Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/a9ff1a-d580-4b42-bd87-5597260f65ee/1/vO8fuwp1lyYwa2LJgLwWhooKp1Q.roa
File:                     vO8fuwp1lyYwa2LJgLwWhooKp1Q.roa (raw, json)
Hash identifier:          6O3DZdPBtboSecO0IgqKoI3f3rvg6cUZBskGSZkjWVc=
Subject key identifier:   BC:EF:1F:BB:0A:75:97:26:30:6B:62:C9:80:BC:16:86:8A:0A:A7:54
Certificate issuer:       /CN=1902391799337601331f5a12af11e9f4f6421159
Certificate serial:       01856E5D555E61CBD1DD2832CA12C5F60EE4
Authority key identifier: 19:02:39:17:99:33:76:01:33:1F:5A:12:AF:11:E9:F4:F6:42:11:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GQI5F5kzdgEzH1oSrxHp9PZCEVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/a9ff1a-d580-4b42-bd87-5597260f65ee/1/vO8fuwp1lyYwa2LJgLwWhooKp1Q.roa
Signing time:             Sun 01 Jan 2023 17:24:48 +0000
ROA not before:           Sun 01 Jan 2023 17:24:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60427
IP address blocks:        185.87.236.0/24 maxlen: 24
                          194.5.183.0/24 maxlen: 24
                          80.240.107.0/24 maxlen: 24
                          185.64.131.0/24 maxlen: 24
                          185.64.129.0/24 maxlen: 24
                          185.64.130.0/24 maxlen: 24
                          185.64.128.0/24 maxlen: 24
                          185.64.128.0/22 maxlen: 22
                          2a03:14a0:2::/48 maxlen: 48
                          2a03:14a0:3::/48 maxlen: 48
                          2a03:14a0:1::/48 maxlen: 48
                          2a03:14a0:1301::/48 maxlen: 48
                          2a03:14a0:5::/48 maxlen: 48
                          2a03:14a0::/32 maxlen: 32
                          2a03:14a0::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:5d:55:5e:61:cb:d1:dd:28:32:ca:12:c5:f6:0e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1902391799337601331f5a12af11e9f4f6421159
        Validity
            Not Before: Jan  1 17:24:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bcef1fbb0a759726306b62c980bc16868a0aa754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:33:b8:06:b8:7f:2f:89:d9:67:84:77:0e:0a:
                    1f:27:4a:c3:d8:e8:da:ff:d8:d4:be:15:1c:02:e9:
                    ff:90:af:d7:7f:2d:cb:52:c5:fa:85:d4:2e:fa:39:
                    79:89:0a:e3:c9:97:a1:5f:9d:da:93:54:b5:1f:eb:
                    4a:75:db:02:44:b7:0f:b0:89:23:92:9c:ed:b9:9e:
                    cf:ee:62:85:49:d6:b2:bb:98:4c:5f:f1:8b:d3:0b:
                    11:1c:f2:a1:13:9f:b9:c9:6f:64:1c:55:1c:29:22:
                    d8:8c:81:0f:c3:86:67:ec:72:8c:04:27:cb:b6:0c:
                    ab:29:18:a8:38:1a:ff:d8:2f:e5:7a:d6:fc:5f:5b:
                    28:f4:aa:3f:c8:ac:c9:e5:de:dc:ac:c4:e2:da:8a:
                    84:20:9f:04:ac:a0:48:ff:33:71:17:d4:04:ba:67:
                    f1:76:4d:9a:1f:33:1b:a6:a6:62:fc:dc:76:44:59:
                    99:1a:59:89:0a:a4:c7:5d:cf:ef:ea:6d:85:23:c0:
                    96:4d:4d:4f:08:e3:a5:c9:0f:a9:60:c1:50:e1:be:
                    db:15:46:58:ef:12:14:15:ac:b2:16:36:d3:66:89:
                    ee:c6:7c:65:ed:c4:62:c0:bb:cb:81:c8:37:1f:28:
                    68:a7:af:e9:4e:bb:78:a2:4f:0a:61:5b:2f:ea:e0:
                    d4:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:EF:1F:BB:0A:75:97:26:30:6B:62:C9:80:BC:16:86:8A:0A:A7:54
            X509v3 Authority Key Identifier:
                keyid:19:02:39:17:99:33:76:01:33:1F:5A:12:AF:11:E9:F4:F6:42:11:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GQI5F5kzdgEzH1oSrxHp9PZCEVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a9ff1a-d580-4b42-bd87-5597260f65ee/1/vO8fuwp1lyYwa2LJgLwWhooKp1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a9ff1a-d580-4b42-bd87-5597260f65ee/1/GQI5F5kzdgEzH1oSrxHp9PZCEVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.107.0/24
                  185.64.128.0/22
                  185.87.236.0/24
                  194.5.183.0/24
                IPv6:
                  2a03:14a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:a3:f2:5a:91:60:dd:ec:5e:82:e8:6d:ba:a6:85:bf:2e:16:
         03:22:7d:df:3e:d6:76:13:8d:05:29:f0:50:d2:09:ff:57:a5:
         07:bc:51:c8:da:3a:f0:cc:8e:8a:a7:56:f4:7d:ae:d0:50:4a:
         98:3b:a4:d5:3f:05:42:73:5b:26:3a:c1:4e:9a:e6:14:54:14:
         6c:a0:b2:11:43:16:9f:5e:0e:94:ae:96:4b:a0:78:72:c0:d9:
         8b:f8:1b:bc:e8:a7:17:e6:01:0a:b3:33:a7:06:a8:8e:6f:9b:
         61:21:24:47:1a:bd:74:13:85:57:33:10:02:39:c4:95:a6:9e:
         af:f4:77:0b:8d:7d:65:6f:02:b9:66:73:22:24:12:8a:5b:35:
         b2:14:e1:6f:cd:7a:26:78:09:04:0b:88:47:a5:7c:79:83:6a:
         94:18:0a:7e:2b:ef:ed:1f:6f:ef:6b:23:a5:56:4e:71:48:33:
         2a:74:39:18:00:64:b4:cc:cb:a3:0e:a8:2c:94:7c:0b:2f:a7:
         5c:dd:d3:b6:b2:8c:4e:35:0b:16:f1:58:54:71:74:25:ff:4b:
         52:18:77:00:fd:8c:9e:31:dc:3b:85:20:ed:ce:e5:1e:7b:85:
         27:f3:25:15:cc:fb:1d:68:29:de:fb:c8:6a:3e:67:3f:16:60:
         3d:f6:b3:48
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVuXVVeYcvR3SgyyhLF9g7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MDIzOTE3OTkzMzc2MDEzMzFmNWExMmFmMTFlOWY0ZjY0
MjExNTkwHhcNMjMwMTAxMTcyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2VmMWZiYjBhNzU5NzI2MzA2YjYyYzk4MGJjMTY4NjhhMGFhNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TO4Brh/L4nZZ4R3DgofJ0rD2Oja
/9jUvhUcAun/kK/Xfy3LUsX6hdQu+jl5iQrjyZehX53ak1S1H+tKddsCRLcPsIkj
kpztuZ7P7mKFSdayu5hMX/GL0wsRHPKhE5+5yW9kHFUcKSLYjIEPw4Zn7HKMBCfL
tgyrKRioOBr/2C/letb8X1so9Ko/yKzJ5d7crMTi2oqEIJ8ErKBI/zNxF9QEumfx
dk2aHzMbpqZi/Nx2RFmZGlmJCqTHXc/v6m2FI8CWTU1PCOOlyQ+pYMFQ4b7bFUZY
7xIUFayyFjbTZonuxnxl7cRiwLvLgcg3Hyhop6/pTrt4ok8KYVsv6uDUHQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLzvH7sKdZcmMGtiyYC8FoaKCqdUMB8GA1UdIwQY
MBaAFBkCOReZM3YBMx9aEq8R6fT2QhFZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1FJNUY1a3pkZ0V6SDFvU3J4SHA5UFpDRVZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9hOWZmMWEtZDU4MC00YjQyLWJkODct
NTU5NzI2MGY2NWVlLzEvdk84ZnV3cDFseVl3YTJMSmdMd1dob29LcDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9hOWZmMWEtZDU4MC00YjQyLWJkODctNTU5NzI2MGY2NWVl
LzEvR1FJNUY1a3pkZ0V6SDFvU3J4SHA5UFpDRVZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAUPBrAwQC
uUCAAwQAuVfsAwQAwgW3MA0EAgACMAcDBQAqAxSgMA0GCSqGSIb3DQEBCwUAA4IB
AQCNo/JakWDd7F6C6G26poW/LhYDIn3fPtZ2E40FKfBQ0gn/V6UHvFHI2jrwzI6K
p1b0fa7QUEqYO6TVPwVCc1smOsFOmuYUVBRsoLIRQxafXg6UrpZLoHhywNmL+Bu8
6KcX5gEKszOnBqiOb5thISRHGr10E4VXMxACOcSVpp6v9HcLjX1lbwK5ZnMiJBKK
WzWyFOFvzXomeAkEC4hHpXx5g2qUGAp+K+/tH2/vayOlVk5xSDMqdDkYAGS0zMuj
DqgslHwLL6dc3dO2soxONQsW8VhUcXQl/0tSGHcA/YyeMdw7hSDtzuUee4Un8yUV
zPsdaCne+8hqPmc/FmA99rNI
-----END CERTIFICATE-----