Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Cpa4Szfb2dN4qb1ttTz388m6cx0.roa
File:                     Cpa4Szfb2dN4qb1ttTz388m6cx0.roa (raw, json)
Hash identifier:          vm7z7Rjpi2CbGsPw4B2ZZFmAF5SHAaPw4xDAMSlpYBA=
Subject key identifier:   0A:96:B8:4B:37:DB:D9:D3:78:A9:BD:6D:B5:3C:F7:F3:C9:BA:73:1D
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018BAA207E78C89FD4B1FBA7927CCEE5E155
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Cpa4Szfb2dN4qb1ttTz388m6cx0.roa
Signing time:             Tue 07 Nov 2023 14:12:18 +0000
ROA not before:           Tue 07 Nov 2023 14:12:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203629
IP address blocks:        2a0c:77c3::/32 maxlen: 32
                          2a0d:3884::/32 maxlen: 32
                          2a0d:3880::/32 maxlen: 32
                          2a0c:77c7::/32 maxlen: 32
                          2a0d:3883::/32 maxlen: 32
                          2a0d:3885::/32 maxlen: 32
                          2a0c:77c6::/32 maxlen: 32
                          2a0d:3882::/32 maxlen: 32
                          2a0c:77c5::/32 maxlen: 32
                          2a0c:77c1::/32 maxlen: 32
                          2a0d:3886::/32 maxlen: 32
                          2a0c:77c4::/32 maxlen: 32
                          2a0c:77c2::/32 maxlen: 32
                          2a0d:3887::/32 maxlen: 32
                          2a0d:3881::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:aa:20:7e:78:c8:9f:d4:b1:fb:a7:92:7c:ce:e5:e1:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Nov  7 14:12:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a96b84b37dbd9d378a9bd6db53cf7f3c9ba731d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a8:e6:97:a7:42:0a:a7:3f:a5:b0:33:83:17:
                    e8:a8:05:52:f1:64:2b:80:0a:0c:b4:e3:4b:9e:2d:
                    b9:ae:5f:8f:25:0e:e2:3b:cf:0b:3d:12:7c:7d:c7:
                    ff:a9:92:d3:21:56:91:67:cd:49:e9:c1:eb:50:1f:
                    46:e4:28:33:94:3e:7c:cf:64:b4:62:2d:e7:68:66:
                    b0:5e:79:07:78:3e:22:6e:08:9e:a1:cf:1f:9a:2d:
                    12:ee:95:7f:80:40:3e:b2:47:8d:fc:6f:14:81:30:
                    12:7f:ff:5a:12:d0:24:a0:4f:55:d7:8a:d3:c5:a3:
                    93:c6:34:e3:9b:d2:4a:d5:9e:05:9c:eb:58:be:f4:
                    80:06:26:5f:e0:a4:17:0a:3d:86:47:88:7c:e8:df:
                    51:28:02:83:ab:36:e6:aa:80:78:ac:43:38:e4:83:
                    18:b8:e4:14:86:29:74:da:fc:89:6d:8e:09:cc:d9:
                    a3:2d:d9:cb:06:41:66:58:34:eb:5b:87:b0:da:2d:
                    30:2d:dd:12:37:d2:92:5c:31:7c:3b:a3:33:d2:81:
                    33:76:51:bb:0d:a7:4f:d6:14:47:d9:55:34:a4:e6:
                    c1:ae:a4:07:05:8e:2b:2f:ec:fc:a4:07:dc:2f:b8:
                    21:fa:82:2f:b6:2a:6c:eb:62:b9:2c:36:6a:de:0a:
                    8d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:96:B8:4B:37:DB:D9:D3:78:A9:BD:6D:B5:3C:F7:F3:C9:BA:73:1D
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Cpa4Szfb2dN4qb1ttTz388m6cx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:77c1::-2a0c:77c7:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0d:3880::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:d6:57:58:d6:b0:99:7a:f7:9d:95:5f:a0:5c:4f:f9:d9:c3:
         6a:fd:8c:ea:b3:c3:ad:50:c9:d3:b0:55:6b:97:8c:6b:52:4d:
         3e:11:b4:0b:ea:68:e3:d1:8d:4a:c9:c1:8e:0e:cd:85:66:66:
         3b:20:35:c6:21:dd:7e:8f:50:7b:0f:7a:67:47:44:06:0b:b9:
         7d:64:1e:18:07:3c:c8:71:8c:bc:76:3e:bc:6c:00:0a:6b:82:
         e4:f1:5d:b3:0d:0a:c4:21:82:47:c5:20:24:a1:e1:79:fe:e4:
         ed:d6:5a:ab:e3:fd:e9:e3:0f:e8:c3:da:95:a3:99:23:0d:63:
         93:62:b0:3c:05:d4:73:0a:07:00:a1:8f:86:c8:40:99:48:e3:
         3e:f1:1c:5e:3a:20:1c:7f:ad:21:06:3c:e8:2b:0f:8c:72:60:
         f8:2a:11:87:42:8c:89:5a:53:50:b1:87:3e:d5:92:78:f4:49:
         aa:21:1c:2d:42:25:af:a6:2a:bd:26:af:83:62:35:e9:83:54:
         eb:d3:c8:f9:ec:61:1f:f2:7d:83:64:00:9c:dd:4e:29:25:ca:
         8d:9e:72:3d:cf:c5:f0:0b:8e:1e:92:6c:c9:66:42:23:76:e6:
         55:f8:ca:7a:42:ba:8c:f3:60:b1:41:ce:43:22:cc:a1:08:8e:
         e6:ab:6a:59
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYuqIH54yJ/UsfunknzO5eFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMxMTA3MTQxMjE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTk2Yjg0YjM3ZGJkOWQzNzhhOWJkNmRiNTNjZjdmM2M5YmE3MzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApajml6dCCqc/pbAzgxfoqAVS8WQr
gAoMtONLni25rl+PJQ7iO88LPRJ8fcf/qZLTIVaRZ81J6cHrUB9G5CgzlD58z2S0
Yi3naGawXnkHeD4ibgieoc8fmi0S7pV/gEA+skeN/G8UgTASf/9aEtAkoE9V14rT
xaOTxjTjm9JK1Z4FnOtYvvSABiZf4KQXCj2GR4h86N9RKAKDqzbmqoB4rEM45IMY
uOQUhil02vyJbY4JzNmjLdnLBkFmWDTrW4ew2i0wLd0SN9KSXDF8O6Mz0oEzdlG7
DadP1hRH2VU0pObBrqQHBY4rL+z8pAfcL7gh+oIvtips62K5LDZq3gqNmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAqWuEs329nTeKm9bbU89/PJunMdMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvQ3BhNFN6ZmIyZE40cWIxdHRUejM4OG02Y3gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXMA4DBQAqDHfB
AwUDKgx3wAMFAyoNOIAwDQYJKoZIhvcNAQELBQADggEBADnWV1jWsJl6952VX6Bc
T/nZw2r9jOqzw61QydOwVWuXjGtSTT4RtAvqaOPRjUrJwY4OzYVmZjsgNcYh3X6P
UHsPemdHRAYLuX1kHhgHPMhxjLx2PrxsAAprguTxXbMNCsQhgkfFICSh4Xn+5O3W
Wqvj/enjD+jD2pWjmSMNY5NisDwF1HMKBwChj4bIQJlI4z7xHF46IBx/rSEGPOgr
D4xyYPgqEYdCjIlaU1Cxhz7Vknj0SaohHC1CJa+mKr0mr4NiNemDVOvTyPnsYR/y
fYNkAJzdTiklyo2ecj3PxfALjh6SbMlmQiN25lX4ynpCuozzYLFBzkMizKEIjuar
alk=
-----END CERTIFICATE-----