Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/rGXM2R3xRZHkWCVr_Ge0Muh6G7w.roa
File:                     rGXM2R3xRZHkWCVr_Ge0Muh6G7w.roa (raw, json)
Hash identifier:          JGRuUYsOt27qhG/Ay9LaUOQuvxH+hbmYL3ytQTluMXI=
Subject key identifier:   AC:65:CC:D9:1D:F1:45:91:E4:58:25:6B:FC:67:B4:32:E8:7A:1B:BC
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       01892F9B8C6A2EC92E114BE0E1AC1CD721D5
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/rGXM2R3xRZHkWCVr_Ge0Muh6G7w.roa
Signing time:             Fri 07 Jul 2023 09:07:50 +0000
ROA not before:           Fri 07 Jul 2023 09:07:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207713
IP address blocks:        2a05:541:125::/48 maxlen: 48
                          2a05:541:122::/48 maxlen: 48
                          2a05:541:123::/48 maxlen: 48
                          2a05:541:129::/48 maxlen: 48
                          2a05:541:109::/48 maxlen: 48
                          2a05:541:119::/48 maxlen: 48
                          2a05:541:121::/48 maxlen: 48
                          2a05:541:126::/48 maxlen: 48
                          2a05:541:127::/48 maxlen: 48
                          2a05:541:114::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:2f:9b:8c:6a:2e:c9:2e:11:4b:e0:e1:ac:1c:d7:21:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Jul  7 09:07:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac65ccd91df14591e458256bfc67b432e87a1bbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:78:4a:3b:39:02:72:9d:f7:e3:ae:30:11:df:
                    ea:3b:c1:db:0d:11:03:8c:79:b8:e5:9d:ca:07:f9:
                    f0:1f:4b:5d:24:d9:2e:8e:c6:f8:b5:fc:b2:bf:81:
                    c6:dd:17:90:c0:ea:22:71:4e:b5:4b:9c:0d:b2:cf:
                    e2:e2:a3:b5:92:76:63:f9:e2:a9:04:38:a9:0f:0b:
                    6b:ee:aa:2f:05:70:2d:81:82:a2:91:66:19:7b:e2:
                    a7:c7:bb:df:34:c8:81:dc:68:a2:21:d1:0e:b9:31:
                    23:d7:69:5d:c8:9d:c4:75:b1:30:d1:8e:55:df:6a:
                    53:f3:f1:90:ae:7a:3b:db:fd:d7:76:a4:de:ca:7e:
                    42:c6:83:bb:8a:a7:78:ae:25:af:a7:ee:91:b3:85:
                    e8:e4:17:23:86:74:bc:9c:6c:e8:29:e9:59:c0:9b:
                    b7:2c:43:a6:e7:a9:61:7d:fe:69:1a:42:a1:85:25:
                    0d:bd:e7:b5:d6:70:d2:44:1a:90:25:44:18:7d:a1:
                    4a:ec:9d:2c:e7:38:94:62:0f:7d:34:e6:a1:d2:ca:
                    bb:9c:1a:f4:9a:d8:e7:f5:a3:eb:7a:99:7b:a1:c7:
                    a3:0c:41:19:d0:6e:af:5f:fb:15:47:83:a9:13:7a:
                    57:ae:a1:16:f9:f7:d6:f1:13:1d:d8:e2:70:92:4f:
                    23:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:65:CC:D9:1D:F1:45:91:E4:58:25:6B:FC:67:B4:32:E8:7A:1B:BC
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/rGXM2R3xRZHkWCVr_Ge0Muh6G7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:541:109::/48
                  2a05:541:114::/48
                  2a05:541:119::/48
                  2a05:541:121::-2a05:541:123:ffff:ffff:ffff:ffff:ffff
                  2a05:541:125::-2a05:541:127:ffff:ffff:ffff:ffff:ffff
                  2a05:541:129::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:8d:00:1b:42:c9:9a:52:34:75:69:e2:c7:d4:fb:ae:0e:d0:
         88:97:2f:62:b4:e3:cd:a0:2a:0e:7d:83:17:dd:56:ed:e1:b6:
         d8:be:8a:a5:81:14:8a:bc:74:60:74:3f:ac:c7:65:5d:c0:5a:
         22:63:6c:cf:64:8e:3e:42:86:c6:61:56:aa:43:e7:80:ac:d6:
         1f:ce:b4:2a:29:ea:97:39:bb:3b:13:5e:0a:0f:3f:59:2b:26:
         50:bc:46:69:18:0d:4c:83:11:c3:5d:0b:a4:7b:13:d3:49:a5:
         dc:9c:19:07:f0:78:6a:ef:eb:c2:5d:8a:ce:1f:8d:ff:df:37:
         bd:38:37:3d:4b:7c:67:13:8a:39:86:ad:e8:73:f6:d3:81:ac:
         e4:a3:79:54:d0:e9:8d:e9:5c:96:75:34:fd:17:cd:92:59:79:
         a3:09:55:57:29:1d:1a:fd:35:42:90:79:a5:2f:04:be:d9:af:
         73:83:ad:fe:44:69:41:e5:2d:76:41:80:b7:58:da:08:01:5e:
         31:df:5a:ab:b6:84:a6:4f:28:c0:e5:f8:b7:76:a5:bd:62:db:
         cb:a3:5e:4a:b6:d6:fe:6d:91:13:ee:4c:b6:36:cc:d0:56:a8:
         f0:49:e8:03:ed:13:57:80:b8:8f:f2:0b:f2:f2:f0:c3:0d:07:
         46:02:44:fe
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYkvm4xqLskuEUvg4awc1yHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjMwNzA3MDkwNzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzY1Y2NkOTFkZjE0NTkxZTQ1ODI1NmJmYzY3YjQzMmU4N2ExYmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3hKOzkCcp33464wEd/qO8HbDRED
jHm45Z3KB/nwH0tdJNkujsb4tfyyv4HG3ReQwOoicU61S5wNss/i4qO1knZj+eKp
BDipDwtr7qovBXAtgYKikWYZe+Knx7vfNMiB3GiiIdEOuTEj12ldyJ3EdbEw0Y5V
32pT8/GQrno72/3XdqTeyn5CxoO7iqd4riWvp+6Rs4Xo5BcjhnS8nGzoKelZwJu3
LEOm56lhff5pGkKhhSUNvee11nDSRBqQJUQYfaFK7J0s5ziUYg99NOah0sq7nBr0
mtjn9aPrepl7ocejDEEZ0G6vX/sVR4OpE3pXrqEW+ffW8RMd2OJwkk8jmQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFKxlzNkd8UWR5Fgla/xntDLoehu8MB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEvckdYTTJSM3hSWkhrV0NWcl9HZTBNdWg2Rzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAwcAKgUFQQEJ
AwcAKgUFQQEUAwcAKgUFQQEZMBIDBwAqBQVBASEDBwIqBQVBASAwEgMHACoFBUEB
JQMHAyoFBUEBIAMHACoFBUEBKTANBgkqhkiG9w0BAQsFAAOCAQEAV40AG0LJmlI0
dWnix9T7rg7QiJcvYrTjzaAqDn2DF91W7eG22L6KpYEUirx0YHQ/rMdlXcBaImNs
z2SOPkKGxmFWqkPngKzWH860Kinqlzm7OxNeCg8/WSsmULxGaRgNTIMRw10LpHsT
00ml3JwZB/B4au/rwl2Kzh+N/983vTg3PUt8ZxOKOYat6HP204Gs5KN5VNDpjelc
lnU0/RfNkll5owlVVykdGv01QpB5pS8Evtmvc4Ot/kRpQeUtdkGAt1jaCAFeMd9a
q7aEpk8owOX4t3alvWLby6NeSrbW/m2RE+5MtjbM0Fao8EnoA+0TV4C4j/IL8vLw
ww0HRgJE/g==
-----END CERTIFICATE-----