Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/edb4d3-33c8-45dc-a40e-c85b60fd8c8b/1/HkkL-qHsLPLvCgfs0i5p1BzNMbQ.roa
File:                     HkkL-qHsLPLvCgfs0i5p1BzNMbQ.roa (raw, json)
Hash identifier:          oxiiH8/H2n4F/gX1TSFk0Au9o1uecLt6sHATj8fc0IE=
Subject key identifier:   1E:49:0B:FA:A1:EC:2C:F2:EF:0A:07:EC:D2:2E:69:D4:1C:CD:31:B4
Certificate issuer:       /CN=8e36117135f6b86d0a9e1fa67e04baf5bcd86169
Certificate serial:       018C865D3C0CB573A440250A239BF073CC98
Authority key identifier: 8E:36:11:71:35:F6:B8:6D:0A:9E:1F:A6:7E:04:BA:F5:BC:D8:61:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jjYRcTX2uG0Knh-mfgS69bzYYWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/edb4d3-33c8-45dc-a40e-c85b60fd8c8b/1/HkkL-qHsLPLvCgfs0i5p1BzNMbQ.roa
Signing time:             Wed 20 Dec 2023 08:35:06 +0000
ROA not before:           Wed 20 Dec 2023 08:35:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200064
IP address blocks:        92.118.252.0/22 maxlen: 24
                          79.98.216.0/21 maxlen: 24
                          185.28.140.0/22 maxlen: 24
                          92.118.172.0/22 maxlen: 22
                          92.118.172.0/24 maxlen: 24
                          92.118.174.0/24 maxlen: 24
                          92.118.173.0/24 maxlen: 24
                          92.118.175.0/24 maxlen: 24
                          45.156.40.0/22 maxlen: 24
                          139.28.56.0/22 maxlen: 24
                          141.105.96.0/20 maxlen: 24
                          2a02:2f80::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:86:5d:3c:0c:b5:73:a4:40:25:0a:23:9b:f0:73:cc:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e36117135f6b86d0a9e1fa67e04baf5bcd86169
        Validity
            Not Before: Dec 20 08:35:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1e490bfaa1ec2cf2ef0a07ecd22e69d41ccd31b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:25:65:9b:71:f9:64:ba:37:f9:14:8c:54:65:
                    c8:1d:4e:c7:22:6e:32:7b:04:da:e5:41:e5:82:9d:
                    52:d4:30:7c:77:2e:36:bb:3d:e9:d2:e0:9c:4a:18:
                    08:3c:c5:33:05:98:7f:53:ff:72:02:9c:01:55:13:
                    21:21:60:50:c9:54:a3:62:ce:23:b6:c7:78:3b:6e:
                    87:7d:25:75:d8:04:83:6b:70:2c:8f:cb:7f:00:40:
                    5f:c9:3a:d5:1c:64:ba:d4:05:d3:f3:ab:3d:88:40:
                    c6:a2:5a:e8:d4:ab:fe:b5:ef:bc:1e:c4:e1:72:a8:
                    e5:68:e3:c0:d5:f9:bd:26:d5:3a:bb:e4:96:ac:6d:
                    27:94:a6:8a:6b:c6:cf:cd:53:df:6e:5e:7f:9c:52:
                    96:63:f7:a5:05:1b:e0:44:c2:07:3c:d2:e5:db:65:
                    77:a0:c2:29:cf:d9:ef:95:a6:f8:91:0a:58:2c:db:
                    e6:5f:ac:47:97:64:f3:4a:97:96:00:a1:2e:bb:5d:
                    8a:4c:d4:49:3e:de:48:5f:b8:29:47:45:1a:c3:a3:
                    64:da:6c:fe:c1:e3:62:12:68:fd:73:42:9f:43:05:
                    52:cc:e3:f8:c1:df:25:b3:ec:c9:63:13:1b:85:b4:
                    0c:c6:2d:1c:17:25:65:1c:9b:e3:fc:91:16:d8:66:
                    2c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:49:0B:FA:A1:EC:2C:F2:EF:0A:07:EC:D2:2E:69:D4:1C:CD:31:B4
            X509v3 Authority Key Identifier:
                keyid:8E:36:11:71:35:F6:B8:6D:0A:9E:1F:A6:7E:04:BA:F5:BC:D8:61:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jjYRcTX2uG0Knh-mfgS69bzYYWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/edb4d3-33c8-45dc-a40e-c85b60fd8c8b/1/HkkL-qHsLPLvCgfs0i5p1BzNMbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/edb4d3-33c8-45dc-a40e-c85b60fd8c8b/1/jjYRcTX2uG0Knh-mfgS69bzYYWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.40.0/22
                  79.98.216.0/21
                  92.118.172.0/22
                  92.118.252.0/22
                  139.28.56.0/22
                  141.105.96.0/20
                  185.28.140.0/22
                IPv6:
                  2a02:2f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:93:d4:bb:a0:36:c3:18:10:1c:0c:a7:77:e3:18:da:b1:b7:
         d6:27:2e:5f:a3:9f:f9:08:66:ab:fc:cf:eb:16:3d:bc:bd:1a:
         fa:16:ea:a8:72:8f:39:10:ee:92:7b:a5:8a:4b:a1:f1:d7:0c:
         25:64:29:aa:58:0a:ef:6e:8a:7e:9c:50:4b:ea:90:a0:e3:6b:
         22:38:e2:a6:1c:b9:00:c8:f2:1f:b2:34:d5:1f:d6:a0:94:a5:
         7b:82:d8:21:c7:b8:aa:93:be:18:98:fb:b0:ac:89:0e:e0:95:
         d7:ff:4a:d8:bd:74:e3:fd:fd:8d:ea:af:be:d5:f1:cc:42:79:
         c1:91:27:0e:2c:07:29:b8:e3:12:a1:41:dd:09:e6:d5:ad:68:
         71:00:36:bf:41:ab:62:d1:0a:f3:79:86:ae:2d:57:ca:21:f6:
         84:30:09:77:f7:b3:11:30:80:cd:91:a4:90:38:18:5a:8c:e7:
         64:f9:ac:e8:e0:3e:86:6e:ec:1e:f6:a8:63:09:cf:e5:b3:28:
         0f:c3:76:04:6a:59:52:d7:7c:d8:86:b6:68:29:67:a2:48:27:
         dc:2c:30:a3:28:b4:c2:de:52:19:2c:53:fc:50:d0:7a:eb:cb:
         75:a6:13:f5:69:c5:f1:5b:38:75:ce:14:87:68:f1:c8:74:ec:
         88:9d:32:5e
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYyGXTwMtXOkQCUKI5vwc8yYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMzYxMTcxMzVmNmI4NmQwYTllMWZhNjdlMDRiYWY1YmNk
ODYxNjkwHhcNMjMxMjIwMDgzNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTQ5MGJmYWExZWMyY2YyZWYwYTA3ZWNkMjJlNjlkNDFjY2QzMWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSVlm3H5ZLo3+RSMVGXIHU7HIm4y
ewTa5UHlgp1S1DB8dy42uz3p0uCcShgIPMUzBZh/U/9yApwBVRMhIWBQyVSjYs4j
tsd4O26HfSV12ASDa3Asj8t/AEBfyTrVHGS61AXT86s9iEDGolro1Kv+te+8HsTh
cqjlaOPA1fm9JtU6u+SWrG0nlKaKa8bPzVPfbl5/nFKWY/elBRvgRMIHPNLl22V3
oMIpz9nvlab4kQpYLNvmX6xHl2TzSpeWAKEuu12KTNRJPt5IX7gpR0Uaw6Nk2mz+
weNiEmj9c0KfQwVSzOP4wd8ls+zJYxMbhbQMxi0cFyVlHJvj/JEW2GYsDwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFB5JC/qh7Czy7woH7NIuadQczTG0MB8GA1UdIwQY
MBaAFI42EXE19rhtCp4fpn4EuvW82GFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvampZUmNUWDJ1RzBLbmgtbWZnUzY5YnpZWVdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9lZGI0ZDMtMzNjOC00NWRjLWE0MGUt
Yzg1YjYwZmQ4YzhiLzEvSGtrTC1xSHNMUEx2Q2dmczBpNXAxQnpOTWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9lZGI0ZDMtMzNjOC00NWRjLWE0MGUtYzg1YjYwZmQ4Yzhi
LzEvampZUmNUWDJ1RzBLbmgtbWZnUzY5YnpZWVdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCLZwoAwQD
T2LYAwQCXHasAwQCXHb8AwQCixw4AwQEjWlgAwQCuRyMMA0EAgACMAcDBQMqAi+A
MA0GCSqGSIb3DQEBCwUAA4IBAQAbk9S7oDbDGBAcDKd34xjasbfWJy5fo5/5CGar
/M/rFj28vRr6Fuqoco85EO6Se6WKS6Hx1wwlZCmqWArvbop+nFBL6pCg42siOOKm
HLkAyPIfsjTVH9aglKV7gtghx7iqk74YmPuwrIkO4JXX/0rYvXTj/f2N6q++1fHM
QnnBkScOLAcpuOMSoUHdCebVrWhxADa/Qati0QrzeYauLVfKIfaEMAl397MRMIDN
kaSQOBhajOdk+azo4D6Gbuwe9qhjCc/lsygPw3YEallS13zYhrZoKWeiSCfcLDCj
KLTC3lIZLFP8UNB668t1phP1acXxWzh1zhSHaPHIdOyInTJe
-----END CERTIFICATE-----