Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/AF-NWGKmn8jWTqR-2qf8Po_muLg.roa
File:                     AF-NWGKmn8jWTqR-2qf8Po_muLg.roa (raw, json)
Hash identifier:          bMwSd+t9cqlRkBWFfmZ40Cer5bUgUPZH1mEnN41HlW0=
Subject key identifier:   00:5F:8D:58:62:A6:9F:C8:D6:4E:A4:7E:DA:A7:FC:3E:8F:E6:B8:B8
Certificate issuer:       /CN=e842a46658c1d01bac8d43961c6b49e788e3ccc3
Certificate serial:       01856D7891A1049C440A18980524BFBEE17E
Authority key identifier: E8:42:A4:66:58:C1:D0:1B:AC:8D:43:96:1C:6B:49:E7:88:E3:CC:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EKkZljB0BusjUOWHGtJ54jjzMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/AF-NWGKmn8jWTqR-2qf8Po_muLg.roa
Signing time:             Sun 01 Jan 2023 13:14:56 +0000
ROA not before:           Sun 01 Jan 2023 13:14:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200148
IP address blocks:        185.52.112.0/22 maxlen: 24
                          185.36.128.0/22 maxlen: 24
                          85.115.196.0/22 maxlen: 22
                          194.55.148.0/22 maxlen: 24
                          188.94.80.0/22 maxlen: 24
                          2.59.16.0/22 maxlen: 24
                          185.53.192.0/22 maxlen: 24
                          5.180.236.0/22 maxlen: 24
                          185.138.216.0/22 maxlen: 24
                          185.127.36.0/22 maxlen: 24
                          185.100.176.0/22 maxlen: 24
                          212.102.110.0/24 maxlen: 24
                          185.251.136.0/22 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:78:91:a1:04:9c:44:0a:18:98:05:24:bf:be:e1:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e842a46658c1d01bac8d43961c6b49e788e3ccc3
        Validity
            Not Before: Jan  1 13:14:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=005f8d5862a69fc8d64ea47edaa7fc3e8fe6b8b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ab:c4:18:aa:0c:47:c2:e4:65:5d:15:d7:61:
                    2c:eb:8a:a8:88:6c:98:62:a2:3b:e2:e0:ef:f9:9e:
                    64:6f:80:4c:3d:f9:41:85:5c:3f:ce:cb:36:aa:71:
                    50:d9:48:b3:27:c7:9e:c1:9e:48:8e:99:1c:90:c3:
                    aa:bf:18:c1:47:2b:bc:72:34:fd:1e:5a:37:43:0f:
                    11:19:6c:a4:c2:65:33:c2:c0:99:fe:27:dc:4e:6b:
                    ae:44:98:c4:bb:7f:d7:93:31:b4:5a:1c:17:32:c5:
                    50:84:f6:13:cf:f6:80:09:e0:3e:24:ca:f8:e3:d0:
                    5a:e4:6a:dd:eb:92:12:e5:a8:8a:11:78:88:03:75:
                    ec:4c:af:72:57:d6:f4:94:86:f0:f6:bf:82:94:48:
                    71:06:26:27:93:27:4c:79:85:03:32:49:13:1a:7c:
                    a5:1e:1f:de:ef:56:15:a2:5e:09:82:1f:f7:76:ab:
                    62:90:a9:4d:15:6f:71:c0:d5:bb:fa:75:0a:f2:16:
                    78:06:9c:d6:89:54:a5:c6:6c:55:14:3a:f5:18:b9:
                    32:7a:f3:e8:f3:57:f7:3f:15:b6:3a:63:61:e7:35:
                    ff:7d:bb:c0:51:a0:c8:bf:8b:2c:f5:99:54:97:b8:
                    83:84:df:07:3c:84:46:f9:84:e7:de:72:bc:c2:61:
                    bd:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:5F:8D:58:62:A6:9F:C8:D6:4E:A4:7E:DA:A7:FC:3E:8F:E6:B8:B8
            X509v3 Authority Key Identifier:
                keyid:E8:42:A4:66:58:C1:D0:1B:AC:8D:43:96:1C:6B:49:E7:88:E3:CC:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EKkZljB0BusjUOWHGtJ54jjzMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/AF-NWGKmn8jWTqR-2qf8Po_muLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/cd092e-6beb-4037-8a5a-fae8d42ae5e5/1/6EKkZljB0BusjUOWHGtJ54jjzMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.16.0/22
                  5.180.236.0/22
                  85.115.196.0/22
                  185.36.128.0/22
                  185.52.112.0/22
                  185.53.192.0/22
                  185.100.176.0/22
                  185.127.36.0/22
                  185.138.216.0/22
                  185.251.136.0/22
                  188.94.80.0/22
                  194.55.148.0/22
                  212.102.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:c0:14:f7:e9:d2:36:eb:99:7a:29:e8:f5:b9:46:8e:f7:cf:
         9d:69:df:5b:42:82:cf:c5:4a:78:19:fc:1e:0a:7a:e3:3a:c6:
         31:54:4b:12:07:6a:26:8c:ea:b9:52:98:0e:f4:c2:2a:52:ce:
         41:ec:fb:d7:27:69:cb:f1:2d:9d:93:f0:0c:54:53:b8:0f:ca:
         cf:dc:9a:32:5c:60:15:57:9e:cc:25:22:72:e3:e6:b7:ac:63:
         2c:aa:e6:23:af:62:55:e2:79:0d:48:f9:19:05:af:9e:80:35:
         35:52:71:af:dc:8d:33:be:01:1d:f4:4c:26:ee:76:54:fc:2f:
         f3:d3:59:d7:70:31:9a:67:2e:d9:73:23:ef:49:54:71:0e:31:
         1f:40:a7:b3:b4:98:69:c7:2b:6a:75:2e:46:8a:5e:59:b4:7b:
         47:35:32:59:1c:1b:33:f2:d9:2a:93:b1:8a:d4:28:2c:e6:17:
         10:51:60:bf:d8:c4:5b:86:1d:fd:5d:cc:e1:16:f5:ae:20:35:
         cf:c8:41:06:b2:c0:49:4a:2a:3c:e7:c8:d5:67:e2:d3:6c:39:
         05:6d:73:f4:0a:d8:04:77:97:a1:db:35:05:cb:05:a2:ff:94:
         f0:6c:d8:5d:64:06:53:c3:87:ca:13:3a:06:0c:20:01:33:8f:
         49:5b:6d:a2
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYVteJGhBJxEChiYBSS/vuF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDJhNDY2NThjMWQwMWJhYzhkNDM5NjFjNmI0OWU3ODhl
M2NjYzMwHhcNMjMwMTAxMTMxNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDVmOGQ1ODYyYTY5ZmM4ZDY0ZWE0N2VkYWE3ZmMzZThmZTZiOGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqvEGKoMR8LkZV0V12Es64qoiGyY
YqI74uDv+Z5kb4BMPflBhVw/zss2qnFQ2UizJ8eewZ5IjpkckMOqvxjBRyu8cjT9
Hlo3Qw8RGWykwmUzwsCZ/ifcTmuuRJjEu3/XkzG0WhwXMsVQhPYTz/aACeA+JMr4
49Ba5Grd65IS5aiKEXiIA3XsTK9yV9b0lIbw9r+ClEhxBiYnkydMeYUDMkkTGnyl
Hh/e71YVol4Jgh/3dqtikKlNFW9xwNW7+nUK8hZ4BpzWiVSlxmxVFDr1GLkyevPo
81f3PxW2OmNh5zX/fbvAUaDIv4ss9ZlUl7iDhN8HPIRG+YTn3nK8wmG9nQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFABfjVhipp/I1k6kftqn/D6P5ri4MB8GA1UdIwQY
MBaAFOhCpGZYwdAbrI1DlhxrSeeI48zDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVLa1psakIwQnVzalVPV0hHdEo1NGpqek1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9jZDA5MmUtNmJlYi00MDM3LThhNWEt
ZmFlOGQ0MmFlNWU1LzEvQUYtTldHS21uOGpXVHFSLTJxZjhQb19tdUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9jZDA5MmUtNmJlYi00MDM3LThhNWEtZmFlOGQ0MmFlNWU1
LzEvNkVLa1psakIwQnVzalVPV0hHdEo1NGpqek1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQCAjsQAwQC
BbTsAwQCVXPEAwQCuSSAAwQCuTRwAwQCuTXAAwQCuWSwAwQCuX8kAwQCuYrYAwQC
ufuIAwQCvF5QAwQCwjeUAwQA1GZuMA0GCSqGSIb3DQEBCwUAA4IBAQBiwBT36dI2
65l6Kej1uUaO98+dad9bQoLPxUp4GfweCnrjOsYxVEsSB2omjOq5UpgO9MIqUs5B
7PvXJ2nL8S2dk/AMVFO4D8rP3JoyXGAVV57MJSJy4+a3rGMsquYjr2JV4nkNSPkZ
Ba+egDU1UnGv3I0zvgEd9Ewm7nZU/C/z01nXcDGaZy7ZcyPvSVRxDjEfQKeztJhp
xytqdS5Gil5ZtHtHNTJZHBsz8tkqk7GK1Cgs5hcQUWC/2MRbhh39XczhFvWuIDXP
yEEGssBJSio858jVZ+LTbDkFbXP0CtgEd5eh2zUFywWi/5TwbNhdZAZTw4fKEzoG
DCABM49JW22i
-----END CERTIFICATE-----