Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/d38ec1-d4c6-40fb-ab1d-d202f2a40081/1/nk_2IGxGzglqGCmgUwXl2ZjUjks.roa
File:                     nk_2IGxGzglqGCmgUwXl2ZjUjks.roa (raw, json)
Hash identifier:          9K9Xmcxn9/A3p7KmDP+pZZEnvaf3nbeYBRhry4zYv2U=
Subject key identifier:   9E:4F:F6:20:6C:46:CE:09:6A:18:29:A0:53:05:E5:D9:98:D4:8E:4B
Certificate issuer:       /CN=2d1815b0c9dc9ee2207ec9417cdec2bc4be23c61
Certificate serial:       018A98CDF9A1FD48F6944F5FAD55ECF6A851
Authority key identifier: 2D:18:15:B0:C9:DC:9E:E2:20:7E:C9:41:7C:DE:C2:BC:4B:E2:3C:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRgVsMncnuIgfslBfN7CvEviPGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/d38ec1-d4c6-40fb-ab1d-d202f2a40081/1/nk_2IGxGzglqGCmgUwXl2ZjUjks.roa
Signing time:             Fri 15 Sep 2023 12:25:50 +0000
ROA not before:           Fri 15 Sep 2023 12:25:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25274
IP address blocks:        45.138.88.0/22 maxlen: 22
                          45.140.232.0/22 maxlen: 22
                          37.218.232.0/21 maxlen: 21
                          45.10.28.0/22 maxlen: 22
                          85.235.92.0/22 maxlen: 22
                          185.40.136.0/22 maxlen: 22
                          109.105.0.0/19 maxlen: 24
                          45.132.200.0/22 maxlen: 22
                          185.153.216.0/22 maxlen: 22
                          45.134.236.0/22 maxlen: 22
                          2a00:d240::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:98:cd:f9:a1:fd:48:f6:94:4f:5f:ad:55:ec:f6:a8:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1815b0c9dc9ee2207ec9417cdec2bc4be23c61
        Validity
            Not Before: Sep 15 12:25:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9e4ff6206c46ce096a1829a05305e5d998d48e4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:84:41:38:70:c7:10:6d:4b:c5:09:4f:78:21:
                    60:ff:80:23:4d:33:c8:b1:f4:a3:50:b3:87:3f:fa:
                    75:11:c7:a6:ff:f4:a7:7e:93:cd:20:11:36:1d:47:
                    33:b6:99:28:b9:f3:56:50:45:aa:7e:aa:25:1e:91:
                    8d:eb:13:c0:e1:ee:5f:a8:bc:32:8a:5d:0e:a0:f6:
                    98:22:ac:c4:09:8f:4d:f4:c9:9a:df:a1:83:d9:93:
                    5e:7f:62:9b:9b:e0:1b:ff:8b:2b:d3:e9:9c:19:d4:
                    de:aa:56:19:e0:2d:ad:c2:c2:71:71:d1:e0:48:a4:
                    5d:70:fe:95:54:55:c6:89:d0:8e:ce:8b:59:c0:4e:
                    d3:01:07:24:4b:80:0e:ba:0b:3c:c4:0a:41:56:32:
                    e3:78:3f:cc:3a:da:82:26:ea:26:d7:ed:8f:17:b5:
                    fc:b5:ce:d0:57:6f:c4:87:ea:06:47:13:3e:ce:62:
                    b1:7f:bf:d5:ed:3d:6e:92:44:6d:f8:9b:25:80:92:
                    7d:98:75:13:6e:58:e3:f2:46:6b:0c:b5:9d:81:c9:
                    e4:01:9f:f2:ca:ea:70:06:89:fa:f6:a5:f3:9c:d8:
                    f1:47:49:3c:fa:1f:33:44:e6:bb:fc:30:12:4a:9f:
                    b0:c3:3a:db:b3:48:97:e7:66:e9:6b:7f:8c:e4:8c:
                    22:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:4F:F6:20:6C:46:CE:09:6A:18:29:A0:53:05:E5:D9:98:D4:8E:4B
            X509v3 Authority Key Identifier:
                keyid:2D:18:15:B0:C9:DC:9E:E2:20:7E:C9:41:7C:DE:C2:BC:4B:E2:3C:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRgVsMncnuIgfslBfN7CvEviPGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/d38ec1-d4c6-40fb-ab1d-d202f2a40081/1/nk_2IGxGzglqGCmgUwXl2ZjUjks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/d38ec1-d4c6-40fb-ab1d-d202f2a40081/1/LRgVsMncnuIgfslBfN7CvEviPGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.218.232.0/21
                  45.10.28.0/22
                  45.132.200.0/22
                  45.134.236.0/22
                  45.138.88.0/22
                  45.140.232.0/22
                  85.235.92.0/22
                  109.105.0.0/19
                  185.40.136.0/22
                  185.153.216.0/22
                IPv6:
                  2a00:d240::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:5c:04:43:21:b6:eb:ac:60:cd:75:29:ae:05:ec:fb:60:eb:
         f1:08:ab:37:f2:41:f1:2f:8c:3a:ec:79:d4:c1:70:0c:72:42:
         27:aa:02:2f:d1:6d:54:15:8b:61:57:cf:ce:0a:fd:1d:bf:fe:
         f8:f1:bf:76:89:8f:2d:aa:b2:42:81:53:25:f2:73:f7:e5:96:
         41:88:f7:33:9d:22:1e:19:de:7a:89:94:75:25:84:91:eb:2f:
         47:8a:9e:38:21:6d:c6:d3:54:be:00:33:44:32:1f:3f:eb:43:
         24:3c:c2:19:ae:a7:94:c2:9f:1b:6a:a4:a3:eb:00:83:d4:76:
         d9:3e:38:a9:ed:ec:83:38:dc:0e:d3:f7:79:70:85:b0:ae:99:
         2a:e3:a1:b3:86:f0:9e:e2:a6:95:46:00:05:88:fe:75:c6:b7:
         e9:c6:de:c4:8a:62:98:92:3b:26:20:71:09:b6:dc:1c:08:a4:
         36:15:76:67:e4:a3:1c:2b:58:31:b3:16:b3:33:fe:1c:6a:91:
         ec:96:69:33:98:f8:97:07:b8:19:56:a8:10:f2:48:be:98:79:
         a0:63:7b:a7:67:89:96:5e:66:41:74:c6:0d:36:2e:ab:37:22:
         ec:6b:0b:9c:7b:ef:7a:56:a6:42:95:64:a7:e8:6d:8a:27:64:
         ac:37:9e:72
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYqYzfmh/Uj2lE9frVXs9qhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMTgxNWIwYzlkYzllZTIyMDdlYzk0MTdjZGVjMmJjNGJl
MjNjNjEwHhcNMjMwOTE1MTIyNTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTRmZjYyMDZjNDZjZTA5NmExODI5YTA1MzA1ZTVkOTk4ZDQ4ZTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oRBOHDHEG1LxQlPeCFg/4AjTTPI
sfSjULOHP/p1Ecem//SnfpPNIBE2HUcztpkoufNWUEWqfqolHpGN6xPA4e5fqLwy
il0OoPaYIqzECY9N9Mma36GD2ZNef2Kbm+Ab/4sr0+mcGdTeqlYZ4C2twsJxcdHg
SKRdcP6VVFXGidCOzotZwE7TAQckS4AOugs8xApBVjLjeD/MOtqCJuom1+2PF7X8
tc7QV2/Eh+oGRxM+zmKxf7/V7T1ukkRt+JslgJJ9mHUTbljj8kZrDLWdgcnkAZ/y
yupwBon69qXznNjxR0k8+h8zROa7/DASSp+wwzrbs0iX52bpa3+M5IwiKQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFJ5P9iBsRs4JahgpoFMF5dmY1I5LMB8GA1UdIwQY
MBaAFC0YFbDJ3J7iIH7JQXzewrxL4jxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJnVnNNbmNudUlnZnNsQmZON0N2RXZpUEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9kMzhlYzEtZDRjNi00MGZiLWFiMWQt
ZDIwMmYyYTQwMDgxLzEvbmtfMklHeEd6Z2xxR0NtZ1V3WGwyWmpVamtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9kMzhlYzEtZDRjNi00MGZiLWFiMWQtZDIwMmYyYTQwMDgx
LzEvTFJnVnNNbmNudUlnZnNsQmZON0N2RXZpUEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDJdroAwQC
LQocAwQCLYTIAwQCLYbsAwQCLYpYAwQCLYzoAwQCVetcAwQFbWkAAwQCuSiIAwQC
uZnYMA0EAgACMAcDBQAqANJAMA0GCSqGSIb3DQEBCwUAA4IBAQB+XARDIbbrrGDN
dSmuBez7YOvxCKs38kHxL4w67HnUwXAMckInqgIv0W1UFYthV8/OCv0dv/748b92
iY8tqrJCgVMl8nP35ZZBiPcznSIeGd56iZR1JYSR6y9Hip44IW3G01S+ADNEMh8/
60MkPMIZrqeUwp8baqSj6wCD1HbZPjip7eyDONwO0/d5cIWwrpkq46GzhvCe4qaV
RgAFiP51xrfpxt7EimKYkjsmIHEJttwcCKQ2FXZn5KMcK1gxsxazM/4capHslmkz
mPiXB7gZVqgQ8ki+mHmgY3unZ4mWXmZBdMYNNi6rNyLsawuce+96VqZClWSn6G2K
J2SsN55y
-----END CERTIFICATE-----