Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/YKfY56KsATlu-oDSCRssVEelQG4.roa
File:                     YKfY56KsATlu-oDSCRssVEelQG4.roa (raw, json)
Hash identifier:          YBvLSSuws0fd8xb5zDOjDSEqfBL05J3nFFmszZF56FA=
Subject key identifier:   60:A7:D8:E7:A2:AC:01:39:6E:FA:80:D2:09:1B:2C:54:47:A5:40:6E
Certificate issuer:       /CN=d181d0c40951a4f900e4d9dd9c20e4856350920e
Certificate serial:       018697F95816FD84A2DBE891840B9AF65ECA
Authority key identifier: D1:81:D0:C4:09:51:A4:F9:00:E4:D9:DD:9C:20:E4:85:63:50:92:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0YHQxAlRpPkA5NndnCDkhWNQkg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/YKfY56KsATlu-oDSCRssVEelQG4.roa
Signing time:             Tue 28 Feb 2023 12:22:25 +0000
ROA not before:           Tue 28 Feb 2023 12:22:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205694
IP address blocks:        185.208.186.0/24 maxlen: 24
                          185.208.186.0/23 maxlen: 23
                          185.208.184.0/22 maxlen: 22
                          185.208.185.0/24 maxlen: 24
                          185.208.184.0/23 maxlen: 23
                          185.208.184.0/24 maxlen: 24
                          185.208.187.0/24 maxlen: 24
                          185.160.152.0/24 maxlen: 24
                          185.160.152.0/23 maxlen: 23
                          185.160.155.0/24 maxlen: 24
                          185.160.154.0/23 maxlen: 23
                          185.160.154.0/24 maxlen: 24
                          185.160.153.0/24 maxlen: 24
                          2a07:c2c0::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:97:f9:58:16:fd:84:a2:db:e8:91:84:0b:9a:f6:5e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d181d0c40951a4f900e4d9dd9c20e4856350920e
        Validity
            Not Before: Feb 28 12:22:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=60a7d8e7a2ac01396efa80d2091b2c5447a5406e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6a:17:8e:b5:10:36:63:8a:85:ca:ef:11:14:
                    51:cc:c5:41:35:7c:3a:15:55:c7:32:0f:55:7e:b1:
                    61:e6:46:f9:f5:78:d6:6b:98:e4:c9:c8:c2:38:9b:
                    1f:69:b5:64:94:36:be:4c:47:b2:01:dd:f5:a7:7c:
                    88:57:4d:02:bf:99:b9:9d:c9:fb:82:53:50:75:06:
                    28:4f:82:d3:71:ec:dd:15:9d:cf:de:2d:cf:74:d4:
                    36:fd:9d:bd:50:53:11:c4:c7:4d:0c:80:f3:66:ce:
                    ed:cd:e9:75:ac:58:46:28:8d:b8:39:fe:ba:da:ad:
                    ed:f8:ba:d9:f8:51:7c:61:62:f6:8d:c9:22:b7:ae:
                    bc:15:a8:3a:0a:65:58:f7:63:c9:45:cc:29:44:50:
                    20:66:4b:87:df:4d:96:ff:7d:f4:c5:3a:6d:15:59:
                    a1:dd:15:ea:0a:1a:f7:29:77:b9:c0:17:79:f1:50:
                    60:74:e9:01:07:c7:ca:96:30:b7:d2:36:d7:10:a4:
                    cd:81:15:3c:c0:7e:43:34:99:75:6e:83:cb:2b:8b:
                    f2:8e:09:7d:0d:6c:26:97:57:74:14:50:88:9d:f3:
                    09:45:e4:51:58:ff:8d:29:a7:9d:9f:1c:46:49:f4:
                    e5:25:52:c5:67:38:9d:2b:40:c6:21:a9:d2:49:c9:
                    2e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A7:D8:E7:A2:AC:01:39:6E:FA:80:D2:09:1B:2C:54:47:A5:40:6E
            X509v3 Authority Key Identifier:
                keyid:D1:81:D0:C4:09:51:A4:F9:00:E4:D9:DD:9C:20:E4:85:63:50:92:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0YHQxAlRpPkA5NndnCDkhWNQkg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/YKfY56KsATlu-oDSCRssVEelQG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/a9d79e-b282-43c1-8b8a-388b81c0c90c/1/0YHQxAlRpPkA5NndnCDkhWNQkg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.152.0/22
                  185.208.184.0/22
                IPv6:
                  2a07:c2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:9b:3d:7d:ea:c9:de:69:fb:2c:c2:4c:3d:ef:5b:20:f7:43:
         b0:7e:68:01:7a:b0:10:e5:11:c8:c7:95:5d:42:a3:90:c7:45:
         33:dd:23:49:91:0a:b5:e0:89:6e:0a:9f:de:59:77:46:07:44:
         10:c6:5c:5d:9a:45:25:f6:04:64:04:7f:32:69:9f:c9:da:8b:
         d9:17:0a:3f:8a:76:cd:74:f0:b9:2c:1a:08:3b:d6:ff:da:b0:
         26:dc:39:e5:e6:5d:b4:99:ee:4f:27:af:45:05:a4:f9:7b:4a:
         4b:44:c4:f9:61:d5:fa:39:83:a6:a1:06:ad:49:9b:36:ea:fd:
         c8:57:5e:66:77:cf:e0:dd:ad:24:5e:13:54:0f:5e:ca:0e:9a:
         64:8e:6e:f2:28:53:06:45:82:a5:44:9b:2e:66:91:1f:4b:b9:
         44:50:ef:e6:03:89:3f:f8:8f:2f:0e:e9:ea:19:89:10:2d:4a:
         41:ce:7a:65:0f:35:97:27:95:f7:55:fe:46:46:36:d9:ca:d1:
         97:4c:8d:55:00:f5:82:ef:f9:ea:b5:be:31:59:b5:9e:b6:1d:
         c5:a0:c0:06:00:1a:1d:4b:2c:8d:2a:c6:49:de:fa:a5:2c:2e:
         a8:6d:dc:82:d0:01:a3:16:b7:04:a3:ab:10:5c:c3:e0:85:8e:
         c4:43:e3:55
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYaX+VgW/YSi2+iRhAua9l7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxODFkMGM0MDk1MWE0ZjkwMGU0ZDlkZDljMjBlNDg1NjM1
MDkyMGUwHhcNMjMwMjI4MTIyMjI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGE3ZDhlN2EyYWMwMTM5NmVmYTgwZDIwOTFiMmM1NDQ3YTU0MDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWoXjrUQNmOKhcrvERRRzMVBNXw6
FVXHMg9VfrFh5kb59XjWa5jkycjCOJsfabVklDa+TEeyAd31p3yIV00Cv5m5ncn7
glNQdQYoT4LTcezdFZ3P3i3PdNQ2/Z29UFMRxMdNDIDzZs7tzel1rFhGKI24Of66
2q3t+LrZ+FF8YWL2jckit668Fag6CmVY92PJRcwpRFAgZkuH302W/330xTptFVmh
3RXqChr3KXe5wBd58VBgdOkBB8fKljC30jbXEKTNgRU8wH5DNJl1boPLK4vyjgl9
DWwml1d0FFCInfMJReRRWP+NKaednxxGSfTlJVLFZzidK0DGIanSScku3wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGCn2OeirAE5bvqA0gkbLFRHpUBuMB8GA1UdIwQY
MBaAFNGB0MQJUaT5AOTZ3Zwg5IVjUJIOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFlIUXhBbFJwUGtBNU5uZG5DRGtoV05Ra2c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9hOWQ3OWUtYjI4Mi00M2MxLThiOGEt
Mzg4YjgxYzBjOTBjLzEvWUtmWTU2S3NBVGx1LW9EU0NSc3NWRWVsUUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9hOWQ3OWUtYjI4Mi00M2MxLThiOGEtMzg4YjgxYzBjOTBj
LzEvMFlIUXhBbFJwUGtBNU5uZG5DRGtoV05Ra2c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuaCYAwQC
udC4MA0EAgACMAcDBQMqB8LAMA0GCSqGSIb3DQEBCwUAA4IBAQCfmz196sneafss
wkw971sg90OwfmgBerAQ5RHIx5VdQqOQx0Uz3SNJkQq14IluCp/eWXdGB0QQxlxd
mkUl9gRkBH8yaZ/J2ovZFwo/inbNdPC5LBoIO9b/2rAm3Dnl5l20me5PJ69FBaT5
e0pLRMT5YdX6OYOmoQatSZs26v3IV15md8/g3a0kXhNUD17KDppkjm7yKFMGRYKl
RJsuZpEfS7lEUO/mA4k/+I8vDunqGYkQLUpBznplDzWXJ5X3Vf5GRjbZytGXTI1V
APWC7/nqtb4xWbWeth3FoMAGABodSyyNKsZJ3vqlLC6obdyC0AGjFrcEo6sQXMPg
hY7EQ+NV
-----END CERTIFICATE-----