Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/181ad6-4764-4881-8962-0aff69faf68a/1/6q_QqeRP6JEDUlRTxIBRdQLB9mM.roa
File:                     6q_QqeRP6JEDUlRTxIBRdQLB9mM.roa (raw, json)
Hash identifier:          tFOlWfJdWVPYNluYd+atk8dp45yuBECe2xurfuo5ouM=
Subject key identifier:   EA:AF:D0:A9:E4:4F:E8:91:03:52:54:53:C4:80:51:75:02:C1:F6:63
Certificate issuer:       /CN=0f657093f326547bf25a9985c81cf1403140a3a8
Certificate serial:       018572D5DF9BAE3C83D7C24B1B9F192AEB1C
Authority key identifier: 0F:65:70:93:F3:26:54:7B:F2:5A:99:85:C8:1C:F1:40:31:40:A3:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Vwk_MmVHvyWpmFyBzxQDFAo6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/181ad6-4764-4881-8962-0aff69faf68a/1/6q_QqeRP6JEDUlRTxIBRdQLB9mM.roa
Signing time:             Mon 02 Jan 2023 14:14:57 +0000
ROA not before:           Mon 02 Jan 2023 14:14:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207044
IP address blocks:        185.241.132.0/22 maxlen: 22
                          185.138.112.0/24 maxlen: 24
                          185.138.112.0/22 maxlen: 22
                          185.138.113.0/24 maxlen: 24
                          185.138.114.0/24 maxlen: 24
                          185.138.115.0/24 maxlen: 24
                          2a0d:4707:1400::/38 maxlen: 38
                          2a0d:4707:400::/38 maxlen: 38
                          2a0d:4707:1000::/38 maxlen: 38
                          2a0d:4707::/38 maxlen: 38
                          2a0d:4707:c00::/38 maxlen: 38
                          2a0d:4707:800::/38 maxlen: 38

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:d5:df:9b:ae:3c:83:d7:c2:4b:1b:9f:19:2a:eb:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f657093f326547bf25a9985c81cf1403140a3a8
        Validity
            Not Before: Jan  2 14:14:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eaafd0a9e44fe89103525453c480517502c1f663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3f:d1:2b:01:0b:4f:07:bc:7d:55:a6:70:d1:
                    bf:0f:b0:99:46:8f:32:de:3e:c2:ed:93:de:54:0d:
                    42:0e:41:4d:fc:b0:0b:dc:f1:e7:78:f0:33:6d:5a:
                    9c:bc:6d:9e:0f:c4:84:21:a6:95:1e:d2:91:bd:63:
                    ab:16:3f:b4:0a:94:b7:51:3f:e8:e2:4f:fa:4c:09:
                    a3:fe:09:d1:cd:06:db:7e:4f:02:cc:b4:4d:94:11:
                    82:88:2a:78:46:74:91:90:2d:0f:40:a6:76:72:68:
                    92:5b:be:53:26:30:ca:e7:50:1b:32:a1:fb:2c:d9:
                    b1:4e:46:11:e8:d5:d2:eb:46:c7:11:94:41:20:31:
                    8d:d8:45:eb:c6:d2:b2:45:a5:5f:9c:d0:44:2a:23:
                    41:3d:9f:cb:73:3f:f1:80:b7:84:f6:3f:57:aa:17:
                    05:8d:54:ce:06:e4:53:5d:37:6d:c7:be:71:6b:97:
                    cf:3f:f4:a1:72:34:85:56:10:ec:ff:df:d7:0d:46:
                    7a:9d:d0:a1:68:60:0e:f4:d7:01:6e:35:45:43:f5:
                    79:4e:31:a2:34:6a:e6:85:78:ab:32:59:35:a6:06:
                    d8:1b:9b:c2:09:30:a7:dc:de:86:85:6f:fc:ae:4b:
                    fc:55:49:e0:ba:7b:0c:33:ee:ca:2e:37:4b:07:93:
                    f4:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:AF:D0:A9:E4:4F:E8:91:03:52:54:53:C4:80:51:75:02:C1:F6:63
            X509v3 Authority Key Identifier:
                keyid:0F:65:70:93:F3:26:54:7B:F2:5A:99:85:C8:1C:F1:40:31:40:A3:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Vwk_MmVHvyWpmFyBzxQDFAo6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/181ad6-4764-4881-8962-0aff69faf68a/1/6q_QqeRP6JEDUlRTxIBRdQLB9mM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/181ad6-4764-4881-8962-0aff69faf68a/1/D2Vwk_MmVHvyWpmFyBzxQDFAo6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.112.0/22
                  185.241.132.0/22
                IPv6:
                  2a0d:4707::-2a0d:4707:17ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         70:04:68:90:fb:84:61:6c:b7:a8:4f:5a:44:63:85:86:95:54:
         25:50:51:e9:42:5e:20:33:ec:ec:f9:15:1c:e9:46:d8:bf:bd:
         ba:12:50:04:16:f2:f6:39:b6:29:46:ab:13:54:21:7c:4c:76:
         da:d2:7a:68:fa:3d:09:3e:a4:43:17:65:b1:21:00:23:c7:90:
         c8:62:fc:b8:60:e8:d7:b1:91:67:1d:83:71:c1:c1:07:56:a7:
         5d:09:6b:08:85:92:11:9e:1a:70:94:9c:ff:60:6d:48:7c:61:
         5a:ef:f5:90:34:8a:d5:ae:ad:a3:d9:7f:77:f8:86:2d:3c:f8:
         b9:a1:88:2f:61:35:14:af:39:18:4f:78:22:97:23:a9:15:9c:
         cd:b5:fe:ab:e1:22:28:18:ca:c6:21:1e:78:df:39:b8:45:17:
         a2:0b:b9:75:1d:d0:d0:c8:c4:07:a6:8e:89:25:ac:a2:f1:7e:
         2a:d4:b2:10:a5:ec:34:29:fa:93:a8:df:99:e5:7d:00:73:ee:
         a2:f8:38:ba:78:c7:07:d5:2e:61:10:68:17:06:74:01:66:7b:
         c3:2b:08:07:34:9d:89:d3:c7:b0:87:df:bb:21:0c:a1:43:d0:
         32:7e:89:8d:4f:9d:25:cd:0e:45:84:e2:75:ea:98:58:df:7e:
         7d:26:31:cb
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYVy1d+brjyD18JLG58ZKuscMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjU3MDkzZjMyNjU0N2JmMjVhOTk4NWM4MWNmMTQwMzE0
MGEzYTgwHhcNMjMwMTAyMTQxNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWFmZDBhOWU0NGZlODkxMDM1MjU0NTNjNDgwNTE3NTAyYzFmNjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoz/RKwELTwe8fVWmcNG/D7CZRo8y
3j7C7ZPeVA1CDkFN/LAL3PHnePAzbVqcvG2eD8SEIaaVHtKRvWOrFj+0CpS3UT/o
4k/6TAmj/gnRzQbbfk8CzLRNlBGCiCp4RnSRkC0PQKZ2cmiSW75TJjDK51AbMqH7
LNmxTkYR6NXS60bHEZRBIDGN2EXrxtKyRaVfnNBEKiNBPZ/Lcz/xgLeE9j9XqhcF
jVTOBuRTXTdtx75xa5fPP/ShcjSFVhDs/9/XDUZ6ndChaGAO9NcBbjVFQ/V5TjGi
NGrmhXirMlk1pgbYG5vCCTCn3N6GhW/8rkv8VUngunsMM+7KLjdLB5P0zwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFOqv0KnkT+iRA1JUU8SAUXUCwfZjMB8GA1UdIwQY
MBaAFA9lcJPzJlR78lqZhcgc8UAxQKOoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJWd2tfTW1WSHZ5V3BtRnlCenhRREZBbzZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8xODFhZDYtNDc2NC00ODgxLTg5NjIt
MGFmZjY5ZmFmNjhhLzEvNnFfUXFlUlA2SkVEVWxSVHhJQlJkUUxCOW1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8xODFhZDYtNDc2NC00ODgxLTg5NjItMGFmZjY5ZmFmNjhh
LzEvRDJWd2tfTW1WSHZ5V3BtRnlCenhRREZBbzZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTASBAIAATAMAwQCuYpwAwQC
ufGEMBcEAgACMBEwDwMFACoNRwcDBgMqDUcHEDANBgkqhkiG9w0BAQsFAAOCAQEA
cARokPuEYWy3qE9aRGOFhpVUJVBR6UJeIDPs7PkVHOlG2L+9uhJQBBby9jm2KUar
E1QhfEx22tJ6aPo9CT6kQxdlsSEAI8eQyGL8uGDo17GRZx2DccHBB1anXQlrCIWS
EZ4acJSc/2BtSHxhWu/1kDSK1a6to9l/d/iGLTz4uaGIL2E1FK85GE94IpcjqRWc
zbX+q+EiKBjKxiEeeN85uEUXogu5dR3Q0MjEB6aOiSWsovF+KtSyEKXsNCn6k6jf
meV9AHPuovg4unjHB9UuYRBoFwZ0AWZ7wysIBzSdidPHsIffuyEMoUPQMn6JjU+d
Jc0ORYTideqYWN9+fSYxyw==
-----END CERTIFICATE-----