Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/FZpi-ioOlt0n5jfCl-pCL2EjdOY.roa
File:                     FZpi-ioOlt0n5jfCl-pCL2EjdOY.roa (raw, json)
Hash identifier:          euzTAEgTfZ6SGoDZTFuuBBLaW86nHb3h5BNZkySQMBw=
Subject key identifier:   15:9A:62:FA:2A:0E:96:DD:27:E6:37:C2:97:EA:42:2F:61:23:74:E6
Certificate issuer:       /CN=0d72fe2c805ed63afc9c89e9324ac94d30939aab
Certificate serial:       01857227DEAA4E4721E07AC9BABC860ADB43
Authority key identifier: 0D:72:FE:2C:80:5E:D6:3A:FC:9C:89:E9:32:4A:C9:4D:30:93:9A:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXL-LIBe1jr8nInpMkrJTTCTmqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/FZpi-ioOlt0n5jfCl-pCL2EjdOY.roa
Signing time:             Mon 02 Jan 2023 11:04:53 +0000
ROA not before:           Mon 02 Jan 2023 11:04:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197423
IP address blocks:        109.245.56.0/24 maxlen: 24
                          109.245.55.0/24 maxlen: 24
                          109.245.57.0/24 maxlen: 24
                          109.245.63.0/24 maxlen: 24
                          109.245.62.0/24 maxlen: 24
                          109.245.61.0/24 maxlen: 24
                          109.106.226.0/24 maxlen: 24
                          109.106.229.0/24 maxlen: 24
                          109.245.216.0/24 maxlen: 24
                          109.106.233.0/24 maxlen: 24
                          109.106.230.0/24 maxlen: 24
                          109.106.237.0/24 maxlen: 24
                          109.106.236.0/24 maxlen: 24
                          109.106.235.0/24 maxlen: 24
                          109.106.234.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:27:de:aa:4e:47:21:e0:7a:c9:ba:bc:86:0a:db:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d72fe2c805ed63afc9c89e9324ac94d30939aab
        Validity
            Not Before: Jan  2 11:04:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=159a62fa2a0e96dd27e637c297ea422f612374e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:73:12:44:af:8e:34:2b:65:e6:4a:7d:7c:23:
                    09:ed:d6:5b:3c:ff:de:9e:66:af:41:e1:88:17:d1:
                    79:69:5f:c3:fe:d2:77:56:ad:f5:10:75:46:76:fd:
                    ef:f5:2b:40:cb:13:71:3e:87:8d:a8:86:0b:06:66:
                    bd:ea:2b:b4:5a:55:09:7a:39:b4:37:62:be:7a:72:
                    79:ad:8e:a3:fc:09:89:c5:04:b9:e3:d4:f9:72:dc:
                    30:52:3e:45:14:25:cd:51:1d:51:42:18:5d:98:25:
                    16:ff:46:e6:fd:5e:76:74:87:77:17:3f:28:f7:a6:
                    db:75:96:6a:cc:18:e8:58:90:26:39:d0:19:8c:87:
                    82:62:cf:61:e2:02:40:4c:10:5d:7c:c2:a0:24:bf:
                    79:1c:9b:60:0f:b5:56:aa:9a:a1:70:3e:cb:a0:3b:
                    c0:1c:32:84:7d:cd:88:8b:e3:72:91:1d:aa:59:08:
                    e7:53:90:ba:12:b4:9f:03:e8:f6:21:1e:a9:e4:a2:
                    c2:36:38:bd:53:8f:cc:6c:b9:87:66:08:58:06:ba:
                    e7:da:d0:84:a4:aa:e0:bb:42:58:34:99:02:26:bc:
                    15:37:83:36:56:8c:86:b0:32:35:2c:9c:cb:fa:dc:
                    82:f4:9d:ee:1a:7e:67:a8:ab:07:2f:70:6e:f4:63:
                    82:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:9A:62:FA:2A:0E:96:DD:27:E6:37:C2:97:EA:42:2F:61:23:74:E6
            X509v3 Authority Key Identifier:
                keyid:0D:72:FE:2C:80:5E:D6:3A:FC:9C:89:E9:32:4A:C9:4D:30:93:9A:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXL-LIBe1jr8nInpMkrJTTCTmqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/FZpi-ioOlt0n5jfCl-pCL2EjdOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/22e1d1-9984-4158-8d18-cf818c7c451a/1/DXL-LIBe1jr8nInpMkrJTTCTmqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.226.0/24
                  109.106.229.0-109.106.230.255
                  109.106.233.0-109.106.237.255
                  109.245.55.0-109.245.57.255
                  109.245.61.0-109.245.63.255
                  109.245.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:f5:c6:a2:95:2d:5f:cb:2c:eb:f6:89:01:aa:3b:40:85:5f:
         5f:83:4d:40:22:09:8f:ac:5a:e8:c2:1f:c7:9e:39:64:21:0f:
         98:36:1f:25:30:2f:3c:89:d2:c5:cc:23:ea:ce:49:61:47:2c:
         4b:2c:40:ae:f7:94:34:5d:dd:f9:99:a3:57:c5:ea:59:12:29:
         8b:bb:6b:05:e4:f9:1e:49:a7:89:d7:84:0d:c4:1c:eb:27:9a:
         08:d5:1d:21:05:d4:c3:b4:a6:fe:1c:11:f5:ff:16:2e:be:64:
         1f:7e:d7:f9:87:00:85:f1:7a:55:bb:aa:a1:0d:8c:9e:84:0c:
         ce:d7:5a:9b:9b:e1:5b:90:a2:70:af:dd:bb:8c:b7:e4:cb:0c:
         72:85:57:13:4d:2b:ca:75:b6:9b:ca:b1:b2:d4:a9:6d:b0:5b:
         55:38:82:86:97:eb:3f:33:81:88:13:5e:43:28:cb:14:03:e5:
         e0:77:a2:e9:21:58:f9:eb:55:60:83:15:4e:08:43:8e:70:bd:
         91:46:60:53:bf:26:79:9c:c2:d3:8b:57:f8:a6:46:56:e4:5f:
         19:94:b9:43:57:54:89:a5:88:ba:0a:31:44:d8:4f:a0:e0:46:
         d3:78:91:8f:94:ba:d0:ed:55:93:a9:42:3b:80:9d:98:e8:99:
         0b:23:86:fb
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYVyJ96qTkch4HrJuryGCttDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzJmZTJjODA1ZWQ2M2FmYzljODllOTMyNGFjOTRkMzA5
MzlhYWIwHhcNMjMwMTAyMTEwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTlhNjJmYTJhMGU5NmRkMjdlNjM3YzI5N2VhNDIyZjYxMjM3NGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnMSRK+ONCtl5kp9fCMJ7dZbPP/e
nmavQeGIF9F5aV/D/tJ3Vq31EHVGdv3v9StAyxNxPoeNqIYLBma96iu0WlUJejm0
N2K+enJ5rY6j/AmJxQS549T5ctwwUj5FFCXNUR1RQhhdmCUW/0bm/V52dId3Fz8o
96bbdZZqzBjoWJAmOdAZjIeCYs9h4gJATBBdfMKgJL95HJtgD7VWqpqhcD7LoDvA
HDKEfc2Ii+NykR2qWQjnU5C6ErSfA+j2IR6p5KLCNji9U4/MbLmHZghYBrrn2tCE
pKrgu0JYNJkCJrwVN4M2VoyGsDI1LJzL+tyC9J3uGn5nqKsHL3Bu9GOCxwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFBWaYvoqDpbdJ+Y3wpfqQi9hI3TmMB8GA1UdIwQY
MBaAFA1y/iyAXtY6/JyJ6TJKyU0wk5qrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhMLUxJQmUxanI4bklucE1rckpUVENUbXFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yMmUxZDEtOTk4NC00MTU4LThkMTgt
Y2Y4MThjN2M0NTFhLzEvRlpwaS1pb09sdDBuNWpmQ2wtcENMMkVqZE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yMmUxZDEtOTk4NC00MTU4LThkMTgtY2Y4MThjN2M0NTFh
LzEvRFhMLUxJQmUxanI4bklucE1rckpUVENUbXFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAbWriMAwD
BABtauUDBABtauYwDAMEAG1q6QMEAW1q7DAMAwQAbfU3AwQBbfU4MAwDBABt9T0D
BAZt9QADBABt9dgwDQYJKoZIhvcNAQELBQADggEBAHH1xqKVLV/LLOv2iQGqO0CF
X1+DTUAiCY+sWujCH8eeOWQhD5g2HyUwLzyJ0sXMI+rOSWFHLEssQK73lDRd3fmZ
o1fF6lkSKYu7awXk+R5Jp4nXhA3EHOsnmgjVHSEF1MO0pv4cEfX/Fi6+ZB9+1/mH
AIXxelW7qqENjJ6EDM7XWpub4VuQonCv3buMt+TLDHKFVxNNK8p1tpvKsbLUqW2w
W1U4goaX6z8zgYgTXkMoyxQD5eB3oukhWPnrVWCDFU4IQ45wvZFGYFO/JnmcwtOL
V/imRlbkXxmUuUNXVImliLoKMUTYT6DgRtN4kY+UutDtVZOpQjuAnZjomQsjhvs=
-----END CERTIFICATE-----