Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/aSeXOxhmvsuXg54EcszXCXHT240.roa
File:                     aSeXOxhmvsuXg54EcszXCXHT240.roa (raw, json)
Hash identifier:          IAN8Elu7DKcb0VC0p2+fkYN/4SvkP8bpcjcafhqSlb4=
Subject key identifier:   69:27:97:3B:18:66:BE:CB:97:83:9E:04:72:CC:D7:09:71:D3:DB:8D
Certificate issuer:       /CN=7bd5997ed075c2298b461225e1060f577b1d7d4d
Certificate serial:       0188477931549E91012498040D5C4D531167
Authority key identifier: 7B:D5:99:7E:D0:75:C2:29:8B:46:12:25:E1:06:0F:57:7B:1D:7D:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e9WZftB1wimLRhIl4QYPV3sdfU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/aSeXOxhmvsuXg54EcszXCXHT240.roa
Signing time:             Tue 23 May 2023 07:18:24 +0000
ROA not before:           Tue 23 May 2023 07:18:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41344
IP address blocks:        185.124.176.0/22 maxlen: 22
                          185.124.177.0/24 maxlen: 24
                          89.249.233.0/24 maxlen: 24
                          89.249.232.0/24 maxlen: 24
                          89.249.231.0/24 maxlen: 24
                          31.185.15.0/24 maxlen: 24
                          31.185.14.0/24 maxlen: 24
                          89.249.235.0/24 maxlen: 24
                          89.249.238.0/24 maxlen: 24
                          89.249.237.0/24 maxlen: 24
                          89.249.236.0/24 maxlen: 24
                          31.185.11.0/24 maxlen: 24
                          89.249.226.0/24 maxlen: 24
                          31.185.10.0/24 maxlen: 24
                          31.185.9.0/24 maxlen: 24
                          31.185.8.0/21 maxlen: 21
                          31.185.8.0/24 maxlen: 24
                          89.249.224.0/20 maxlen: 20

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:47:79:31:54:9e:91:01:24:98:04:0d:5c:4d:53:11:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bd5997ed075c2298b461225e1060f577b1d7d4d
        Validity
            Not Before: May 23 07:18:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6927973b1866becb97839e0472ccd70971d3db8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a2:2a:e6:08:b1:a2:3c:f9:1f:50:f5:cb:5f:
                    4c:2c:28:9d:35:0d:0b:d1:96:16:58:a4:8c:44:43:
                    e4:19:89:7f:2a:7b:4c:9e:66:1c:bf:f5:f7:6e:79:
                    97:b1:aa:f7:d6:e8:51:2f:4b:03:58:2a:1b:07:e9:
                    43:1e:78:5d:23:34:d5:af:c3:c8:f0:1f:d9:dd:67:
                    0c:aa:93:7f:4c:88:d8:c2:ab:ef:ac:04:ba:90:63:
                    07:7e:02:0d:cd:d9:8f:80:8f:0d:23:7c:9e:72:f5:
                    16:39:d5:f0:0e:d2:89:b4:76:9f:78:a2:4c:46:4b:
                    2f:7f:36:24:5f:b7:b0:6e:75:18:b7:91:80:a8:66:
                    b4:ad:d6:93:d4:ff:ba:3e:d2:dc:4e:c8:32:72:15:
                    0c:a1:47:44:e2:29:b4:f2:90:da:32:5a:d2:22:56:
                    16:34:9b:6d:e6:46:ed:33:62:87:74:e5:3b:3b:1b:
                    7f:68:89:cc:b2:6d:33:39:e2:44:67:07:ab:45:89:
                    e1:d2:0a:8d:f6:10:a0:12:4b:d4:44:6c:bf:ab:b8:
                    2d:34:c6:ec:bf:24:73:45:2f:76:66:93:aa:b8:32:
                    a0:d6:fc:3c:89:36:ce:56:ce:6c:61:e4:ea:75:99:
                    f7:97:19:27:af:43:b8:4e:76:cc:5f:5c:0b:89:ce:
                    c9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:27:97:3B:18:66:BE:CB:97:83:9E:04:72:CC:D7:09:71:D3:DB:8D
            X509v3 Authority Key Identifier:
                keyid:7B:D5:99:7E:D0:75:C2:29:8B:46:12:25:E1:06:0F:57:7B:1D:7D:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9WZftB1wimLRhIl4QYPV3sdfU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/aSeXOxhmvsuXg54EcszXCXHT240.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/e9WZftB1wimLRhIl4QYPV3sdfU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.8.0/21
                  89.249.224.0/20
                  185.124.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:5a:95:08:68:da:86:07:b8:11:c6:4f:62:63:af:82:f1:82:
         77:bd:ea:6e:3b:dc:46:cc:6b:00:a6:31:54:8f:5b:6c:7f:47:
         92:65:70:79:0b:57:c8:81:6a:77:44:35:18:1b:df:9d:e7:59:
         df:c1:47:50:51:de:47:35:24:1b:1d:92:d4:ca:81:71:d1:68:
         3d:d8:e8:41:ec:d0:de:2d:84:6f:12:78:d5:49:92:e1:ef:ab:
         a5:3e:78:3e:24:19:99:97:2f:4e:f1:c8:5d:57:79:03:d2:92:
         aa:f8:bc:0d:ea:fc:20:c2:fa:26:4b:6d:b9:22:bd:ef:95:13:
         16:f4:5a:7c:84:8a:5f:a4:ec:3a:3b:a6:19:8b:cf:14:73:a5:
         bf:f5:a2:e6:06:98:93:18:53:5e:a0:0b:55:2c:8c:49:29:69:
         6d:fa:53:5a:69:5c:ea:c0:8d:44:b2:03:d6:dd:ce:cc:88:a1:
         f6:2f:31:0f:2a:23:67:45:69:01:b2:82:75:e5:83:e9:7e:ce:
         72:b6:38:3c:24:d0:09:52:19:77:f2:44:03:de:95:cd:f8:7d:
         a4:bb:f0:84:1f:39:39:f5:56:8e:65:a4:8b:4c:08:07:8a:2c:
         62:e2:d9:ea:f1:39:cd:6a:83:69:26:4e:fc:f0:dd:65:dd:61:
         67:0e:73:3f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYhHeTFUnpEBJJgEDVxNUxFnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiZDU5OTdlZDA3NWMyMjk4YjQ2MTIyNWUxMDYwZjU3N2Ix
ZDdkNGQwHhcNMjMwNTIzMDcxODI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTI3OTczYjE4NjZiZWNiOTc4MzllMDQ3MmNjZDcwOTcxZDNkYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqIq5gixojz5H1D1y19MLCidNQ0L
0ZYWWKSMREPkGYl/KntMnmYcv/X3bnmXsar31uhRL0sDWCobB+lDHnhdIzTVr8PI
8B/Z3WcMqpN/TIjYwqvvrAS6kGMHfgINzdmPgI8NI3yecvUWOdXwDtKJtHafeKJM
RksvfzYkX7ewbnUYt5GAqGa0rdaT1P+6PtLcTsgychUMoUdE4im08pDaMlrSIlYW
NJtt5kbtM2KHdOU7Oxt/aInMsm0zOeJEZwerRYnh0gqN9hCgEkvURGy/q7gtNMbs
vyRzRS92ZpOquDKg1vw8iTbOVs5sYeTqdZn3lxknr0O4TnbMX1wLic7JywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGknlzsYZr7Ll4OeBHLM1wlx09uNMB8GA1UdIwQY
MBaAFHvVmX7QdcIpi0YSJeEGD1d7HX1NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTlXWmZ0QjF3aW1MUmhJbDRRWVBWM3NkZlUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS80ZDdmNDAtNDllYy00Y2UyLTg4MmUt
NWFjN2YwNjYyMzBiLzEvYVNlWE94aG12c3VYZzU0RWNzelhDWEhUMjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS80ZDdmNDAtNDllYy00Y2UyLTg4MmUtNWFjN2YwNjYyMzBi
LzEvZTlXWmZ0QjF3aW1MUmhJbDRRWVBWM3NkZlUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDH7kIAwQE
WfngAwQCuXywMA0GCSqGSIb3DQEBCwUAA4IBAQBkWpUIaNqGB7gRxk9iY6+C8YJ3
vepuO9xGzGsApjFUj1tsf0eSZXB5C1fIgWp3RDUYG9+d51nfwUdQUd5HNSQbHZLU
yoFx0Wg92OhB7NDeLYRvEnjVSZLh76ulPng+JBmZly9O8chdV3kD0pKq+LwN6vwg
wvomS225Ir3vlRMW9Fp8hIpfpOw6O6YZi88Uc6W/9aLmBpiTGFNeoAtVLIxJKWlt
+lNaaVzqwI1EsgPW3c7MiKH2LzEPKiNnRWkBsoJ15YPpfs5ytjg8JNAJUhl38kQD
3pXN+H2ku/CEHzk59VaOZaSLTAgHiixi4tnq8TnNaoNpJk788N1l3WFnDnM/
-----END CERTIFICATE-----