Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/T90ck2WhgQrOD-QaqvXbRhcwSjk.roa
File:                     T90ck2WhgQrOD-QaqvXbRhcwSjk.roa (raw, json)
Hash identifier:          Fyxzqy3+KGMN1MjUXizoscpIvKrBLWtLxVQKtKfXwQw=
Subject key identifier:   4F:DD:1C:93:65:A1:81:0A:CE:0F:E4:1A:AA:F5:DB:46:17:30:4A:39
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018BA8F9AB652099E91A29E4071E70947F9C
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/T90ck2WhgQrOD-QaqvXbRhcwSjk.roa
Signing time:             Tue 07 Nov 2023 08:50:16 +0000
ROA not before:           Tue 07 Nov 2023 08:50:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        193.30.241.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          45.94.171.0/24 maxlen: 24
                          2.56.108.0/24 maxlen: 24
                          2.56.110.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          45.81.114.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a8:f9:ab:65:20:99:e9:1a:29:e4:07:1e:70:94:7f:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov  7 08:50:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4fdd1c9365a1810ace0fe41aaaf5db4617304a39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c4:eb:61:1d:89:a9:ff:16:36:00:fa:ff:e9:
                    10:9b:c0:9f:7c:09:1f:54:e7:55:06:d1:61:85:fd:
                    fd:74:43:7c:4d:ec:e4:6d:b3:61:a8:1b:e6:df:4d:
                    de:ac:68:d3:f9:fa:05:17:d3:90:d3:b2:39:b6:70:
                    29:8c:83:ea:04:81:b3:5b:fc:87:14:0e:5b:51:dc:
                    45:a3:ed:09:11:b5:ec:e2:95:6a:54:38:cb:10:8a:
                    44:14:6e:67:1e:8c:f2:ba:5d:74:66:1b:45:c2:37:
                    46:f4:ce:e9:cb:f3:57:9d:4e:48:8a:40:78:39:0e:
                    79:aa:b5:fc:56:c6:1e:53:c5:36:22:87:97:27:5a:
                    ad:27:d1:b7:05:15:10:9f:26:07:84:82:04:a0:97:
                    ad:96:f3:ad:6a:b3:e1:2c:1f:54:a5:9a:04:04:ee:
                    f9:4b:23:38:6f:f7:c1:f3:2e:4c:18:b7:7e:73:17:
                    95:d7:10:88:db:90:9f:e7:41:0b:20:1e:f5:cc:f0:
                    a4:e5:0e:f3:6b:dc:e4:6b:f4:3a:01:a0:d2:91:da:
                    e6:2a:7a:70:85:21:8a:a3:40:66:e4:72:5b:c1:4d:
                    cc:94:45:f6:41:ec:f4:6a:63:8b:ec:bb:b0:ad:07:
                    e9:ee:04:62:a0:24:07:c2:5f:e9:92:fa:c0:44:92:
                    74:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:DD:1C:93:65:A1:81:0A:CE:0F:E4:1A:AA:F5:DB:46:17:30:4A:39
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/T90ck2WhgQrOD-QaqvXbRhcwSjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.108.0/24
                  2.56.110.0/24
                  45.81.113.0-45.81.115.255
                  45.88.139.0/24
                  45.94.171.0/24
                  77.83.39.0/24
                  85.209.120.0/23
                  193.30.241.0/24
                  195.62.24.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:6c:04:60:5e:12:a7:1e:b3:d6:78:bf:0d:dd:0f:8e:20:96:
         b5:08:bf:0c:03:68:e1:77:50:72:b1:52:14:45:36:74:9c:63:
         7a:29:0f:a8:72:28:a7:d2:fb:28:bd:96:4d:b1:94:7a:4f:5d:
         c8:6c:3d:3d:0b:7b:ea:0f:39:7a:c0:2c:1b:f5:57:55:b6:6d:
         25:14:93:54:cc:3d:36:44:21:ce:f4:20:5b:27:9a:86:b8:72:
         18:b1:ab:fc:86:e6:f7:41:35:cd:68:b9:ba:5f:a4:ee:4c:d0:
         fa:69:5d:b4:1f:c8:2e:10:4c:da:17:ce:6e:76:a2:00:10:7b:
         d4:df:fc:68:05:fd:05:2a:14:8a:c8:ab:2f:31:b0:8c:7f:67:
         14:7f:72:53:9a:c8:48:e8:6d:fb:c5:e0:14:c9:39:63:15:be:
         48:ec:75:97:a2:14:1f:62:8f:aa:38:e1:87:dd:50:59:fc:70:
         fb:d6:75:c9:4a:0c:97:7d:c0:44:91:da:bc:dd:e0:cd:11:38:
         5f:28:ed:e2:d5:06:e3:50:bd:74:7b:79:84:a5:3b:87:db:b8:
         16:ba:0c:15:8d:11:99:67:1b:8c:bb:f7:99:f1:de:70:5a:57:
         1a:f4:5f:be:0d:2d:fe:5e:e9:fc:07:d6:22:9e:be:0e:cc:89:
         d1:03:55:a4
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYuo+atlIJnpGinkBx5wlH+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMTA3MDg1MDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmRkMWM5MzY1YTE4MTBhY2UwZmU0MWFhYWY1ZGI0NjE3MzA0YTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8TrYR2Jqf8WNgD6/+kQm8CffAkf
VOdVBtFhhf39dEN8TezkbbNhqBvm303erGjT+foFF9OQ07I5tnApjIPqBIGzW/yH
FA5bUdxFo+0JEbXs4pVqVDjLEIpEFG5nHozyul10ZhtFwjdG9M7py/NXnU5IikB4
OQ55qrX8VsYeU8U2IoeXJ1qtJ9G3BRUQnyYHhIIEoJetlvOtarPhLB9UpZoEBO75
SyM4b/fB8y5MGLd+cxeV1xCI25Cf50ELIB71zPCk5Q7za9zka/Q6AaDSkdrmKnpw
hSGKo0Bm5HJbwU3MlEX2Qez0amOL7LuwrQfp7gRioCQHwl/pkvrARJJ0wQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFE/dHJNloYEKzg/kGqr120YXMEo5MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvVDkwY2syV2hnUXJPRC1RYXF2WGJSaGN3U2prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAAjhsAwQA
AjhuMAwDBAAtUXEDBAItUXADBAAtWIsDBAAtXqsDBABNUycDBAFV0XgDBADBHvED
BADDPhgDBADDsV8wDQYJKoZIhvcNAQELBQADggEBAGVsBGBeEqces9Z4vw3dD44g
lrUIvwwDaOF3UHKxUhRFNnScY3opD6hyKKfS+yi9lk2xlHpPXchsPT0Le+oPOXrA
LBv1V1W2bSUUk1TMPTZEIc70IFsnmoa4chixq/yG5vdBNc1oubpfpO5M0PppXbQf
yC4QTNoXzm52ogAQe9Tf/GgF/QUqFIrIqy8xsIx/ZxR/clOayEjobfvF4BTJOWMV
vkjsdZeiFB9ij6o44YfdUFn8cPvWdclKDJd9wESR2rzd4M0ROF8o7eLVBuNQvXR7
eYSlO4fbuBa6DBWNEZlnG4y795nx3nBaVxr0X74NLf5e6fwH1iKevg7MidEDVaQ=
-----END CERTIFICATE-----