Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/5HC9kS5zteb9znub8uur4zdxNA0.roa
File:                     5HC9kS5zteb9znub8uur4zdxNA0.roa (raw, json)
Hash identifier:          X1pZUky2hAysdVsZw+itRVBOc+nuNrmYcKzf4KYcaHw=
Subject key identifier:   E4:70:BD:91:2E:73:B5:E6:FD:CE:7B:9B:F2:EB:AB:E3:37:71:34:0D
Certificate issuer:       /CN=d25f2cd1a9f0da435f2e3b3ee70e64fdaf4b6121
Certificate serial:       01860A83C144543A75D1B3D618C50D2188B5
Authority key identifier: D2:5F:2C:D1:A9:F0:DA:43:5F:2E:3B:3E:E7:0E:64:FD:AF:4B:61:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0l8s0anw2kNfLjs-5w5k_a9LYSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/5HC9kS5zteb9znub8uur4zdxNA0.roa
Signing time:             Wed 01 Feb 2023 01:07:32 +0000
ROA not before:           Wed 01 Feb 2023 01:07:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     38176
IP address blocks:        31.47.93.0/24 maxlen: 24
                          31.47.92.0/24 maxlen: 24
                          31.47.95.0/24 maxlen: 24
                          31.47.94.0/24 maxlen: 24
                          31.47.91.0/24 maxlen: 24
                          31.47.90.0/24 maxlen: 24
                          31.47.89.0/24 maxlen: 24
                          31.47.88.0/24 maxlen: 24
                          31.47.88.0/21 maxlen: 21
                          185.198.105.0/24 maxlen: 24
                          185.198.104.0/24 maxlen: 24
                          185.198.107.0/24 maxlen: 24
                          185.198.106.0/24 maxlen: 24
                          185.198.106.0/23 maxlen: 23
                          2a0a:1a40:c000::/34 maxlen: 34
                          2a0a:1a40:8000::/34 maxlen: 34
                          2a0a:1a40:4000::/34 maxlen: 34
                          2a0a:1a40::/34 maxlen: 34

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:0a:83:c1:44:54:3a:75:d1:b3:d6:18:c5:0d:21:88:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25f2cd1a9f0da435f2e3b3ee70e64fdaf4b6121
        Validity
            Not Before: Feb  1 01:07:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e470bd912e73b5e6fdce7b9bf2ebabe33771340d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1b:97:e7:34:85:44:fb:96:b5:52:71:73:e1:
                    c6:74:fc:30:8c:df:5c:d7:db:cb:eb:65:44:2a:b3:
                    77:d5:34:54:f0:3b:0c:ad:26:87:8b:df:11:b4:62:
                    b7:51:7f:9d:59:61:a5:7b:c4:a2:9d:2e:e2:44:a7:
                    a6:13:97:c4:b4:42:74:c4:8b:58:09:bd:ae:0f:50:
                    1a:61:aa:d6:29:81:ef:51:e9:cb:a5:94:8c:53:df:
                    93:42:ca:06:67:04:78:f4:c0:c8:1c:6f:73:d6:70:
                    e3:ab:e8:d6:7d:bc:a9:47:12:4e:a8:40:25:2b:f5:
                    fc:8c:e0:4e:ad:94:1f:4e:25:44:ae:bc:be:3f:71:
                    cf:23:00:ac:c8:e6:99:a7:2d:5a:db:3a:3e:06:e2:
                    c1:9c:42:46:2e:bb:96:c1:e1:9b:78:cb:d6:85:10:
                    aa:9b:cd:ad:4a:ce:3e:64:16:32:64:42:a2:fe:1c:
                    54:16:ae:05:17:7e:93:78:6f:c6:40:a0:cb:63:09:
                    af:49:ae:ae:b3:d6:a4:72:4f:26:70:23:bc:15:7c:
                    90:b0:78:91:5f:b1:eb:23:af:22:d5:5f:b4:80:02:
                    96:eb:82:e2:c1:3d:2c:cb:a2:fa:73:b3:1c:c8:22:
                    73:11:97:36:08:af:57:29:54:68:73:a8:d6:a8:92:
                    ce:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:70:BD:91:2E:73:B5:E6:FD:CE:7B:9B:F2:EB:AB:E3:37:71:34:0D
            X509v3 Authority Key Identifier:
                keyid:D2:5F:2C:D1:A9:F0:DA:43:5F:2E:3B:3E:E7:0E:64:FD:AF:4B:61:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0l8s0anw2kNfLjs-5w5k_a9LYSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/5HC9kS5zteb9znub8uur4zdxNA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2d125f-1a60-468d-a93a-c5b6aecb6c9c/1/0l8s0anw2kNfLjs-5w5k_a9LYSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.47.88.0/21
                  185.198.104.0/22
                IPv6:
                  2a0a:1a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:aa:2c:10:4e:52:64:df:3e:10:ea:7e:e7:72:56:9d:6c:5c:
         f1:e6:92:3c:a5:b1:6a:36:a0:e0:a9:06:e8:c0:d8:bd:eb:f1:
         b9:db:47:31:d0:2f:ed:60:bc:99:a8:5b:78:04:bc:91:5f:be:
         e0:dc:f8:f1:c2:cf:4d:7d:b4:41:e8:a9:7d:72:9d:b5:a6:77:
         1d:df:7b:ab:03:2c:15:28:e1:68:1d:94:3b:7c:df:94:4e:fb:
         17:c9:86:e1:e1:c9:68:e2:8d:e8:db:eb:af:88:e3:2c:95:38:
         6d:69:8a:07:12:24:e2:4b:5c:df:18:88:73:0a:10:d1:d6:82:
         44:13:52:fa:d7:4d:2e:cd:05:31:a2:3b:cd:8e:08:71:5b:4d:
         f2:07:0e:12:ca:13:3e:bb:30:12:60:61:55:92:6c:ab:56:f1:
         ca:cb:6d:2d:eb:82:9f:5f:9c:03:03:ab:9d:c7:69:0a:bf:66:
         66:19:75:73:5c:e5:61:af:26:2d:46:24:a6:fa:23:81:34:35:
         4e:c9:23:c8:80:0c:59:dc:6c:96:b0:21:83:1a:36:67:b5:80:
         70:fb:b4:a7:f6:8c:6c:e6:32:bf:58:90:30:10:b5:df:ce:31:
         42:1d:27:e0:53:07:89:77:a2:31:4d:c2:ea:ba:58:cc:4c:26:
         3f:1d:8c:ee
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYYKg8FEVDp10bPWGMUNIYi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNWYyY2QxYTlmMGRhNDM1ZjJlM2IzZWU3MGU2NGZkYWY0
YjYxMjEwHhcNMjMwMjAxMDEwNzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDcwYmQ5MTJlNzNiNWU2ZmRjZTdiOWJmMmViYWJlMzM3NzEzNDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhuX5zSFRPuWtVJxc+HGdPwwjN9c
19vL62VEKrN31TRU8DsMrSaHi98RtGK3UX+dWWGle8SinS7iRKemE5fEtEJ0xItY
Cb2uD1AaYarWKYHvUenLpZSMU9+TQsoGZwR49MDIHG9z1nDjq+jWfbypRxJOqEAl
K/X8jOBOrZQfTiVErry+P3HPIwCsyOaZpy1a2zo+BuLBnEJGLruWweGbeMvWhRCq
m82tSs4+ZBYyZEKi/hxUFq4FF36TeG/GQKDLYwmvSa6us9akck8mcCO8FXyQsHiR
X7HrI68i1V+0gAKW64LiwT0sy6L6c7McyCJzEZc2CK9XKVRoc6jWqJLOQQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFORwvZEuc7Xm/c57m/Lrq+M3cTQNMB8GA1UdIwQY
MBaAFNJfLNGp8NpDXy47PucOZP2vS2EhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGw4czBhbncya05mTGpzLTV3NWtfYTlMWVNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yZDEyNWYtMWE2MC00NjhkLWE5M2Et
YzViNmFlY2I2YzljLzEvNUhDOWtTNXp0ZWI5em51Yjh1dXI0emR4TkEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yZDEyNWYtMWE2MC00NjhkLWE5M2EtYzViNmFlY2I2Yzlj
LzEvMGw4czBhbncya05mTGpzLTV3NWtfYTlMWVNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDHy9YAwQC
ucZoMA0EAgACMAcDBQAqChpAMA0GCSqGSIb3DQEBCwUAA4IBAQCpqiwQTlJk3z4Q
6n7ncladbFzx5pI8pbFqNqDgqQbowNi96/G520cx0C/tYLyZqFt4BLyRX77g3Pjx
ws9NfbRB6Kl9cp21pncd33urAywVKOFoHZQ7fN+UTvsXyYbh4clo4o3o2+uviOMs
lThtaYoHEiTiS1zfGIhzChDR1oJEE1L6100uzQUxojvNjghxW03yBw4SyhM+uzAS
YGFVkmyrVvHKy20t64KfX5wDA6udx2kKv2ZmGXVzXOVhryYtRiSm+iOBNDVOySPI
gAxZ3GyWsCGDGjZntYBw+7Sn9oxs5jK/WJAwELXfzjFCHSfgUweJd6IxTcLquljM
TCY/HYzu
-----END CERTIFICATE-----