Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/GxUOVvVQ0xiA45GmGpsBHjJEPck.roa
File:                     GxUOVvVQ0xiA45GmGpsBHjJEPck.roa (raw, json)
Hash identifier:          Uz4q2FSapDCWrkLloA7XX4abQ2zlvQwUoeeyV/CitkU=
Subject key identifier:   1B:15:0E:56:F5:50:D3:18:80:E3:91:A6:1A:9B:01:1E:32:44:3D:C9
Certificate issuer:       /CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
Certificate serial:       01867E08E4F873415BA00EB14098FADC3D41
Authority key identifier: 1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/GxUOVvVQ0xiA45GmGpsBHjJEPck.roa
Signing time:             Thu 23 Feb 2023 11:29:17 +0000
ROA not before:           Thu 23 Feb 2023 11:29:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201612
IP address blocks:        194.0.24.0/24 maxlen: 24
                          194.0.26.0/24 maxlen: 24
                          2001:678:20::/48 maxlen: 48
                          2a02:850:ffe5::/48 maxlen: 48
                          2a02:850:ffe0::/48 maxlen: 48
                          2001:67c:1bc::/48 maxlen: 48
                          2001:678:24::/48 maxlen: 48
                          2a02:850:ffe4::/48 maxlen: 48
                          2a02:850:ffe2::/48 maxlen: 48
                          2a02:850:ffe3::/48 maxlen: 48
                          2a02:850:ffe6::/48 maxlen: 48
                          2a02:850:ffe1::/48 maxlen: 48
                          2a02:850:ffe7::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:7e:08:e4:f8:73:41:5b:a0:0e:b1:40:98:fa:dc:3d:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c390bff65dcedca813d7a10d7ec328c2f6eac34
        Validity
            Not Before: Feb 23 11:29:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1b150e56f550d31880e391a61a9b011e32443dc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:80:07:a7:09:a5:4a:9a:da:a4:50:90:7f:14:
                    7e:30:43:73:f7:92:03:ec:89:99:76:4d:db:ee:1c:
                    b2:e9:9d:6a:5f:90:a6:41:30:b0:02:68:6d:63:fa:
                    c7:78:c8:86:25:7e:05:57:b5:f3:6d:e4:25:60:2d:
                    7f:8c:da:22:c2:f0:2e:5e:5c:04:8b:4a:d5:10:94:
                    f5:41:b5:b1:f2:0f:2f:6f:46:d9:27:93:30:d5:46:
                    42:59:2e:aa:ca:ed:77:03:e9:2b:a8:3f:de:5a:af:
                    d7:c2:30:fe:10:29:76:6d:4c:88:5a:7e:57:fb:cc:
                    b7:d8:5c:d1:0d:b1:a8:fc:0d:36:dd:51:28:d8:cc:
                    17:b1:bf:a2:94:3d:4a:a7:0a:b2:b1:26:26:06:22:
                    ed:e6:94:e5:d1:43:1d:74:66:3f:53:53:06:ba:00:
                    f6:2d:ed:2b:6e:81:12:8e:4c:33:9a:41:a5:fa:3f:
                    78:01:c0:df:19:51:ba:28:cf:46:4c:d7:e0:c6:8c:
                    8b:5e:f4:62:f8:77:75:1e:38:9e:1e:bc:eb:a0:5f:
                    31:14:c9:3b:6d:06:db:d5:59:cd:d3:cc:8f:bd:8b:
                    7f:fb:9a:88:d5:6a:d0:b6:0a:f3:db:39:6f:2f:8a:
                    47:a7:bc:2e:e9:63:78:96:fa:d5:fe:60:31:82:23:
                    e1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:15:0E:56:F5:50:D3:18:80:E3:91:A6:1A:9B:01:1E:32:44:3D:C9
            X509v3 Authority Key Identifier:
                keyid:1C:39:0B:FF:65:DC:ED:CA:81:3D:7A:10:D7:EC:32:8C:2F:6E:AC:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/GxUOVvVQ0xiA45GmGpsBHjJEPck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/348104-8a41-4949-8552-a9765edc795c/1/HDkL_2Xc7cqBPXoQ1-wyjC9urDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.24.0/24
                  194.0.26.0/24
                IPv6:
                  2001:678:20::/48
                  2001:678:24::/48
                  2001:67c:1bc::/48
                  2a02:850:ffe0::/45

    Signature Algorithm: sha256WithRSAEncryption
         2f:c9:b2:a4:0e:33:e8:f3:d7:c9:09:89:79:6a:4f:0e:44:af:
         88:c8:22:8f:f1:56:69:40:5b:9c:6f:5c:b4:61:6c:06:df:59:
         4e:0e:c3:0d:f2:bf:d2:45:f0:00:ac:1e:35:ce:62:6c:9b:1f:
         da:3e:4e:44:f5:e1:31:a2:87:35:cc:1a:e8:f8:bd:c9:64:1f:
         26:89:1f:49:f0:8d:65:0b:a6:ce:05:f6:9c:2d:ae:b9:7e:5f:
         8d:a0:1e:e9:4a:cf:e8:b6:c3:2f:4c:84:e2:4f:63:82:c7:b9:
         f6:5f:f7:f7:f8:dc:6e:6a:20:bf:99:36:c4:23:e1:63:ef:77:
         9a:f9:f5:9a:46:7d:1f:4f:5f:28:33:74:46:53:0a:98:dc:d1:
         ac:fd:5d:b9:06:bf:51:b9:3e:62:14:71:71:e6:35:9e:89:d9:
         0b:79:70:a1:e3:02:13:81:ee:57:14:3c:43:69:05:26:47:6e:
         26:3d:35:fe:1c:50:86:c9:cb:61:ef:10:3c:bc:fa:07:b2:fa:
         44:28:1f:d0:05:f5:4a:d4:d0:ba:28:00:11:3e:fc:c1:0a:26:
         69:37:47:ac:34:00:98:5a:31:38:b2:4a:db:93:71:29:69:74:
         98:67:13:5b:46:81:75:fe:01:a9:7a:07:47:e4:30:08:79:f3:
         72:55:d7:8f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYZ+COT4c0FboA6xQJj63D1BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzkwYmZmNjVkY2VkY2E4MTNkN2ExMGQ3ZWMzMjhjMmY2
ZWFjMzQwHhcNMjMwMjIzMTEyOTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjE1MGU1NmY1NTBkMzE4ODBlMzkxYTYxYTliMDExZTMyNDQzZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIAHpwmlSprapFCQfxR+MENz95ID
7ImZdk3b7hyy6Z1qX5CmQTCwAmhtY/rHeMiGJX4FV7XzbeQlYC1/jNoiwvAuXlwE
i0rVEJT1QbWx8g8vb0bZJ5Mw1UZCWS6qyu13A+krqD/eWq/XwjD+ECl2bUyIWn5X
+8y32FzRDbGo/A023VEo2MwXsb+ilD1KpwqysSYmBiLt5pTl0UMddGY/U1MGugD2
Le0rboESjkwzmkGl+j94AcDfGVG6KM9GTNfgxoyLXvRi+Hd1HjieHrzroF8xFMk7
bQbb1VnN08yPvYt/+5qI1WrQtgrz2zlvL4pHp7wu6WN4lvrV/mAxgiPhKwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFBsVDlb1UNMYgOORphqbAR4yRD3JMB8GA1UdIwQY
MBaAFBw5C/9l3O3KgT16ENfsMowvbqw0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTIt
YTk3NjVlZGM3OTVjLzEvR3hVT1Z2VlEweGlBNDVHbUdwc0JIakpFUGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zNDgxMDQtOGE0MS00OTQ5LTg1NTItYTk3NjVlZGM3OTVj
LzEvSERrTF8yWGM3Y3FCUFhvUTEtd3lqQzl1ckRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDASBAIAATAMAwQAwgAYAwQA
wgAaMCoEAgACMCQDBwAgAQZ4ACADBwAgAQZ4ACQDBwAgAQZ8AbwDBwMqAghQ/+Aw
DQYJKoZIhvcNAQELBQADggEBAC/JsqQOM+jz18kJiXlqTw5Er4jIIo/xVmlAW5xv
XLRhbAbfWU4Oww3yv9JF8ACsHjXOYmybH9o+TkT14TGihzXMGuj4vclkHyaJH0nw
jWULps4F9pwtrrl+X42gHulKz+i2wy9MhOJPY4LHufZf9/f43G5qIL+ZNsQj4WPv
d5r59ZpGfR9PXygzdEZTCpjc0az9XbkGv1G5PmIUcXHmNZ6J2Qt5cKHjAhOB7lcU
PENpBSZHbiY9Nf4cUIbJy2HvEDy8+gey+kQoH9AF9UrU0LooABE+/MEKJmk3R6w0
AJhaMTiyStuTcSlpdJhnE1tGgXX+Aal6B0fkMAh583JV148=
-----END CERTIFICATE-----