Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/5n9CjhRysicGe9L-yR293GLjgjU.roa
File:                     5n9CjhRysicGe9L-yR293GLjgjU.roa (raw, json)
Hash identifier:          dDIB6x4sv2Q0wfoLWosriW+9rilSO2PwhXvsG8xViMw=
Subject key identifier:   E6:7F:42:8E:14:72:B2:27:06:7B:D2:FE:C9:1D:BD:DC:62:E3:82:35
Certificate issuer:       /CN=007e6b5aa437d3693151502a211496e37d4ae2c5
Certificate serial:       01856ED4D2C85C2ED666F1083CD6A2910E8C
Authority key identifier: 00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/5n9CjhRysicGe9L-yR293GLjgjU.roa
Signing time:             Sun 01 Jan 2023 19:35:19 +0000
ROA not before:           Sun 01 Jan 2023 19:35:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     19905
IP address blocks:        193.58.80.0/21 maxlen: 24
                          160.92.0.0/16 maxlen: 24
                          193.16.186.0/23 maxlen: 24
                          193.16.188.0/22 maxlen: 24
                          193.201.76.0/23 maxlen: 24
                          192.136.30.0/24 maxlen: 24
                          89.106.184.0/21 maxlen: 24
                          193.56.46.0/24 maxlen: 24
                          2a01:20:6::/48 maxlen: 48
                          2a01:20:4::/48 maxlen: 48
                          2a01:20::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:d4:d2:c8:5c:2e:d6:66:f1:08:3c:d6:a2:91:0e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=007e6b5aa437d3693151502a211496e37d4ae2c5
        Validity
            Not Before: Jan  1 19:35:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e67f428e1472b227067bd2fec91dbddc62e38235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e1:f9:ac:bc:bf:ec:07:d9:f5:ee:62:88:4d:
                    ba:ef:3b:b3:7b:46:2a:b5:29:23:c6:7d:5d:9b:6b:
                    6e:de:82:6a:18:4b:54:10:52:63:f4:c5:8c:2c:c6:
                    91:bb:f6:51:e4:cc:e1:6a:57:47:36:ab:85:8e:4d:
                    d8:69:1d:ec:54:cd:94:c1:0c:e1:29:8c:b9:42:6b:
                    8a:5c:eb:8e:77:b9:89:34:01:2f:7f:0a:21:a8:6f:
                    fe:0e:ee:d0:98:4b:cc:df:0c:7c:a8:18:c5:e6:21:
                    62:36:d7:9a:7d:71:e9:4a:ff:47:ff:c9:80:58:a2:
                    4a:ef:f0:f0:b7:e8:99:e7:5b:e2:a5:4e:87:d9:9d:
                    c2:fa:e5:71:85:44:be:95:69:25:0c:0b:8e:06:73:
                    35:88:5f:b7:01:ec:01:37:fd:e3:17:82:5e:c2:3d:
                    75:01:12:de:83:c1:16:5a:f1:26:f8:73:f2:97:cf:
                    05:8c:d9:71:a0:37:43:6a:f8:39:15:8c:0c:61:e1:
                    a0:1a:8f:fa:db:43:46:e0:aa:d4:4f:5c:23:85:6f:
                    ed:b4:34:05:40:e8:1b:c4:34:9e:5b:52:02:e3:ec:
                    8f:85:94:d5:c5:c6:f0:c4:dd:b8:65:50:90:92:79:
                    22:d9:b1:5b:8c:f3:27:f1:8a:35:ed:bf:e5:ed:05:
                    75:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:7F:42:8E:14:72:B2:27:06:7B:D2:FE:C9:1D:BD:DC:62:E3:82:35
            X509v3 Authority Key Identifier:
                keyid:00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/5n9CjhRysicGe9L-yR293GLjgjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.184.0/21
                  160.92.0.0/16
                  192.136.30.0/24
                  193.16.186.0-193.16.191.255
                  193.56.46.0/24
                  193.58.80.0/21
                  193.201.76.0/23
                IPv6:
                  2a01:20::/48
                  2a01:20:4::/48
                  2a01:20:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:71:4a:c2:7b:bb:35:c4:66:83:cd:38:83:f1:f2:fa:9f:6c:
         26:09:68:cd:7d:54:df:ba:9f:29:70:ed:e1:de:5d:bd:2b:db:
         13:cc:c1:4e:1d:cf:95:66:26:23:d4:ab:8f:be:e3:39:bd:06:
         c7:ba:5d:fd:7f:78:ec:66:b7:c5:5d:85:9a:9d:6b:92:e7:2b:
         c3:71:32:41:6b:0a:18:24:fc:57:56:54:9c:d1:25:f9:a6:24:
         f9:b0:ab:9c:7d:88:7f:63:a5:d6:4e:7c:28:66:73:ab:5f:a6:
         7e:06:33:e7:48:ae:e4:dc:60:3e:df:81:14:65:5a:b6:d1:ef:
         ee:af:26:76:0f:75:df:02:de:e3:52:99:25:a9:d8:04:f9:68:
         b6:fd:ff:4b:e9:9b:b9:24:69:f3:46:5f:0b:39:81:11:dd:cb:
         10:0a:d8:fe:0a:bf:05:0b:95:fc:f7:81:c5:eb:af:78:ae:87:
         45:32:ac:83:03:61:71:6e:2b:55:82:fa:33:96:c3:81:02:fc:
         d9:ad:a7:23:69:c5:98:68:0f:52:c5:84:f4:b4:33:5c:c2:53:
         c5:b3:f5:9c:19:7c:32:a7:16:98:60:26:4a:4e:97:14:f4:ca:
         8d:52:9b:3a:17:9b:0e:7e:b7:ed:27:28:8a:a6:0a:37:97:12:
         41:9a:02:af
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYVu1NLIXC7WZvEIPNaikQ6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwN2U2YjVhYTQzN2QzNjkzMTUxNTAyYTIxMTQ5NmUzN2Q0
YWUyYzUwHhcNMjMwMTAxMTkzNTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjdmNDI4ZTE0NzJiMjI3MDY3YmQyZmVjOTFkYmRkYzYyZTM4MjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOH5rLy/7AfZ9e5iiE267zuze0Yq
tSkjxn1dm2tu3oJqGEtUEFJj9MWMLMaRu/ZR5MzhaldHNquFjk3YaR3sVM2UwQzh
KYy5QmuKXOuOd7mJNAEvfwohqG/+Du7QmEvM3wx8qBjF5iFiNteafXHpSv9H/8mA
WKJK7/Dwt+iZ51vipU6H2Z3C+uVxhUS+lWklDAuOBnM1iF+3AewBN/3jF4Jewj11
ARLeg8EWWvEm+HPyl88FjNlxoDdDavg5FYwMYeGgGo/620NG4KrUT1wjhW/ttDQF
QOgbxDSeW1IC4+yPhZTVxcbwxN24ZVCQknki2bFbjPMn8Yo17b/l7QV1qQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFOZ/Qo4UcrInBnvS/skdvdxi44I1MB8GA1UdIwQY
MBaAFAB+a1qkN9NpMVFQKiEUluN9SuLFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYt
NWE4YzY3ODQyMzg5LzEvNW45Q2poUnlzaWNHZTlMLXlSMjkzR0xqZ2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYtNWE4YzY3ODQyMzg5
LzEvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDA3BAIAATAxAwQDWWq4AwMA
oFwDBADAiB4wDAMEAcEQugMEBsEQgAMEAME4LgMEA8E6UAMEAcHJTDAhBAIAAjAb
AwcAKgEAIAAAAwcAKgEAIAAEAwcAKgEAIAAGMA0GCSqGSIb3DQEBCwUAA4IBAQCT
cUrCe7s1xGaDzTiD8fL6n2wmCWjNfVTfup8pcO3h3l29K9sTzMFOHc+VZiYj1KuP
vuM5vQbHul39f3jsZrfFXYWanWuS5yvDcTJBawoYJPxXVlSc0SX5piT5sKucfYh/
Y6XWTnwoZnOrX6Z+BjPnSK7k3GA+34EUZVq20e/uryZ2D3XfAt7jUpklqdgE+Wi2
/f9L6Zu5JGnzRl8LOYER3csQCtj+Cr8FC5X894HF6694rodFMqyDA2FxbitVgvoz
lsOBAvzZracjacWYaA9SxYT0tDNcwlPFs/WcGXwypxaYYCZKTpcU9MqNUps6F5sO
frftJyiKpgo3lxJBmgKv
-----END CERTIFICATE-----