Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/952cd7-3297-4eaf-854f-b0afd45dcd78/1/Iq2akMwBDAIeYHZd7Ca-YpoiuWQ.roa
File:                     Iq2akMwBDAIeYHZd7Ca-YpoiuWQ.roa (raw, json)
Hash identifier:          DUpaGEOVUGn7qNWighinOVe66Xta2E2xfsodwPu2l2Q=
Subject key identifier:   22:AD:9A:90:CC:01:0C:02:1E:60:76:5D:EC:26:BE:62:9A:22:B9:64
Certificate issuer:       /CN=06c746cd7d4df95a6d03ca9554a754760d5e4e06
Certificate serial:       018CC86EFAC6C4518DA568B2C99E5135D239
Authority key identifier: 06:C7:46:CD:7D:4D:F9:5A:6D:03:CA:95:54:A7:54:76:0D:5E:4E:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BsdGzX1N-VptA8qVVKdUdg1eTgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/952cd7-3297-4eaf-854f-b0afd45dcd78/1/Iq2akMwBDAIeYHZd7Ca-YpoiuWQ.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199544
IP address blocks:        185.14.243.0/24 maxlen: 24
                          185.14.241.0/24 maxlen: 24
                          91.239.255.0/24 maxlen: 24
                          185.14.240.0/24 maxlen: 24
                          2a03:7ec0:3131::/48 maxlen: 48
                          2a03:7ec0:2424::/48 maxlen: 48
                          2a03:7ec0:57f::/48 maxlen: 48
                          2a03:7ec0:31ff::/48 maxlen: 48
                          2a03:7ec0:3100::/40 maxlen: 48
                          2a03:7ec0:3000::/40 maxlen: 48
                          2a03:7ec0:3100::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fa:c6:c4:51:8d:a5:68:b2:c9:9e:51:35:d2:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c746cd7d4df95a6d03ca9554a754760d5e4e06
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22ad9a90cc010c021e60765dec26be629a22b964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:14:21:53:aa:1b:d2:e1:ed:77:cf:8f:89:ef:
                    63:f7:dd:3e:77:cc:26:51:99:45:39:89:13:a4:f8:
                    a1:ae:10:95:ac:49:d8:b8:1f:71:fe:f7:45:13:c5:
                    86:32:6c:68:db:dd:d7:12:30:61:68:51:be:7a:94:
                    e0:d4:3c:7e:66:3f:8d:fc:28:ba:a4:35:1a:e1:1e:
                    71:e6:c1:77:da:19:92:23:66:8c:5d:8f:71:f1:ab:
                    f1:fd:5a:3c:f4:93:53:9b:50:83:e7:22:c3:f3:87:
                    40:d7:a9:06:89:c0:75:a1:16:91:6a:33:e4:eb:1c:
                    26:67:13:4d:58:dc:0c:78:e7:8f:33:fe:07:7e:44:
                    69:d2:48:d2:cb:63:27:71:fd:4b:52:2c:5b:4d:21:
                    16:8c:c9:cb:b0:b3:d8:d2:5a:27:45:25:e7:a0:fd:
                    3b:b4:81:15:ab:07:99:f4:dd:8d:2d:e3:76:89:21:
                    2a:df:1e:57:69:7c:4a:94:f5:36:54:50:f8:05:e8:
                    8d:c9:55:9e:f8:f1:db:17:30:9d:c5:63:4d:fa:54:
                    f0:0a:82:5b:3c:f0:a4:7e:9e:fb:a8:f4:4a:15:4e:
                    f8:08:82:d1:88:01:00:e7:1a:da:70:c6:23:49:c8:
                    98:b4:55:da:f8:d2:04:19:b8:27:5e:3f:81:9e:41:
                    20:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AD:9A:90:CC:01:0C:02:1E:60:76:5D:EC:26:BE:62:9A:22:B9:64
            X509v3 Authority Key Identifier:
                keyid:06:C7:46:CD:7D:4D:F9:5A:6D:03:CA:95:54:A7:54:76:0D:5E:4E:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BsdGzX1N-VptA8qVVKdUdg1eTgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/952cd7-3297-4eaf-854f-b0afd45dcd78/1/Iq2akMwBDAIeYHZd7Ca-YpoiuWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/952cd7-3297-4eaf-854f-b0afd45dcd78/1/BsdGzX1N-VptA8qVVKdUdg1eTgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.255.0/24
                  185.14.240.0/23
                  185.14.243.0/24
                IPv6:
                  2a03:7ec0:57f::/48
                  2a03:7ec0:2424::/48
                  2a03:7ec0:3000::/39

    Signature Algorithm: sha256WithRSAEncryption
         7a:a2:9f:f4:0b:f9:37:59:05:0d:11:c3:50:20:3e:f0:b8:d4:
         00:8a:75:1d:d0:da:0c:9c:14:60:ef:be:de:f6:07:12:0f:40:
         60:5d:38:3c:f3:07:07:ae:70:fc:65:4a:d0:1a:71:41:e7:d0:
         fb:a0:89:02:ee:55:d2:c2:75:71:ec:85:29:e2:82:8e:ec:71:
         85:a4:2e:4a:06:65:a9:90:c1:e9:37:f5:92:60:7c:98:96:66:
         81:ef:3b:7b:22:00:c5:dc:f2:af:de:b9:68:ea:98:6a:87:d6:
         d2:63:26:91:2b:6d:5d:e6:9c:9f:b1:96:3b:d6:a1:a7:43:c8:
         0e:76:d7:85:1c:3b:b7:bf:12:d1:7d:ce:24:1f:ef:c1:6d:01:
         85:49:66:15:1f:72:41:61:bb:b1:24:85:e0:74:41:a4:7c:c0:
         4c:90:f0:95:13:7c:75:b3:43:85:4d:41:5e:9d:5c:97:52:10:
         e2:db:e4:a2:99:62:83:ec:1c:1a:3a:7e:ff:24:56:76:94:e3:
         5c:36:b2:1d:75:5d:22:0f:28:20:88:be:38:a4:c5:6e:4f:60:
         22:ad:0a:35:62:b1:ea:05:ab:4a:d1:a1:20:26:74:49:9e:92:
         32:93:fb:ff:08:fa:0f:c0:ea:9a:13:11:a0:90:6e:58:75:d1:
         b2:35:fc:ef
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzIbvrGxFGNpWiyyZ5RNdI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2Yzc0NmNkN2Q0ZGY5NWE2ZDAzY2E5NTU0YTc1NDc2MGQ1
ZTRlMDYwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmFkOWE5MGNjMDEwYzAyMWU2MDc2NWRlYzI2YmU2MjlhMjJiOTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxQhU6ob0uHtd8+Pie9j990+d8wm
UZlFOYkTpPihrhCVrEnYuB9x/vdFE8WGMmxo293XEjBhaFG+epTg1Dx+Zj+N/Ci6
pDUa4R5x5sF32hmSI2aMXY9x8avx/Vo89JNTm1CD5yLD84dA16kGicB1oRaRajPk
6xwmZxNNWNwMeOePM/4HfkRp0kjSy2Mncf1LUixbTSEWjMnLsLPY0lonRSXnoP07
tIEVqweZ9N2NLeN2iSEq3x5XaXxKlPU2VFD4BeiNyVWe+PHbFzCdxWNN+lTwCoJb
PPCkfp77qPRKFU74CILRiAEA5xracMYjSciYtFXa+NIEGbgnXj+BnkEgywIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFCKtmpDMAQwCHmB2XewmvmKaIrlkMB8GA1UdIwQY
MBaAFAbHRs19TflabQPKlVSnVHYNXk4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNkR3pYMU4tVnB0QThxVlZLZFVkZzFlVGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi85NTJjZDctMzI5Ny00ZWFmLTg1NGYt
YjBhZmQ0NWRjZDc4LzEvSXEyYWtNd0JEQUllWUhaZDdDYS1ZcG9pdVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi85NTJjZDctMzI5Ny00ZWFmLTg1NGYtYjBhZmQ0NWRjZDc4
LzEvQnNkR3pYMU4tVnB0QThxVlZLZFVkZzFlVGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAYBAIAATASAwQAW+//AwQB
uQ7wAwQAuQ7zMCAEAgACMBoDBwAqA37ABX8DBwAqA37AJCQDBgEqA37AMDANBgkq
hkiG9w0BAQsFAAOCAQEAeqKf9Av5N1kFDRHDUCA+8LjUAIp1HdDaDJwUYO++3vYH
Eg9AYF04PPMHB65w/GVK0BpxQefQ+6CJAu5V0sJ1ceyFKeKCjuxxhaQuSgZlqZDB
6Tf1kmB8mJZmge87eyIAxdzyr965aOqYaofW0mMmkSttXeacn7GWO9ahp0PIDnbX
hRw7t78S0X3OJB/vwW0BhUlmFR9yQWG7sSSF4HRBpHzATJDwlRN8dbNDhU1BXp1c
l1IQ4tvkoplig+wcGjp+/yRWdpTjXDayHXVdIg8oIIi+OKTFbk9gIq0KNWKx6gWr
StGhICZ0SZ6SMpP7/wj6D8DqmhMRoJBuWHXRsjX87w==
-----END CERTIFICATE-----