Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/M2HfrwFpmhmK4ztoUpfp-12oZpY.roa
File:                     M2HfrwFpmhmK4ztoUpfp-12oZpY.roa (raw, json)
Hash identifier:          pAotUu1oArLOY+28xYPKhNuq27i/xrSob2moKt+aGDw=
Subject key identifier:   33:61:DF:AF:01:69:9A:19:8A:E3:3B:68:52:97:E9:FB:5D:A8:66:96
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018571955EE2E5516B565770FAEAC9A8A820
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/M2HfrwFpmhmK4ztoUpfp-12oZpY.roa
Signing time:             Mon 02 Jan 2023 08:24:52 +0000
ROA not before:           Mon 02 Jan 2023 08:24:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59729
IP address blocks:        46.3.152.0/24 maxlen: 24
                          46.3.153.0/24 maxlen: 24
                          46.3.154.0/24 maxlen: 24
                          46.3.155.0/24 maxlen: 24
                          149.126.192.0/24 maxlen: 24
                          46.3.202.0/24 maxlen: 24
                          46.3.203.0/24 maxlen: 24
                          46.3.204.0/24 maxlen: 24
                          149.126.197.0/24 maxlen: 24
                          149.126.203.0/24 maxlen: 24
                          46.3.224.0/24 maxlen: 24
                          46.3.225.0/24 maxlen: 24
                          46.3.226.0/24 maxlen: 24
                          46.3.227.0/24 maxlen: 24
                          46.3.238.0/24 maxlen: 24
                          46.3.239.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:95:5e:e2:e5:51:6b:56:57:70:fa:ea:c9:a8:a8:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  2 08:24:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3361dfaf01699a198ae33b685297e9fb5da86696
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e4:58:25:71:18:30:47:5d:60:6b:fd:77:e0:
                    e3:e9:c8:e4:dd:3d:a1:a1:13:e0:16:0a:c8:cc:46:
                    f3:b7:0b:e9:1c:b5:6b:89:08:3c:ed:af:ce:af:a3:
                    65:22:5a:22:79:f5:a6:06:3f:6e:32:c4:e8:7f:31:
                    d5:dc:d2:b9:1b:c1:cd:8f:d0:8d:43:d2:b5:52:50:
                    d5:e7:05:51:18:3d:99:ca:68:40:a2:24:12:4b:0d:
                    fd:8e:3c:86:0c:53:f6:36:65:f8:46:54:58:b4:a7:
                    13:46:9f:6c:d7:d5:b4:6b:e1:88:34:f8:fb:3b:7b:
                    b1:87:6b:bc:a8:67:86:f6:6e:91:77:ec:1e:b5:e7:
                    77:06:fd:75:5b:ce:13:10:fb:7d:e2:df:7f:8c:ef:
                    cb:a0:5b:85:c5:c7:aa:70:7e:58:b6:0e:86:2a:38:
                    86:49:cd:77:f3:b2:1b:75:13:2e:30:f1:6f:c0:66:
                    f1:b0:fc:7f:13:fc:c0:96:bc:61:6f:2e:63:8b:91:
                    86:a8:af:54:64:36:31:2e:44:5f:ae:86:f2:0d:6e:
                    57:33:74:02:a0:f9:41:cb:68:a9:03:5f:67:c2:00:
                    ed:c9:1d:f1:39:28:c2:07:43:df:cd:e8:ad:d0:3e:
                    08:33:ea:1b:09:b2:5b:ac:ea:56:36:e5:59:07:7f:
                    b7:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:61:DF:AF:01:69:9A:19:8A:E3:3B:68:52:97:E9:FB:5D:A8:66:96
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/M2HfrwFpmhmK4ztoUpfp-12oZpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.152.0/22
                  46.3.202.0-46.3.204.255
                  46.3.224.0/22
                  46.3.238.0/23
                  149.126.192.0/24
                  149.126.197.0/24
                  149.126.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:57:4c:13:ea:ab:7a:e0:3c:03:1c:37:b4:c1:58:d8:8d:48:
         d8:3b:3e:b2:92:6c:06:f4:0f:55:b9:a0:3d:84:81:1e:33:0e:
         ea:fd:18:1c:d3:02:32:f1:e1:f8:82:9e:6b:07:a3:39:ba:6d:
         7d:ff:b6:00:28:e4:a1:c9:c7:cb:8c:0e:2f:de:82:c9:e6:84:
         88:ea:4c:d8:45:8e:f2:5b:df:fa:13:79:2f:90:96:9d:7e:da:
         00:e1:b6:2b:1f:5d:3b:0b:4f:2e:90:5e:8e:a7:f1:f8:2f:03:
         71:c6:1f:83:de:49:ff:82:f5:4c:0e:c5:92:01:1a:0f:1c:c1:
         f4:cc:82:3e:a2:77:99:58:8c:1b:e8:11:90:4d:50:6d:21:32:
         9a:d4:98:2e:f5:81:3e:4e:e8:b1:cf:3e:59:90:9e:49:40:64:
         74:e5:d0:44:70:fd:58:ac:65:b7:2a:2a:19:95:dd:5f:06:71:
         2a:e5:ed:fe:47:df:e4:20:ec:8c:0a:59:a7:e8:ec:e2:58:53:
         72:76:e4:51:f1:83:51:ed:a7:ab:44:eb:38:e0:ec:c7:20:b4:
         f3:c7:62:65:f2:22:5c:9d:d7:01:87:4e:76:71:66:b4:5e:fd:
         ce:76:2c:ea:f5:c6:47:0b:63:3c:e4:9e:85:d0:5e:b9:f6:31:
         1c:13:20:60
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYVxlV7i5VFrVldw+urJqKggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjMwMTAyMDgyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzYxZGZhZjAxNjk5YTE5OGFlMzNiNjg1Mjk3ZTlmYjVkYTg2Njk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxORYJXEYMEddYGv9d+Dj6cjk3T2h
oRPgFgrIzEbztwvpHLVriQg87a/Or6NlIloiefWmBj9uMsTofzHV3NK5G8HNj9CN
Q9K1UlDV5wVRGD2ZymhAoiQSSw39jjyGDFP2NmX4RlRYtKcTRp9s19W0a+GINPj7
O3uxh2u8qGeG9m6Rd+weted3Bv11W84TEPt94t9/jO/LoFuFxceqcH5Ytg6GKjiG
Sc1387IbdRMuMPFvwGbxsPx/E/zAlrxhby5ji5GGqK9UZDYxLkRfrobyDW5XM3QC
oPlBy2ipA19nwgDtyR3xOSjCB0Pfzeit0D4IM+obCbJbrOpWNuVZB3+3IQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFDNh368BaZoZiuM7aFKX6ftdqGaWMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvTTJIZnJ3RnBtaG1LNHp0b1VwZnAtMTJvWnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCLgOYMAwD
BAEuA8oDBAAuA8wDBAIuA+ADBAEuA+4DBACVfsADBACVfsUDBACVfsswDQYJKoZI
hvcNAQELBQADggEBAIFXTBPqq3rgPAMcN7TBWNiNSNg7PrKSbAb0D1W5oD2EgR4z
Dur9GBzTAjLx4fiCnmsHozm6bX3/tgAo5KHJx8uMDi/egsnmhIjqTNhFjvJb3/oT
eS+Qlp1+2gDhtisfXTsLTy6QXo6n8fgvA3HGH4PeSf+C9UwOxZIBGg8cwfTMgj6i
d5lYjBvoEZBNUG0hMprUmC71gT5O6LHPPlmQnklAZHTl0ERw/VisZbcqKhmV3V8G
cSrl7f5H3+Qg7IwKWafo7OJYU3J25FHxg1Htp6tE6zjg7McgtPPHYmXyIlyd1wGH
TnZxZrRe/c52LOr1xkcLYzzknoXQXrn2MRwTIGA=
-----END CERTIFICATE-----