Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/ogxWQUCA7o8hisTxy13VGZbWnNA.roa
File:                     ogxWQUCA7o8hisTxy13VGZbWnNA.roa (raw, json)
Hash identifier:          VUgatG6+LNKZpVvfhe3HDGbLxWBU/XnCe2revAql9Jw=
Subject key identifier:   A2:0C:56:41:40:80:EE:8F:21:8A:C4:F1:CB:5D:D5:19:96:D6:9C:D0
Certificate issuer:       /CN=43dfc066ce7cd3e382574a68667973b0b468df3c
Certificate serial:       0185706736483F635E4A57ED4CB0701140D4
Authority key identifier: 43:DF:C0:66:CE:7C:D3:E3:82:57:4A:68:66:79:73:B0:B4:68:DF:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9_AZs580-OCV0poZnlzsLRo3zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/ogxWQUCA7o8hisTxy13VGZbWnNA.roa
Signing time:             Mon 02 Jan 2023 02:54:50 +0000
ROA not before:           Mon 02 Jan 2023 02:54:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197564
IP address blocks:        213.108.24.0/24 maxlen: 24
                          213.108.25.0/24 maxlen: 24
                          45.155.96.0/22 maxlen: 22
                          45.155.99.0/24 maxlen: 24
                          91.226.36.0/23 maxlen: 23
                          2a10:ba00:bee4::/48 maxlen: 48
                          2a10:ba00:bee2::/48 maxlen: 48
                          2001:67c:124c::/48 maxlen: 48
                          2a10:ba00:bee0::/48 maxlen: 48
                          2a10:ba00:bee3::/48 maxlen: 48
                          2a10:ba00:bee1::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:67:36:48:3f:63:5e:4a:57:ed:4c:b0:70:11:40:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43dfc066ce7cd3e382574a68667973b0b468df3c
        Validity
            Not Before: Jan  2 02:54:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a20c56414080ee8f218ac4f1cb5dd51996d69cd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9d:83:48:cd:24:71:e7:15:bb:e2:12:93:7a:
                    ea:12:e0:43:f5:29:61:cf:ba:1b:f0:84:c1:45:ad:
                    9c:33:43:30:e0:32:d2:41:49:8f:20:e3:f7:a0:77:
                    40:fe:ee:a1:85:b4:ea:f7:96:5b:e1:9e:18:ee:54:
                    5a:24:6b:98:48:64:dc:6b:4d:c8:db:26:13:f6:42:
                    45:22:d3:e2:d4:a8:22:c7:48:0d:b8:e2:ad:4b:c6:
                    1e:ca:42:44:cc:17:17:95:09:47:d6:12:85:78:23:
                    45:f5:bf:df:ce:7a:f6:28:66:8c:e3:5a:bc:31:0d:
                    61:0e:26:de:25:c1:23:88:ff:e7:a5:f1:91:33:03:
                    c7:c5:e4:30:cb:ba:2f:d3:e3:bf:bb:a4:b0:ee:59:
                    e1:ff:1a:57:bf:c6:1f:45:da:2e:82:ca:91:f6:83:
                    52:01:a5:b9:15:5e:00:9c:d2:ea:13:5a:8e:22:c7:
                    f7:ec:94:55:2b:2f:f0:7d:09:1d:65:13:7b:58:3d:
                    f3:cf:c6:7b:84:b1:c4:0c:35:d2:1b:b6:e0:1d:15:
                    69:7b:10:4f:d2:8d:3b:e0:3d:33:bd:b2:3c:8b:da:
                    3a:de:4c:d1:f1:f1:1a:7c:94:11:77:f0:07:98:43:
                    f6:10:1e:44:1d:24:51:cb:81:b4:b2:2b:9d:79:57:
                    02:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0C:56:41:40:80:EE:8F:21:8A:C4:F1:CB:5D:D5:19:96:D6:9C:D0
            X509v3 Authority Key Identifier:
                keyid:43:DF:C0:66:CE:7C:D3:E3:82:57:4A:68:66:79:73:B0:B4:68:DF:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9_AZs580-OCV0poZnlzsLRo3zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/ogxWQUCA7o8hisTxy13VGZbWnNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1636f8-5026-404e-a1ae-2509743ad29e/1/Q9_AZs580-OCV0poZnlzsLRo3zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.96.0/22
                  91.226.36.0/23
                  213.108.24.0/23
                IPv6:
                  2001:67c:124c::/48
                  2a10:ba00:bee0::-2a10:ba00:bee4:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         22:6c:db:b6:61:cc:bc:c7:ae:77:82:55:03:36:36:ac:a5:d4:
         8d:03:e1:a9:1f:54:88:38:dd:fe:cd:05:7e:78:37:52:cd:60:
         68:ca:92:d7:e7:57:69:67:54:f0:c1:7a:bc:70:e7:e4:fb:84:
         90:a8:37:4d:cd:f4:d6:99:12:6f:7a:c6:f8:de:44:62:29:5a:
         0d:03:36:8a:9c:d9:02:81:49:77:21:5d:d9:89:f8:81:87:27:
         41:7f:9c:5e:40:63:57:ec:08:57:f1:d4:4d:4f:49:bc:2b:d2:
         80:8b:84:bc:32:f2:86:03:d4:ce:f1:4a:c0:3f:56:05:75:ab:
         15:19:b5:c9:1c:c7:04:86:75:0e:82:cc:4b:18:f6:86:80:7f:
         c8:28:a9:3c:3d:46:65:2c:69:fc:79:ca:2e:4a:a2:2a:cd:56:
         bc:9c:c6:f6:b1:6b:49:cd:0a:ca:43:a0:e5:47:d7:7e:10:36:
         53:ae:0e:ec:bf:71:a1:8f:ad:60:36:97:16:b2:78:ce:e3:af:
         b5:e7:de:f7:df:44:d0:03:4f:a9:c9:18:d7:d4:91:1f:ea:1c:
         60:cf:40:1e:a8:53:cd:d1:45:e1:22:89:7c:b4:4f:44:60:51:
         8d:b6:f4:6e:ae:28:50:41:b1:e9:61:f6:82:16:8b:ad:3d:c7:
         95:0a:21:a6
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYVwZzZIP2NeSlftTLBwEUDUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZGZjMDY2Y2U3Y2QzZTM4MjU3NGE2ODY2Nzk3M2IwYjQ2
OGRmM2MwHhcNMjMwMTAyMDI1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjBjNTY0MTQwODBlZThmMjE4YWM0ZjFjYjVkZDUxOTk2ZDY5Y2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj52DSM0kcecVu+ISk3rqEuBD9Slh
z7ob8ITBRa2cM0Mw4DLSQUmPIOP3oHdA/u6hhbTq95Zb4Z4Y7lRaJGuYSGTca03I
2yYT9kJFItPi1Kgix0gNuOKtS8YeykJEzBcXlQlH1hKFeCNF9b/fznr2KGaM41q8
MQ1hDibeJcEjiP/npfGRMwPHxeQwy7ov0+O/u6Sw7lnh/xpXv8YfRdougsqR9oNS
AaW5FV4AnNLqE1qOIsf37JRVKy/wfQkdZRN7WD3zz8Z7hLHEDDXSG7bgHRVpexBP
0o074D0zvbI8i9o63kzR8fEafJQRd/AHmEP2EB5EHSRRy4G0siudeVcC3wIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFKIMVkFAgO6PIYrE8ctd1RmW1pzQMB8GA1UdIwQY
MBaAFEPfwGbOfNPjgldKaGZ5c7C0aN88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlfQVpzNTgwLU9DVjBwb1pubHpzTFJvM3p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xNjM2ZjgtNTAyNi00MDRlLWExYWUt
MjUwOTc0M2FkMjllLzEvb2d4V1FVQ0E3bzhoaXNUeHkxM1ZHWmJXbk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xNjM2ZjgtNTAyNi00MDRlLWExYWUtMjUwOTc0M2FkMjll
LzEvUTlfQVpzNTgwLU9DVjBwb1pubHpzTFJvM3p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAYBAIAATASAwQCLZtgAwQB
W+IkAwQB1WwYMCMEAgACMB0DBwAgAQZ8EkwwEgMHBSoQugC+4AMHACoQugC+5DAN
BgkqhkiG9w0BAQsFAAOCAQEAImzbtmHMvMeud4JVAzY2rKXUjQPhqR9UiDjd/s0F
fng3Us1gaMqS1+dXaWdU8MF6vHDn5PuEkKg3Tc301pkSb3rG+N5EYilaDQM2ipzZ
AoFJdyFd2Yn4gYcnQX+cXkBjV+wIV/HUTU9JvCvSgIuEvDLyhgPUzvFKwD9WBXWr
FRm1yRzHBIZ1DoLMSxj2hoB/yCipPD1GZSxp/HnKLkqiKs1WvJzG9rFrSc0KykOg
5UfXfhA2U64O7L9xoY+tYDaXFrJ4zuOvtefe999E0ANPqckY19SRH+ocYM9AHqhT
zdFF4SKJfLRPRGBRjbb0bq4oUEGx6WH2ghaLrT3HlQohpg==
-----END CERTIFICATE-----