Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/i2DiSTG8qaf5l--v6D5X0o33KXw.roa
File:                     i2DiSTG8qaf5l--v6D5X0o33KXw.roa (raw, json)
Hash identifier:          JD43ErtSVoa6x3KkzgeqL9wzttLdlORa9bPylAhCxxI=
Subject key identifier:   8B:60:E2:49:31:BC:A9:A7:F9:97:EF:AF:E8:3E:57:D2:8D:F7:29:7C
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       018C48CC0AD6A885D62F7CA99E6EDD4B2C27
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/i2DiSTG8qaf5l--v6D5X0o33KXw.roa
Signing time:             Fri 08 Dec 2023 09:39:40 +0000
ROA not before:           Fri 08 Dec 2023 09:39:40 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        146.247.108.0/24 maxlen: 24
                          146.247.107.0/24 maxlen: 24
                          146.247.106.0/24 maxlen: 24
                          146.247.111.0/24 maxlen: 24
                          146.247.112.0/23 maxlen: 23
                          146.247.118.0/24 maxlen: 24
                          146.247.115.0/24 maxlen: 24
                          146.247.114.0/24 maxlen: 24
                          146.247.117.0/24 maxlen: 24
                          146.247.116.0/24 maxlen: 24
                          146.247.122.0/24 maxlen: 24
                          146.247.121.0/24 maxlen: 24
                          146.247.120.0/24 maxlen: 24
                          146.247.119.0/24 maxlen: 24
                          146.247.127.0/24 maxlen: 24
                          146.247.126.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:48:cc:0a:d6:a8:85:d6:2f:7c:a9:9e:6e:dd:4b:2c:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Dec  8 09:39:40 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b60e24931bca9a7f997efafe83e57d28df7297c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ab:bf:e4:11:04:f2:05:03:4d:b7:80:b7:aa:
                    64:f4:c1:e7:25:66:3b:db:77:1d:6e:87:52:8b:c2:
                    db:01:1d:ab:ec:1a:8c:60:8e:63:3d:06:d6:2a:e9:
                    b1:ac:63:a2:38:40:08:fe:8d:44:18:ed:84:fc:96:
                    84:5b:cb:38:5f:bf:86:8a:ca:e9:26:aa:e9:a4:3a:
                    bb:5e:97:a0:bb:0c:cd:b6:87:e4:9c:13:fb:94:af:
                    e7:93:df:9d:f1:40:a1:16:c1:e0:20:1e:77:0b:31:
                    c3:f8:b2:4b:56:92:ba:6f:2a:f3:b6:55:83:d3:bc:
                    00:35:9c:a3:46:e9:1e:ad:9c:ce:46:d2:6c:b6:aa:
                    9f:1b:09:41:42:ec:71:f7:7c:59:fb:2c:27:2e:80:
                    eb:11:7a:a1:5d:41:d5:4b:56:27:d9:d9:8a:95:f3:
                    4b:4d:15:e6:c3:73:b4:13:63:56:59:43:dc:f4:5a:
                    d5:b5:63:cf:64:10:91:bb:a7:19:04:a7:16:97:dd:
                    97:91:06:4c:f6:1e:af:b9:a0:a7:24:80:e1:99:14:
                    fe:ed:18:97:a5:70:bd:f2:bf:bf:b0:98:84:2b:62:
                    3d:c0:7e:5f:90:28:ee:71:57:8d:a0:c6:4e:b1:f9:
                    f9:62:22:d8:7a:c9:49:d0:ec:4e:cf:eb:37:6e:dc:
                    80:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:60:E2:49:31:BC:A9:A7:F9:97:EF:AF:E8:3E:57:D2:8D:F7:29:7C
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/i2DiSTG8qaf5l--v6D5X0o33KXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.106.0-146.247.108.255
                  146.247.111.0-146.247.122.255
                  146.247.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:53:bc:92:a3:ad:4e:53:e8:bf:37:22:b8:91:ac:f9:76:80:
         34:6c:3c:f6:bc:ec:d4:6f:f8:45:3f:31:36:56:5c:66:13:e5:
         57:08:87:d1:e0:07:5c:4c:00:74:1d:74:39:a3:13:d5:95:9d:
         be:9f:cb:0c:1b:1e:d4:f7:13:67:88:60:49:b2:58:d9:24:c3:
         0a:88:71:ca:5e:bf:6d:e8:b4:6f:05:4a:32:ab:f3:be:bc:2d:
         f7:8f:82:30:ad:6a:27:15:de:17:22:ff:bf:a0:5f:1c:14:d6:
         75:15:8a:61:cd:5b:f4:52:e5:95:24:83:7a:fd:de:05:86:49:
         f2:38:b9:a8:e1:c2:06:cd:8a:2e:11:59:5d:61:49:62:51:9b:
         55:65:e5:65:44:dd:bf:e4:5e:17:13:0a:cf:b3:19:97:8e:1b:
         a7:15:7e:3a:74:5b:91:1e:c0:40:49:e7:9f:a7:ca:93:87:4c:
         19:91:da:7b:b9:07:3d:2c:01:72:76:40:20:af:b3:7b:3d:68:
         59:2a:8d:b2:2f:44:99:ea:3a:05:33:78:df:bb:39:33:94:5a:
         24:14:61:27:18:1a:4b:29:ed:3c:6d:44:bd:ef:e0:9b:16:a9:
         1c:75:cd:a7:d7:ed:93:45:ef:7d:f3:b2:fb:58:94:04:04:42:
         58:c2:cb:9a
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYxIzArWqIXWL3ypnm7dSywnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjMxMjA4MDkzOTQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjYwZTI0OTMxYmNhOWE3Zjk5N2VmYWZlODNlNTdkMjhkZjcyOTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6u/5BEE8gUDTbeAt6pk9MHnJWY7
23cdbodSi8LbAR2r7BqMYI5jPQbWKumxrGOiOEAI/o1EGO2E/JaEW8s4X7+Gisrp
JqrppDq7XpeguwzNtofknBP7lK/nk9+d8UChFsHgIB53CzHD+LJLVpK6byrztlWD
07wANZyjRukerZzORtJstqqfGwlBQuxx93xZ+ywnLoDrEXqhXUHVS1Yn2dmKlfNL
TRXmw3O0E2NWWUPc9FrVtWPPZBCRu6cZBKcWl92XkQZM9h6vuaCnJIDhmRT+7RiX
pXC98r+/sJiEK2I9wH5fkCjucVeNoMZOsfn5YiLYeslJ0OxOz+s3btyAiQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFItg4kkxvKmn+Zfvr+g+V9KN9yl8MB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvaTJEaVNURzhxYWY1bC0tdjZENVgwbzMzS1h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAGS92oD
BACS92wwDAMEAJL3bwMEAJL3egMEAZL3fjANBgkqhkiG9w0BAQsFAAOCAQEAX1O8
kqOtTlPovzciuJGs+XaANGw89rzs1G/4RT8xNlZcZhPlVwiH0eAHXEwAdB10OaMT
1ZWdvp/LDBse1PcTZ4hgSbJY2STDCohxyl6/bei0bwVKMqvzvrwt94+CMK1qJxXe
FyL/v6BfHBTWdRWKYc1b9FLllSSDev3eBYZJ8ji5qOHCBs2KLhFZXWFJYlGbVWXl
ZUTdv+ReFxMKz7MZl44bpxV+OnRbkR7AQEnnn6fKk4dMGZHae7kHPSwBcnZAIK+z
ez1oWSqNsi9Emeo6BTN437s5M5RaJBRhJxgaSyntPG1Eve/gmxapHHXNp9ftk0Xv
ffOy+1iUBARCWMLLmg==
-----END CERTIFICATE-----