc:95:31:ec:33:4e:b5:
                    10:3b:88:9f:d0:06:95:62:7b:80:e2:56:87:93:52:
                    39:06:12:68:73:52:1e:12:5f:d8:9f:0e:74:2f:19:
                    8a:47:59:1f:05:21:fe:25:37:1e:70:dd:4a:f5:8e:
                    5b:e6:c3:2a:b9:5d:79:53:2b:b0:fd:8c:06:e5:7e:
                    e2:52:af:b6:5d:ab:4c:c0:27:0e:53:af:eb:ac:8e:
                    d8:cf:97:c8:93:35:21:2d:cd:15:f0:88:70:8e:cd:
                    05:06:bd:03:75:b1:e2:6e:0f:78:38:08:cf:03:ee:
                    41:62:4c:f0:20:62:c2:78:a3:b4:18:59:55:d9:05:
                    2e:0c:ab:5f:8c:11:19:da:e5:52:e5:4e:47:0c:91:
                    5e:10:cf:ee:5f:61:2c:cc:10:6d:6b:03:9c:d3:86:
                    b0:5a:38:24:a1:59:11:a5:ee:a1:32:c6:4c:ad:c0:
                    08:28:7e:93:4d:a5:f4:74:46:d1:fe:aa:6d:3a:82:
                    8a:07:89:9f:2f:ff:aa:27:02:af:0e:4f:95:22:cb:
                    cc:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:4C:6D:C9:3B:B4:8D:17:93:AA:FB:27:89:66:FE:86:53:F0:B0:81
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/1UxtyTu0jReTqvsniWb-hlPwsIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f87:caaa::-2a03:f87:caad:ffff:ffff:ffff:ffff:ffff
                  2a03:f87:daa1::-2a03:f87:daa4:ffff:ffff:ffff:ffff:ffff
                  2a03:f87:daaa::-2a03:f87:daad:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         5b:17:c0:79:f0:ff:ad:a2:5f:8a:d9:72:98:75:8f:98:f0:a5:
         2e:a1:b0:cb:e5:21:c1:c8:30:92:98:08:a8:9c:3d:97:47:d4:
         d4:ee:7c:7c:e0:d8:f7:95:e7:26:33:81:82:c2:ea:f4:05:48:
         ea:78:d4:c4:be:28:70:51:a5:39:9e:02:e2:60:52:64:bc:bb:
         16:89:52:0c:a7:a0:b8:9e:36:f3:9e:93:b2:c0:98:aa:5f:8e:
         a3:ef:d2:98:69:ff:77:92:ac:95:ea:5b:94:85:9c:71:6d:22:
         2d:e6:a4:b0:00:bc:32:53:4c:a3:41:82:94:28:d9:36:9c:76:
         0f:21:59:7e:7f:0b:2f:2a:50:07:d3:22:a0:2b:74:3e:dd:6a:
         00:5a:e1:ea:3e:dc:13:c9:a2:4c:91:36:64:40:58:f6:2a:6f:
         54:78:eb:d8:76:07:7f:40:66:91:41:1e:da:6a:60:1a:f2:e2:
         36:a4:c7:e2:b4:e7:93:eb:da:d9:43:e2:58:7b:65:89:ee:72:
         e2:3a:1d:6e:b1:e1:84:db:a9:66:09:17:fb:e7:97:22:74:ad:
         d4:3b:ca:8c:8f:6a:1f:4a:61:1f:43:04:fc:be:74:90:69:e8:
         b2:9e:54:c1:5e:b7:13:8d:34:ea:b2:95:d6:20:8c:75:00:e9:
         38:e8:34:7e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVsrwZEbD8umh6Hhq+i0H6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjMwMTAxMDkzNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTRjNmRjOTNiYjQ4ZDE3OTNhYWZiMjc4OTY2ZmU4NjUzZjBiMDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwwdUlNAGFR2rtuCYgrVl3fQ3DlZ
XT4xacS62vqb00WAWF8pcT6lk7f3cnCKjM+McQQ/xNyVMewzTrUQO4if0AaVYnuA
4laHk1I5BhJoc1IeEl/Ynw50LxmKR1kfBSH+JTcecN1K9Y5b5sMquV15Uyuw/YwG
5X7iUq+2XatMwCcOU6/rrI7Yz5fIkzUhLc0V8Ihwjs0FBr0DdbHibg94OAjPA+5B
YkzwIGLCeKO0GFlV2QUuDKtfjBEZ2uVS5U5HDJFeEM/uX2EszBBtawOc04awWjgk
oVkRpe6hMsZMrcAIKH6TTaX0dEbR/qptOoKKB4mfL/+qJwKvDk+VIsvMdQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNVMbck7tI0Xk6r7J4lm/oZT8LCBMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvMVV4dHlUdTBqUmVUcXZzbmlXYi1obFB3c0lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAAjA8MBIDBwEqAw+H
yqoDBwEqAw+HyqwwEgMHACoDD4faoQMHACoDD4fapDASAwcBKgMPh9qqAwcBKgMP
h9qsMA0GCSqGSIb3DQEBCwUAA4IBAQBbF8B58P+tol+K2XKYdY+Y8KUuobDL5SHB
yDCSmAionD2XR9TU7nx84Nj3lecmM4GCwur0BUjqeNTEvihwUaU5ngLiYFJkvLsW
iVIMp6C4njbznpOywJiqX46j79KYaf93kqyV6luUhZxxbSIt5qSwALwyU0yjQYKU
KNk2nHYPIVl+fwsvKlAH0yKgK3Q+3WoAWuHqPtwTyaJMkTZkQFj2Km9UeOvYdgd/
QGaRQR7aamAa8uI2pMfitOeT69rZQ+JYe2WJ7nLiOh1useGE26lmCRf755cidK3U
O8qMj2ofSmEfQwT8vnSQaeiynlTBXrcTjTTqspXWIIx1AOk46DR+
-----END CERTIFICATE-----