Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/NfWmauNFpb2-x6lZ0pn8SeCY5Yk.roa
File:                     NfWmauNFpb2-x6lZ0pn8SeCY5Yk.roa (raw, json)
Hash identifier:          8T9DpZqdviXQeXRb7odTpr/cm/1g+amWu1nzsuJCgvc=
Subject key identifier:   35:F5:A6:6A:E3:45:A5:BD:BE:C7:A9:59:D2:99:FC:49:E0:98:E5:89
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       018B29A6BF7DD7C032988230279E00E10FA6
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/NfWmauNFpb2-x6lZ0pn8SeCY5Yk.roa
Signing time:             Fri 13 Oct 2023 15:27:55 +0000
ROA not before:           Fri 13 Oct 2023 15:27:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     395092
IP address blocks:        217.195.152.0/22 maxlen: 22
                          213.108.246.0/23 maxlen: 23
                          45.95.16.0/22 maxlen: 22
                          185.93.222.0/23 maxlen: 24
                          213.139.204.0/22 maxlen: 22
                          45.155.36.0/22 maxlen: 22
                          2a0d:9ec2::/48 maxlen: 48
                          2a0d:9ec0::/48 maxlen: 48
                          2a0d:d8c0::/48 maxlen: 48
                          2a0d:d8c0:1::/48 maxlen: 48
                          2a0d:9ec1::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:29:a6:bf:7d:d7:c0:32:98:82:30:27:9e:00:e1:0f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Oct 13 15:27:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=35f5a66ae345a5bdbec7a959d299fc49e098e589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:44:40:8f:e2:4f:9e:b6:66:68:e0:a8:5d:66:
                    1b:bd:4c:b0:c5:65:0b:1a:bb:d2:7c:c9:4c:8c:94:
                    81:59:a3:27:30:de:ef:38:94:b6:f6:db:32:c1:cc:
                    fc:de:60:46:12:af:23:89:db:08:63:f2:68:8a:26:
                    46:f0:93:61:be:41:10:2d:d6:3a:08:aa:ff:b2:73:
                    16:50:f4:5a:50:13:16:a1:d7:3f:03:74:12:8e:32:
                    cd:79:37:2f:f5:15:ec:37:d4:fe:0c:40:e1:1c:f7:
                    0a:66:3a:25:8a:92:4e:75:4c:c4:4f:18:60:37:3e:
                    30:d2:75:51:4a:e3:93:ea:0f:ec:68:76:bf:79:d5:
                    66:a0:a5:60:99:90:a8:d0:34:5c:69:e3:bf:33:6d:
                    3a:d5:35:b9:78:c2:c5:3e:1f:9e:9e:d7:f5:29:10:
                    85:6d:63:39:a4:d6:9e:4b:ce:b1:66:d7:89:84:a5:
                    34:51:f5:03:fa:fa:b3:c6:28:06:54:ec:29:dd:d9:
                    d3:4e:c3:61:72:2a:1a:b9:05:dd:91:67:45:0c:63:
                    5f:13:3d:a3:b5:25:c0:72:3c:5a:cb:b1:3a:2e:c9:
                    dc:20:d4:df:11:95:d4:dc:81:d6:dc:29:62:eb:cf:
                    e4:92:9b:d5:5e:af:aa:b4:46:bf:f3:1c:4b:86:81:
                    d1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F5:A6:6A:E3:45:A5:BD:BE:C7:A9:59:D2:99:FC:49:E0:98:E5:89
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/NfWmauNFpb2-x6lZ0pn8SeCY5Yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.16.0/22
                  45.155.36.0/22
                  185.93.222.0/23
                  213.108.246.0/23
                  213.139.204.0/22
                  217.195.152.0/22
                IPv6:
                  2a0d:9ec0::/48
                  2a0d:9ec1::/48
                  2a0d:9ec2::/48
                  2a0d:d8c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         28:d1:5e:ac:f3:f4:f3:08:33:ed:1d:0b:a6:fa:df:31:b3:49:
         9c:20:4f:fc:5d:d4:9f:bd:1c:1e:5b:d9:f7:28:88:c8:a4:0f:
         a5:37:92:13:36:a6:e1:02:0d:ca:35:05:d3:e5:f7:ef:19:db:
         25:78:64:5c:c2:7c:2c:0f:83:83:bb:5a:1e:36:23:0a:61:7e:
         32:4d:79:c2:e3:f6:97:80:2c:33:42:49:b8:c4:16:49:76:c1:
         8d:ba:06:ac:09:e2:27:a7:c1:51:27:28:15:ce:96:fb:e5:bc:
         f0:03:d3:46:18:ff:eb:ea:0c:f4:a4:a8:63:4a:34:f9:63:f7:
         be:e8:ae:34:9a:88:14:81:b5:22:69:47:3f:3b:06:2f:72:0e:
         eb:64:86:97:97:ce:33:c2:32:80:08:ec:af:64:6d:6d:77:2c:
         56:f4:4f:95:22:95:e5:dd:94:f6:c1:0d:08:64:2d:ae:78:46:
         7e:e2:10:8d:c8:35:0d:8b:d6:29:8b:41:21:2c:70:db:07:3e:
         6c:84:ac:40:6e:00:c4:3f:62:ab:62:5b:2d:23:c1:e6:00:63:
         eb:4e:c0:ad:96:ff:22:ee:68:d6:d0:29:17:41:c9:f3:4a:8f:
         9c:48:13:cb:c9:dd:97:62:0f:0e:04:28:f4:5d:99:f6:3f:b6:
         b1:cc:e4:a1
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYsppr9918AymIIwJ54A4Q+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjMxMDEzMTUyNzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWY1YTY2YWUzNDVhNWJkYmVjN2E5NTlkMjk5ZmM0OWUwOThlNTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlERAj+JPnrZmaOCoXWYbvUywxWUL
GrvSfMlMjJSBWaMnMN7vOJS29tsywcz83mBGEq8jidsIY/JoiiZG8JNhvkEQLdY6
CKr/snMWUPRaUBMWodc/A3QSjjLNeTcv9RXsN9T+DEDhHPcKZjolipJOdUzETxhg
Nz4w0nVRSuOT6g/saHa/edVmoKVgmZCo0DRcaeO/M2061TW5eMLFPh+entf1KRCF
bWM5pNaeS86xZteJhKU0UfUD+vqzxigGVOwp3dnTTsNhcioauQXdkWdFDGNfEz2j
tSXAcjxay7E6LsncINTfEZXU3IHW3Cli68/kkpvVXq+qtEa/8xxLhoHR/wIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFDX1pmrjRaW9vsepWdKZ/EngmOWJMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvTmZXbWF1TkZwYjIteDZsWjBwbjhTZUNZNVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDAqBAIAATAkAwQCLV8QAwQC
LZskAwQBuV3eAwQB1Wz2AwQC1YvMAwQC2cOYMCoEAgACMCQDBwAqDZ7AAAADBwAq
DZ7BAAADBwAqDZ7CAAADBwEqDdjAAAAwDQYJKoZIhvcNAQELBQADggEBACjRXqzz
9PMIM+0dC6b63zGzSZwgT/xd1J+9HB5b2fcoiMikD6U3khM2puECDco1BdPl9+8Z
2yV4ZFzCfCwPg4O7Wh42IwphfjJNecLj9peALDNCSbjEFkl2wY26BqwJ4ienwVEn
KBXOlvvlvPAD00YY/+vqDPSkqGNKNPlj977orjSaiBSBtSJpRz87Bi9yDutkhpeX
zjPCMoAI7K9kbW13LFb0T5UileXdlPbBDQhkLa54Rn7iEI3INQ2L1imLQSEscNsH
PmyErEBuAMQ/YqtiWy0jweYAY+tOwK2W/yLuaNbQKRdByfNKj5xIE8vJ3ZdiDw4E
KPRdmfY/trHM5KE=
-----END CERTIFICATE-----