Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/0kyKcezLCn8Zlp2yo7cgwAx-1gM.roa
File:                     0kyKcezLCn8Zlp2yo7cgwAx-1gM.roa (raw, json)
Hash identifier:          97iCVbNOaX44w7w+Gs6NeYEsqZs3uuJ5AYKXJWCihEA=
Subject key identifier:   D2:4C:8A:71:EC:CB:0A:7F:19:96:9D:B2:A3:B7:20:C0:0C:7E:D6:03
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018570FBCD65FC70AE00537B63A328B6F478
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/0kyKcezLCn8Zlp2yo7cgwAx-1gM.roa
Signing time:             Mon 02 Jan 2023 05:37:08 +0000
ROA not before:           Mon 02 Jan 2023 05:37:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207781
IP address blocks:        2a09:e1c1:efce::/48 maxlen: 48
                          2a09:e1c1:efc3::/48 maxlen: 48
                          2a09:e1c1:efc4::/48 maxlen: 48
                          2a09:e1c1:efc9::/48 maxlen: 48
                          2a09:e1c1:efca::/48 maxlen: 48
                          2a09:e1c1:efcf::/48 maxlen: 48
                          2a09:e1c1:efc0::/48 maxlen: 48
                          2a09:e1c1:efc5::/48 maxlen: 48
                          2a09:e1c1:efc6::/48 maxlen: 48
                          2a09:e1c1:efcb::/48 maxlen: 48
                          2a09:e1c1:efcc::/48 maxlen: 48
                          2a09:e1c1:efc1::/48 maxlen: 48
                          2a09:e1c1:efc2::/48 maxlen: 48
                          2a09:e1c1:efc7::/48 maxlen: 48
                          2a09:e1c1:efc8::/48 maxlen: 48
                          2a09:e1c1:efcd::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:fb:cd:65:fc:70:ae:00:53:7b:63:a3:28:b6:f4:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  2 05:37:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d24c8a71eccb0a7f19969db2a3b720c00c7ed603
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:30:00:81:37:e5:87:3c:7b:ec:10:19:42:08:
                    e5:32:bd:38:77:75:1b:29:03:89:1d:19:f4:05:0c:
                    e6:75:0e:f3:87:e4:53:86:1c:5c:f1:fa:17:6e:09:
                    ae:61:fb:41:de:42:41:66:7d:5d:3c:68:50:44:03:
                    1d:f6:c9:fe:8a:fe:00:a4:5a:83:4e:d1:65:d0:90:
                    11:7b:35:53:ed:d5:5a:4a:ba:29:b9:cb:cc:99:28:
                    6f:f4:79:51:a5:44:7d:27:f0:d9:99:b1:6d:aa:3a:
                    22:5d:5e:fe:5a:63:16:68:7d:61:19:d1:ee:42:1e:
                    cb:a5:c7:e3:ea:a1:39:73:d0:29:9e:cd:92:d7:7e:
                    ac:88:72:04:49:68:88:aa:62:e6:e1:fd:88:0a:a2:
                    d3:06:0e:ed:4b:2f:f6:59:8c:b7:1d:04:b8:ac:5f:
                    26:05:8a:1c:a4:0f:24:df:fd:0e:bd:6e:94:34:af:
                    5b:39:c9:bc:8e:60:91:23:4a:09:fb:ff:2c:66:0c:
                    89:d8:3f:e6:c8:52:24:f2:4a:0f:c7:c5:53:b7:13:
                    a3:40:48:b0:06:2e:94:a8:1d:0e:86:bc:ec:02:5e:
                    2d:f3:00:cb:c3:3f:91:b2:de:0d:17:7d:80:5d:8d:
                    b7:08:9c:bb:c7:1b:6d:76:82:3b:d7:db:eb:a2:a2:
                    d9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:4C:8A:71:EC:CB:0A:7F:19:96:9D:B2:A3:B7:20:C0:0C:7E:D6:03
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/0kyKcezLCn8Zlp2yo7cgwAx-1gM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e1c1:efc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         92:9e:b4:6d:a6:b0:0d:cb:a7:66:a4:38:82:45:e6:77:db:8a:
         3d:6e:c1:a6:a6:cc:8f:ed:4a:12:fe:af:77:7e:e6:37:c4:90:
         b9:8c:97:d3:20:1d:fa:41:c4:18:28:f7:fc:f4:83:1c:49:37:
         f8:2e:d0:45:91:f6:47:db:dd:e2:bf:a4:cd:de:6c:bf:d0:36:
         1b:0a:05:fc:95:38:50:b4:d1:0d:e6:f5:8c:3d:5f:f4:02:fa:
         4e:ee:9c:a1:21:d7:15:eb:f7:27:31:d6:44:87:73:4d:c3:6e:
         0b:4d:0d:41:a6:fb:ab:c7:49:12:f8:c8:b8:dc:8d:d9:35:2f:
         41:31:15:aa:58:a9:ce:ce:20:76:1e:3a:3d:04:06:98:f5:79:
         f5:95:1f:94:cd:05:76:d0:82:f3:c5:5e:5e:3e:94:c4:a3:60:
         fe:ee:c6:9e:f5:1d:68:14:07:ad:1d:4c:16:35:2c:a3:22:a7:
         6a:3b:82:0f:b5:d4:25:b1:f0:2f:a4:b0:43:21:06:4e:3c:34:
         9c:4e:ff:eb:25:0d:52:30:ef:23:3e:ca:f2:2c:8e:96:e6:24:
         8c:d2:8f:61:60:a4:4b:a6:ac:da:38:d7:e9:8b:89:b9:a5:4a:
         88:29:06:fb:27:25:da:49:ed:2b:d6:b6:72:bc:97:45:f2:e6:
         81:0d:4e:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVw+81l/HCuAFN7Y6MotvR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjMwMTAyMDUzNzA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjRjOGE3MWVjY2IwYTdmMTk5NjlkYjJhM2I3MjBjMDBjN2VkNjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzAAgTflhzx77BAZQgjlMr04d3Ub
KQOJHRn0BQzmdQ7zh+RThhxc8foXbgmuYftB3kJBZn1dPGhQRAMd9sn+iv4ApFqD
TtFl0JARezVT7dVaSropucvMmShv9HlRpUR9J/DZmbFtqjoiXV7+WmMWaH1hGdHu
Qh7Lpcfj6qE5c9Apns2S136siHIESWiIqmLm4f2ICqLTBg7tSy/2WYy3HQS4rF8m
BYocpA8k3/0OvW6UNK9bOcm8jmCRI0oJ+/8sZgyJ2D/myFIk8koPx8VTtxOjQEiw
Bi6UqB0OhrzsAl4t8wDLwz+Rst4NF32AXY23CJy7xxttdoI719vroqLZdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNJMinHsywp/GZadsqO3IMAMftYDMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvMGt5S2NlekxDbjhabHAyeW83Y2d3QXgtMWdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgnhwe/A
MA0GCSqGSIb3DQEBCwUAA4IBAQCSnrRtprANy6dmpDiCReZ324o9bsGmpsyP7UoS
/q93fuY3xJC5jJfTIB36QcQYKPf89IMcSTf4LtBFkfZH293iv6TN3my/0DYbCgX8
lThQtNEN5vWMPV/0AvpO7pyhIdcV6/cnMdZEh3NNw24LTQ1Bpvurx0kS+Mi43I3Z
NS9BMRWqWKnOziB2Hjo9BAaY9Xn1lR+UzQV20ILzxV5ePpTEo2D+7sae9R1oFAet
HUwWNSyjIqdqO4IPtdQlsfAvpLBDIQZOPDScTv/rJQ1SMO8jPsryLI6W5iSM0o9h
YKRLpqzaONfpi4m5pUqIKQb7JyXaSe0r1rZyvJdF8uaBDU5I
-----END CERTIFICATE-----