Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/M9MRkfnFoBtwKtReLjzQADav9oA.roa
File:                     M9MRkfnFoBtwKtReLjzQADav9oA.roa (raw, json)
Hash identifier:          6ZtUCeDnSGezUMZUP8s9mHA0ZpoooeSgE68wHjpi3sw=
Subject key identifier:   33:D3:11:91:F9:C5:A0:1B:70:2A:D4:5E:2E:3C:D0:00:36:AF:F6:80
Certificate issuer:       /CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
Certificate serial:       01856FE6EE8C2E977C65B95039E7818739EE
Authority key identifier: 1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/M9MRkfnFoBtwKtReLjzQADav9oA.roa
Signing time:             Mon 02 Jan 2023 00:34:43 +0000
ROA not before:           Mon 02 Jan 2023 00:34:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44453
IP address blocks:        5.132.137.0/24 maxlen: 32
                          185.2.156.0/22 maxlen: 22
                          5.198.144.0/20 maxlen: 20
                          128.204.128.0/19 maxlen: 24
                          128.204.135.0/24 maxlen: 24
                          5.132.162.0/24 maxlen: 32
                          5.132.161.0/24 maxlen: 32
                          5.132.163.0/24 maxlen: 24
                          5.132.162.0/23 maxlen: 23
                          5.132.189.0/24 maxlen: 24
                          5.132.190.0/24 maxlen: 32
                          2a03:3180::/32 maxlen: 32
                          2a03:3180::/36 maxlen: 36
                          2a03:3180:4000::/36 maxlen: 36

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:e6:ee:8c:2e:97:7c:65:b9:50:39:e7:81:87:39:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
        Validity
            Not Before: Jan  2 00:34:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=33d31191f9c5a01b702ad45e2e3cd00036aff680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:78:c8:0d:4c:64:fd:f3:51:b3:8a:c7:ce:be:
                    69:9a:37:fd:d1:4b:4a:02:85:10:9c:d8:f8:d8:93:
                    c2:82:1f:fd:20:c2:ca:b2:bb:06:c3:70:a8:8c:a9:
                    6e:5d:1b:80:5b:45:42:9e:2d:8d:fa:7c:b4:ab:63:
                    0b:91:ec:db:89:cf:76:e9:3e:d4:52:64:fa:ba:ca:
                    e2:a3:3a:b8:4e:8c:1e:56:68:d1:9c:d6:8a:74:4b:
                    1f:4c:96:8b:21:bb:8c:43:8c:cb:33:ad:2e:f5:ce:
                    2b:ea:6a:90:6f:ff:37:1a:0d:a6:75:bd:ac:4c:9e:
                    e4:22:d2:38:84:81:c5:fd:46:50:df:6a:67:62:dc:
                    52:cb:50:83:67:60:ec:62:c7:94:82:52:6d:e4:96:
                    67:9f:de:76:e8:e1:9c:eb:33:6d:f9:e3:c1:53:3a:
                    b4:a4:c3:34:77:b2:98:ff:eb:d6:cc:43:f8:6d:56:
                    dc:85:3d:24:cb:00:96:a6:ef:44:45:69:3b:13:55:
                    5b:1e:78:c7:0e:e7:dc:98:f5:f9:c6:d3:be:91:01:
                    1e:ed:f7:a2:76:d5:67:54:3e:a6:e1:a8:a4:ef:9f:
                    d5:2b:2b:47:fd:88:91:19:f3:a9:46:20:2f:c5:85:
                    05:35:d1:f1:2a:be:40:80:c7:d1:8d:f0:ac:cc:6a:
                    c7:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:D3:11:91:F9:C5:A0:1B:70:2A:D4:5E:2E:3C:D0:00:36:AF:F6:80
            X509v3 Authority Key Identifier:
                keyid:1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/M9MRkfnFoBtwKtReLjzQADav9oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.132.137.0/24
                  5.132.161.0-5.132.163.255
                  5.132.189.0-5.132.190.255
                  5.198.144.0/20
                  128.204.128.0/19
                  185.2.156.0/22
                IPv6:
                  2a03:3180::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:d7:99:90:3c:38:ae:79:de:03:c0:15:89:86:d1:6f:cf:30:
         14:a5:e3:63:cc:23:66:33:f6:b4:20:7f:f7:7f:9c:ab:66:9b:
         90:ec:97:1f:83:9c:b4:1c:5c:41:18:b3:49:e5:dc:d3:f3:d9:
         89:6e:7e:35:91:b7:d2:33:67:5a:fe:4d:e3:77:99:93:57:20:
         9f:9c:f9:43:ab:e9:8f:31:f0:85:68:47:d5:a2:53:fe:71:f8:
         36:7b:4f:d2:ee:60:0e:e5:0e:32:d0:51:cb:82:02:82:9c:fa:
         f1:4e:4a:b6:20:37:10:d4:3f:54:e2:6a:4f:bd:2b:05:31:4b:
         20:bb:cc:55:60:e2:8a:cd:e0:3a:2c:80:fa:f9:a9:3b:a0:8e:
         36:f7:97:7b:40:2f:ba:b5:7c:e1:b7:d7:33:1a:8c:13:02:eb:
         30:6a:5d:38:32:6e:51:ce:38:06:c2:43:3b:e5:61:60:67:12:
         76:94:4f:7f:81:f1:81:d0:74:5b:3d:58:a8:01:1d:ff:d2:ec:
         1b:3d:41:82:3b:ba:03:a1:87:cc:7d:e9:35:42:86:26:ca:08:
         3e:cb:e5:ca:9c:3a:52:16:5d:cb:b6:67:d9:65:a8:d7:69:90:
         90:d8:ba:06:c0:3b:bb:f9:b5:bf:14:7b:eb:a8:d6:b2:f3:a1:
         ad:89:dc:12
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYVv5u6MLpd8ZblQOeeBhznuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNGEyMDIwYjgyZDAyOTRlOTBhMmQ2YjJjMGYyOGQxMTcz
YjY0NjUwHhcNMjMwMTAyMDAzNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2QzMTE5MWY5YzVhMDFiNzAyYWQ0NWUyZTNjZDAwMDM2YWZmNjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHjIDUxk/fNRs4rHzr5pmjf90UtK
AoUQnNj42JPCgh/9IMLKsrsGw3CojKluXRuAW0VCni2N+ny0q2MLkezbic926T7U
UmT6usriozq4ToweVmjRnNaKdEsfTJaLIbuMQ4zLM60u9c4r6mqQb/83Gg2mdb2s
TJ7kItI4hIHF/UZQ32pnYtxSy1CDZ2DsYseUglJt5JZnn9526OGc6zNt+ePBUzq0
pMM0d7KY/+vWzEP4bVbchT0kywCWpu9ERWk7E1VbHnjHDufcmPX5xtO+kQEe7fei
dtVnVD6m4aik75/VKytH/YiRGfOpRiAvxYUFNdHxKr5AgMfRjfCszGrHfQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFDPTEZH5xaAbcCrUXi480AA2r/aAMB8GA1UdIwQY
MBaAFB5KICC4LQKU6QotaywPKNEXO2RlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQt
NTMwNDQwYzRmYTI5LzEvTTlNUmtmbkZvQnR3S3RSZUxqelFBRGF2OW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQtNTMwNDQwYzRmYTI5
LzEvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzA6BAIAATA0AwQABYSJMAwD
BAAFhKEDBAIFhKAwDAMEAAWEvQMEAAWEvgMEBAXGkAMEBYDMgAMEArkCnDANBAIA
AjAHAwUAKgMxgDANBgkqhkiG9w0BAQsFAAOCAQEAcNeZkDw4rnneA8AViYbRb88w
FKXjY8wjZjP2tCB/93+cq2abkOyXH4OctBxcQRizSeXc0/PZiW5+NZG30jNnWv5N
43eZk1cgn5z5Q6vpjzHwhWhH1aJT/nH4NntP0u5gDuUOMtBRy4ICgpz68U5KtiA3
ENQ/VOJqT70rBTFLILvMVWDiis3gOiyA+vmpO6CONveXe0AvurV84bfXMxqMEwLr
MGpdODJuUc44BsJDO+VhYGcSdpRPf4HxgdB0Wz1YqAEd/9LsGz1Bgju6A6GHzH3p
NUKGJsoIPsvlypw6UhZdy7Zn2WWo12mQkNi6BsA7u/m1vxR766jWsvOhrYncEg==
-----END CERTIFICATE-----