Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/nSv2EFuSD4eMDpTc2FeUvoQOOcU.roa
File:                     nSv2EFuSD4eMDpTc2FeUvoQOOcU.roa (raw, json)
Hash identifier:          vPgCzM9/+JIV/MF+hgx/I0dQf2sEP2V0kbu01Fnbc3Q=
Subject key identifier:   9D:2B:F6:10:5B:92:0F:87:8C:0E:94:DC:D8:57:94:BE:84:0E:39:C5
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       01856C6F1BD283BEA6BD07771D258740A2FF
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/nSv2EFuSD4eMDpTc2FeUvoQOOcU.roa
Signing time:             Sun 01 Jan 2023 08:24:58 +0000
ROA not before:           Sun 01 Jan 2023 08:24:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49100
IP address blocks:        185.129.230.0/23 maxlen: 23
                          185.129.228.0/22 maxlen: 22
                          185.82.28.0/22 maxlen: 22
                          109.125.128.0/22 maxlen: 22
                          109.125.128.0/19 maxlen: 19
                          185.129.184.0/21 maxlen: 21
                          185.129.196.0/22 maxlen: 22
                          185.129.197.0/24 maxlen: 24
                          185.129.200.0/22 maxlen: 22
                          185.129.212.0/22 maxlen: 22
                          185.129.216.0/22 maxlen: 22
                          2a03:54a0::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:6f:1b:d2:83:be:a6:bd:07:77:1d:25:87:40:a2:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: Jan  1 08:24:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9d2bf6105b920f878c0e94dcd85794be840e39c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:55:1f:b3:56:d2:bd:49:20:c0:ac:71:7c:28:
                    18:4b:92:9f:04:24:ee:9d:55:d4:71:5b:0b:74:b5:
                    ed:2b:26:c3:c7:c0:40:68:83:76:e3:df:98:8c:5e:
                    49:21:b9:2a:79:7f:68:ef:54:b0:96:23:01:f9:47:
                    ee:0b:c2:96:8e:43:e4:72:68:5c:43:e8:f1:13:31:
                    ab:80:a1:2c:cd:cc:56:bd:a4:0d:a8:9f:39:7f:16:
                    ce:39:0b:ff:f8:48:ae:7c:68:cb:c8:1d:dc:13:32:
                    ad:9b:02:5f:15:fb:0d:e0:8c:09:07:21:df:6a:d2:
                    15:f6:f0:6d:7d:5c:62:16:e0:c6:07:02:ca:b1:90:
                    19:39:65:7b:b3:25:d3:70:32:5d:e7:0f:42:8f:bc:
                    43:aa:1c:a0:e2:3e:43:36:0d:35:d8:a7:56:1c:9a:
                    bc:9a:94:23:e0:ea:45:0f:62:f0:e9:62:2b:94:14:
                    43:f2:b3:94:36:44:ae:9f:96:80:85:e8:7b:77:94:
                    3d:42:41:a4:55:d4:2e:00:31:76:c0:d0:a8:e3:0d:
                    a8:da:7f:73:e2:7a:2c:37:28:e7:ab:6e:5c:44:53:
                    23:49:ce:5d:8d:50:b4:c5:2a:db:ac:fe:38:3f:91:
                    a0:93:9e:cb:e9:a4:ad:15:7e:11:bb:be:cb:a8:17:
                    8b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:2B:F6:10:5B:92:0F:87:8C:0E:94:DC:D8:57:94:BE:84:0E:39:C5
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/nSv2EFuSD4eMDpTc2FeUvoQOOcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.125.128.0/19
                  185.82.28.0/22
                  185.129.184.0/21
                  185.129.196.0-185.129.203.255
                  185.129.212.0-185.129.219.255
                  185.129.228.0/22
                IPv6:
                  2a03:54a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:ee:20:be:fd:43:50:23:bb:0d:91:6d:22:51:74:86:77:05:
         d0:c3:85:9c:ef:3e:d8:0d:6e:d5:83:8d:6d:55:fa:9c:f7:3e:
         7d:fd:90:fd:9e:f1:9a:a6:5c:82:14:7e:2a:b1:b5:57:7d:e7:
         95:2a:3e:03:4a:1a:60:ee:9d:29:df:89:70:41:75:47:ae:2e:
         30:f9:f9:25:97:c5:98:c5:d1:86:00:11:dc:ab:06:af:f5:86:
         35:ed:c9:a5:3b:db:6e:46:88:d3:63:fd:63:2c:42:1a:25:3c:
         88:9a:22:0f:b5:64:73:fe:8e:1e:30:40:82:25:24:64:59:b0:
         46:14:95:9a:44:3f:25:07:77:62:d3:36:c5:13:2e:5a:0c:ad:
         f4:89:22:7c:45:2e:b9:42:da:b9:fa:e1:7c:a4:9a:7f:f8:63:
         66:81:c3:47:ae:b3:af:98:9a:33:e0:7d:c2:ae:fa:1d:0a:6e:
         92:3d:1b:8b:a3:1e:9c:d5:c7:7e:4d:9b:c2:56:20:18:e3:90:
         6e:f7:1d:36:f9:ea:a4:45:86:f6:e0:4c:31:30:82:f2:fd:39:
         d3:63:d7:7c:e6:aa:7c:6e:35:ad:a2:8c:b5:d4:a8:6d:ed:98:
         53:25:28:e2:83:f6:9c:ed:14:6a:17:69:15:af:58:6d:b4:74:
         55:90:a5:92
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYVsbxvSg76mvQd3HSWHQKL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjMwMTAxMDgyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDJiZjYxMDViOTIwZjg3OGMwZTk0ZGNkODU3OTRiZTg0MGUzOWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1Ufs1bSvUkgwKxxfCgYS5KfBCTu
nVXUcVsLdLXtKybDx8BAaIN249+YjF5JIbkqeX9o71SwliMB+UfuC8KWjkPkcmhc
Q+jxEzGrgKEszcxWvaQNqJ85fxbOOQv/+EiufGjLyB3cEzKtmwJfFfsN4IwJByHf
atIV9vBtfVxiFuDGBwLKsZAZOWV7syXTcDJd5w9Cj7xDqhyg4j5DNg012KdWHJq8
mpQj4OpFD2Lw6WIrlBRD8rOUNkSun5aAheh7d5Q9QkGkVdQuADF2wNCo4w2o2n9z
4nosNyjnq25cRFMjSc5djVC0xSrbrP44P5Ggk57L6aStFX4Ru77LqBeLdwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFJ0r9hBbkg+HjA6U3NhXlL6EDjnFMB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEvblN2MkVGdVNENGVNRHBUYzJGZVV2b1FPT2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzA6BAIAATA0AwQFbX2AAwQC
uVIcAwQDuYG4MAwDBAK5gcQDBAK5gcgwDAMEArmB1AMEArmB2AMEArmB5DANBAIA
AjAHAwUAKgNUoDANBgkqhkiG9w0BAQsFAAOCAQEAAO4gvv1DUCO7DZFtIlF0hncF
0MOFnO8+2A1u1YONbVX6nPc+ff2Q/Z7xmqZcghR+KrG1V33nlSo+A0oaYO6dKd+J
cEF1R64uMPn5JZfFmMXRhgAR3KsGr/WGNe3JpTvbbkaI02P9YyxCGiU8iJoiD7Vk
c/6OHjBAgiUkZFmwRhSVmkQ/JQd3YtM2xRMuWgyt9IkifEUuuULaufrhfKSaf/hj
ZoHDR66zr5iaM+B9wq76HQpukj0bi6MenNXHfk2bwlYgGOOQbvcdNvnqpEWG9uBM
MTCC8v0502PXfOaqfG41raKMtdSobe2YUyUo4oP2nO0UahdpFa9YbbR0VZClkg==