Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/F5AIOea9Zz78j4wAvsGy7worNOE.roa
File:                     F5AIOea9Zz78j4wAvsGy7worNOE.roa (raw, json)
Hash identifier:          DTgw5WCFA+jcVUi086zCA7ImKl5m3Z+gMES/PdiEJy0=
Subject key identifier:   17:90:08:39:E6:BD:67:3E:FC:8F:8C:00:BE:C1:B2:EF:0A:2B:34:E1
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018C21BC5B7AF897E9451B10691BC9217C68
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/F5AIOea9Zz78j4wAvsGy7worNOE.roa
Signing time:             Thu 30 Nov 2023 19:37:21 +0000
ROA not before:           Thu 30 Nov 2023 19:37:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212271
IP address blocks:        2a05:4140::/29 maxlen: 48
                          2a05:4143::/32 maxlen: 48
                          2a05:4140:187::/48 maxlen: 48
                          2a05:4140:32::/48 maxlen: 48
                          2a05:4140:100::/40 maxlen: 48
                          2a05:4140:400::/40 maxlen: 48
                          2a05:4140:300::/40 maxlen: 40
                          2a05:4140:30::/48 maxlen: 48
                          2a05:4140:190::/48 maxlen: 48
                          2a05:4140:10::/48 maxlen: 48
                          2a05:4140:16::/48 maxlen: 48
                          2a05:4140:31::/48 maxlen: 48
                          2a05:4140:4::/48 maxlen: 48
                          2a05:4144::/32 maxlen: 32
                          2a05:4140:5::/48 maxlen: 48
                          2a05:4140:15::/48 maxlen: 48
                          2a05:4140:8::/48 maxlen: 48
                          2a05:4140:3::/48 maxlen: 48
                          2a05:4140:29::/48 maxlen: 48
                          2a05:4140:9::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:21:bc:5b:7a:f8:97:e9:45:1b:10:69:1b:c9:21:7c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Nov 30 19:37:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17900839e6bd673efc8f8c00bec1b2ef0a2b34e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ec:ef:46:4d:8b:c4:ef:96:43:b9:68:a0:f9:
                    e5:07:89:b3:45:fa:38:f9:80:ae:17:b0:85:fe:da:
                    d6:aa:83:a4:18:31:74:b4:a3:da:bd:51:4c:8e:4f:
                    64:0e:fb:da:77:4d:fd:4a:b3:7a:9e:d8:b6:01:9f:
                    bc:39:90:8c:da:d3:79:61:73:cf:1b:83:b4:2d:c7:
                    7b:b6:75:a4:a7:db:8d:73:69:90:38:2d:90:b9:21:
                    34:de:a9:c5:fb:aa:b8:c5:72:19:41:21:98:68:71:
                    25:1b:48:5e:ef:da:b6:3e:34:6f:1c:a9:e3:16:75:
                    30:e9:9f:c2:2b:6a:a8:79:bb:55:52:5d:02:5b:d8:
                    64:42:9e:4b:1c:9f:ea:84:9c:d5:96:2a:98:94:59:
                    c4:1f:fd:72:f4:1c:33:43:34:fb:29:f0:8f:0c:6f:
                    03:aa:3e:2c:55:ff:53:98:82:de:f3:8b:72:f5:c1:
                    a4:65:47:42:4f:de:af:3d:15:2d:33:e8:00:cd:3d:
                    d0:c1:9a:d2:b4:3b:5e:62:fc:36:c7:cc:ae:e0:76:
                    24:cd:55:bf:0e:a7:f9:aa:ee:4a:9c:c7:7f:dc:aa:
                    a0:7b:d7:e5:b4:bc:1b:e9:c7:9b:d0:18:c3:fb:78:
                    1e:7f:b8:28:aa:13:5e:4f:d4:68:72:c6:cc:cb:1f:
                    6a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:90:08:39:E6:BD:67:3E:FC:8F:8C:00:BE:C1:B2:EF:0A:2B:34:E1
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/F5AIOea9Zz78j4wAvsGy7worNOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:13:66:bf:79:63:ad:52:4f:01:ee:24:67:71:db:75:93:3a:
         74:75:4a:49:e0:f5:c9:d0:38:a2:39:36:eb:1a:ff:8e:ba:42:
         10:7a:7c:9a:80:db:5a:14:02:72:a8:4e:79:fc:26:43:e6:a4:
         73:87:60:ac:f9:51:84:5d:ce:83:77:8b:bc:7a:74:86:51:79:
         95:90:30:a6:81:66:b1:31:5d:90:6c:02:da:1c:58:45:bc:f9:
         ed:d4:65:ab:2a:33:0a:87:73:18:9b:01:1a:b8:56:6f:46:8f:
         5e:b3:12:59:eb:3f:03:ba:7f:1c:0d:b8:7d:b2:b3:c1:11:fb:
         f3:a0:8c:df:c9:d0:e2:96:ce:91:36:01:a4:28:1d:2e:9f:ee:
         63:c3:fa:52:e0:c2:6e:52:ef:c1:52:5a:f3:19:7e:a5:2a:c6:
         9f:15:84:f2:ef:8a:79:87:00:98:56:f8:4f:80:a7:6e:53:fa:
         03:4f:6e:f9:01:17:d7:6a:4c:4a:e3:91:4b:55:46:82:86:47:
         79:5f:84:6c:6c:18:13:f1:a1:1e:d1:d9:31:f7:79:ca:f0:a5:
         1f:e5:33:0d:48:df:6b:b8:2a:42:1d:28:e1:f3:29:8c:7e:b5:
         dc:85:56:b7:47:a8:03:56:b3:be:ae:d1:35:55:fa:f9:2b:c9:
         71:c1:19:9f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYwhvFt6+JfpRRsQaRvJIXxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjMxMTMwMTkzNzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzkwMDgzOWU2YmQ2NzNlZmM4ZjhjMDBiZWMxYjJlZjBhMmIzNGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhezvRk2LxO+WQ7looPnlB4mzRfo4
+YCuF7CF/trWqoOkGDF0tKPavVFMjk9kDvvad039SrN6nti2AZ+8OZCM2tN5YXPP
G4O0Lcd7tnWkp9uNc2mQOC2QuSE03qnF+6q4xXIZQSGYaHElG0he79q2PjRvHKnj
FnUw6Z/CK2qoebtVUl0CW9hkQp5LHJ/qhJzVliqYlFnEH/1y9BwzQzT7KfCPDG8D
qj4sVf9TmILe84ty9cGkZUdCT96vPRUtM+gAzT3QwZrStDteYvw2x8yu4HYkzVW/
Dqf5qu5KnMd/3Kqge9fltLwb6ceb0BjD+3gef7goqhNeT9RocsbMyx9qIwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBeQCDnmvWc+/I+MAL7Bsu8KKzThMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvRjVBSU9lYTlaejc4ajR3QXZzR3k3d29yTk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgVBQDAN
BgkqhkiG9w0BAQsFAAOCAQEALBNmv3ljrVJPAe4kZ3HbdZM6dHVKSeD1ydA4ojk2
6xr/jrpCEHp8moDbWhQCcqhOefwmQ+akc4dgrPlRhF3Og3eLvHp0hlF5lZAwpoFm
sTFdkGwC2hxYRbz57dRlqyozCodzGJsBGrhWb0aPXrMSWes/A7p/HA24fbKzwRH7
86CM38nQ4pbOkTYBpCgdLp/uY8P6UuDCblLvwVJa8xl+pSrGnxWE8u+KeYcAmFb4
T4CnblP6A09u+QEX12pMSuORS1VGgoZHeV+EbGwYE/GhHtHZMfd5yvClH+UzDUjf
a7gqQh0o4fMpjH613IVWt0eoA1azvq7RNVX6+SvJccEZnw==
-----END CERTIFICATE-----