Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/FJT4X1Bti7Sr0lXb0HYfLGhmU8w.roa
File:                     FJT4X1Bti7Sr0lXb0HYfLGhmU8w.roa (raw, json)
Hash identifier:          48h+TkbdlMaKVa8/vbuQHfp3WP9WXxQhFA2C04Tu9eI=
Subject key identifier:   14:94:F8:5F:50:6D:8B:B4:AB:D2:55:DB:D0:76:1F:2C:68:66:53:CC
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       01887395D763520CAAC899A416E931A43CE1
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/FJT4X1Bti7Sr0lXb0HYfLGhmU8w.roa
Signing time:             Wed 31 May 2023 20:52:59 +0000
ROA not before:           Wed 31 May 2023 20:52:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        89.187.9.0/24 maxlen: 24
                          89.187.8.0/24 maxlen: 24
                          89.187.10.0/24 maxlen: 24
                          89.187.7.0/24 maxlen: 24
                          89.187.6.0/24 maxlen: 24
                          89.187.16.0/24 maxlen: 24
                          89.187.15.0/24 maxlen: 24
                          89.187.17.0/24 maxlen: 24
                          89.187.12.0/24 maxlen: 24
                          89.187.14.0/24 maxlen: 24
                          89.187.13.0/24 maxlen: 24
                          89.187.18.0/24 maxlen: 24
                          89.187.22.0/24 maxlen: 24
                          89.187.19.0/24 maxlen: 24
                          89.187.20.0/24 maxlen: 24
                          89.187.29.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:73:95:d7:63:52:0c:aa:c8:99:a4:16:e9:31:a4:3c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: May 31 20:52:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1494f85f506d8bb4abd255dbd0761f2c686653cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f1:cb:28:38:16:28:05:00:28:56:cb:0d:6e:
                    bc:32:ad:2f:24:4b:55:99:ed:64:26:64:42:9f:77:
                    03:fe:49:32:df:37:a2:ce:24:44:89:c7:b1:80:a9:
                    2f:59:ca:de:0b:c0:14:c8:4a:34:ba:2b:dd:7b:91:
                    e5:5e:49:ec:47:02:87:d6:3d:d0:5b:a6:ec:34:a0:
                    4b:90:cf:95:7c:b5:af:04:ff:8e:3c:e9:1a:db:87:
                    35:ba:02:3f:75:bf:d4:6b:bc:3d:7c:a0:41:7d:be:
                    66:dc:84:7b:4d:27:b9:a6:5c:da:36:0a:9b:ff:1e:
                    4d:d8:7f:17:74:ff:5b:94:a4:d8:ef:59:b5:30:ba:
                    38:e9:be:f1:1c:72:b6:1a:98:cf:58:e8:e6:67:27:
                    c9:50:b6:16:75:d0:ff:c7:29:de:e7:91:c1:e4:8f:
                    84:2c:13:a9:8e:d0:c2:73:2d:0b:58:1f:74:8d:b2:
                    88:30:6d:6c:b4:ce:34:03:25:a6:63:32:46:c9:2f:
                    5e:11:6b:b2:1c:2e:0c:b1:6c:75:41:cf:e9:3e:9d:
                    06:b8:8a:b9:b7:3f:f2:35:f2:7c:ee:d3:34:af:8a:
                    20:32:39:ae:da:1d:19:0a:0b:aa:39:9f:53:25:5f:
                    2e:f5:51:30:22:31:da:35:71:e9:6c:1d:c6:fd:f6:
                    6f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:94:F8:5F:50:6D:8B:B4:AB:D2:55:DB:D0:76:1F:2C:68:66:53:CC
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/FJT4X1Bti7Sr0lXb0HYfLGhmU8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.6.0-89.187.10.255
                  89.187.12.0-89.187.20.255
                  89.187.22.0/24
                  89.187.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:79:95:c6:6f:ab:2f:71:93:79:7b:61:5a:9f:82:4b:23:a8:
         e3:3f:aa:4b:f5:c6:40:62:c7:4f:64:22:bd:03:ae:0b:7c:10:
         09:0a:6a:81:fc:88:66:21:0a:84:f0:cb:6b:fa:4d:90:55:f1:
         c5:47:7d:d0:f7:22:a7:a5:9a:0a:30:37:8c:00:cb:87:86:32:
         8a:e6:30:fb:a7:11:7d:25:4a:53:bd:9a:2b:5a:bd:48:40:51:
         f3:c8:b8:95:fa:ec:58:00:07:df:f4:18:57:aa:7d:5f:c0:77:
         fd:0f:5a:4d:85:b2:e0:da:d9:c4:9b:24:41:82:f8:be:b9:0c:
         21:1d:71:c1:4c:f6:59:ec:28:9d:e4:0e:f4:f8:7d:34:64:42:
         01:f7:ae:8e:d1:f3:58:cd:1b:26:f5:20:30:e9:75:ca:b7:05:
         be:88:ed:9c:5b:74:8c:be:00:ff:0e:4d:c6:71:fe:32:f6:e8:
         d4:79:dd:e7:e2:7e:a9:b5:19:a7:c7:9b:5e:67:10:58:9b:be:
         5b:55:c1:9e:d1:ea:61:6c:cc:6b:fe:18:23:a0:f7:49:c2:fd:
         75:13:cd:26:e6:21:cb:d9:d7:24:21:d3:7d:c4:cb:85:66:cd:
         4f:fb:8c:86:e6:19:aa:4f:97:fd:3e:ce:e8:ad:3c:72:35:72:
         bf:e4:0c:11
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYhzlddjUgyqyJmkFukxpDzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjMwNTMxMjA1MjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDk0Zjg1ZjUwNmQ4YmI0YWJkMjU1ZGJkMDc2MWYyYzY4NjY1M2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPHLKDgWKAUAKFbLDW68Mq0vJEtV
me1kJmRCn3cD/kky3zeiziREicexgKkvWcreC8AUyEo0uivde5HlXknsRwKH1j3Q
W6bsNKBLkM+VfLWvBP+OPOka24c1ugI/db/Ua7w9fKBBfb5m3IR7TSe5plzaNgqb
/x5N2H8XdP9blKTY71m1MLo46b7xHHK2GpjPWOjmZyfJULYWddD/xyne55HB5I+E
LBOpjtDCcy0LWB90jbKIMG1stM40AyWmYzJGyS9eEWuyHC4MsWx1Qc/pPp0GuIq5
tz/yNfJ87tM0r4ogMjmu2h0ZCguqOZ9TJV8u9VEwIjHaNXHpbB3G/fZvVQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFBSU+F9QbYu0q9JV29B2HyxoZlPMMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvRkpUNFgxQnRpN1NyMGxYYjBIWWZMR2htVTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAFZuwYD
BABZuwowDAMEAlm7DAMEAFm7FAMEAFm7FgMEAFm7HTANBgkqhkiG9w0BAQsFAAOC
AQEAf3mVxm+rL3GTeXthWp+CSyOo4z+qS/XGQGLHT2QivQOuC3wQCQpqgfyIZiEK
hPDLa/pNkFXxxUd90Pcip6WaCjA3jADLh4YyiuYw+6cRfSVKU72aK1q9SEBR88i4
lfrsWAAH3/QYV6p9X8B3/Q9aTYWy4NrZxJskQYL4vrkMIR1xwUz2WewoneQO9Ph9
NGRCAfeujtHzWM0bJvUgMOl1yrcFvojtnFt0jL4A/w5NxnH+Mvbo1Hnd5+J+qbUZ
p8ebXmcQWJu+W1XBntHqYWzMa/4YI6D3ScL9dRPNJuYhy9nXJCHTfcTLhWbNT/uM
huYZqk+X/T7O6K08cjVyv+QMEQ==
-----END CERTIFICATE-----