Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/sHY5uzkAyAa4WCRc1anx5v9bjVo.roa
File:                     sHY5uzkAyAa4WCRc1anx5v9bjVo.roa (raw, json)
Hash identifier:          tWZfS3/BsUia1P2vYRttUMcBOV3bsXPaWObUMHar90s=
Subject key identifier:   B0:76:39:BB:39:00:C8:06:B8:58:24:5C:D5:A9:F1:E6:FF:5B:8D:5A
Certificate issuer:       /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial:       018B9B196BCF791891C0DFE8A77DB2B8CDFF
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/sHY5uzkAyAa4WCRc1anx5v9bjVo.roa
Signing time:             Sat 04 Nov 2023 16:10:16 +0000
ROA not before:           Sat 04 Nov 2023 16:10:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59645
IP address blocks:        193.104.168.0/24 maxlen: 24
                          195.191.196.0/23 maxlen: 24
                          2a06:d1c0:deae::/48 maxlen: 48
                          2a06:d1c7:d::/48 maxlen: 48
                          2a06:d1c0::/29 maxlen: 29
                          2a06:d1c1:e::/48 maxlen: 48
                          2a06:d1c0:dead::/48 maxlen: 48
                          2a06:d1c7:b::/48 maxlen: 48
                          2a06:d1c7::/48 maxlen: 48
                          2a06:d1c1:a::/48 maxlen: 48
                          2a06:d1c0:f761::/48 maxlen: 48
                          2a06:d1c0:a761::/48 maxlen: 48
                          2a06:d1c7:a::/48 maxlen: 48
                          2a06:d1c0:deac::/48 maxlen: 48
                          2a06:d1c1::/32 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:9b:19:6b:cf:79:18:91:c0:df:e8:a7:7d:b2:b8:cd:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
        Validity
            Not Before: Nov  4 16:10:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b07639bb3900c806b858245cd5a9f1e6ff5b8d5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f7:ca:ab:b8:1d:ff:67:8f:ac:41:2d:f2:f7:
                    70:cf:33:38:7b:1c:ff:b0:33:fa:70:94:25:74:ef:
                    ed:23:15:1e:f6:3c:10:5f:c3:08:56:62:6e:d7:26:
                    21:4f:01:77:c2:1c:51:4e:9b:89:4f:b7:c9:f4:12:
                    b2:12:ca:9a:46:c2:08:e2:a0:d7:dc:4f:ba:94:cd:
                    81:43:4f:16:f4:8b:ae:5d:af:1b:c1:61:5b:d1:be:
                    0d:3d:49:3f:e7:0d:e4:07:83:f6:af:5f:1d:cc:ec:
                    c0:30:fb:e8:3b:a2:6e:5d:5c:22:72:b9:bd:cb:78:
                    53:cb:f9:1c:e0:c3:48:dd:d3:7b:18:6b:f4:49:c3:
                    16:5e:f1:8f:41:ac:59:68:ac:f1:fa:eb:c0:fe:3d:
                    3b:bb:4d:6c:b6:88:ba:ad:6a:4a:dd:61:79:55:ae:
                    01:af:e9:bd:4d:b0:03:db:61:a4:9d:ea:36:b7:bb:
                    a2:2b:39:be:a2:0b:e9:58:dc:c8:ab:21:1c:99:13:
                    bf:0a:51:bb:7c:3b:35:1e:1c:64:4c:e8:0d:e7:54:
                    51:44:72:c3:e9:3d:2d:bd:e8:73:4d:52:05:84:0f:
                    6d:11:47:72:3e:69:db:1a:a5:55:49:8a:da:6d:9c:
                    46:dc:4d:f1:c2:9d:00:c8:4e:b9:56:13:f9:47:c5:
                    25:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:76:39:BB:39:00:C8:06:B8:58:24:5C:D5:A9:F1:E6:FF:5B:8D:5A
            X509v3 Authority Key Identifier:
                keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/sHY5uzkAyAa4WCRc1anx5v9bjVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.168.0/24
                  195.191.196.0/23
                IPv6:
                  2a06:d1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:0e:78:3d:2d:39:49:0e:15:b2:f8:c4:f5:da:93:2b:42:e1:
         fe:bb:a0:16:a9:e6:46:9f:dc:b7:18:86:88:76:7a:b0:41:f4:
         c6:dc:ef:57:ff:0f:90:66:49:0e:14:1c:64:4f:9e:2b:59:8a:
         d6:41:16:c5:fd:4d:b0:0e:26:a4:9e:70:dd:94:34:55:55:a3:
         3a:c9:a3:5b:8f:82:a9:5a:41:25:24:33:10:90:5e:1d:6c:03:
         12:07:30:37:86:ac:a1:90:fa:82:44:aa:f9:63:1b:c4:bb:cd:
         02:cb:a7:29:a5:c0:b7:7e:c5:ee:53:5d:1f:bc:90:17:dc:d9:
         84:cc:da:a0:77:c9:25:5a:5f:0b:a7:09:6c:d1:73:8b:f0:87:
         33:ac:e3:f4:ca:e3:9d:5e:f8:7f:98:44:10:2d:93:9d:37:4a:
         0b:0a:5b:04:a1:64:14:b8:68:1d:92:df:98:0e:e1:63:42:38:
         4f:c5:81:47:fc:28:47:ff:3d:bc:85:6d:c3:ba:9e:0a:84:93:
         61:54:9f:a9:34:de:10:4b:dc:c7:09:ad:73:00:44:7f:7e:2c:
         b4:4d:11:05:6a:24:75:a4:4b:1f:7b:df:29:61:55:b1:77:bd:
         23:92:74:c9:75:78:a9:4b:5d:cc:b3:74:83:76:81:e6:9b:b9:
         4c:91:97:39
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYubGWvPeRiRwN/op32yuM3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjMxMTA0MTYxMDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDc2MzliYjM5MDBjODA2Yjg1ODI0NWNkNWE5ZjFlNmZmNWI4ZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/fKq7gd/2ePrEEt8vdwzzM4exz/
sDP6cJQldO/tIxUe9jwQX8MIVmJu1yYhTwF3whxRTpuJT7fJ9BKyEsqaRsII4qDX
3E+6lM2BQ08W9IuuXa8bwWFb0b4NPUk/5w3kB4P2r18dzOzAMPvoO6JuXVwicrm9
y3hTy/kc4MNI3dN7GGv0ScMWXvGPQaxZaKzx+uvA/j07u01stoi6rWpK3WF5Va4B
r+m9TbAD22Gkneo2t7uiKzm+ogvpWNzIqyEcmRO/ClG7fDs1HhxkTOgN51RRRHLD
6T0tvehzTVIFhA9tEUdyPmnbGqVVSYrabZxG3E3xwp0AyE65VhP5R8UlHQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLB2Obs5AMgGuFgkXNWp8eb/W41aMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvc0hZNXV6a0F5QWE0V0NSYzFhbng1djlialZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwWioAwQB
w7/EMA0EAgACMAcDBQMqBtHAMA0GCSqGSIb3DQEBCwUAA4IBAQCFDng9LTlJDhWy
+MT12pMrQuH+u6AWqeZGn9y3GIaIdnqwQfTG3O9X/w+QZkkOFBxkT54rWYrWQRbF
/U2wDiaknnDdlDRVVaM6yaNbj4KpWkElJDMQkF4dbAMSBzA3hqyhkPqCRKr5YxvE
u80Cy6cppcC3fsXuU10fvJAX3NmEzNqgd8klWl8Lpwls0XOL8IczrOP0yuOdXvh/
mEQQLZOdN0oLClsEoWQUuGgdkt+YDuFjQjhPxYFH/ChH/z28hW3Dup4KhJNhVJ+p
NN4QS9zHCa1zAER/fiy0TREFaiR1pEsfe98pYVWxd70jknTJdXipS13Ms3SDdoHm
m7lMkZc5
-----END CERTIFICATE-----