Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/EePpmscRW2vAri-JQO3q-i7QfVg.roa
File:                     EePpmscRW2vAri-JQO3q-i7QfVg.roa (raw, json)
Hash identifier:          c1dy+YCaM141RrqT2SiMfp9tUTT04/nIFiEb3hL00fk=
Subject key identifier:   11:E3:E9:9A:C7:11:5B:6B:C0:AE:2F:89:40:ED:EA:FA:2E:D0:7D:58
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018987FBB5EFCEE68AE6D37234B9E182F9E5
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/EePpmscRW2vAri-JQO3q-i7QfVg.roa
Signing time:             Mon 24 Jul 2023 12:59:27 +0000
ROA not before:           Mon 24 Jul 2023 12:59:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34918
IP address blocks:        85.9.96.0/20 maxlen: 20
                          85.9.96.0/21 maxlen: 21
                          85.9.104.0/21 maxlen: 21
                          185.126.3.0/24 maxlen: 24
                          185.126.2.0/24 maxlen: 24
                          185.126.4.0/24 maxlen: 24
                          185.126.0.0/24 maxlen: 24
                          185.126.0.0/22 maxlen: 22
                          185.126.0.0/20 maxlen: 20
                          185.126.1.0/24 maxlen: 24
                          185.126.0.0/21 maxlen: 21
                          185.126.10.0/24 maxlen: 24
                          185.126.9.0/24 maxlen: 24
                          185.126.11.0/24 maxlen: 24
                          185.126.7.0/24 maxlen: 24
                          185.126.6.0/24 maxlen: 24
                          185.126.8.0/24 maxlen: 24
                          185.126.8.0/21 maxlen: 21
                          185.126.5.0/24 maxlen: 24
                          185.126.13.0/24 maxlen: 24
                          185.126.15.0/24 maxlen: 24
                          185.126.14.0/24 maxlen: 24
                          185.126.12.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:87:fb:b5:ef:ce:e6:8a:e6:d3:72:34:b9:e1:82:f9:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jul 24 12:59:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=11e3e99ac7115b6bc0ae2f8940edeafa2ed07d58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a6:71:3f:95:49:2a:ac:00:a6:7b:67:93:2f:
                    d1:a6:f9:f3:79:2c:93:a6:46:61:eb:8c:60:88:c8:
                    67:b2:25:1c:5c:37:c7:02:e7:ad:f2:b7:90:fb:52:
                    55:7d:42:9e:d5:5d:79:b0:f4:92:16:a5:6b:d5:0c:
                    a0:1f:c0:37:b2:18:36:b2:dc:93:69:4c:8d:81:90:
                    e7:48:7d:cb:2b:50:1d:a3:dd:6a:d7:83:ea:7d:97:
                    52:52:29:1b:59:95:9e:e7:b9:47:7e:5d:89:c0:5a:
                    4b:98:74:95:85:31:e3:8a:62:54:7c:b5:44:ed:7b:
                    86:f1:1b:e5:d8:b3:78:8a:6a:ed:f2:7c:ba:8b:41:
                    34:33:05:7b:b5:64:8f:8d:fc:8b:c4:3d:82:66:1b:
                    95:f5:b7:74:94:e0:e0:aa:74:9d:3e:53:e0:b5:bf:
                    f5:48:31:26:c6:a4:cb:0a:74:8f:77:6f:95:86:74:
                    92:8a:51:b7:c9:ea:91:25:2f:c4:1c:c0:4c:ef:b7:
                    0b:96:d3:96:01:f2:0c:0e:c2:cd:cd:84:9a:ae:2c:
                    ee:c5:86:bc:43:b8:b7:c9:fa:d8:85:31:ad:ac:7e:
                    59:5a:da:f2:c9:d0:99:0c:25:62:08:87:4a:65:9c:
                    18:48:22:f3:80:3b:d6:94:e7:2e:f0:00:94:38:dd:
                    80:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:E3:E9:9A:C7:11:5B:6B:C0:AE:2F:89:40:ED:EA:FA:2E:D0:7D:58
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/EePpmscRW2vAri-JQO3q-i7QfVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.9.96.0/20
                  185.126.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ca:6b:42:2e:b4:a3:bf:6a:d2:7f:4f:3b:08:27:cf:31:0c:b0:
         9c:43:0b:3e:57:0d:0f:07:4b:ca:11:a7:c4:5a:1a:90:fa:f7:
         93:0d:36:cf:53:e1:d1:65:71:e7:49:b1:61:6a:16:ab:8f:40:
         ce:a8:5d:5a:72:ab:60:71:77:b7:b0:29:b4:49:13:be:e9:a8:
         3f:9c:14:89:3c:64:8f:70:f2:a8:33:6a:e5:24:b1:76:44:3a:
         cf:bf:d6:60:b3:78:cd:23:60:2c:ec:55:e6:6e:ed:11:0a:66:
         9e:4b:78:20:28:7c:d2:cc:e2:cf:c2:16:77:b8:9a:ac:68:ff:
         49:1a:16:f8:43:10:e8:fb:a1:91:4b:26:42:6a:58:fd:9f:d2:
         1a:d6:56:90:25:ed:f0:00:02:33:64:48:21:72:60:bb:24:c0:
         ad:6b:be:ec:e2:14:3f:85:75:c6:0b:63:da:f8:bb:fd:ff:40:
         b8:be:72:15:be:21:6a:f2:97:ab:ec:22:89:7c:6d:8e:09:0e:
         d2:df:e5:81:53:01:f6:3d:89:df:37:cb:5e:c4:85:e1:a5:be:
         7a:41:8c:eb:83:3c:28:fd:36:31:f5:41:e4:79:46:74:39:69:
         4f:25:3a:71:5d:51:eb:85:1c:0b:f3:a8:77:f4:5c:e4:35:0f:
         86:0e:0d:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYmH+7XvzuaK5tNyNLnhgvnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjMwNzI0MTI1OTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWUzZTk5YWM3MTE1YjZiYzBhZTJmODk0MGVkZWFmYTJlZDA3ZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKZxP5VJKqwApntnky/RpvnzeSyT
pkZh64xgiMhnsiUcXDfHAuet8reQ+1JVfUKe1V15sPSSFqVr1QygH8A3shg2styT
aUyNgZDnSH3LK1Ado91q14PqfZdSUikbWZWe57lHfl2JwFpLmHSVhTHjimJUfLVE
7XuG8Rvl2LN4imrt8ny6i0E0MwV7tWSPjfyLxD2CZhuV9bd0lODgqnSdPlPgtb/1
SDEmxqTLCnSPd2+VhnSSilG3yeqRJS/EHMBM77cLltOWAfIMDsLNzYSarizuxYa8
Q7i3yfrYhTGtrH5ZWtryydCZDCViCIdKZZwYSCLzgDvWlOcu8ACUON2A6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBHj6ZrHEVtrwK4viUDt6vou0H1YMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvRWVQcG1zY1JXMnZBcmktSlFPM3EtaTdRZlZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEVQlgAwQE
uX4AMA0GCSqGSIb3DQEBCwUAA4IBAQDKa0IutKO/atJ/TzsIJ88xDLCcQws+Vw0P
B0vKEafEWhqQ+veTDTbPU+HRZXHnSbFhaharj0DOqF1acqtgcXe3sCm0SRO+6ag/
nBSJPGSPcPKoM2rlJLF2RDrPv9Zgs3jNI2As7FXmbu0RCmaeS3ggKHzSzOLPwhZ3
uJqsaP9JGhb4QxDo+6GRSyZCalj9n9Ia1laQJe3wAAIzZEghcmC7JMCta77s4hQ/
hXXGC2Pa+Lv9/0C4vnIVviFq8per7CKJfG2OCQ7S3+WBUwH2PYnfN8texIXhpb56
QYzrgzwo/TYx9UHkeUZ0OWlPJTpxXVHrhRwL86h39FzkNQ+GDg1i