Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/7lE8nwVfil8avawzdH4kcLx416I.roa
File:                     7lE8nwVfil8avawzdH4kcLx416I.roa (raw, json)
Hash identifier:          UwaZGvOIGG4zNfqn90BpzNwhm6fOJ/iDuMUI2eDe0LA=
Subject key identifier:   EE:51:3C:9F:05:5F:8A:5F:1A:BD:AC:33:74:7E:24:70:BC:78:D7:A2
Certificate issuer:       /CN=3edf7b2d68ba76a0bd1ba7e9d29fac5852316b9c
Certificate serial:       018CB2B1132B2563B29CBD5BDEF027A4B142
Authority key identifier: 3E:DF:7B:2D:68:BA:76:A0:BD:1B:A7:E9:D2:9F:AC:58:52:31:6B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pt97LWi6dqC9G6fp0p-sWFIxa5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/7lE8nwVfil8avawzdH4kcLx416I.roa
Signing time:             Thu 28 Dec 2023 23:09:58 +0000
ROA not before:           Thu 28 Dec 2023 23:09:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51420
IP address blocks:        109.164.64.0/19 maxlen: 19
                          109.164.64.0/20 maxlen: 20
                          109.164.84.0/24 maxlen: 24
                          109.164.85.0/24 maxlen: 24
                          109.164.83.0/24 maxlen: 24
                          109.164.80.0/20 maxlen: 20
                          109.164.88.0/24 maxlen: 24
                          109.164.89.0/24 maxlen: 24
                          109.164.87.0/24 maxlen: 24
                          109.164.91.0/24 maxlen: 24
                          109.164.90.0/24 maxlen: 24
                          109.164.97.0/24 maxlen: 24
                          109.164.92.0/24 maxlen: 24
                          109.164.95.0/24 maxlen: 24
                          109.164.96.0/24 maxlen: 24
                          109.164.93.0/24 maxlen: 24
                          109.164.94.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:b2:b1:13:2b:25:63:b2:9c:bd:5b:de:f0:27:a4:b1:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3edf7b2d68ba76a0bd1ba7e9d29fac5852316b9c
        Validity
            Not Before: Dec 28 23:09:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ee513c9f055f8a5f1abdac33747e2470bc78d7a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d8:30:65:c9:2b:24:db:89:04:26:9a:d2:f3:
                    04:a2:55:00:a1:18:4f:81:4d:7e:bd:f5:19:23:3e:
                    41:28:c8:5c:d4:75:87:d0:e0:db:ed:99:95:8d:b5:
                    7b:00:5b:1c:73:6d:14:4f:a2:ea:f6:5d:05:2d:7d:
                    f2:29:fa:eb:7c:e5:32:52:6d:6e:8e:9a:b5:4d:46:
                    3a:be:a5:54:c5:da:57:3c:78:00:fc:d4:c0:b4:f0:
                    5b:15:e5:43:aa:69:77:65:c2:4c:1e:5d:07:7b:b5:
                    5e:db:ef:5b:13:26:28:90:e2:4d:9b:bc:43:1b:c2:
                    e4:e3:89:2f:0f:21:5d:0f:b4:d3:01:58:f4:91:9e:
                    b0:07:06:e2:14:10:06:26:d3:03:fe:15:6d:c0:f5:
                    dc:a3:6c:4b:8d:fc:e1:f3:2e:97:12:6c:13:b5:73:
                    57:27:40:8e:f2:26:49:94:7b:b0:8b:5b:7c:fe:55:
                    88:96:98:7b:bb:5e:2e:3e:c3:e3:bd:ad:fc:0b:3e:
                    dd:1f:c0:93:dc:dd:5d:88:d2:30:21:60:ff:40:61:
                    ce:2a:70:8a:0a:96:61:8d:46:7f:ef:a4:90:ec:85:
                    00:45:ea:83:2e:aa:fc:78:3d:36:84:81:e5:6c:1b:
                    67:b4:9f:c2:03:71:51:fd:fb:97:9b:ad:36:0b:54:
                    7b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:51:3C:9F:05:5F:8A:5F:1A:BD:AC:33:74:7E:24:70:BC:78:D7:A2
            X509v3 Authority Key Identifier:
                keyid:3E:DF:7B:2D:68:BA:76:A0:BD:1B:A7:E9:D2:9F:AC:58:52:31:6B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pt97LWi6dqC9G6fp0p-sWFIxa5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/7lE8nwVfil8avawzdH4kcLx416I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/Pt97LWi6dqC9G6fp0p-sWFIxa5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.164.64.0-109.164.97.255

    Signature Algorithm: sha256WithRSAEncryption
         44:75:fc:cd:24:62:cb:4f:b3:d3:40:0a:d4:d8:31:aa:d6:ad:
         41:3b:f5:c6:a7:8f:3a:24:f8:a3:59:b7:50:45:8f:56:1f:a4:
         5f:e9:45:87:0c:59:b8:da:f6:2c:e4:21:f4:67:27:5c:f8:e5:
         34:4b:9a:e5:c3:07:7f:a2:a8:31:ea:2f:37:88:73:eb:e0:20:
         86:5e:91:b5:fa:b0:0e:10:c0:7f:ce:7d:9a:b9:fe:2f:19:7f:
         fd:bf:9d:b3:9c:c9:ba:15:37:d2:a6:b7:3a:48:18:59:f9:fa:
         35:e0:d8:8e:0e:4a:a7:e5:f3:80:2e:ce:f3:32:9c:bf:4e:54:
         26:07:ce:d5:48:47:21:33:53:54:2e:81:67:1f:e7:84:b2:84:
         80:c2:7f:b2:38:fb:46:56:42:57:d5:1e:d5:3f:0a:91:90:db:
         64:3d:91:38:d1:85:ba:ca:8c:68:89:91:6c:39:55:ae:fe:13:
         9f:59:7f:ce:d8:da:ae:7c:bc:fc:c8:86:00:09:64:3a:47:b3:
         32:b2:33:32:1b:f4:73:7e:25:fa:a2:83:b5:12:cc:5c:66:6f:
         3d:ce:18:fe:8c:f8:76:73:8d:06:eb:78:d5:20:74:44:88:c2:
         95:69:3c:86:87:8a:15:4e:60:4c:09:3c:cd:8b:c6:fd:64:8b:
         7d:a1:f0:33
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYyysRMrJWOynL1b3vAnpLFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZGY3YjJkNjhiYTc2YTBiZDFiYTdlOWQyOWZhYzU4NTIz
MTZiOWMwHhcNMjMxMjI4MjMwOTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTUxM2M5ZjA1NWY4YTVmMWFiZGFjMzM3NDdlMjQ3MGJjNzhkN2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9gwZckrJNuJBCaa0vMEolUAoRhP
gU1+vfUZIz5BKMhc1HWH0ODb7ZmVjbV7AFscc20UT6Lq9l0FLX3yKfrrfOUyUm1u
jpq1TUY6vqVUxdpXPHgA/NTAtPBbFeVDqml3ZcJMHl0He7Ve2+9bEyYokOJNm7xD
G8Lk44kvDyFdD7TTAVj0kZ6wBwbiFBAGJtMD/hVtwPXco2xLjfzh8y6XEmwTtXNX
J0CO8iZJlHuwi1t8/lWIlph7u14uPsPjva38Cz7dH8CT3N1diNIwIWD/QGHOKnCK
CpZhjUZ/76SQ7IUAReqDLqr8eD02hIHlbBtntJ/CA3FR/fuXm602C1R7QwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO5RPJ8FX4pfGr2sM3R+JHC8eNeiMB8GA1UdIwQY
MBaAFD7fey1ounagvRun6dKfrFhSMWucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHQ5N0xXaTZkcUM5RzZmcDBwLXNXRkl4YTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9mZTlkMWQtNGFkZS00NjMwLThhYmEt
ZjhmMGM3ZDY2MmU3LzEvN2xFOG53VmZpbDhhdmF3emRINGtjTHg0MTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9mZTlkMWQtNGFkZS00NjMwLThhYmEtZjhmMGM3ZDY2MmU3
LzEvUHQ5N0xXaTZkcUM5RzZmcDBwLXNXRkl4YTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAZtpEAD
BAFtpGAwDQYJKoZIhvcNAQELBQADggEBAER1/M0kYstPs9NACtTYMarWrUE79can
jzok+KNZt1BFj1YfpF/pRYcMWbja9izkIfRnJ1z45TRLmuXDB3+iqDHqLzeIc+vg
IIZekbX6sA4QwH/OfZq5/i8Zf/2/nbOcyboVN9KmtzpIGFn5+jXg2I4OSqfl84Au
zvMynL9OVCYHztVIRyEzU1QugWcf54SyhIDCf7I4+0ZWQlfVHtU/CpGQ22Q9kTjR
hbrKjGiJkWw5Va7+E59Zf87Y2q58vPzIhgAJZDpHszKyMzIb9HN+Jfqig7USzFxm
bz3OGP6M+HZzjQbreNUgdESIwpVpPIaHihVOYEwJPM2Lxv1ki32h8DM=
-----END CERTIFICATE-----