Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/cfbc62-5d54-4327-b072-0f52f867178d/1/h-3EVFDdH8YgQjK3Hu3-nT5OsPs.roa
File:                     h-3EVFDdH8YgQjK3Hu3-nT5OsPs.roa (raw, json)
Hash identifier:          KQEsVdoTI8UsoPRT2xCBEzcI4kmCwYsNyyizU66nBwk=
Subject key identifier:   87:ED:C4:54:50:DD:1F:C6:20:42:32:B7:1E:ED:FE:9D:3E:4E:B0:FB
Certificate issuer:       /CN=dcf85c36c696d5db2cbb48fd43e821737ee34227
Certificate serial:       01856ED4DA887415A7C47F69927DBDF5AD01
Authority key identifier: DC:F8:5C:36:C6:96:D5:DB:2C:BB:48:FD:43:E8:21:73:7E:E3:42:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3PhcNsaW1dssu0j9Q-ghc37jQic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/cfbc62-5d54-4327-b072-0f52f867178d/1/h-3EVFDdH8YgQjK3Hu3-nT5OsPs.roa
Signing time:             Sun 01 Jan 2023 19:35:21 +0000
ROA not before:           Sun 01 Jan 2023 19:35:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207174
IP address blocks:        5.181.240.0/24 maxlen: 24
                          185.49.192.0/24 maxlen: 24
                          5.181.242.0/24 maxlen: 24
                          5.181.241.0/24 maxlen: 24
                          5.181.243.0/24 maxlen: 24
                          185.49.193.0/24 maxlen: 24
                          185.49.195.0/24 maxlen: 24
                          185.49.194.0/24 maxlen: 24
                          185.249.111.0/24 maxlen: 24
                          185.249.108.0/24 maxlen: 24
                          185.249.110.0/24 maxlen: 24
                          185.249.109.0/24 maxlen: 24
                          185.211.212.0/24 maxlen: 24
                          185.211.213.0/24 maxlen: 24
                          185.211.215.0/24 maxlen: 24
                          185.211.214.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:d4:da:88:74:15:a7:c4:7f:69:92:7d:bd:f5:ad:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcf85c36c696d5db2cbb48fd43e821737ee34227
        Validity
            Not Before: Jan  1 19:35:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=87edc45450dd1fc6204232b71eedfe9d3e4eb0fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:23:b2:95:bb:c9:4a:43:4e:aa:fd:cc:61:17:
                    e8:8c:18:80:5f:5a:5f:a9:8c:04:97:95:3a:18:c1:
                    0a:40:d6:ff:f7:97:e5:26:22:b2:3d:17:f9:01:8f:
                    ed:93:ef:e0:84:83:7a:6c:79:28:5a:52:37:9b:24:
                    f7:aa:a7:80:e3:35:d5:0a:2b:02:87:1f:1a:a8:5f:
                    a7:c6:ab:7e:8c:c4:1e:f4:87:7e:fa:e7:be:fe:32:
                    55:51:cf:79:f1:48:d5:ae:44:e7:09:bd:ac:c4:1c:
                    da:0e:8b:c9:8b:09:e5:67:a4:bb:89:2f:7a:70:2f:
                    f1:02:44:65:8b:77:88:17:92:75:b7:c8:31:ce:38:
                    53:53:a9:2b:33:b1:0c:a2:c1:5d:d7:3f:eb:9f:b0:
                    a5:9d:3f:31:b8:cc:86:cc:5e:f1:c6:ce:c5:69:fa:
                    f8:57:59:b9:f8:c2:72:0a:d2:a3:4b:70:30:ae:40:
                    71:e2:a8:fc:1d:99:7a:f2:e2:2b:9d:c4:86:34:c5:
                    8e:9a:8a:f4:bc:6a:7e:8a:b9:cb:fa:34:aa:aa:aa:
                    d5:19:61:de:ef:5e:50:a5:74:dc:32:e1:58:9f:86:
                    ae:b2:82:74:7c:9f:85:52:24:f7:2e:b2:11:fc:bf:
                    c7:47:3e:ae:f2:2f:db:4c:b1:3f:ec:e0:a8:f8:32:
                    06:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:ED:C4:54:50:DD:1F:C6:20:42:32:B7:1E:ED:FE:9D:3E:4E:B0:FB
            X509v3 Authority Key Identifier:
                keyid:DC:F8:5C:36:C6:96:D5:DB:2C:BB:48:FD:43:E8:21:73:7E:E3:42:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3PhcNsaW1dssu0j9Q-ghc37jQic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/cfbc62-5d54-4327-b072-0f52f867178d/1/h-3EVFDdH8YgQjK3Hu3-nT5OsPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/cfbc62-5d54-4327-b072-0f52f867178d/1/3PhcNsaW1dssu0j9Q-ghc37jQic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.240.0/22
                  185.49.192.0/22
                  185.211.212.0/22
                  185.249.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:51:f8:96:eb:56:53:aa:bf:7b:79:3a:a8:d9:e5:c8:27:08:
         0f:b9:7b:c4:d8:37:31:18:e0:83:b5:0d:29:03:c1:2a:8c:79:
         3d:3a:e1:fb:e6:a2:1a:9e:33:73:1c:4e:44:f8:67:61:4c:04:
         eb:46:88:a5:70:98:14:7d:bf:99:2f:d9:c2:c8:14:b2:c7:6f:
         08:25:dd:88:c2:ad:09:33:c8:39:e7:28:78:93:c8:8e:d6:0a:
         db:c0:4c:ea:77:d6:b0:59:9e:32:1d:0b:d3:2d:95:98:90:2e:
         f9:0c:8f:cc:db:d9:6a:d3:7a:d7:31:cf:ea:7a:68:9c:58:c7:
         c1:67:25:a5:57:f8:e4:2b:2c:80:58:96:f8:68:d9:6c:47:45:
         ec:54:9c:54:e7:64:06:a5:23:90:76:17:7d:28:5b:db:4e:b2:
         0b:b7:80:86:bb:d0:68:ae:39:5b:1c:f8:dd:6f:1b:23:2f:c2:
         b2:69:52:a2:c8:87:dd:80:4d:53:80:3b:8b:d8:7b:04:8b:14:
         49:94:92:6e:d6:e0:95:4d:bd:99:d4:b8:11:0a:64:f5:64:c7:
         92:d0:66:51:cc:38:a9:03:72:22:41:06:8f:32:f9:e0:41:92:
         91:e8:e4:7f:d6:9f:8e:0a:cb:61:4e:5d:93:13:25:63:02:5d:
         ab:9d:bc:73
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVu1NqIdBWnxH9pkn299a0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZjg1YzM2YzY5NmQ1ZGIyY2JiNDhmZDQzZTgyMTczN2Vl
MzQyMjcwHhcNMjMwMTAxMTkzNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2VkYzQ1NDUwZGQxZmM2MjA0MjMyYjcxZWVkZmU5ZDNlNGViMGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiOylbvJSkNOqv3MYRfojBiAX1pf
qYwEl5U6GMEKQNb/95flJiKyPRf5AY/tk+/ghIN6bHkoWlI3myT3qqeA4zXVCisC
hx8aqF+nxqt+jMQe9Id++ue+/jJVUc958UjVrkTnCb2sxBzaDovJiwnlZ6S7iS96
cC/xAkRli3eIF5J1t8gxzjhTU6krM7EMosFd1z/rn7ClnT8xuMyGzF7xxs7Fafr4
V1m5+MJyCtKjS3AwrkBx4qj8HZl68uIrncSGNMWOmor0vGp+irnL+jSqqqrVGWHe
715QpXTcMuFYn4ausoJ0fJ+FUiT3LrIR/L/HRz6u8i/bTLE/7OCo+DIGSQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIftxFRQ3R/GIEIytx7t/p0+TrD7MB8GA1UdIwQY
MBaAFNz4XDbGltXbLLtI/UPoIXN+40InMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1BoY05zYVcxZHNzdTBqOVEtZ2hjMzdqUWljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9jZmJjNjItNWQ1NC00MzI3LWIwNzIt
MGY1MmY4NjcxNzhkLzEvaC0zRVZGRGRIOFlnUWpLM0h1My1uVDVPc1BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9jZmJjNjItNWQ1NC00MzI3LWIwNzItMGY1MmY4NjcxNzhk
LzEvM1BoY05zYVcxZHNzdTBqOVEtZ2hjMzdqUWljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCBbXwAwQC
uTHAAwQCudPUAwQCuflsMA0GCSqGSIb3DQEBCwUAA4IBAQASUfiW61ZTqr97eTqo
2eXIJwgPuXvE2DcxGOCDtQ0pA8EqjHk9OuH75qIanjNzHE5E+GdhTATrRoilcJgU
fb+ZL9nCyBSyx28IJd2Iwq0JM8g55yh4k8iO1grbwEzqd9awWZ4yHQvTLZWYkC75
DI/M29lq03rXMc/qemicWMfBZyWlV/jkKyyAWJb4aNlsR0XsVJxU52QGpSOQdhd9
KFvbTrILt4CGu9BorjlbHPjdbxsjL8KyaVKiyIfdgE1TgDuL2HsEixRJlJJu1uCV
Tb2Z1LgRCmT1ZMeS0GZRzDipA3IiQQaPMvngQZKR6OR/1p+OCsthTl2TEyVjAl2r
nbxz
-----END CERTIFICATE-----