Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/8e7d77-89c8-452c-a9bf-bc5f897c724a/1/1GJtpKUmRZrBzreT82j7LG8coHU.roa
File:                     1GJtpKUmRZrBzreT82j7LG8coHU.roa (raw, json)
Hash identifier:          /X1KkcQbvEuZxmoxXp7ej891gPOpXfYv1EzEdjQ6A00=
Subject key identifier:   D4:62:6D:A4:A5:26:45:9A:C1:CE:B7:93:F3:68:FB:2C:6F:1C:A0:75
Certificate issuer:       /CN=d2d38f4597051b6c0ddf1bb866ae4e94703e155e
Certificate serial:       01856F38F5E491AFF2DF65AAC24A74138CFE
Authority key identifier: D2:D3:8F:45:97:05:1B:6C:0D:DF:1B:B8:66:AE:4E:94:70:3E:15:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0tOPRZcFG2wN3xu4Zq5OlHA-FV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/8e7d77-89c8-452c-a9bf-bc5f897c724a/1/1GJtpKUmRZrBzreT82j7LG8coHU.roa
Signing time:             Sun 01 Jan 2023 21:24:41 +0000
ROA not before:           Sun 01 Jan 2023 21:24:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49724
IP address blocks:        91.215.220.0/24 maxlen: 24
                          91.215.220.0/22 maxlen: 22
                          91.215.222.0/23 maxlen: 23
                          91.215.221.0/24 maxlen: 24
                          188.0.160.0/20 maxlen: 20
                          188.0.162.0/24 maxlen: 24
                          188.0.160.0/19 maxlen: 19
                          188.0.169.0/24 maxlen: 24
                          188.0.166.0/23 maxlen: 23
                          188.0.175.0/24 maxlen: 24
                          188.0.176.0/21 maxlen: 21
                          188.0.183.0/24 maxlen: 24
                          188.0.180.0/24 maxlen: 24
                          188.0.186.0/24 maxlen: 24
                          188.0.184.0/22 maxlen: 22
                          188.0.189.0/24 maxlen: 24
                          188.0.190.0/23 maxlen: 23
                          188.0.188.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:38:f5:e4:91:af:f2:df:65:aa:c2:4a:74:13:8c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2d38f4597051b6c0ddf1bb866ae4e94703e155e
        Validity
            Not Before: Jan  1 21:24:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d4626da4a526459ac1ceb793f368fb2c6f1ca075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:30:af:2b:dc:d3:1b:3b:83:63:9a:66:9d:da:
                    e7:cf:7b:8d:0d:71:9b:86:da:f7:f7:2e:58:64:a5:
                    41:d3:aa:52:e4:a8:f3:19:f2:43:84:49:9d:c4:4e:
                    7d:6d:a8:9e:ce:46:b9:ca:04:14:be:b1:08:f8:f8:
                    8a:61:b0:f4:05:97:a3:4c:2a:e7:34:38:6f:b3:49:
                    3b:a9:26:69:a8:7d:eb:5d:ad:fe:7b:ac:d6:26:58:
                    21:54:ff:ba:37:b6:90:62:8c:91:29:52:50:fa:bc:
                    78:e8:c7:da:bc:f3:81:ba:09:0f:4f:e7:2c:cf:94:
                    a6:06:46:4c:02:d8:c0:16:fb:0b:1c:a3:6f:16:94:
                    bf:ae:f7:0d:d5:23:7c:cb:c7:dd:34:21:2a:c8:4f:
                    8e:ff:06:c8:4a:b3:fe:e3:4e:ee:f6:2a:b3:fa:0d:
                    e1:1a:d9:8a:79:2a:72:01:bd:11:98:c2:ed:ae:4c:
                    05:a0:8f:0b:20:c3:ed:eb:9e:8d:f8:29:99:16:56:
                    93:98:b9:9b:88:fb:3e:fc:d0:68:5e:bc:16:80:33:
                    44:d4:0a:57:81:4b:1f:25:51:4f:da:40:99:05:bd:
                    fa:b2:94:90:14:37:02:ee:2e:14:e4:e9:c2:88:13:
                    f9:20:55:f3:3b:43:6c:34:ec:87:39:01:0c:51:e0:
                    b4:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:62:6D:A4:A5:26:45:9A:C1:CE:B7:93:F3:68:FB:2C:6F:1C:A0:75
            X509v3 Authority Key Identifier:
                keyid:D2:D3:8F:45:97:05:1B:6C:0D:DF:1B:B8:66:AE:4E:94:70:3E:15:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0tOPRZcFG2wN3xu4Zq5OlHA-FV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/8e7d77-89c8-452c-a9bf-bc5f897c724a/1/1GJtpKUmRZrBzreT82j7LG8coHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/8e7d77-89c8-452c-a9bf-bc5f897c724a/1/0tOPRZcFG2wN3xu4Zq5OlHA-FV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.220.0/22
                  188.0.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         7a:71:82:b9:80:fa:73:c8:3b:07:7a:eb:4f:d0:b9:ce:1d:34:
         6c:aa:3c:8b:08:f3:9b:7d:fe:d6:79:d1:c3:3d:08:05:08:fa:
         9b:3f:01:8b:33:6b:43:2c:c2:ef:4d:93:3d:f8:47:6b:30:14:
         33:59:b7:af:3a:7d:f3:5e:2d:5d:b3:db:fc:81:d4:3b:29:8f:
         42:10:0b:a3:a8:fc:a9:3f:66:d1:b0:c8:b0:5e:19:e2:01:4e:
         1b:60:b9:6d:a5:e2:2a:c3:b1:84:85:45:81:00:85:8f:83:3b:
         91:65:6e:14:55:3f:77:24:bb:70:42:45:6d:f1:95:60:b5:3c:
         7b:6c:c0:f0:0f:f4:9c:88:09:a3:05:a3:e7:f9:24:f8:0f:06:
         1d:1e:f1:30:18:dc:ce:75:ab:3f:28:da:65:d4:4c:fe:cd:3c:
         b4:cc:9f:5a:14:7b:72:d2:10:84:ca:58:0e:70:6e:1d:b6:13:
         0a:b4:90:1c:c3:77:b5:fa:02:e7:b5:55:f1:27:93:a7:e4:a6:
         e3:fc:c7:34:7a:8b:09:07:14:ea:c0:b3:f5:c1:b2:e1:d7:bb:
         ad:13:35:75:6e:7e:17:de:fe:62:48:48:92:15:64:84:0b:e0:
         f9:dd:13:9e:18:68:dd:f8:89:a0:07:23:48:b4:ee:ff:b5:72:
         fa:7c:d9:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvOPXkka/y32Wqwkp0E4z+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZDM4ZjQ1OTcwNTFiNmMwZGRmMWJiODY2YWU0ZTk0NzAz
ZTE1NWUwHhcNMjMwMTAxMjEyNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDYyNmRhNGE1MjY0NTlhYzFjZWI3OTNmMzY4ZmIyYzZmMWNhMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TCvK9zTGzuDY5pmndrnz3uNDXGb
htr39y5YZKVB06pS5KjzGfJDhEmdxE59baiezka5ygQUvrEI+PiKYbD0BZejTCrn
NDhvs0k7qSZpqH3rXa3+e6zWJlghVP+6N7aQYoyRKVJQ+rx46MfavPOBugkPT+cs
z5SmBkZMAtjAFvsLHKNvFpS/rvcN1SN8y8fdNCEqyE+O/wbISrP+407u9iqz+g3h
GtmKeSpyAb0RmMLtrkwFoI8LIMPt656N+CmZFlaTmLmbiPs+/NBoXrwWgDNE1ApX
gUsfJVFP2kCZBb36spSQFDcC7i4U5OnCiBP5IFXzO0NsNOyHOQEMUeC0rwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNRibaSlJkWawc63k/No+yxvHKB1MB8GA1UdIwQY
MBaAFNLTj0WXBRtsDd8buGauTpRwPhVeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHRPUFJaY0ZHMndOM3h1NFpxNU9sSEEtRlY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi84ZTdkNzctODljOC00NTJjLWE5YmYt
YmM1Zjg5N2M3MjRhLzEvMUdKdHBLVW1SWnJCenJlVDgyajdMRzhjb0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi84ZTdkNzctODljOC00NTJjLWE5YmYtYmM1Zjg5N2M3MjRh
LzEvMHRPUFJaY0ZHMndOM3h1NFpxNU9sSEEtRlY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9fcAwQF
vACgMA0GCSqGSIb3DQEBCwUAA4IBAQB6cYK5gPpzyDsHeutP0LnOHTRsqjyLCPOb
ff7WedHDPQgFCPqbPwGLM2tDLMLvTZM9+EdrMBQzWbevOn3zXi1ds9v8gdQ7KY9C
EAujqPypP2bRsMiwXhniAU4bYLltpeIqw7GEhUWBAIWPgzuRZW4UVT93JLtwQkVt
8ZVgtTx7bMDwD/SciAmjBaPn+ST4DwYdHvEwGNzOdas/KNpl1Ez+zTy0zJ9aFHty
0hCEylgOcG4dthMKtJAcw3e1+gLntVXxJ5On5Kbj/Mc0eosJBxTqwLP1wbLh17ut
EzV1bn4X3v5iSEiSFWSEC+D53ROeGGjd+ImgByNItO7/tXL6fNk+
-----END CERTIFICATE-----