Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/8a31f3-7acf-47b4-b97b-fa31e2dc6abb/1/tf1OQRmcE9-MO9TM-A1hONhXBpE.roa
File:                     tf1OQRmcE9-MO9TM-A1hONhXBpE.roa (raw, json)
Hash identifier:          ELPxYLAzJXMoiYPu6nbdbHWuAtELqvCbWSUwwqH+r/U=
Subject key identifier:   B5:FD:4E:41:19:9C:13:DF:8C:3B:D4:CC:F8:0D:61:38:D8:57:06:91
Certificate issuer:       /CN=2ad2fe6466d07094a4256da2cc847083c5006b1a
Certificate serial:       01856F42BB4ED48B45681AC95C25C8B33EA9
Authority key identifier: 2A:D2:FE:64:66:D0:70:94:A4:25:6D:A2:CC:84:70:83:C5:00:6B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KtL-ZGbQcJSkJW2izIRwg8UAaxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/8a31f3-7acf-47b4-b97b-fa31e2dc6abb/1/tf1OQRmcE9-MO9TM-A1hONhXBpE.roa
Signing time:             Sun 01 Jan 2023 21:35:22 +0000
ROA not before:           Sun 01 Jan 2023 21:35:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49720
IP address blocks:        185.168.129.0/24 maxlen: 24
                          185.168.128.0/24 maxlen: 24
                          185.168.128.0/22 maxlen: 22
                          185.168.130.0/23 maxlen: 23
                          185.250.20.0/22 maxlen: 22
                          185.250.20.0/24 maxlen: 24
                          185.250.22.0/24 maxlen: 24
                          185.250.21.0/24 maxlen: 24
                          185.250.23.0/24 maxlen: 24
                          2a0a:701::/32 maxlen: 32
                          2a0a:704::/32 maxlen: 32
                          2a0a:700::/32 maxlen: 32
                          2a0a:702::/32 maxlen: 32
                          2a0a:705::/32 maxlen: 32
                          2a0a:706::/32 maxlen: 32
                          2a0a:703::/32 maxlen: 32
                          2a0a:707::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:42:bb:4e:d4:8b:45:68:1a:c9:5c:25:c8:b3:3e:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ad2fe6466d07094a4256da2cc847083c5006b1a
        Validity
            Not Before: Jan  1 21:35:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b5fd4e41199c13df8c3bd4ccf80d6138d8570691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:bf:a0:57:53:6e:80:fa:f9:74:74:a8:ac:0f:
                    24:42:e0:59:ee:92:32:1c:7d:31:6d:3f:e7:d9:af:
                    03:8e:b8:ac:90:4b:e2:f1:ed:d9:f0:6e:5a:66:b0:
                    96:47:73:9e:75:ef:df:2b:e8:6b:6c:b3:80:78:da:
                    2e:a0:af:00:e4:dd:74:b6:35:ae:9f:51:5c:31:cf:
                    0b:71:f5:9e:fe:a8:a1:e0:3e:f6:f6:47:d8:89:25:
                    ae:74:33:7c:1e:ec:12:b9:cf:48:9b:7b:d2:f2:97:
                    e3:d7:2e:24:09:94:af:66:7e:80:07:a9:8d:93:b7:
                    99:9f:d1:a4:a3:db:af:0f:2a:fa:98:77:39:fe:b4:
                    d1:9b:87:6e:38:a7:da:26:c8:48:e1:30:f1:d4:0b:
                    e3:bb:fe:6a:c8:e2:13:f1:de:57:31:1f:e6:19:fd:
                    c0:15:ea:f0:80:eb:f7:b9:c6:0e:40:24:e9:15:b4:
                    b4:c1:06:0f:e8:fa:8c:36:48:fa:81:65:c8:f6:26:
                    b9:32:ea:be:68:23:f3:3c:18:c0:2e:c4:b0:c6:2f:
                    f9:d9:64:01:16:0b:b0:1d:d9:86:9c:7c:c9:53:f9:
                    36:98:41:93:68:a7:c6:3f:26:4b:40:be:2d:ce:14:
                    9e:b5:9f:79:ee:87:36:0a:73:f4:47:85:17:12:7c:
                    5d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:FD:4E:41:19:9C:13:DF:8C:3B:D4:CC:F8:0D:61:38:D8:57:06:91
            X509v3 Authority Key Identifier:
                keyid:2A:D2:FE:64:66:D0:70:94:A4:25:6D:A2:CC:84:70:83:C5:00:6B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KtL-ZGbQcJSkJW2izIRwg8UAaxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8a31f3-7acf-47b4-b97b-fa31e2dc6abb/1/tf1OQRmcE9-MO9TM-A1hONhXBpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8a31f3-7acf-47b4-b97b-fa31e2dc6abb/1/KtL-ZGbQcJSkJW2izIRwg8UAaxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.128.0/22
                  185.250.20.0/22
                IPv6:
                  2a0a:700::/29

    Signature Algorithm: sha256WithRSAEncryption
         ba:ab:5f:96:da:21:19:50:4b:c3:1e:b9:35:72:2a:76:b2:2d:
         6d:09:48:2e:14:5e:a3:b3:1f:38:a8:3b:16:87:0e:8b:01:a1:
         7c:80:4a:cd:67:ba:89:83:5a:1d:65:2b:6e:1e:1c:0b:02:da:
         6b:11:15:fb:a7:ce:d6:2a:34:a0:11:7c:95:fa:40:0d:44:a4:
         57:4f:cd:f1:73:8c:27:e4:2b:93:c5:81:f8:0d:f0:8e:b7:99:
         e9:89:8b:74:2c:ce:4b:fe:92:c4:20:69:6e:95:61:53:d7:83:
         7e:9b:75:d3:70:97:23:1a:b1:aa:32:f4:17:f7:3a:7c:62:0b:
         8a:2a:a5:ba:37:13:3e:34:1c:f4:a5:db:7a:23:84:6b:cf:e3:
         89:5e:d6:74:3b:27:28:76:53:e7:90:d5:9e:f7:17:13:b2:22:
         e7:d5:3e:a4:7f:9e:bb:a2:43:b3:8d:e3:8c:1a:ca:c8:1b:14:
         e2:e2:19:c0:89:22:c1:9e:db:99:c0:df:8c:cc:f6:b6:0f:20:
         03:b5:da:87:b5:f2:3d:4e:03:04:3d:82:40:37:02:f4:af:a1:
         68:43:bf:56:9c:2e:b7:3a:4b:65:58:11:c0:eb:9b:16:e5:09:
         3c:a7:2b:05:44:98:3f:96:f3:76:95:8c:43:62:da:f0:40:2f:
         2b:f1:8f:b2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVvQrtO1ItFaBrJXCXIsz6pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZDJmZTY0NjZkMDcwOTRhNDI1NmRhMmNjODQ3MDgzYzUw
MDZiMWEwHhcNMjMwMTAxMjEzNTIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWZkNGU0MTE5OWMxM2RmOGMzYmQ0Y2NmODBkNjEzOGQ4NTcwNjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1r+gV1NugPr5dHSorA8kQuBZ7pIy
HH0xbT/n2a8DjriskEvi8e3Z8G5aZrCWR3Oede/fK+hrbLOAeNouoK8A5N10tjWu
n1FcMc8LcfWe/qih4D729kfYiSWudDN8HuwSuc9Im3vS8pfj1y4kCZSvZn6AB6mN
k7eZn9Gko9uvDyr6mHc5/rTRm4duOKfaJshI4TDx1Avju/5qyOIT8d5XMR/mGf3A
FerwgOv3ucYOQCTpFbS0wQYP6PqMNkj6gWXI9ia5Muq+aCPzPBjALsSwxi/52WQB
FguwHdmGnHzJU/k2mEGTaKfGPyZLQL4tzhSetZ957oc2CnP0R4UXEnxdgQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLX9TkEZnBPfjDvUzPgNYTjYVwaRMB8GA1UdIwQY
MBaAFCrS/mRm0HCUpCVtosyEcIPFAGsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3RMLVpHYlFjSlNrSlcyaXpJUndnOFVBYXhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC84YTMxZjMtN2FjZi00N2I0LWI5N2It
ZmEzMWUyZGM2YWJiLzEvdGYxT1FSbWNFOS1NTzlUTS1BMWhPTmhYQnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC84YTMxZjMtN2FjZi00N2I0LWI5N2ItZmEzMWUyZGM2YWJi
LzEvS3RMLVpHYlFjSlNrSlcyaXpJUndnOFVBYXhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuaiAAwQC
ufoUMA0EAgACMAcDBQMqCgcAMA0GCSqGSIb3DQEBCwUAA4IBAQC6q1+W2iEZUEvD
Hrk1cip2si1tCUguFF6jsx84qDsWhw6LAaF8gErNZ7qJg1odZStuHhwLAtprERX7
p87WKjSgEXyV+kANRKRXT83xc4wn5CuTxYH4DfCOt5npiYt0LM5L/pLEIGlulWFT
14N+m3XTcJcjGrGqMvQX9zp8YguKKqW6NxM+NBz0pdt6I4Rrz+OJXtZ0OycodlPn
kNWe9xcTsiLn1T6kf567okOzjeOMGsrIGxTi4hnAiSLBntuZwN+MzPa2DyADtdqH
tfI9TgMEPYJANwL0r6FoQ79WnC63OktlWBHA65sW5Qk8pysFRJg/lvN2lYxDYtrw
QC8r8Y+y
-----END CERTIFICATE-----