Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/7gNxvuT7Kz2GVqpzBhv1rnBl3Yk.roa
File:                     7gNxvuT7Kz2GVqpzBhv1rnBl3Yk.roa (raw, json)
Hash identifier:          B6dVJD/bfni93soBznQiizHD5UsJcklJXbCj0RoPjXs=
Subject key identifier:   EE:03:71:BE:E4:FB:2B:3D:86:56:AA:73:06:1B:F5:AE:70:65:DD:89
Certificate issuer:       /CN=d9f866fb0aa83a271a0cb7dc9030188c89d23e5d
Certificate serial:       0185CAB393E02F42DCBDC8EA2711C3674296
Authority key identifier: D9:F8:66:FB:0A:A8:3A:27:1A:0C:B7:DC:90:30:18:8C:89:D2:3E:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fhm-wqoOicaDLfckDAYjInSPl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/7gNxvuT7Kz2GVqpzBhv1rnBl3Yk.roa
Signing time:             Thu 19 Jan 2023 15:44:04 +0000
ROA not before:           Thu 19 Jan 2023 15:44:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206451
IP address blocks:        176.97.232.0/22 maxlen: 22
                          176.97.232.0/21 maxlen: 21
                          176.97.236.0/22 maxlen: 22
                          212.85.232.0/22 maxlen: 22
                          212.85.232.0/23 maxlen: 23
                          212.85.234.0/23 maxlen: 23
                          89.33.180.0/22 maxlen: 22
                          185.155.4.0/22 maxlen: 24
                          89.39.160.0/24 maxlen: 24
                          89.36.168.0/24 maxlen: 24
                          89.36.175.0/24 maxlen: 24
                          31.14.24.0/24 maxlen: 24
                          2a0d:bf00::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:ca:b3:93:e0:2f:42:dc:bd:c8:ea:27:11:c3:67:42:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9f866fb0aa83a271a0cb7dc9030188c89d23e5d
        Validity
            Not Before: Jan 19 15:44:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ee0371bee4fb2b3d8656aa73061bf5ae7065dd89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4a:4e:53:41:23:f7:c2:3a:09:3c:9b:6c:52:
                    f5:9b:03:b1:82:65:53:1b:67:ff:dd:87:3f:71:ab:
                    46:5f:fa:5a:ee:84:b2:2c:a5:bd:a9:86:4d:a7:ad:
                    8d:fb:cc:d9:b7:89:b7:d3:10:c9:8f:15:47:cc:68:
                    9e:f4:50:b7:4f:3d:0f:ee:db:81:ed:5c:ad:c5:61:
                    f6:c6:64:7f:a0:56:b3:07:20:40:bd:75:fa:c3:f9:
                    fc:27:c3:0d:a7:90:cd:2a:cf:27:73:2b:50:0c:bd:
                    d2:2b:37:ba:60:ad:35:fc:09:2e:89:0e:9f:22:be:
                    11:73:9e:1d:e1:4b:65:16:23:ff:ac:ba:9a:4f:ae:
                    99:0b:cc:99:6b:87:d0:03:41:b0:e7:93:41:9c:7f:
                    6f:55:b0:f5:81:33:78:05:87:29:24:76:1a:40:cb:
                    b0:c0:46:e0:9a:39:13:6e:a5:c7:2a:85:d1:98:13:
                    23:7f:c0:8f:4a:c5:4e:6e:cb:bb:d3:57:91:6a:93:
                    73:48:c9:5c:f6:56:06:23:21:d2:c1:70:21:38:45:
                    32:86:ed:77:8c:a6:38:f5:a6:2c:16:81:ff:d8:e5:
                    a8:fd:82:00:02:24:a9:c9:09:30:49:1e:70:e9:6b:
                    4e:37:0e:f9:7b:7a:e3:49:41:ba:cc:d6:98:1e:53:
                    e5:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:03:71:BE:E4:FB:2B:3D:86:56:AA:73:06:1B:F5:AE:70:65:DD:89
            X509v3 Authority Key Identifier:
                keyid:D9:F8:66:FB:0A:A8:3A:27:1A:0C:B7:DC:90:30:18:8C:89:D2:3E:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fhm-wqoOicaDLfckDAYjInSPl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/7gNxvuT7Kz2GVqpzBhv1rnBl3Yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5273a4-10c8-40bf-b24f-5c1d5a6992d8/1/2fhm-wqoOicaDLfckDAYjInSPl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.24.0/24
                  89.33.180.0/22
                  89.36.168.0/24
                  89.36.175.0/24
                  89.39.160.0/24
                  176.97.232.0/21
                  185.155.4.0/22
                  212.85.232.0/22
                IPv6:
                  2a0d:bf00::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:67:05:89:2a:d7:f8:47:fb:56:c4:5d:69:29:79:82:98:4f:
         c2:b7:c4:8a:90:c4:6b:57:cb:0d:4f:cf:a1:1a:1f:24:4d:22:
         b7:b5:1d:7a:a4:88:06:4d:23:30:85:dc:7e:9f:b7:36:54:c8:
         ae:5f:09:d9:75:dc:df:c3:4c:44:be:a3:48:63:2c:99:9d:0f:
         9e:a1:3d:97:66:d7:47:31:cc:ee:44:f5:35:0f:fd:43:b5:36:
         d5:18:9b:b8:fe:f5:ca:7d:b4:02:f9:37:ef:fb:5b:f6:fa:6a:
         91:e4:01:b8:c7:32:80:98:b0:42:c4:20:61:96:8e:02:63:c8:
         c3:52:8b:61:5b:46:f4:68:dc:f0:30:2d:cd:a8:8e:51:94:1b:
         44:8e:82:27:46:9c:50:34:5e:21:37:84:b9:d3:57:5b:84:69:
         ec:cc:8d:5d:7c:79:d1:0c:69:c5:0f:5b:04:6d:c2:eb:ca:34:
         3c:af:93:40:c3:68:1a:03:dc:db:cd:b2:fa:97:89:0a:31:12:
         36:aa:3b:a8:d0:f8:8c:f7:f8:3f:c2:27:82:00:44:60:7b:dc:
         7d:f7:70:6a:b0:0a:4a:1b:65:e4:ad:42:14:54:da:87:ef:65:
         95:94:f5:7c:86:96:29:ce:e2:6b:12:a1:cb:02:9b:b2:75:30:
         b2:36:21:0b
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYXKs5PgL0LcvcjqJxHDZ0KWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5Zjg2NmZiMGFhODNhMjcxYTBjYjdkYzkwMzAxODhjODlk
MjNlNWQwHhcNMjMwMTE5MTU0NDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTAzNzFiZWU0ZmIyYjNkODY1NmFhNzMwNjFiZjVhZTcwNjVkZDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UpOU0Ej98I6CTybbFL1mwOxgmVT
G2f/3Yc/catGX/pa7oSyLKW9qYZNp62N+8zZt4m30xDJjxVHzGie9FC3Tz0P7tuB
7VytxWH2xmR/oFazByBAvXX6w/n8J8MNp5DNKs8ncytQDL3SKze6YK01/AkuiQ6f
Ir4Rc54d4UtlFiP/rLqaT66ZC8yZa4fQA0Gw55NBnH9vVbD1gTN4BYcpJHYaQMuw
wEbgmjkTbqXHKoXRmBMjf8CPSsVObsu701eRapNzSMlc9lYGIyHSwXAhOEUyhu13
jKY49aYsFoH/2OWo/YIAAiSpyQkwSR5w6WtONw75e3rjSUG6zNaYHlPlcwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFO4Dcb7k+ys9hlaqcwYb9a5wZd2JMB8GA1UdIwQY
MBaAFNn4ZvsKqDonGgy33JAwGIyJ0j5dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZobS13cW9PaWNhRExmY2tEQVlqSW5TUGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81MjczYTQtMTBjOC00MGJmLWIyNGYt
NWMxZDVhNjk5MmQ4LzEvN2dOeHZ1VDdLejJHVnFwekJodjFybkJsM1lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81MjczYTQtMTBjOC00MGJmLWIyNGYtNWMxZDVhNjk5MmQ4
LzEvMmZobS13cW9PaWNhRExmY2tEQVlqSW5TUGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQAHw4YAwQC
WSG0AwQAWSSoAwQAWSSvAwQAWSegAwQDsGHoAwQCuZsEAwQC1FXoMA0EAgACMAcD
BQAqDb8AMA0GCSqGSIb3DQEBCwUAA4IBAQCWZwWJKtf4R/tWxF1pKXmCmE/Ct8SK
kMRrV8sNT8+hGh8kTSK3tR16pIgGTSMwhdx+n7c2VMiuXwnZddzfw0xEvqNIYyyZ
nQ+eoT2XZtdHMczuRPU1D/1DtTbVGJu4/vXKfbQC+Tfv+1v2+mqR5AG4xzKAmLBC
xCBhlo4CY8jDUothW0b0aNzwMC3NqI5RlBtEjoInRpxQNF4hN4S501dbhGnszI1d
fHnRDGnFD1sEbcLryjQ8r5NAw2gaA9zbzbL6l4kKMRI2qjuo0PiM9/g/wieCAERg
e9x993BqsApKG2XkrUIUVNqH72WVlPV8hpYpzuJrEqHLApuydTCyNiEL
-----END CERTIFICATE-----