Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/Sg1RPNLNkm0yEc-IQ66TfCkzSms.roa
File:                     Sg1RPNLNkm0yEc-IQ66TfCkzSms.roa (raw, json)
Hash identifier:          WB4Dajd9GyK2dXmdrd8XEUHVFH6Hux+MUU0R4MMOZyw=
Subject key identifier:   4A:0D:51:3C:D2:CD:92:6D:32:11:CF:88:43:AE:93:7C:29:33:4A:6B
Certificate issuer:       /CN=64d4e8723450d0a710c32d90ffea18529104e538
Certificate serial:       018BD1C3E0C54E90B4D9849CFD0C64455973
Authority key identifier: 64:D4:E8:72:34:50:D0:A7:10:C3:2D:90:FF:EA:18:52:91:04:E5:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/Sg1RPNLNkm0yEc-IQ66TfCkzSms.roa
Signing time:             Wed 15 Nov 2023 06:55:57 +0000
ROA not before:           Wed 15 Nov 2023 06:55:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48031
IP address blocks:        195.211.40.0/23 maxlen: 23
                          91.226.212.0/23 maxlen: 23
                          176.103.48.0/20 maxlen: 20
                          91.207.60.0/24 maxlen: 24
                          193.169.86.0/23 maxlen: 23
                          91.217.91.0/24 maxlen: 24
                          91.217.90.0/24 maxlen: 24
                          2a13:f580:1::/48 maxlen: 48
                          2001:678:334::/48 maxlen: 48
                          2a13:f580:4::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d1:c3:e0:c5:4e:90:b4:d9:84:9c:fd:0c:64:45:59:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d4e8723450d0a710c32d90ffea18529104e538
        Validity
            Not Before: Nov 15 06:55:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a0d513cd2cd926d3211cf8843ae937c29334a6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0e:53:ca:7f:21:12:ff:ac:d9:04:14:29:b8:
                    d2:7a:53:56:d9:d9:14:8d:cd:b3:68:07:95:86:28:
                    c2:5d:62:1f:5e:be:96:b4:84:c8:4e:61:f6:7e:5f:
                    db:ae:60:22:08:5a:b8:32:82:a6:a9:78:10:c9:a8:
                    48:26:ca:47:e5:ee:d2:b0:09:0f:f5:67:e5:21:d7:
                    91:5e:e3:a6:83:1c:52:24:82:1b:ec:80:17:8c:c7:
                    dc:fc:27:89:3a:cb:aa:e9:a0:4c:99:47:cf:82:58:
                    aa:67:b0:b6:e4:9c:e9:41:01:52:1e:1f:3b:46:ce:
                    84:ff:3a:44:0d:2b:f2:87:07:07:38:1b:c3:22:fa:
                    ca:9b:0b:eb:db:cd:15:43:61:69:6b:fd:52:2d:b2:
                    d9:b2:3d:04:b7:38:07:78:6c:c8:d0:f0:37:1e:a1:
                    61:2b:6f:a7:60:d6:94:a5:f4:84:1d:d5:45:9d:fa:
                    c6:8e:b9:65:32:ed:0b:1a:95:86:a5:be:3c:cb:a0:
                    4f:04:93:a8:09:b7:8c:cb:34:f5:e2:9d:0e:4f:b3:
                    fa:58:d0:52:17:dd:1d:52:1d:93:ca:73:b9:8e:e9:
                    d6:ea:32:da:c3:6b:37:c0:20:44:39:d6:e9:68:c9:
                    26:9b:dc:66:7d:c0:ff:09:d9:b0:9c:3c:dd:5a:5e:
                    40:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:0D:51:3C:D2:CD:92:6D:32:11:CF:88:43:AE:93:7C:29:33:4A:6B
            X509v3 Authority Key Identifier:
                keyid:64:D4:E8:72:34:50:D0:A7:10:C3:2D:90:FF:EA:18:52:91:04:E5:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/Sg1RPNLNkm0yEc-IQ66TfCkzSms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.60.0/24
                  91.217.90.0/23
                  91.226.212.0/23
                  176.103.48.0/20
                  193.169.86.0/23
                  195.211.40.0/23
                IPv6:
                  2001:678:334::/48
                  2a13:f580:1::/48
                  2a13:f580:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:dd:80:f0:e7:7d:29:0a:d4:65:ed:7f:14:96:7a:88:42:ff:
         e2:5c:fa:49:36:fc:1b:38:cf:b4:ec:ac:ae:99:47:6e:79:60:
         f7:de:31:2d:b5:cf:46:20:53:5d:19:e6:39:fa:46:3a:03:98:
         b5:5b:29:06:7d:30:58:5f:8f:0c:de:65:8f:90:7c:75:81:49:
         1c:ce:13:08:a1:b6:f3:3b:10:37:c8:37:59:7f:8b:43:9c:6d:
         84:b8:99:6b:3b:3b:28:34:72:54:24:23:9c:9e:56:18:91:dd:
         64:5d:ac:a8:f1:74:e7:5d:f7:6a:32:3c:e2:1f:58:27:b7:c3:
         45:82:e6:14:a1:a1:ca:e9:04:b0:5a:6a:80:f8:ff:95:2f:a9:
         ee:ea:0b:51:7d:b1:bf:9b:8f:00:a2:52:46:05:34:49:a5:9e:
         77:1d:fe:fe:cf:6e:54:ad:6a:87:37:16:10:01:1e:f0:f5:03:
         0f:86:4b:80:9a:6f:9a:d6:31:5f:00:cf:d5:f1:d9:52:18:40:
         05:40:6e:71:cb:1d:99:41:e8:35:ea:43:e4:ae:8a:8b:41:27:
         9a:c5:35:e2:0f:9d:c6:ed:3c:fb:2a:08:e3:c3:5c:85:3a:5d:
         6a:5f:e5:42:f0:dd:40:ba:de:a5:3b:cd:85:11:52:6d:e7:88:
         3d:07:7c:e1
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYvRw+DFTpC02YSc/QxkRVlzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDRlODcyMzQ1MGQwYTcxMGMzMmQ5MGZmZWExODUyOTEw
NGU1MzgwHhcNMjMxMTE1MDY1NTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTBkNTEzY2QyY2Q5MjZkMzIxMWNmODg0M2FlOTM3YzI5MzM0YTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjg5Tyn8hEv+s2QQUKbjSelNW2dkU
jc2zaAeVhijCXWIfXr6WtITITmH2fl/brmAiCFq4MoKmqXgQyahIJspH5e7SsAkP
9WflIdeRXuOmgxxSJIIb7IAXjMfc/CeJOsuq6aBMmUfPgliqZ7C25JzpQQFSHh87
Rs6E/zpEDSvyhwcHOBvDIvrKmwvr280VQ2Fpa/1SLbLZsj0EtzgHeGzI0PA3HqFh
K2+nYNaUpfSEHdVFnfrGjrllMu0LGpWGpb48y6BPBJOoCbeMyzT14p0OT7P6WNBS
F90dUh2TynO5junW6jLaw2s3wCBEOdbpaMkmm9xmfcD/CdmwnDzdWl5AAQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFEoNUTzSzZJtMhHPiEOuk3wpM0prMB8GA1UdIwQY
MBaAFGTU6HI0UNCnEMMtkP/qGFKRBOU4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5Ub2NqUlEwS2NRd3kyUV8tb1lVcEVFNVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8yMzEwYjEtOTZhMS00OGU0LWFhNzIt
NDIyYWVkM2E3NzAyLzEvU2cxUlBOTE5rbTB5RWMtSVE2NlRmQ2t6U21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8yMzEwYjEtOTZhMS00OGU0LWFhNzItNDIyYWVkM2E3NzAy
LzEvWk5Ub2NqUlEwS2NRd3kyUV8tb1lVcEVFNVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAqBAIAATAkAwQAW888AwQB
W9laAwQBW+LUAwQEsGcwAwQBwalWAwQBw9MoMCEEAgACMBsDBwAgAQZ4AzQDBwAq
E/WAAAEDBwAqE/WAAAQwDQYJKoZIhvcNAQELBQADggEBACfdgPDnfSkK1GXtfxSW
eohC/+Jc+kk2/Bs4z7TsrK6ZR255YPfeMS21z0YgU10Z5jn6RjoDmLVbKQZ9MFhf
jwzeZY+QfHWBSRzOEwihtvM7EDfIN1l/i0OcbYS4mWs7Oyg0clQkI5yeVhiR3WRd
rKjxdOdd92oyPOIfWCe3w0WC5hShocrpBLBaaoD4/5Uvqe7qC1F9sb+bjwCiUkYF
NEmlnncd/v7PblStaoc3FhABHvD1Aw+GS4Cab5rWMV8Az9Xx2VIYQAVAbnHLHZlB
6DXqQ+SuiotBJ5rFNeIPncbtPPsqCOPDXIU6XWpf5ULw3UC63qU7zYURUm3niD0H
fOE=
-----END CERTIFICATE-----