Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/IFFluuj6qQhcrtRNF7b9cd0sE70.roa
File:                     IFFluuj6qQhcrtRNF7b9cd0sE70.roa (raw, json)
Hash identifier:          /h4gXB1Yy8GB1Odnjzi2hDguWijvTNvzJUv0cNEaE+c=
Subject key identifier:   20:51:65:BA:E8:FA:A9:08:5C:AE:D4:4D:17:B6:FD:71:DD:2C:13:BD
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018964895B397BB12029A2B329ECE91E38FB
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/IFFluuj6qQhcrtRNF7b9cd0sE70.roa
Signing time:             Mon 17 Jul 2023 15:47:50 +0000
ROA not before:           Mon 17 Jul 2023 15:47:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62240
IP address blocks:        45.87.124.0/24 maxlen: 24
                          45.87.125.0/24 maxlen: 24
                          45.87.127.0/24 maxlen: 24
                          84.252.69.0/24 maxlen: 24
                          45.128.124.0/24 maxlen: 24
                          194.59.222.0/24 maxlen: 24
                          194.60.76.0/24 maxlen: 24
                          212.107.25.0/24 maxlen: 24
                          2a0f:3101::/32 maxlen: 32
                          2a0d:3c46::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:64:89:5b:39:7b:b1:20:29:a2:b3:29:ec:e9:1e:38:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jul 17 15:47:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=205165bae8faa9085caed44d17b6fd71dd2c13bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fb:3a:29:7d:63:93:b3:2e:81:8a:2c:b1:49:
                    ab:00:44:f8:c8:92:a3:7d:c7:dd:48:8b:e7:7d:6c:
                    63:0e:4a:5c:3f:4a:54:ff:71:8a:dc:ef:89:85:70:
                    fa:fd:43:2a:1e:c1:82:1e:77:2b:a2:5d:18:56:43:
                    42:80:b0:c8:ad:b7:93:bd:41:ba:cd:7c:16:1e:64:
                    e9:3c:4b:d8:5b:96:a4:e9:90:84:d2:01:a6:43:95:
                    3b:fc:12:14:d0:1e:8d:ec:97:d1:13:d4:25:a9:2e:
                    a5:57:5a:d2:7c:02:59:b8:08:3e:b4:d4:b6:af:da:
                    36:df:ef:65:52:46:b7:9b:bf:28:73:9e:50:29:43:
                    94:59:bb:d6:36:16:59:44:18:c1:93:4a:ac:23:94:
                    39:b9:a4:10:d1:8e:79:a4:6a:71:5f:19:92:97:4f:
                    78:7d:9a:70:64:97:e8:44:0a:4e:fb:86:3c:8c:76:
                    87:3f:83:f5:92:96:a0:05:9f:fb:9f:86:0b:98:c2:
                    56:17:eb:ca:c5:db:1e:6a:53:15:22:86:b6:d1:ec:
                    e1:b4:89:f3:61:54:62:0b:91:0f:0b:93:d0:0b:91:
                    66:dd:3d:d9:b1:f2:95:7a:40:bb:cb:ac:15:ff:db:
                    3c:8f:6f:6b:4d:da:2b:2d:d4:54:e8:62:67:5f:c9:
                    41:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:51:65:BA:E8:FA:A9:08:5C:AE:D4:4D:17:B6:FD:71:DD:2C:13:BD
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/IFFluuj6qQhcrtRNF7b9cd0sE70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.124.0/23
                  45.87.127.0/24
                  45.128.124.0/24
                  84.252.69.0/24
                  194.59.222.0/24
                  194.60.76.0/24
                  212.107.25.0/24
                IPv6:
                  2a0d:3c46::/32
                  2a0f:3101::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:43:a0:87:6c:1b:e9:72:2c:38:c1:3d:34:64:21:77:fa:23:
         5e:1c:91:97:8e:43:4b:1a:75:dc:cf:f6:cd:8e:25:9d:97:63:
         99:a6:88:51:53:93:0f:9a:f9:79:71:e4:e8:6f:33:57:0f:2f:
         9f:13:63:4e:c3:41:9c:c9:b2:44:bd:aa:2b:13:be:e9:af:c6:
         8d:c6:66:6a:b2:86:e0:fb:c0:b8:48:c8:64:d1:1f:33:98:ef:
         90:9e:36:21:b2:15:93:16:c4:7d:c5:f3:14:81:24:42:e8:8b:
         f5:bf:72:b3:17:0e:d8:cd:74:59:9a:f0:be:f4:71:f1:d5:b4:
         51:9b:ca:c1:28:bb:d2:a8:a6:ee:cf:73:e9:19:3e:cc:86:6f:
         19:c3:08:24:4d:c7:aa:2a:52:43:f6:84:42:ab:44:41:8e:24:
         16:29:80:30:04:b4:bb:df:e3:1a:a1:5f:48:c0:81:33:78:c6:
         7b:75:c5:0e:40:6c:00:85:36:80:a6:bb:57:c8:55:e9:7e:d5:
         c7:ef:6c:d5:72:69:fd:b6:88:f8:03:35:61:eb:ee:22:5b:ae:
         90:63:81:47:77:1c:d0:5a:52:ae:b2:02:1f:8e:4d:0f:be:95:
         00:a3:65:6e:d3:81:7b:a3:a0:2b:b5:2e:f8:1a:07:f4:f8:24:
         5c:37:81:92
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYlkiVs5e7EgKaKzKezpHjj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwNzE3MTU0NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDUxNjViYWU4ZmFhOTA4NWNhZWQ0NGQxN2I2ZmQ3MWRkMmMxM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvs6KX1jk7MugYossUmrAET4yJKj
fcfdSIvnfWxjDkpcP0pU/3GK3O+JhXD6/UMqHsGCHncrol0YVkNCgLDIrbeTvUG6
zXwWHmTpPEvYW5ak6ZCE0gGmQ5U7/BIU0B6N7JfRE9QlqS6lV1rSfAJZuAg+tNS2
r9o23+9lUka3m78oc55QKUOUWbvWNhZZRBjBk0qsI5Q5uaQQ0Y55pGpxXxmSl094
fZpwZJfoRApO+4Y8jHaHP4P1kpagBZ/7n4YLmMJWF+vKxdsealMVIoa20ezhtInz
YVRiC5EPC5PQC5Fm3T3ZsfKVekC7y6wV/9s8j29rTdorLdRU6GJnX8lBPQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFCBRZbro+qkIXK7UTRe2/XHdLBO9MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvSUZGbHV1ajZxUWhjcnRSTkY3YjljZDBzRTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQBLVd8AwQA
LVd/AwQALYB8AwQAVPxFAwQAwjveAwQAwjxMAwQA1GsZMBQEAgACMA4DBQAqDTxG
AwUAKg8xATANBgkqhkiG9w0BAQsFAAOCAQEAL0Ogh2wb6XIsOME9NGQhd/ojXhyR
l45DSxp13M/2zY4lnZdjmaaIUVOTD5r5eXHk6G8zVw8vnxNjTsNBnMmyRL2qKxO+
6a/GjcZmarKG4PvAuEjIZNEfM5jvkJ42IbIVkxbEfcXzFIEkQuiL9b9ysxcO2M10
WZrwvvRx8dW0UZvKwSi70qim7s9z6Rk+zIZvGcMIJE3HqipSQ/aEQqtEQY4kFimA
MAS0u9/jGqFfSMCBM3jGe3XFDkBsAIU2gKa7V8hV6X7Vx+9s1XJp/baI+AM1Yevu
IluukGOBR3cc0FpSrrICH45ND76VAKNlbtOBe6OgK7Uu+BoH9PgkXDeBkg==
-----END CERTIFICATE-----