Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/XmU__sEJqIbuXMDy29hzHku32U4.roa
File:                     XmU__sEJqIbuXMDy29hzHku32U4.roa (raw, json)
Hash identifier:          5ePXAebwmmSVgXmaAP1Trr35oCuksVyu0Fqn0523/bY=
Subject key identifier:   5E:65:3F:FE:C1:09:A8:86:EE:5C:C0:F2:DB:D8:73:1E:4B:B7:D9:4E
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018573561EE33F361DB36B9052508C526F41
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/XmU__sEJqIbuXMDy29hzHku32U4.roa
Signing time:             Mon 02 Jan 2023 16:35:01 +0000
ROA not before:           Mon 02 Jan 2023 16:35:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6453
IP address blocks:        213.153.128.0/17 maxlen: 24
                          92.44.0.0/15 maxlen: 24
                          151.250.0.0/16 maxlen: 24
                          85.29.0.0/18 maxlen: 24
                          176.40.0.0/14 maxlen: 24
                          82.222.0.0/16 maxlen: 24
                          212.57.0.0/19 maxlen: 24
                          176.33.0.0/16 maxlen: 24
                          195.214.128.0/18 maxlen: 24
                          2a02:e0::/32 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:56:1e:e3:3f:36:1d:b3:6b:90:52:50:8c:52:6f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  2 16:35:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e653ffec109a886ee5cc0f2dbd8731e4bb7d94e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:0c:74:c4:2a:6d:4e:e0:f8:13:3b:93:97:2d:
                    86:10:bd:ff:ee:29:7c:98:35:71:29:c7:ec:fc:42:
                    fb:14:2a:3c:47:da:87:91:e5:5b:cf:7b:72:fb:21:
                    2d:2b:7a:e5:78:2c:dc:e5:52:c4:65:b0:09:79:9a:
                    02:e1:cf:84:18:8f:22:f5:3c:8b:da:e4:b7:9c:b2:
                    df:ff:1b:74:f1:0e:75:08:98:2f:38:fb:7f:55:29:
                    a5:6c:37:38:4f:b8:4f:73:15:47:02:94:78:e1:5c:
                    6e:e6:49:90:99:12:71:90:dc:4e:61:38:18:2e:5e:
                    ef:9f:9d:16:8c:11:18:ef:b0:c3:49:77:82:45:22:
                    a4:79:29:2a:38:f5:37:3f:52:26:37:36:49:ed:61:
                    3f:c0:fd:d3:6f:5c:b7:88:83:41:d8:93:a9:2d:9c:
                    9f:b9:c8:02:91:13:9b:41:d4:73:91:4b:bf:e4:76:
                    fc:21:65:43:a2:78:87:52:84:c8:c6:b6:e4:19:28:
                    63:71:f7:2a:59:50:17:e1:78:10:36:98:27:0c:71:
                    55:96:65:1c:91:a9:2e:5d:a4:d2:dc:52:23:f0:62:
                    02:a2:d7:2d:49:0f:68:7b:4f:c7:e3:34:d9:5a:be:
                    ca:ac:f1:22:29:aa:bc:93:26:67:d6:e0:9c:5a:72:
                    7b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:65:3F:FE:C1:09:A8:86:EE:5C:C0:F2:DB:D8:73:1E:4B:B7:D9:4E
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/XmU__sEJqIbuXMDy29hzHku32U4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.0.0/16
                  85.29.0.0/18
                  92.44.0.0/15
                  151.250.0.0/16
                  176.33.0.0/16
                  176.40.0.0/14
                  195.214.128.0/18
                  212.57.0.0/19
                  213.153.128.0/17
                IPv6:
                  2a02:e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:aa:2f:f7:74:57:50:5f:b6:6a:00:80:85:d8:6a:b3:5c:19:
         83:73:45:c2:71:56:dd:e1:07:a5:bf:94:1e:8a:cd:c7:59:2b:
         95:49:9c:39:07:dd:74:9a:58:2e:93:70:86:75:e3:1a:01:41:
         c0:53:f7:26:65:d4:8e:2d:c2:28:40:91:03:ab:8c:d5:ec:6c:
         85:84:97:45:7c:50:05:b7:96:c6:71:b6:ff:7e:4d:bb:67:f9:
         8a:eb:8e:68:9b:9c:1e:f1:d1:50:35:8b:fe:7b:0d:d6:e5:fc:
         7c:e6:d0:fc:e5:e0:27:8b:45:0d:8d:68:7a:2b:d2:4e:1f:66:
         39:3b:04:6a:fe:1e:87:42:60:08:ed:af:69:a3:14:85:9f:12:
         02:9f:34:9e:d8:cb:94:1f:70:09:bd:ae:74:aa:31:36:ea:ed:
         eb:e3:d7:96:b0:d7:b0:6c:fc:20:ab:d2:c6:0c:d7:17:eb:ae:
         80:54:d2:41:76:db:e1:bd:f2:f3:41:ad:ad:50:bb:d8:d3:2b:
         e1:d4:44:85:5d:67:88:4b:11:ea:4d:84:3c:b8:49:09:15:e7:
         18:e9:03:66:4d:d7:0b:be:93:fa:61:ed:e5:76:72:ec:17:f5:
         c6:79:38:01:20:59:12:b0:26:98:8d:fe:50:e5:62:27:ab:f7:
         ea:ae:5c:6e
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYVzVh7jPzYds2uQUlCMUm9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjMwMTAyMTYzNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTY1M2ZmZWMxMDlhODg2ZWU1Y2MwZjJkYmQ4NzMxZTRiYjdkOTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Qx0xCptTuD4EzuTly2GEL3/7il8
mDVxKcfs/EL7FCo8R9qHkeVbz3ty+yEtK3rleCzc5VLEZbAJeZoC4c+EGI8i9TyL
2uS3nLLf/xt08Q51CJgvOPt/VSmlbDc4T7hPcxVHApR44Vxu5kmQmRJxkNxOYTgY
Ll7vn50WjBEY77DDSXeCRSKkeSkqOPU3P1ImNzZJ7WE/wP3Tb1y3iINB2JOpLZyf
ucgCkRObQdRzkUu/5Hb8IWVDoniHUoTIxrbkGShjcfcqWVAX4XgQNpgnDHFVlmUc
kakuXaTS3FIj8GICotctSQ9oe0/H4zTZWr7KrPEiKaq8kyZn1uCcWnJ7mwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFF5lP/7BCaiG7lzA8tvYcx5Lt9lOMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvWG1VX19zRUpxSWJ1WE1EeTI5aHpIa3UzMlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA3BAIAATAxAwMAUt4DBAZV
HQADAwFcLAMDAJf6AwMAsCEDAwKwKAMEBsPWgAMEBdQ5AAMEB9WZgDANBAIAAjAH
AwUAKgIA4DANBgkqhkiG9w0BAQsFAAOCAQEAlaov93RXUF+2agCAhdhqs1wZg3NF
wnFW3eEHpb+UHorNx1krlUmcOQfddJpYLpNwhnXjGgFBwFP3JmXUji3CKECRA6uM
1exshYSXRXxQBbeWxnG2/35Nu2f5iuuOaJucHvHRUDWL/nsN1uX8fObQ/OXgJ4tF
DY1oeivSTh9mOTsEav4eh0JgCO2vaaMUhZ8SAp80ntjLlB9wCb2udKoxNurt6+PX
lrDXsGz8IKvSxgzXF+uugFTSQXbb4b3y80GtrVC72NMr4dREhV1niEsR6k2EPLhJ
CRXnGOkDZk3XC76T+mHt5XZy7Bf1xnk4ASBZErAmmI3+UOViJ6v36q5cbg==
-----END CERTIFICATE-----