Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/LmVsA7IksZxmO2fyKAKxpeAkrZs.roa
File:                     LmVsA7IksZxmO2fyKAKxpeAkrZs.roa (raw, json)
Hash identifier:          hsh9/74kzBqvdZHaf31vonq0JwJ7UQbcLzHyk6/Kc4E=
Subject key identifier:   2E:65:6C:03:B2:24:B1:9C:66:3B:67:F2:28:02:B1:A5:E0:24:AD:9B
Certificate issuer:       /CN=23446da7a70bce773ec2bc1655aae30c3c18412c
Certificate serial:       01877B3AC3C12F6B992DE8D9EF8EF511D34A
Authority key identifier: 23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/LmVsA7IksZxmO2fyKAKxpeAkrZs.roa
Signing time:             Thu 13 Apr 2023 15:27:41 +0000
ROA not before:           Thu 13 Apr 2023 15:27:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        212.81.42.0/24 maxlen: 24
                          212.81.43.0/24 maxlen: 24
                          171.22.188.0/24 maxlen: 24
                          171.22.189.0/24 maxlen: 24
                          194.110.88.0/22 maxlen: 22
                          45.11.232.0/24 maxlen: 24
                          45.153.238.0/24 maxlen: 24
                          45.153.236.0/24 maxlen: 24
                          45.153.237.0/24 maxlen: 24
                          77.83.71.0/24 maxlen: 24
                          77.83.70.0/24 maxlen: 24
                          84.252.84.0/23 maxlen: 23
                          84.252.86.0/24 maxlen: 24
                          84.252.87.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7b:3a:c3:c1:2f:6b:99:2d:e8:d9:ef:8e:f5:11:d3:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23446da7a70bce773ec2bc1655aae30c3c18412c
        Validity
            Not Before: Apr 13 15:27:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2e656c03b224b19c663b67f22802b1a5e024ad9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5d:b1:6d:ad:ee:7a:01:8d:a1:61:08:ba:f0:
                    b9:70:fa:ed:94:30:a2:ef:d0:78:ea:06:53:c5:2d:
                    de:fb:ad:1c:6f:bd:0a:99:c7:c8:d2:31:42:6e:f6:
                    cd:1b:60:8e:ed:89:47:b4:3f:11:fa:de:8c:d3:3c:
                    90:97:33:bf:d5:9c:5f:0b:6d:d4:d9:d2:ce:f3:45:
                    0d:ae:32:97:58:6b:25:fa:3a:14:65:41:6f:55:32:
                    fe:a6:77:b2:b1:a3:2b:1b:36:87:1a:e3:33:c2:83:
                    c8:90:12:ad:9e:fb:c6:d8:29:a8:15:17:24:66:dd:
                    12:8c:86:ef:54:bb:4b:29:3f:16:4e:bf:2a:24:eb:
                    fe:ce:1c:14:02:43:45:2e:13:96:39:67:a0:63:20:
                    77:fe:cf:3b:9b:6d:da:d4:98:29:ce:6a:28:04:63:
                    65:79:0a:35:21:a8:d2:f6:5c:07:c3:26:22:5a:da:
                    69:f9:3d:6a:89:91:51:63:07:59:a5:15:c8:32:53:
                    12:f1:65:36:d8:c1:23:6c:8f:8b:eb:8a:6b:c4:37:
                    33:5f:7d:e7:66:a6:67:61:32:95:4a:be:51:2b:b8:
                    86:40:bd:c7:bf:3b:26:ef:b2:bf:77:8a:10:ae:d2:
                    19:67:13:1b:2e:76:f6:78:5e:ce:67:fa:6a:47:9e:
                    b8:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:65:6C:03:B2:24:B1:9C:66:3B:67:F2:28:02:B1:A5:E0:24:AD:9B
            X509v3 Authority Key Identifier:
                keyid:23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/LmVsA7IksZxmO2fyKAKxpeAkrZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.232.0/24
                  45.153.236.0-45.153.238.255
                  77.83.70.0/23
                  84.252.84.0/22
                  171.22.188.0/23
                  194.110.88.0/22
                  212.81.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:d2:29:72:49:a8:5c:c2:87:69:ba:f5:f1:26:39:c8:9f:ac:
         c7:e8:9a:b7:85:44:ec:96:a0:0f:93:f2:cb:9c:83:97:69:d7:
         6b:fb:20:37:1b:d5:e8:40:12:16:6c:95:17:1a:d5:1d:9c:03:
         e1:84:1c:6e:d2:ae:ac:15:61:ce:a9:83:7f:ed:03:9d:c1:b3:
         de:2d:c0:0e:1a:3c:da:3f:1c:54:98:f9:bf:1b:75:78:9f:98:
         89:48:68:d8:29:b0:d6:ac:81:1e:84:88:7a:d6:8b:80:33:1d:
         b7:c4:86:3d:79:df:9b:f7:55:aa:0e:94:a6:bb:4c:99:f0:8a:
         fc:2a:5d:78:7c:9d:39:ef:34:86:8f:cc:fb:44:75:6c:22:11:
         3a:c2:50:0c:2a:69:35:c3:3f:df:95:93:bc:9d:b7:6a:48:30:
         14:0a:62:3c:15:30:76:a6:77:bd:3c:e9:90:e1:03:65:c8:ad:
         ca:b0:b8:5e:62:ad:d8:12:d5:0b:66:cb:7e:ef:bb:5e:c3:d8:
         48:d4:16:d3:cc:87:e6:79:8c:09:62:b6:fe:47:40:9c:8a:2a:
         8a:aa:c4:43:31:1d:e5:8e:f9:dd:27:d1:50:0e:eb:a3:e1:34:
         1f:85:5f:dd:3f:c8:ed:6a:11:74:9a:c7:5e:f8:71:8d:e0:1d:
         3d:58:6b:0d
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYd7OsPBL2uZLejZ7471EdNKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNDQ2ZGE3YTcwYmNlNzczZWMyYmMxNjU1YWFlMzBjM2Mx
ODQxMmMwHhcNMjMwNDEzMTUyNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTY1NmMwM2IyMjRiMTljNjYzYjY3ZjIyODAyYjFhNWUwMjRhZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv12xba3uegGNoWEIuvC5cPrtlDCi
79B46gZTxS3e+60cb70KmcfI0jFCbvbNG2CO7YlHtD8R+t6M0zyQlzO/1ZxfC23U
2dLO80UNrjKXWGsl+joUZUFvVTL+pneysaMrGzaHGuMzwoPIkBKtnvvG2CmoFRck
Zt0SjIbvVLtLKT8WTr8qJOv+zhwUAkNFLhOWOWegYyB3/s87m23a1JgpzmooBGNl
eQo1IajS9lwHwyYiWtpp+T1qiZFRYwdZpRXIMlMS8WU22MEjbI+L64prxDczX33n
ZqZnYTKVSr5RK7iGQL3Hvzsm77K/d4oQrtIZZxMbLnb2eF7OZ/pqR564RwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFC5lbAOyJLGcZjtn8igCsaXgJK2bMB8GA1UdIwQY
MBaAFCNEbaenC853PsK8FlWq4ww8GEEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQt
MjVjYzlkNmNmYmI5LzEvTG1Wc0E3SWtzWnhtTzJmeUtBS3hwZUFrclpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQtMjVjYzlkNmNmYmI5
LzEvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALQvoMAwD
BAItmewDBAAtme4DBAFNU0YDBAJU/FQDBAGrFrwDBALCblgDBAHUUSowDQYJKoZI
hvcNAQELBQADggEBAHjSKXJJqFzCh2m69fEmOcifrMfomreFROyWoA+T8sucg5dp
12v7IDcb1ehAEhZslRca1R2cA+GEHG7SrqwVYc6pg3/tA53Bs94twA4aPNo/HFSY
+b8bdXifmIlIaNgpsNasgR6EiHrWi4AzHbfEhj1535v3VaoOlKa7TJnwivwqXXh8
nTnvNIaPzPtEdWwiETrCUAwqaTXDP9+Vk7ydt2pIMBQKYjwVMHamd7086ZDhA2XI
rcqwuF5irdgS1Qtmy37vu17D2EjUFtPMh+Z5jAlitv5HQJyKKoqqxEMxHeWO+d0n
0VAO66PhNB+FX90/yO1qEXSax174cY3gHT1Yaw0=
-----END CERTIFICATE-----