Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/31c815-d96a-4bb6-8ccf-f2b81079b746/1/nqg_YSXYqnszjb1noE5yywV72D4.roa
File:                     nqg_YSXYqnszjb1noE5yywV72D4.roa (raw, json)
Hash identifier:          epMg07lsETDDcLgq3htJshWAAm+5xeGiwa7uOtOWX20=
Subject key identifier:   9E:A8:3F:61:25:D8:AA:7B:33:8D:BD:67:A0:4E:72:CB:05:7B:D8:3E
Certificate issuer:       /CN=b2853aa1eb32bfee0feb1483c14936d101f16edf
Certificate serial:       01856DD403BF62AAF77BA7343E8A90AD8AC5
Authority key identifier: B2:85:3A:A1:EB:32:BF:EE:0F:EB:14:83:C1:49:36:D1:01:F1:6E:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/soU6oesyv-4P6xSDwUk20QHxbt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/31c815-d96a-4bb6-8ccf-f2b81079b746/1/nqg_YSXYqnszjb1noE5yywV72D4.roa
Signing time:             Sun 01 Jan 2023 14:54:49 +0000
ROA not before:           Sun 01 Jan 2023 14:54:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57724
IP address blocks:        185.178.208.0/24 maxlen: 24
                          185.178.209.0/24 maxlen: 24
                          185.178.210.0/24 maxlen: 24
                          45.10.243.0/24 maxlen: 24
                          45.10.241.0/24 maxlen: 24
                          45.10.242.0/24 maxlen: 24
                          45.10.240.0/24 maxlen: 24
                          45.10.240.0/22 maxlen: 32
                          91.215.41.0/24 maxlen: 24
                          91.215.42.0/24 maxlen: 24
                          91.215.40.0/24 maxlen: 32
                          91.215.43.0/24 maxlen: 24
                          185.129.102.0/24 maxlen: 24
                          185.129.103.0/24 maxlen: 24
                          185.129.100.0/24 maxlen: 24
                          185.129.101.0/24 maxlen: 24
                          2a0a:4180::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:d4:03:bf:62:aa:f7:7b:a7:34:3e:8a:90:ad:8a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2853aa1eb32bfee0feb1483c14936d101f16edf
        Validity
            Not Before: Jan  1 14:54:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9ea83f6125d8aa7b338dbd67a04e72cb057bd83e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:57:b5:f7:f4:46:da:da:2a:f3:e6:3e:bc:18:
                    8d:56:25:02:73:60:2e:20:2b:bb:43:8a:a2:91:3f:
                    14:c9:6d:8b:57:d2:3a:6f:16:a6:ba:64:2e:0f:55:
                    3d:26:8d:35:4f:6f:eb:a0:27:9b:6e:0f:d5:f6:22:
                    e4:bd:4d:b3:cd:0d:3b:fd:cd:ab:5c:f5:3f:b7:6b:
                    7d:12:50:81:77:1f:9f:b9:5e:7b:7b:fa:00:8b:e3:
                    50:70:14:64:f9:10:b7:bb:16:b0:15:90:a3:79:20:
                    45:ce:fd:48:b6:53:c5:f2:af:95:d9:cc:4a:68:e8:
                    a7:88:08:ca:34:c3:c0:d0:a5:c2:90:40:55:90:35:
                    f9:48:56:86:69:94:2d:05:33:85:a7:8d:67:83:a7:
                    05:a8:ca:ed:48:1c:a3:ae:2e:df:b6:3a:2a:45:b5:
                    2f:ef:f6:b3:60:9a:93:98:89:aa:45:77:84:0e:c2:
                    cf:d7:79:7b:44:77:80:91:b1:04:70:72:6e:f1:7f:
                    8b:a7:bb:7e:3f:9b:33:3c:14:f5:e2:d0:b3:68:30:
                    38:f0:ed:3b:16:eb:99:59:0a:e7:c1:f8:ae:dd:64:
                    0e:e2:0a:ec:80:9a:b6:6f:e2:b6:df:b9:13:fb:4e:
                    40:f6:fb:b0:81:55:88:ad:7b:69:e9:af:78:e3:26:
                    14:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:A8:3F:61:25:D8:AA:7B:33:8D:BD:67:A0:4E:72:CB:05:7B:D8:3E
            X509v3 Authority Key Identifier:
                keyid:B2:85:3A:A1:EB:32:BF:EE:0F:EB:14:83:C1:49:36:D1:01:F1:6E:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/soU6oesyv-4P6xSDwUk20QHxbt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/31c815-d96a-4bb6-8ccf-f2b81079b746/1/nqg_YSXYqnszjb1noE5yywV72D4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/31c815-d96a-4bb6-8ccf-f2b81079b746/1/soU6oesyv-4P6xSDwUk20QHxbt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.240.0/22
                  91.215.40.0/22
                  185.129.100.0/22
                  185.178.208.0-185.178.210.255
                IPv6:
                  2a0a:4180::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:d4:b5:03:70:13:ed:ab:9f:64:22:c8:1c:97:21:cc:5a:b5:
         62:cf:1c:61:9f:3c:7b:f3:a9:a1:f5:82:75:d0:09:42:66:4c:
         4a:c8:f5:51:26:94:3e:d8:1e:0a:eb:be:d4:ac:ee:e9:35:0c:
         40:c6:a6:f6:e2:db:84:2c:db:ac:1a:5f:c9:12:68:72:21:86:
         d3:75:d4:07:6c:68:6d:6b:dd:5f:81:ed:05:57:ec:19:50:38:
         a5:0a:a2:64:f1:21:57:87:8c:d7:1f:e5:a8:50:70:29:1c:f1:
         c4:a8:8d:06:77:2a:ee:b5:e0:b3:7a:54:f7:7d:c8:e7:46:92:
         84:b1:61:43:19:20:47:29:c7:f4:de:63:89:95:04:44:18:db:
         4d:d7:d7:0f:cc:ca:6f:2d:da:36:d2:be:64:cd:b1:7c:b8:86:
         dc:bc:25:d1:b8:53:fa:95:b4:43:3f:dc:f3:e4:f3:78:dd:4c:
         e5:5a:a5:c0:f7:d6:d5:27:93:d2:09:e7:ba:5d:83:f4:5a:db:
         92:70:66:8e:f2:8b:61:99:bc:e9:a7:dc:37:68:a5:6d:91:57:
         c8:44:8f:62:28:1f:7a:4e:b9:6d:86:86:cd:1b:1d:e3:9d:0c:
         d6:dd:0e:6c:d5:a1:c3:a2:f5:03:43:f0:d0:7f:62:c6:98:d2:
         7d:8b:9b:ef
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYVt1AO/Yqr3e6c0PoqQrYrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyODUzYWExZWIzMmJmZWUwZmViMTQ4M2MxNDkzNmQxMDFm
MTZlZGYwHhcNMjMwMTAxMTQ1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWE4M2Y2MTI1ZDhhYTdiMzM4ZGJkNjdhMDRlNzJjYjA1N2JkODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFe19/RG2toq8+Y+vBiNViUCc2Au
ICu7Q4qikT8UyW2LV9I6bxamumQuD1U9Jo01T2/roCebbg/V9iLkvU2zzQ07/c2r
XPU/t2t9ElCBdx+fuV57e/oAi+NQcBRk+RC3uxawFZCjeSBFzv1ItlPF8q+V2cxK
aOiniAjKNMPA0KXCkEBVkDX5SFaGaZQtBTOFp41ng6cFqMrtSByjri7ftjoqRbUv
7/azYJqTmImqRXeEDsLP13l7RHeAkbEEcHJu8X+Lp7t+P5szPBT14tCzaDA48O07
FuuZWQrnwfiu3WQO4grsgJq2b+K237kT+05A9vuwgVWIrXtp6a944yYUTQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFJ6oP2El2Kp7M429Z6BOcssFe9g+MB8GA1UdIwQY
MBaAFLKFOqHrMr/uD+sUg8FJNtEB8W7fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc29VNm9lc3l2LTRQNnhTRHdVazIwUUh4YnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMWM4MTUtZDk2YS00YmI2LThjY2Yt
ZjJiODEwNzliNzQ2LzEvbnFnX1lTWFlxbnN6amIxbm9FNXl5d1Y3MkQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMWM4MTUtZDk2YS00YmI2LThjY2YtZjJiODEwNzliNzQ2
LzEvc29VNm9lc3l2LTRQNnhTRHdVazIwUUh4YnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQCLQrwAwQC
W9coAwQCuYFkMAwDBAS5stADBAC5stIwDwQCAAIwCQMHACoKQYAAADANBgkqhkiG
9w0BAQsFAAOCAQEAd9S1A3AT7aufZCLIHJchzFq1Ys8cYZ88e/OpofWCddAJQmZM
Ssj1USaUPtgeCuu+1Kzu6TUMQMam9uLbhCzbrBpfyRJociGG03XUB2xobWvdX4Ht
BVfsGVA4pQqiZPEhV4eM1x/lqFBwKRzxxKiNBncq7rXgs3pU933I50aShLFhQxkg
RynH9N5jiZUERBjbTdfXD8zKby3aNtK+ZM2xfLiG3Lwl0bhT+pW0Qz/c8+TzeN1M
5VqlwPfW1SeT0gnnul2D9FrbknBmjvKLYZm86afcN2ilbZFXyESPYigfek65bYaG
zRsd450M1t0ObNWhw6L1A0Pw0H9ixpjSfYub7w==
-----END CERTIFICATE-----