Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/787386-b33f-46db-9c3e-90eb2b8867b8/1/Clq03bEgtd3UPcdtV5kPATQ0WH4.roa
File:                     Clq03bEgtd3UPcdtV5kPATQ0WH4.roa (raw, json)
Hash identifier:          /2brYo/N1qlf2Ymfh1BnlSVQwDIrBUH/Y0K9fgGa7gY=
Subject key identifier:   0A:5A:B4:DD:B1:20:B5:DD:D4:3D:C7:6D:57:99:0F:01:34:34:58:7E
Certificate issuer:       /CN=7d014c9a158218eed684ae2fc06d58e5cf671478
Certificate serial:       01856D9409E882B959DDD7955F71E6DE5C24
Authority key identifier: 7D:01:4C:9A:15:82:18:EE:D6:84:AE:2F:C0:6D:58:E5:CF:67:14:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQFMmhWCGO7WhK4vwG1Y5c9nFHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/787386-b33f-46db-9c3e-90eb2b8867b8/1/Clq03bEgtd3UPcdtV5kPATQ0WH4.roa
Signing time:             Sun 01 Jan 2023 13:44:56 +0000
ROA not before:           Sun 01 Jan 2023 13:44:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205424
IP address blocks:        185.218.246.0/24 maxlen: 24
                          185.218.245.0/24 maxlen: 24
                          185.218.244.0/24 maxlen: 24
                          185.218.247.0/24 maxlen: 24
                          185.80.23.0/24 maxlen: 24
                          185.80.22.0/24 maxlen: 24
                          185.80.21.0/24 maxlen: 24
                          185.80.20.0/24 maxlen: 24
                          185.51.39.0/24 maxlen: 24
                          185.82.253.0/24 maxlen: 24
                          185.82.252.0/24 maxlen: 24
                          185.82.255.0/24 maxlen: 24
                          185.82.254.0/24 maxlen: 24
                          185.51.38.0/24 maxlen: 24
                          185.51.37.0/24 maxlen: 24
                          185.51.36.0/24 maxlen: 24
                          2a0b:dac0::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:94:09:e8:82:b9:59:dd:d7:95:5f:71:e6:de:5c:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d014c9a158218eed684ae2fc06d58e5cf671478
        Validity
            Not Before: Jan  1 13:44:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a5ab4ddb120b5ddd43dc76d57990f013434587e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fb:60:65:69:87:23:0e:9e:48:52:5e:85:d1:
                    fc:e5:06:af:2a:47:0e:9d:23:63:fa:5a:9e:5e:51:
                    ce:12:3d:d4:d4:3d:7b:80:33:6c:29:db:62:76:1c:
                    22:10:e0:8f:4d:47:81:8d:ce:72:ba:c6:1b:40:d8:
                    46:ca:99:d6:83:dd:ed:e0:40:9c:04:e6:79:f7:d1:
                    ad:3b:bc:12:d8:26:f8:cb:0f:19:56:f8:e5:69:dc:
                    9e:6c:54:28:45:84:43:e5:4a:78:71:e3:ad:39:fa:
                    a3:db:bc:d2:d2:df:a5:a1:bd:cb:42:0f:44:c2:2b:
                    af:fb:80:47:5b:a9:c6:9a:94:b7:54:b8:a7:c7:3b:
                    fc:92:e0:9c:88:a3:90:22:70:9a:55:3a:84:eb:a7:
                    92:0b:b6:17:36:97:14:c7:9d:7a:e8:e8:0b:aa:41:
                    11:f8:07:88:67:3c:88:6f:58:d0:43:38:28:8f:e2:
                    75:ad:36:7c:41:96:c2:a5:c2:ec:34:4b:e9:de:7d:
                    e9:f8:1d:5c:25:38:19:37:e9:0c:e9:dc:ac:d2:ac:
                    f0:4e:13:72:5b:17:df:68:fa:63:c0:a4:13:31:91:
                    7c:c2:9c:69:13:90:b0:a9:cd:a8:48:5d:bd:3d:eb:
                    b2:5f:d4:f0:9a:0a:2d:b3:24:fd:fd:37:81:98:d1:
                    78:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:5A:B4:DD:B1:20:B5:DD:D4:3D:C7:6D:57:99:0F:01:34:34:58:7E
            X509v3 Authority Key Identifier:
                keyid:7D:01:4C:9A:15:82:18:EE:D6:84:AE:2F:C0:6D:58:E5:CF:67:14:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQFMmhWCGO7WhK4vwG1Y5c9nFHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/787386-b33f-46db-9c3e-90eb2b8867b8/1/Clq03bEgtd3UPcdtV5kPATQ0WH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/787386-b33f-46db-9c3e-90eb2b8867b8/1/fQFMmhWCGO7WhK4vwG1Y5c9nFHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.36.0/22
                  185.80.20.0/22
                  185.82.252.0/22
                  185.218.244.0/22
                IPv6:
                  2a0b:dac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:b9:b0:f4:be:60:c4:aa:b5:05:c0:e3:fd:a3:84:4c:5c:b5:
         b1:8c:e5:c3:fe:33:09:f8:9d:cb:a2:18:d5:fb:df:41:73:5d:
         14:a4:5f:eb:c5:e1:b1:0f:96:46:f5:9d:be:be:33:5c:e2:93:
         cf:f0:2b:69:b2:09:9a:73:14:88:90:ea:7c:3c:85:14:bc:56:
         bb:91:a4:c5:40:49:58:cb:b7:6a:6d:82:93:ac:ae:1d:ac:77:
         79:8e:15:08:cc:57:71:59:7c:06:bb:28:be:e0:ff:92:66:47:
         30:e7:8a:b0:54:87:b9:c3:24:cd:e3:58:d3:33:a2:6e:1a:bc:
         78:0d:71:bf:32:46:33:a7:27:22:3e:3a:77:94:f5:db:a3:56:
         64:c0:b9:d6:1a:3b:9d:68:4e:0a:f7:2d:d3:34:45:9a:7d:ce:
         ae:b5:79:2f:77:fa:09:3c:d8:33:e3:68:4b:9f:14:4e:9a:3d:
         c4:eb:ff:45:ab:33:c0:27:82:c1:c6:10:96:1b:80:a3:fa:db:
         36:c7:36:d5:42:6b:f8:07:6e:04:f0:db:ca:79:72:b1:7d:a0:
         5d:7d:99:f6:40:e6:dd:a3:c5:84:00:fd:84:46:ce:75:8e:47:
         b2:ba:d1:31:62:dc:3f:19:34:93:01:4e:bd:93:64:c5:17:f4:
         df:e2:1b:18
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVtlAnogrlZ3deVX3Hm3lwkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDE0YzlhMTU4MjE4ZWVkNjg0YWUyZmMwNmQ1OGU1Y2Y2
NzE0NzgwHhcNMjMwMTAxMTM0NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTVhYjRkZGIxMjBiNWRkZDQzZGM3NmQ1Nzk5MGYwMTM0MzQ1ODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtftgZWmHIw6eSFJehdH85QavKkcO
nSNj+lqeXlHOEj3U1D17gDNsKdtidhwiEOCPTUeBjc5yusYbQNhGypnWg93t4ECc
BOZ599GtO7wS2Cb4yw8ZVvjladyebFQoRYRD5Up4ceOtOfqj27zS0t+lob3LQg9E
wiuv+4BHW6nGmpS3VLinxzv8kuCciKOQInCaVTqE66eSC7YXNpcUx5166OgLqkER
+AeIZzyIb1jQQzgoj+J1rTZ8QZbCpcLsNEvp3n3p+B1cJTgZN+kM6dys0qzwThNy
WxffaPpjwKQTMZF8wpxpE5Cwqc2oSF29PeuyX9TwmgotsyT9/TeBmNF4xQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFApatN2xILXd1D3HbVeZDwE0NFh+MB8GA1UdIwQY
MBaAFH0BTJoVghju1oSuL8BtWOXPZxR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFGTW1oV0NHTzdXaEs0dndHMVk1YzluRkhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC83ODczODYtYjMzZi00NmRiLTljM2Ut
OTBlYjJiODg2N2I4LzEvQ2xxMDNiRWd0ZDNVUGNkdFY1a1BBVFEwV0g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC83ODczODYtYjMzZi00NmRiLTljM2UtOTBlYjJiODg2N2I4
LzEvZlFGTW1oV0NHTzdXaEs0dndHMVk1YzluRkhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCuTMkAwQC
uVAUAwQCuVL8AwQCudr0MA0EAgACMAcDBQMqC9rAMA0GCSqGSIb3DQEBCwUAA4IB
AQB6ubD0vmDEqrUFwOP9o4RMXLWxjOXD/jMJ+J3LohjV+99Bc10UpF/rxeGxD5ZG
9Z2+vjNc4pPP8CtpsgmacxSIkOp8PIUUvFa7kaTFQElYy7dqbYKTrK4drHd5jhUI
zFdxWXwGuyi+4P+SZkcw54qwVIe5wyTN41jTM6JuGrx4DXG/MkYzpyciPjp3lPXb
o1ZkwLnWGjudaE4K9y3TNEWafc6utXkvd/oJPNgz42hLnxROmj3E6/9FqzPAJ4LB
xhCWG4Cj+ts2xzbVQmv4B24E8NvKeXKxfaBdfZn2QObdo8WEAP2ERs51jkeyutEx
Ytw/GTSTAU69k2TFF/Tf4hsY
-----END CERTIFICATE-----