Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/80d9df-eaf3-48b6-8fd5-0acc892b11d2/1/cENxHsmcct4dYVs7KWZLNHBVT8Q.roa
File:                     cENxHsmcct4dYVs7KWZLNHBVT8Q.roa (raw, json)
Hash identifier:          huqTBjjTc/Q10y6FxVw4Y2m2Yu4tnmH1coVFWLuyXlc=
Subject key identifier:   70:43:71:1E:C9:9C:72:DE:1D:61:5B:3B:29:66:4B:34:70:55:4F:C4
Certificate issuer:       /CN=4f36103344fcd3b5759f2db3f3c7071376f9e233
Certificate serial:       01856C6EF49753F583F8738DE1A7B5BBC47B
Authority key identifier: 4F:36:10:33:44:FC:D3:B5:75:9F:2D:B3:F3:C7:07:13:76:F9:E2:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TzYQM0T807V1ny2z88cHE3b54jM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/80d9df-eaf3-48b6-8fd5-0acc892b11d2/1/cENxHsmcct4dYVs7KWZLNHBVT8Q.roa
Signing time:             Sun 01 Jan 2023 08:24:48 +0000
ROA not before:           Sun 01 Jan 2023 08:24:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8990
IP address blocks:        212.92.0.0/19 maxlen: 19
                          82.150.32.0/19 maxlen: 19
                          91.144.64.0/18 maxlen: 24
                          95.171.64.0/19 maxlen: 19
                          45.88.204.0/22 maxlen: 22
                          109.199.32.0/19 maxlen: 24
                          109.199.46.0/24 maxlen: 24
                          109.199.57.0/24 maxlen: 24
                          91.144.121.0/24 maxlen: 24
                          109.199.58.0/24 maxlen: 24
                          109.199.62.0/24 maxlen: 24
                          109.199.61.0/24 maxlen: 24
                          2a03:9900:2::/48 maxlen: 48
                          2a03:9900:1::/48 maxlen: 48
                          2a03:9900::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:6e:f4:97:53:f5:83:f8:73:8d:e1:a7:b5:bb:c4:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f36103344fcd3b5759f2db3f3c7071376f9e233
        Validity
            Not Before: Jan  1 08:24:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7043711ec99c72de1d615b3b29664b3470554fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c4:44:33:29:cf:4b:28:1a:03:66:4a:32:e4:
                    8c:61:db:ae:73:25:41:f0:cd:36:91:d9:09:a2:c6:
                    ed:9d:05:27:af:10:6b:00:dc:e1:7e:ab:0c:08:ef:
                    a5:c6:7c:c1:7b:ee:07:5e:d2:9e:16:49:55:64:61:
                    ae:5a:19:59:18:af:35:0b:68:07:0e:67:43:9e:60:
                    87:64:8f:cd:6a:a8:b6:73:5b:07:4a:c1:1e:56:4f:
                    ad:f2:26:9d:fa:b5:33:b9:08:a1:58:92:1d:9b:56:
                    a1:ed:a0:15:d1:1a:31:aa:f3:c5:84:98:c3:42:94:
                    97:b3:c3:ea:8f:e7:bd:88:b3:b5:94:c2:7a:14:45:
                    5c:c8:09:92:45:54:15:7b:b7:21:c4:22:50:64:e3:
                    5f:69:50:bc:fc:73:f3:58:11:19:91:43:e5:1f:c0:
                    ae:91:a7:a6:fc:82:88:6d:b2:84:87:7d:55:03:e1:
                    c4:4f:2f:7a:fc:15:23:61:80:f7:74:82:2b:05:fc:
                    5c:3f:0a:43:8f:98:15:34:e2:9f:8a:bb:6a:53:70:
                    0f:2e:84:e2:89:39:72:e1:58:3c:ce:82:9d:5e:07:
                    5f:01:32:70:53:19:4f:97:75:69:00:0a:71:91:4e:
                    ee:5f:a1:c3:dd:76:51:91:55:4e:ea:39:ff:86:03:
                    01:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:43:71:1E:C9:9C:72:DE:1D:61:5B:3B:29:66:4B:34:70:55:4F:C4
            X509v3 Authority Key Identifier:
                keyid:4F:36:10:33:44:FC:D3:B5:75:9F:2D:B3:F3:C7:07:13:76:F9:E2:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TzYQM0T807V1ny2z88cHE3b54jM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/80d9df-eaf3-48b6-8fd5-0acc892b11d2/1/cENxHsmcct4dYVs7KWZLNHBVT8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/80d9df-eaf3-48b6-8fd5-0acc892b11d2/1/TzYQM0T807V1ny2z88cHE3b54jM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.204.0/22
                  82.150.32.0/19
                  91.144.64.0/18
                  95.171.64.0/19
                  109.199.32.0/19
                  212.92.0.0/19
                IPv6:
                  2a03:9900::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:e0:15:d6:b8:ee:d1:7d:fd:dd:2c:e9:f2:07:57:a2:41:03:
         86:ff:da:07:6c:fb:57:d4:cb:7c:ea:eb:d0:2e:3a:b5:24:f8:
         c6:1a:ca:ef:e8:31:49:8e:5e:5b:46:20:59:08:3b:43:9c:a4:
         af:a9:4f:18:60:1e:5f:69:f6:4a:3b:70:92:88:d2:f2:ee:21:
         ac:bc:04:17:a9:9f:50:e5:24:99:0a:f2:2c:a0:30:ab:7c:b2:
         bf:62:99:d0:5e:ee:5b:63:9c:bf:0c:1e:4d:87:27:e6:52:96:
         d5:15:30:d1:cc:96:36:f9:4a:ca:0e:76:ff:8c:56:df:49:ef:
         70:14:11:b3:14:a3:1e:8f:ee:0d:b5:54:58:02:c6:ea:a9:eb:
         5e:d5:9e:f4:6d:e0:e5:fc:cd:d8:fc:e9:bf:41:31:84:11:90:
         51:d4:29:c3:93:c9:76:1c:13:79:05:2e:e4:d2:43:5e:e9:61:
         fb:d4:bd:4c:47:4b:a5:4b:14:03:73:1e:99:61:72:9c:eb:dd:
         ca:83:45:0f:67:59:8a:a4:3f:97:e3:4e:cc:f2:f2:ad:04:11:
         06:87:4d:4d:7f:63:e6:0b:fb:ee:6c:f1:8e:a2:f8:24:60:3d:
         13:7e:b8:d2:54:f1:7e:c1:2e:2f:fc:29:88:ba:1a:ea:ca:04:
         a4:8c:55:25
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVsbvSXU/WD+HON4ae1u8R7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMzYxMDMzNDRmY2QzYjU3NTlmMmRiM2YzYzcwNzEzNzZm
OWUyMzMwHhcNMjMwMTAxMDgyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDQzNzExZWM5OWM3MmRlMWQ2MTViM2IyOTY2NGIzNDcwNTU0ZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcREMynPSygaA2ZKMuSMYduucyVB
8M02kdkJosbtnQUnrxBrANzhfqsMCO+lxnzBe+4HXtKeFklVZGGuWhlZGK81C2gH
DmdDnmCHZI/Naqi2c1sHSsEeVk+t8iad+rUzuQihWJIdm1ah7aAV0RoxqvPFhJjD
QpSXs8Pqj+e9iLO1lMJ6FEVcyAmSRVQVe7chxCJQZONfaVC8/HPzWBEZkUPlH8Cu
kaem/IKIbbKEh31VA+HETy96/BUjYYD3dIIrBfxcPwpDj5gVNOKfirtqU3APLoTi
iTly4Vg8zoKdXgdfATJwUxlPl3VpAApxkU7uX6HD3XZRkVVO6jn/hgMBewIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFHBDcR7JnHLeHWFbOylmSzRwVU/EMB8GA1UdIwQY
MBaAFE82EDNE/NO1dZ8ts/PHBxN2+eIzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHpZUU0wVDgwN1Yxbnkyejg4Y0hFM2I1NGpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy84MGQ5ZGYtZWFmMy00OGI2LThmZDUt
MGFjYzg5MmIxMWQyLzEvY0VOeEhzbWNjdDRkWVZzN0tXWkxOSEJWVDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy84MGQ5ZGYtZWFmMy00OGI2LThmZDUtMGFjYzg5MmIxMWQy
LzEvVHpZUU0wVDgwN1Yxbnkyejg4Y0hFM2I1NGpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCLVjMAwQF
UpYgAwQGW5BAAwQFX6tAAwQFbccgAwQF1FwAMA0EAgACMAcDBQAqA5kAMA0GCSqG
SIb3DQEBCwUAA4IBAQAr4BXWuO7Rff3dLOnyB1eiQQOG/9oHbPtX1Mt86uvQLjq1
JPjGGsrv6DFJjl5bRiBZCDtDnKSvqU8YYB5fafZKO3CSiNLy7iGsvAQXqZ9Q5SSZ
CvIsoDCrfLK/YpnQXu5bY5y/DB5NhyfmUpbVFTDRzJY2+UrKDnb/jFbfSe9wFBGz
FKMej+4NtVRYAsbqqete1Z70beDl/M3Y/Om/QTGEEZBR1CnDk8l2HBN5BS7k0kNe
6WH71L1MR0ulSxQDcx6ZYXKc693Kg0UPZ1mKpD+X407M8vKtBBEGh01Nf2PmC/vu
bPGOovgkYD0TfrjSVPF+wS4v/CmIuhrqygSkjFUl
-----END CERTIFICATE-----