Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/EFrf-CltyDqbbx3PW0KaQGzGAJs.roa
File:                     EFrf-CltyDqbbx3PW0KaQGzGAJs.roa (raw, json)
Hash identifier:          Mea7A6tPHS4knTOK6qkVcrapOtUD0CKlues0lcxeHi4=
Subject key identifier:   10:5A:DF:F8:29:6D:C8:3A:9B:6F:1D:CF:5B:42:9A:40:6C:C6:00:9B
Certificate issuer:       /CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
Certificate serial:       0187B9D33CC98B97D6A0DB2DBB9F5114A3C3
Authority key identifier: D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/EFrf-CltyDqbbx3PW0KaQGzGAJs.roa
Signing time:             Tue 25 Apr 2023 19:10:41 +0000
ROA not before:           Tue 25 Apr 2023 19:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205334
IP address blocks:        185.193.173.0/24 maxlen: 24
                          185.193.175.0/24 maxlen: 24
                          185.193.174.0/24 maxlen: 24
                          185.211.41.0/24 maxlen: 24
                          176.119.132.0/23 maxlen: 23
                          176.119.132.0/24 maxlen: 24
                          176.119.132.0/22 maxlen: 22
                          185.214.169.0/24 maxlen: 24
                          185.214.171.0/24 maxlen: 24
                          176.119.134.0/24 maxlen: 24
                          176.119.134.0/23 maxlen: 23
                          176.119.133.0/24 maxlen: 24
                          176.119.135.0/24 maxlen: 24
                          185.193.172.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b9:d3:3c:c9:8b:97:d6:a0:db:2d:bb:9f:51:14:a3:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
        Validity
            Not Before: Apr 25 19:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=105adff8296dc83a9b6f1dcf5b429a406cc6009b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f0:7a:b4:19:ae:5a:8c:f4:c4:02:ed:1d:60:
                    63:ae:1e:95:2a:76:b5:94:e6:df:d9:db:9d:75:a9:
                    d2:30:06:ee:fb:07:ac:76:bc:be:f6:50:80:f2:4f:
                    64:8f:a0:79:11:75:fc:da:37:df:be:3a:18:87:60:
                    5f:a6:15:60:7e:f4:c2:2b:de:ad:ff:9d:79:50:a9:
                    44:ad:87:a0:d0:ba:ae:58:98:e9:74:9d:60:e5:11:
                    8b:36:22:ed:d6:43:61:8c:4a:97:c6:d4:4f:b0:2c:
                    01:c5:ac:8f:60:76:eb:fb:c3:b6:db:f8:5f:8d:26:
                    ca:a7:a5:57:6f:5a:ec:28:7d:df:70:91:cf:52:cc:
                    fe:a0:8f:39:32:a1:ab:85:4e:0b:fc:21:e9:0f:18:
                    af:e4:86:83:50:36:63:f3:d2:4d:03:70:ce:ab:e6:
                    f1:39:cb:44:14:be:92:ab:49:6d:0b:76:28:2c:a9:
                    ee:97:81:74:25:58:22:cc:5c:e1:b4:3d:1a:a9:18:
                    82:65:e8:8d:95:6a:11:44:53:a2:20:74:1e:d9:75:
                    86:b4:3a:05:03:bc:be:cc:92:cc:81:cc:14:04:e5:
                    02:93:4f:08:43:96:7c:20:c3:6a:0a:0b:30:be:c8:
                    40:bc:59:ae:c5:73:9c:17:a4:f5:34:24:65:9b:33:
                    fe:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:5A:DF:F8:29:6D:C8:3A:9B:6F:1D:CF:5B:42:9A:40:6C:C6:00:9B
            X509v3 Authority Key Identifier:
                keyid:D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/EFrf-CltyDqbbx3PW0KaQGzGAJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.132.0/22
                  185.193.172.0/22
                  185.211.41.0/24
                  185.214.169.0/24
                  185.214.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:32:af:ee:33:cd:b1:98:75:c3:33:13:da:27:74:62:45:30:
         de:0d:0c:f8:1e:c4:f2:c3:46:90:8a:10:85:fa:73:43:4d:fd:
         22:37:2d:50:42:cf:88:7e:9f:53:e6:56:f7:4f:70:e1:3e:3e:
         09:bd:59:8f:39:80:c2:b8:3e:e8:a9:0b:84:32:a7:49:71:b7:
         25:92:0e:c1:a2:92:02:6b:20:1a:b5:60:9f:b9:ed:75:b8:54:
         f2:f5:56:94:68:99:fa:9b:00:9d:cd:c8:23:3c:33:b3:b2:3e:
         98:9c:9c:3a:bf:05:b7:97:c8:58:7a:aa:f9:a6:4c:4c:ba:4a:
         e2:32:18:77:84:98:35:6b:cd:e1:d1:66:c9:ac:5e:31:f6:22:
         34:76:fa:88:76:5a:4f:bf:b7:9c:2b:c3:b7:7c:ae:f0:d7:78:
         9c:90:0e:4c:ee:1d:c8:01:b9:62:0e:e8:51:b4:e7:4f:56:71:
         aa:89:9c:a9:85:be:c8:58:f8:ce:14:58:ce:70:c7:67:5a:41:
         2c:68:23:2a:21:91:ad:0b:d4:bd:f9:0b:77:6c:23:0c:0f:96:
         42:3e:93:f8:b2:08:7c:9b:b7:4b:bc:ef:89:c2:c2:2e:06:cf:
         0c:4f:d3:d3:53:93:9d:a1:b3:e1:0c:e1:f8:0a:88:6b:e0:98:
         a4:d2:b3:f6
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYe50zzJi5fWoNstu59RFKPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2JmNGZiZWE4OTRmNDNlZWIzZGIxYjIxNmU1Nzc2NmUw
MWFiODEwHhcNMjMwNDI1MTkxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDVhZGZmODI5NmRjODNhOWI2ZjFkY2Y1YjQyOWE0MDZjYzYwMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfB6tBmuWoz0xALtHWBjrh6VKna1
lObf2duddanSMAbu+wesdry+9lCA8k9kj6B5EXX82jffvjoYh2BfphVgfvTCK96t
/515UKlErYeg0LquWJjpdJ1g5RGLNiLt1kNhjEqXxtRPsCwBxayPYHbr+8O22/hf
jSbKp6VXb1rsKH3fcJHPUsz+oI85MqGrhU4L/CHpDxiv5IaDUDZj89JNA3DOq+bx
OctEFL6Sq0ltC3YoLKnul4F0JVgizFzhtD0aqRiCZeiNlWoRRFOiIHQe2XWGtDoF
A7y+zJLMgcwUBOUCk08IQ5Z8IMNqCgswvshAvFmuxXOcF6T1NCRlmzP+swIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBBa3/gpbcg6m28dz1tCmkBsxgCbMB8GA1UdIwQY
MBaAFNF79PvqiU9D7rPbGyFuV3ZuAauBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDIt
MmMyMDFkMzBhZTA1LzEvRUZyZi1DbHR5RHFiYngzUFcwS2FRR3pHQUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDItMmMyMDFkMzBhZTA1
LzEvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCsHeEAwQC
ucGsAwQAudMpAwQAudapAwQAudarMA0GCSqGSIb3DQEBCwUAA4IBAQCLMq/uM82x
mHXDMxPaJ3RiRTDeDQz4HsTyw0aQihCF+nNDTf0iNy1QQs+Ifp9T5lb3T3DhPj4J
vVmPOYDCuD7oqQuEMqdJcbclkg7BopICayAatWCfue11uFTy9VaUaJn6mwCdzcgj
PDOzsj6YnJw6vwW3l8hYeqr5pkxMukriMhh3hJg1a83h0WbJrF4x9iI0dvqIdlpP
v7ecK8O3fK7w13ickA5M7h3IAbliDuhRtOdPVnGqiZyphb7IWPjOFFjOcMdnWkEs
aCMqIZGtC9S9+Qt3bCMMD5ZCPpP4sgh8m7dLvO+JwsIuBs8MT9PTU5OdobPhDOH4
Cohr4Jik0rP2
-----END CERTIFICATE-----