Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/9d3937PORau5-vGY8ntUwgmifDs.roa
File:                     9d3937PORau5-vGY8ntUwgmifDs.roa (raw, json)
Hash identifier:          l5mR6LIuWhqMlDZCwuxWNAfQI4p6t6hkn6i4AW59ojk=
Subject key identifier:   F5:DD:FD:DF:B3:CE:45:AB:B9:FA:F1:98:F2:7B:54:C2:09:A2:7C:3B
Certificate issuer:       /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial:       018A26D44619B9A9BB004D08D1C8F50BEB55
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/9d3937PORau5-vGY8ntUwgmifDs.roa
Signing time:             Thu 24 Aug 2023 09:16:00 +0000
ROA not before:           Thu 24 Aug 2023 09:16:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25521
IP address blocks:        185.223.112.0/22 maxlen: 24
                          46.30.160.0/21 maxlen: 24
                          93.188.32.0/21 maxlen: 24
                          193.106.136.0/22 maxlen: 24
                          193.0.216.0/22 maxlen: 24
                          176.115.96.0/21 maxlen: 24
                          91.224.24.0/23 maxlen: 24
                          82.193.96.0/19 maxlen: 24
                          195.64.148.0/23 maxlen: 24
                          2a02:2610::/32 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:26:d4:46:19:b9:a9:bb:00:4d:08:d1:c8:f5:0b:eb:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
        Validity
            Not Before: Aug 24 09:16:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f5ddfddfb3ce45abb9faf198f27b54c209a27c3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7a:5e:d0:ad:aa:d7:8d:43:e0:e6:8d:ef:e2:
                    7b:1b:2a:be:f1:e9:f0:37:59:f4:68:a5:fc:b5:0e:
                    f1:dc:d4:bb:ed:e1:c2:d1:49:4a:fd:a2:63:3c:8b:
                    80:bc:13:43:1c:f7:63:17:f2:92:a1:d0:68:7d:cd:
                    39:71:5b:30:11:6c:78:a2:ed:92:88:72:47:4f:e2:
                    40:94:5e:99:4c:7a:b0:59:1e:0f:17:ff:52:e4:6b:
                    33:0f:f5:65:79:08:70:1a:7b:b7:2e:10:f7:04:6c:
                    59:61:fb:8d:88:14:19:d6:94:70:0b:3c:5a:84:16:
                    f5:be:80:f2:98:4e:e6:40:a1:68:0d:a0:a5:35:ce:
                    a8:32:77:68:19:cf:4e:cc:9d:7c:b7:b0:42:0b:4e:
                    b9:c5:c1:a4:47:d7:37:70:65:c8:7b:55:c5:ae:69:
                    bc:10:27:af:65:68:6c:db:c8:8a:b8:b2:6c:af:d9:
                    fd:ff:dd:e2:7e:75:74:ec:5c:c9:f2:41:e9:a7:d9:
                    53:18:0f:87:79:22:d5:dc:27:01:f0:35:40:52:0b:
                    3e:ab:29:93:90:ae:3b:12:e2:4d:e9:43:00:61:c0:
                    d4:b1:23:0b:fd:d8:aa:72:e0:38:5f:96:73:69:45:
                    a5:c0:94:66:e0:46:47:98:85:47:c7:05:b2:0c:61:
                    3e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:DD:FD:DF:B3:CE:45:AB:B9:FA:F1:98:F2:7B:54:C2:09:A2:7C:3B
            X509v3 Authority Key Identifier:
                keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/9d3937PORau5-vGY8ntUwgmifDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.160.0/21
                  82.193.96.0/19
                  91.224.24.0/23
                  93.188.32.0/21
                  176.115.96.0/21
                  185.223.112.0/22
                  193.0.216.0/22
                  193.106.136.0/22
                  195.64.148.0/23
                IPv6:
                  2a02:2610::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:8c:4a:e8:e7:55:9a:13:75:f7:d4:b9:47:5a:47:67:c3:f6:
         4e:71:85:bf:dd:89:1a:8c:57:e7:8e:1e:b0:08:32:74:66:f0:
         7d:31:ed:93:a0:e2:ec:ab:e5:c3:a5:be:c3:50:f6:59:1b:89:
         3c:29:70:c4:6e:4a:f9:33:c2:f3:fb:24:86:20:b9:63:73:03:
         cd:c5:40:75:77:81:ef:dd:c2:65:23:3e:71:60:8e:a3:63:72:
         83:59:ef:7b:9b:96:02:22:ff:66:bf:77:bb:ba:ab:38:cc:ee:
         c8:61:aa:51:c7:ef:3f:e1:f5:b7:15:ce:7f:53:52:2a:71:fa:
         3c:f4:e3:b6:e9:80:d5:f5:69:95:67:fd:30:97:61:ed:dd:4e:
         0c:92:49:1a:ad:6c:8c:e2:55:cc:08:70:4f:18:e4:fb:9a:f4:
         c5:42:b7:b4:26:e8:48:bf:68:75:8f:16:4c:af:a3:ff:75:91:
         63:8d:57:1f:2e:16:7b:17:a5:77:7f:c3:0e:0b:f9:8c:cd:08:
         05:f1:14:10:9e:b5:d2:a2:90:04:57:50:f4:b2:76:d0:98:8e:
         b7:63:b5:5c:cb:e7:8a:b9:95:ea:e2:52:9e:e0:b2:5d:7c:93:
         83:61:2e:85:f0:8e:4b:72:01:71:48:b9:c4:ec:11:0e:38:7c:
         c1:0f:bb:8d
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYom1EYZuam7AE0I0cj1C+tVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjMwODI0MDkxNjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWRkZmRkZmIzY2U0NWFiYjlmYWYxOThmMjdiNTRjMjA5YTI3YzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHpe0K2q141D4OaN7+J7Gyq+8enw
N1n0aKX8tQ7x3NS77eHC0UlK/aJjPIuAvBNDHPdjF/KSodBofc05cVswEWx4ou2S
iHJHT+JAlF6ZTHqwWR4PF/9S5GszD/VleQhwGnu3LhD3BGxZYfuNiBQZ1pRwCzxa
hBb1voDymE7mQKFoDaClNc6oMndoGc9OzJ18t7BCC065xcGkR9c3cGXIe1XFrmm8
ECevZWhs28iKuLJsr9n9/93ifnV07FzJ8kHpp9lTGA+HeSLV3CcB8DVAUgs+qymT
kK47EuJN6UMAYcDUsSML/diqcuA4X5ZzaUWlwJRm4EZHmIVHxwWyDGE+8QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPXd/d+zzkWrufrxmPJ7VMIJonw7MB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvOWQzOTM3UE9SYXU1LXZHWThudFV3Z21pZkRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDLh6gAwQF
UsFgAwQBW+AYAwQDXbwgAwQDsHNgAwQCud9wAwQCwQDYAwQCwWqIAwQBw0CUMA0E
AgACMAcDBQAqAiYQMA0GCSqGSIb3DQEBCwUAA4IBAQCqjEro51WaE3X31LlHWkdn
w/ZOcYW/3YkajFfnjh6wCDJ0ZvB9Me2ToOLsq+XDpb7DUPZZG4k8KXDEbkr5M8Lz
+ySGILljcwPNxUB1d4Hv3cJlIz5xYI6jY3KDWe97m5YCIv9mv3e7uqs4zO7IYapR
x+8/4fW3Fc5/U1Iqcfo89OO26YDV9WmVZ/0wl2Ht3U4MkkkarWyM4lXMCHBPGOT7
mvTFQre0JuhIv2h1jxZMr6P/dZFjjVcfLhZ7F6V3f8MOC/mMzQgF8RQQnrXSopAE
V1D0snbQmI63Y7Vcy+eKuZXq4lKe4LJdfJODYS6F8I5LcgFxSLnE7BEOOHzBD7uN
-----END CERTIFICATE-----