Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/hOM_pVkdMGr4Blbn9D9WpEkYhMU.roa
File:                     hOM_pVkdMGr4Blbn9D9WpEkYhMU.roa (raw, json)
Hash identifier:          8YkDkgxYyagM9CIpG7laxJyzp4NHgfxFwfa3ts0qIuU=
Subject key identifier:   84:E3:3F:A5:59:1D:30:6A:F8:06:56:E7:F4:3F:56:A4:49:18:84:C5
Certificate issuer:       /CN=b869ee66164d3cb41dbd2df5417817c32f4cea05
Certificate serial:       018571F1174F6121BFC7DBC1ED47D1C577A0
Authority key identifier: B8:69:EE:66:16:4D:3C:B4:1D:BD:2D:F5:41:78:17:C3:2F:4C:EA:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uGnuZhZNPLQdvS31QXgXwy9M6gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/hOM_pVkdMGr4Blbn9D9WpEkYhMU.roa
Signing time:             Mon 02 Jan 2023 10:05:03 +0000
ROA not before:           Mon 02 Jan 2023 10:05:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199366
IP address blocks:        185.114.192.0/24 maxlen: 24
                          185.114.194.0/24 maxlen: 24
                          185.114.193.0/24 maxlen: 24
                          185.114.195.0/24 maxlen: 24
                          185.19.94.0/24 maxlen: 24
                          185.19.93.0/24 maxlen: 24
                          185.19.95.0/24 maxlen: 24
                          185.19.92.0/24 maxlen: 24
                          185.59.31.0/24 maxlen: 24
                          185.59.28.0/24 maxlen: 24
                          185.59.30.0/24 maxlen: 24
                          185.59.29.0/24 maxlen: 24
                          2.56.62.0/24 maxlen: 24
                          2.56.63.0/24 maxlen: 24
                          2.56.61.0/24 maxlen: 24
                          2.56.60.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:f1:17:4f:61:21:bf:c7:db:c1:ed:47:d1:c5:77:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b869ee66164d3cb41dbd2df5417817c32f4cea05
        Validity
            Not Before: Jan  2 10:05:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=84e33fa5591d306af80656e7f43f56a4491884c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d9:9d:e0:1c:98:96:b0:00:ec:c5:4a:b2:33:
                    db:f1:c3:10:ae:c0:38:7e:ef:29:ce:67:0c:3f:b9:
                    31:04:2d:50:4d:21:f6:ff:9b:8b:0f:d4:5b:f0:7d:
                    f6:1d:46:8f:03:de:df:98:4e:28:e0:60:7c:36:a3:
                    3e:a2:13:51:b5:c5:cf:12:97:b7:ff:e9:15:24:b9:
                    25:b2:2f:a4:97:4e:bc:2e:74:94:a4:26:a1:cf:27:
                    2b:52:79:82:94:3d:dc:fa:b6:39:b0:91:d4:79:6c:
                    3a:b6:a9:66:6f:89:40:98:66:cd:31:d2:03:86:01:
                    0f:88:bc:2d:4f:7b:b6:75:67:e4:45:85:cc:67:a7:
                    1e:19:34:79:45:25:91:4b:7f:06:57:93:f8:2e:17:
                    c8:a3:ae:95:74:75:be:cf:d9:01:ca:5f:45:2b:90:
                    b4:53:10:85:2b:ab:02:ec:28:51:18:a1:aa:32:ec:
                    75:f5:1c:90:32:39:0d:56:fc:28:dd:53:51:81:62:
                    e7:31:b6:ac:58:71:1c:22:f9:8a:72:10:d0:fa:d9:
                    07:9b:fb:3a:dd:e2:f6:22:09:d8:ca:e4:e1:e9:93:
                    1f:e2:6f:35:09:c3:03:f9:06:e7:a9:8c:45:4d:96:
                    d2:83:e0:fc:aa:25:ce:3a:47:0b:e6:8d:a5:13:a9:
                    e5:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:E3:3F:A5:59:1D:30:6A:F8:06:56:E7:F4:3F:56:A4:49:18:84:C5
            X509v3 Authority Key Identifier:
                keyid:B8:69:EE:66:16:4D:3C:B4:1D:BD:2D:F5:41:78:17:C3:2F:4C:EA:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGnuZhZNPLQdvS31QXgXwy9M6gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/hOM_pVkdMGr4Blbn9D9WpEkYhMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/uGnuZhZNPLQdvS31QXgXwy9M6gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.60.0/22
                  185.19.92.0/22
                  185.59.28.0/22
                  185.114.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:a6:ba:ed:5e:12:70:04:0c:54:f5:0c:3f:77:28:09:f9:89:
         91:e0:01:49:be:60:4c:f8:41:b6:2b:66:59:af:f5:58:14:24:
         27:0a:f0:ce:43:95:d2:17:96:29:95:ed:c4:6f:ef:f9:00:d8:
         39:92:90:9e:1b:45:fc:d9:a3:e3:e4:64:30:08:88:75:18:75:
         b1:fe:21:57:87:af:32:61:b4:98:f0:14:5e:72:e2:c9:b2:f9:
         12:0c:a3:33:b7:f3:b1:c6:eb:4e:92:2b:3d:9c:85:76:c9:4b:
         23:26:30:ef:98:7f:f6:56:cc:20:3b:5e:64:de:07:b0:92:92:
         71:56:75:a8:18:40:86:7e:f4:7a:f3:e7:c8:f3:14:0c:b6:dd:
         82:66:d1:5d:59:3f:a3:99:9b:d1:75:36:f4:e9:b1:ba:87:f0:
         5e:ac:ed:70:ee:d7:c1:07:17:8a:b2:cc:95:ac:17:47:a0:e6:
         1b:4f:32:d1:9d:25:e6:6d:b4:69:91:27:17:66:0e:7c:78:27:
         2f:8e:da:3c:4b:0f:5e:db:2a:71:83:14:95:f8:96:17:48:00:
         27:e5:3b:cd:ef:ca:94:94:af:05:bc:e5:71:4f:67:03:cd:f3:
         29:da:16:04:93:cd:30:f3:05:55:49:2d:5e:23:18:53:ac:8f:
         df:b5:9e:4e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVx8RdPYSG/x9vB7UfRxXegMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjllZTY2MTY0ZDNjYjQxZGJkMmRmNTQxNzgxN2MzMmY0
Y2VhMDUwHhcNMjMwMTAyMTAwNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGUzM2ZhNTU5MWQzMDZhZjgwNjU2ZTdmNDNmNTZhNDQ5MTg4NGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNmd4ByYlrAA7MVKsjPb8cMQrsA4
fu8pzmcMP7kxBC1QTSH2/5uLD9Rb8H32HUaPA97fmE4o4GB8NqM+ohNRtcXPEpe3
/+kVJLklsi+kl068LnSUpCahzycrUnmClD3c+rY5sJHUeWw6tqlmb4lAmGbNMdID
hgEPiLwtT3u2dWfkRYXMZ6ceGTR5RSWRS38GV5P4LhfIo66VdHW+z9kByl9FK5C0
UxCFK6sC7ChRGKGqMux19RyQMjkNVvwo3VNRgWLnMbasWHEcIvmKchDQ+tkHm/s6
3eL2IgnYyuTh6ZMf4m81CcMD+QbnqYxFTZbSg+D8qiXOOkcL5o2lE6nlWwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFITjP6VZHTBq+AZW5/Q/VqRJGITFMB8GA1UdIwQY
MBaAFLhp7mYWTTy0Hb0t9UF4F8MvTOoFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUdudVpoWk5QTFFkdlMzMVFYZ1h3eTlNNmdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8xZDVlZTEtYWNjZi00NzRmLWE1ODkt
Y2QxZmE0ODQ0MTFiLzEvaE9NX3BWa2RNR3I0QmxibjlEOVdwRWtZaE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8xZDVlZTEtYWNjZi00NzRmLWE1ODktY2QxZmE0ODQ0MTFi
LzEvdUdudVpoWk5QTFFkdlMzMVFYZ1h3eTlNNmdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCAjg8AwQC
uRNcAwQCuTscAwQCuXLAMA0GCSqGSIb3DQEBCwUAA4IBAQAIprrtXhJwBAxU9Qw/
dygJ+YmR4AFJvmBM+EG2K2ZZr/VYFCQnCvDOQ5XSF5Yple3Eb+/5ANg5kpCeG0X8
2aPj5GQwCIh1GHWx/iFXh68yYbSY8BRecuLJsvkSDKMzt/OxxutOkis9nIV2yUsj
JjDvmH/2VswgO15k3gewkpJxVnWoGECGfvR68+fI8xQMtt2CZtFdWT+jmZvRdTb0
6bG6h/BerO1w7tfBBxeKssyVrBdHoOYbTzLRnSXmbbRpkScXZg58eCcvjto8Sw9e
2ypxgxSV+JYXSAAn5TvN78qUlK8FvOVxT2cDzfMp2hYEk80w8wVVSS1eIxhTrI/f
tZ5O
-----END CERTIFICATE-----