Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/d38ec1-d4c6-40fb-ab1d-d202f2a40081/1/G2bDOf8LMBQy0mzeyT16Q_VUV4M.roa
File:                     G2bDOf8LMBQy0mzeyT16Q_VUV4M.roa (raw, json)
Hash identifier:          KDUGg+yyrDa5mIuVOQ57XCKl0iLI5N/QJ2w66mG46iI=
Subject key identifier:   1B:66:C3:39:FF:0B:30:14:32:D2:6C:DE:C9:3D:7A:43:F5:54:57:83
Certificate issuer:       /CN=2d1815b0c9dc9ee2207ec9417cdec2bc4be23c61
Certificate serial:       0185708CCDB1A86C95F7ED1E96FA3A310213
Authority key identifier: 2D:18:15:B0:C9:DC:9E:E2:20:7E:C9:41:7C:DE:C2:BC:4B:E2:3C:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRgVsMncnuIgfslBfN7CvEviPGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/d38ec1-d4c6-40fb-ab1d-d202f2a40081/1/G2bDOf8LMBQy0mzeyT16Q_VUV4M.roa
Signing time:             Mon 02 Jan 2023 03:35:53 +0000
ROA not before:           Mon 02 Jan 2023 03:35:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25274
IP address blocks:        45.138.88.0/22 maxlen: 22
                          45.140.232.0/22 maxlen: 22
                          37.218.232.0/21 maxlen: 21
                          45.10.28.0/22 maxlen: 22
                          85.235.92.0/22 maxlen: 22
                          185.40.136.0/22 maxlen: 22
                          45.132.200.0/22 maxlen: 22
                          185.153.216.0/22 maxlen: 22
                          109.105.0.0/19 maxlen: 19
                          45.134.236.0/22 maxlen: 22
                          2a00:d240::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:8c:cd:b1:a8:6c:95:f7:ed:1e:96:fa:3a:31:02:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1815b0c9dc9ee2207ec9417cdec2bc4be23c61
        Validity
            Not Before: Jan  2 03:35:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1b66c339ff0b301432d26cdec93d7a43f5545783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d6:90:f1:52:c4:17:60:00:a4:4c:10:76:b3:
                    27:fc:3f:c0:89:07:54:ee:a9:5c:b9:69:cc:b2:cb:
                    51:1d:bb:01:6f:2b:49:09:46:8b:3e:19:41:79:08:
                    ba:f8:ef:1f:fa:61:bb:d4:c6:53:5c:49:f2:c9:76:
                    a7:e3:f9:18:7f:44:87:fd:12:12:80:1d:0c:6d:6a:
                    52:4e:32:64:81:ff:d8:eb:ae:b5:32:4e:ce:af:52:
                    ac:d5:aa:e8:25:6a:9b:73:e1:14:38:cf:32:cf:fe:
                    38:f1:55:eb:a4:a0:9b:04:9a:31:5d:bf:77:0a:f8:
                    a9:9d:00:7e:cb:59:26:91:9d:20:a1:c2:0c:f3:cf:
                    1b:33:25:ff:e4:3a:dc:a3:21:ea:4e:5d:aa:72:6b:
                    74:cb:18:76:3f:cd:d3:97:42:54:cf:2e:1d:5a:96:
                    e0:d7:56:8f:7a:f3:ae:ab:5b:c1:60:d7:7e:93:85:
                    c5:6f:cd:d6:ce:1f:48:96:dd:73:4b:09:3e:26:5b:
                    7a:f2:06:3b:f6:d2:5d:06:a5:85:cf:30:e4:af:c0:
                    18:ac:d1:58:b9:e9:3e:dc:d7:63:56:07:d6:02:5c:
                    3a:7e:d9:0e:cf:56:50:ec:71:19:02:52:97:ef:1a:
                    22:a5:47:52:0c:87:84:e6:21:00:59:2d:40:75:c3:
                    10:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:66:C3:39:FF:0B:30:14:32:D2:6C:DE:C9:3D:7A:43:F5:54:57:83
            X509v3 Authority Key Identifier:
                keyid:2D:18:15:B0:C9:DC:9E:E2:20:7E:C9:41:7C:DE:C2:BC:4B:E2:3C:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRgVsMncnuIgfslBfN7CvEviPGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/d38ec1-d4c6-40fb-ab1d-d202f2a40081/1/G2bDOf8LMBQy0mzeyT16Q_VUV4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/d38ec1-d4c6-40fb-ab1d-d202f2a40081/1/LRgVsMncnuIgfslBfN7CvEviPGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.218.232.0/21
                  45.10.28.0/22
                  45.132.200.0/22
                  45.134.236.0/22
                  45.138.88.0/22
                  45.140.232.0/22
                  85.235.92.0/22
                  109.105.0.0/19
                  185.40.136.0/22
                  185.153.216.0/22
                IPv6:
                  2a00:d240::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:7b:94:22:1f:10:cf:b6:4b:ef:aa:d5:2e:7c:92:a6:f3:49:
         bf:e9:e1:58:1c:1a:73:b2:b1:89:3d:41:fd:e7:06:a5:2b:41:
         ad:ac:c7:3c:f5:39:49:77:bc:3e:93:ef:a1:23:fd:d9:07:d7:
         5e:94:52:4b:39:a2:de:64:7b:10:5e:ed:5c:5c:d8:d1:10:d4:
         f4:43:d8:7e:0b:73:72:9d:55:6f:f4:75:c3:d4:77:9c:8d:64:
         a8:89:c0:3a:49:92:2b:08:dd:84:15:f8:a4:ed:af:93:0a:fc:
         30:62:28:f5:eb:a1:7c:96:0c:09:28:f1:df:94:e6:0f:9e:63:
         34:fe:31:ee:ff:52:18:da:2b:b2:df:63:73:3a:b1:bf:71:fd:
         da:d7:a8:43:3d:be:2e:71:23:af:1f:36:53:46:4e:e5:b8:ca:
         40:b8:08:9a:69:d8:41:f9:32:02:ca:50:e8:bf:07:0e:fd:b6:
         ad:77:b6:bc:05:67:28:11:3b:4a:87:48:a2:89:ff:cb:90:e0:
         95:0a:ad:17:88:4b:31:e7:87:88:6e:ca:62:d8:a0:eb:2d:51:
         fc:c8:a8:13:d4:9a:ed:d7:eb:3e:48:4a:46:59:20:d2:33:93:
         46:27:7f:c0:37:8d:1e:3e:88:4d:78:a7:09:c8:2d:3e:2b:60:
         0c:78:a2:74
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYVwjM2xqGyV9+0elvo6MQITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMTgxNWIwYzlkYzllZTIyMDdlYzk0MTdjZGVjMmJjNGJl
MjNjNjEwHhcNMjMwMTAyMDMzNTUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjY2YzMzOWZmMGIzMDE0MzJkMjZjZGVjOTNkN2E0M2Y1NTQ1NzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNaQ8VLEF2AApEwQdrMn/D/AiQdU
7qlcuWnMsstRHbsBbytJCUaLPhlBeQi6+O8f+mG71MZTXEnyyXan4/kYf0SH/RIS
gB0MbWpSTjJkgf/Y6661Mk7Or1Ks1aroJWqbc+EUOM8yz/448VXrpKCbBJoxXb93
CvipnQB+y1kmkZ0gocIM888bMyX/5DrcoyHqTl2qcmt0yxh2P83Tl0JUzy4dWpbg
11aPevOuq1vBYNd+k4XFb83Wzh9Ilt1zSwk+Jlt68gY79tJdBqWFzzDkr8AYrNFY
uek+3NdjVgfWAlw6ftkOz1ZQ7HEZAlKX7xoipUdSDIeE5iEAWS1AdcMQWwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFBtmwzn/CzAUMtJs3sk9ekP1VFeDMB8GA1UdIwQY
MBaAFC0YFbDJ3J7iIH7JQXzewrxL4jxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJnVnNNbmNudUlnZnNsQmZON0N2RXZpUEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9kMzhlYzEtZDRjNi00MGZiLWFiMWQt
ZDIwMmYyYTQwMDgxLzEvRzJiRE9mOExNQlF5MG16ZXlUMTZRX1ZVVjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9kMzhlYzEtZDRjNi00MGZiLWFiMWQtZDIwMmYyYTQwMDgx
LzEvTFJnVnNNbmNudUlnZnNsQmZON0N2RXZpUEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDJdroAwQC
LQocAwQCLYTIAwQCLYbsAwQCLYpYAwQCLYzoAwQCVetcAwQFbWkAAwQCuSiIAwQC
uZnYMA0EAgACMAcDBQAqANJAMA0GCSqGSIb3DQEBCwUAA4IBAQBre5QiHxDPtkvv
qtUufJKm80m/6eFYHBpzsrGJPUH95walK0GtrMc89TlJd7w+k++hI/3ZB9delFJL
OaLeZHsQXu1cXNjRENT0Q9h+C3NynVVv9HXD1HecjWSoicA6SZIrCN2EFfik7a+T
CvwwYij166F8lgwJKPHflOYPnmM0/jHu/1IY2iuy32NzOrG/cf3a16hDPb4ucSOv
HzZTRk7luMpAuAiaadhB+TICylDovwcO/batd7a8BWcoETtKh0iiif/LkOCVCq0X
iEsx54eIbspi2KDrLVH8yKgT1Jrt1+s+SEpGWSDSM5NGJ3/AN40ePohNeKcJyC0+
K2AMeKJ0
-----END CERTIFICATE-----