Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/i9aGaknvfnapuHakA3b4W_tUPm0.roa
File:                     i9aGaknvfnapuHakA3b4W_tUPm0.roa (raw, json)
Hash identifier:          x249LtpiI7UGwF4Y95IRTKz346XqfX1Wq53y2pIET3o=
Subject key identifier:   8B:D6:86:6A:49:EF:7E:76:A9:B8:76:A4:03:76:F8:5B:FB:54:3E:6D
Certificate issuer:       /CN=b59909ed171b38c1fdc4362229e78d69851de11c
Certificate serial:       01856D2F5752253F56ACE6339AF7F872B82C
Authority key identifier: B5:99:09:ED:17:1B:38:C1:FD:C4:36:22:29:E7:8D:69:85:1D:E1:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/i9aGaknvfnapuHakA3b4W_tUPm0.roa
Signing time:             Sun 01 Jan 2023 11:54:57 +0000
ROA not before:           Sun 01 Jan 2023 11:54:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60447
IP address blocks:        77.246.219.0/24 maxlen: 24
                          77.246.218.0/24 maxlen: 24
                          77.246.217.0/24 maxlen: 24
                          77.246.216.0/22 maxlen: 22
                          77.246.216.0/24 maxlen: 24
                          185.97.73.0/24 maxlen: 24
                          185.97.72.0/24 maxlen: 24
                          185.97.72.0/22 maxlen: 22
                          185.97.75.0/24 maxlen: 24
                          185.97.74.0/24 maxlen: 24
                          95.214.104.0/22 maxlen: 22
                          95.214.104.0/23 maxlen: 23
                          95.214.106.0/23 maxlen: 23
                          2a06:4c0::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:2f:57:52:25:3f:56:ac:e6:33:9a:f7:f8:72:b8:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b59909ed171b38c1fdc4362229e78d69851de11c
        Validity
            Not Before: Jan  1 11:54:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8bd6866a49ef7e76a9b876a40376f85bfb543e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2e:bb:15:04:1d:41:21:f1:2d:a6:18:40:cd:
                    2a:b1:e2:07:c7:80:e4:d9:f0:2d:00:2c:0f:71:51:
                    87:75:66:20:91:b4:23:3b:e9:cd:c3:8f:7c:22:88:
                    94:9d:a8:d7:1b:ec:91:7e:0e:66:6b:0f:29:e7:5a:
                    1d:ed:cf:3e:39:b5:9b:e5:c5:29:a9:35:05:37:e8:
                    c3:4a:e5:0c:61:01:8c:62:3a:91:87:fd:6c:3b:65:
                    e9:59:2a:b5:1a:ba:1d:fc:4d:37:cd:02:d8:ec:62:
                    85:7a:84:19:39:d2:09:e2:01:b5:e8:50:bb:8a:45:
                    77:16:3e:5c:11:74:ce:b5:39:4c:a7:9a:ba:4c:bc:
                    fb:a0:98:68:65:f9:2a:c2:d3:15:a8:b3:67:11:fa:
                    c1:93:6c:7f:9c:0d:34:71:b3:7e:45:78:78:85:c8:
                    78:2c:5f:24:67:e9:42:7e:93:ce:a3:14:3a:b3:83:
                    c6:b9:3e:eb:e1:51:be:27:88:25:d1:fd:7c:cc:3e:
                    e3:2d:47:36:00:1c:8d:eb:bb:7d:a9:99:1b:dc:b8:
                    20:de:ca:a3:f3:1a:1c:78:a3:eb:83:ed:98:46:17:
                    9a:f2:26:dd:fa:fe:d5:a1:33:97:d6:b8:fc:1c:83:
                    63:9e:52:37:ff:f4:31:cd:4c:99:8a:e8:b1:c2:7f:
                    a8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:D6:86:6A:49:EF:7E:76:A9:B8:76:A4:03:76:F8:5B:FB:54:3E:6D
            X509v3 Authority Key Identifier:
                keyid:B5:99:09:ED:17:1B:38:C1:FD:C4:36:22:29:E7:8D:69:85:1D:E1:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/i9aGaknvfnapuHakA3b4W_tUPm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.216.0/22
                  95.214.104.0/22
                  185.97.72.0/22
                IPv6:
                  2a06:4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:c0:b9:19:28:eb:65:25:37:6b:04:53:89:cf:d8:eb:e3:37:
         99:c1:51:61:48:df:aa:74:41:87:40:ec:fd:8e:e2:bf:bd:6f:
         f7:e0:87:53:ec:12:8f:81:fb:51:f1:2a:74:54:06:ea:21:2d:
         b1:0d:d6:8e:16:b9:e5:5d:e9:0b:e8:4c:79:33:ef:2b:99:82:
         a3:4a:14:1e:83:b8:e0:03:3a:05:31:5e:8a:00:77:5d:d0:6f:
         29:d3:55:6f:9f:3d:a7:60:2a:78:82:34:43:4b:85:61:01:e6:
         8f:4b:ef:b5:36:df:f4:88:57:7d:34:b0:79:db:68:6b:71:ec:
         0f:a7:fe:45:bb:b5:ee:92:f2:a9:c4:15:93:0a:df:da:f7:a4:
         ba:a9:8a:98:66:e3:34:47:18:61:eb:d1:f5:36:f9:a8:4f:93:
         14:26:c9:83:83:13:b1:f3:ad:b9:b4:6f:64:e2:ca:fa:96:2b:
         d8:01:64:4a:02:7e:e9:85:04:b1:8f:98:d0:15:f1:91:5d:3d:
         48:1f:70:69:ce:ad:10:c7:35:e9:d9:8a:fe:5f:17:09:4b:a1:
         59:a7:91:5e:3e:1c:e2:07:41:df:99:dd:35:75:70:db:9a:a3:
         6b:c2:51:fa:10:80:84:1d:80:b8:b1:d5:24:45:cd:6b:44:c3:
         3d:88:15:0f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVtL1dSJT9WrOYzmvf4crgsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1OTkwOWVkMTcxYjM4YzFmZGM0MzYyMjI5ZTc4ZDY5ODUx
ZGUxMWMwHhcNMjMwMTAxMTE1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmQ2ODY2YTQ5ZWY3ZTc2YTliODc2YTQwMzc2Zjg1YmZiNTQzZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiS67FQQdQSHxLaYYQM0qseIHx4Dk
2fAtACwPcVGHdWYgkbQjO+nNw498IoiUnajXG+yRfg5maw8p51od7c8+ObWb5cUp
qTUFN+jDSuUMYQGMYjqRh/1sO2XpWSq1Grod/E03zQLY7GKFeoQZOdIJ4gG16FC7
ikV3Fj5cEXTOtTlMp5q6TLz7oJhoZfkqwtMVqLNnEfrBk2x/nA00cbN+RXh4hch4
LF8kZ+lCfpPOoxQ6s4PGuT7r4VG+J4gl0f18zD7jLUc2AByN67t9qZkb3Lgg3sqj
8xoceKPrg+2YRhea8ibd+v7VoTOX1rj8HINjnlI3//QxzUyZiuixwn+oAQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIvWhmpJ7352qbh2pAN2+Fv7VD5tMB8GA1UdIwQY
MBaAFLWZCe0XGzjB/cQ2IinnjWmFHeEcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFprSjdSY2JPTUg5eERZaUtlZU5hWVVkNFJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi85ZWU5ODAtNjdhMi00ZDNjLWI2Y2Et
ZmRlMDczNTg4ZjBmLzEvaTlhR2FrbnZmbmFwdUhha0EzYjRXX3RVUG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi85ZWU5ODAtNjdhMi00ZDNjLWI2Y2EtZmRlMDczNTg4ZjBm
LzEvdFprSjdSY2JPTUg5eERZaUtlZU5hWVVkNFJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCTfbYAwQC
X9ZoAwQCuWFIMA0EAgACMAcDBQAqBgTAMA0GCSqGSIb3DQEBCwUAA4IBAQCnwLkZ
KOtlJTdrBFOJz9jr4zeZwVFhSN+qdEGHQOz9juK/vW/34IdT7BKPgftR8Sp0VAbq
IS2xDdaOFrnlXekL6Ex5M+8rmYKjShQeg7jgAzoFMV6KAHdd0G8p01Vvnz2nYCp4
gjRDS4VhAeaPS++1Nt/0iFd9NLB522hrcewPp/5Fu7XukvKpxBWTCt/a96S6qYqY
ZuM0Rxhh69H1NvmoT5MUJsmDgxOx8625tG9k4sr6livYAWRKAn7phQSxj5jQFfGR
XT1IH3Bpzq0QxzXp2Yr+XxcJS6FZp5FePhziB0Hfmd01dXDbmqNrwlH6EICEHYC4
sdUkRc1rRMM9iBUP
-----END CERTIFICATE-----