Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/Frgt6pWF7a4hyDFI1_Zdo5X63VE.roa
File:                     Frgt6pWF7a4hyDFI1_Zdo5X63VE.roa (raw, json)
Hash identifier:          6zMy88C617OHOP+gZbM9qbpqpq2g0oxJqBZJKUW1bpc=
Subject key identifier:   16:B8:2D:EA:95:85:ED:AE:21:C8:31:48:D7:F6:5D:A3:95:FA:DD:51
Certificate issuer:       /CN=7d2ae80cde5cd769c8f144e6c266113bfaedec3e
Certificate serial:       0185719E8788DA63275A4B2648A67503364F
Authority key identifier: 7D:2A:E8:0C:DE:5C:D7:69:C8:F1:44:E6:C2:66:11:3B:FA:ED:EC:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fSroDN5c12nI8UTmwmYRO_rt7D4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/Frgt6pWF7a4hyDFI1_Zdo5X63VE.roa
Signing time:             Mon 02 Jan 2023 08:34:52 +0000
ROA not before:           Mon 02 Jan 2023 08:34:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205668
IP address blocks:        185.44.128.0/22 maxlen: 24
                          185.200.101.0/24 maxlen: 24
                          185.200.102.0/24 maxlen: 24
                          185.200.103.0/24 maxlen: 24
                          185.200.100.0/24 maxlen: 24
                          185.129.71.0/24 maxlen: 24
                          185.129.68.0/22 maxlen: 24
                          185.129.68.0/24 maxlen: 24
                          185.129.69.0/24 maxlen: 24
                          185.129.70.0/24 maxlen: 24
                          45.148.168.0/22 maxlen: 24
                          2a0a:aa40::/32 maxlen: 32
                          2a01:74e0::/32 maxlen: 32
                          2a0a:aa42::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:9e:87:88:da:63:27:5a:4b:26:48:a6:75:03:36:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d2ae80cde5cd769c8f144e6c266113bfaedec3e
        Validity
            Not Before: Jan  2 08:34:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=16b82dea9585edae21c83148d7f65da395fadd51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ce:c8:39:5f:31:fb:9b:ab:c3:eb:f2:9f:c5:
                    33:f6:a9:7e:62:91:81:14:69:58:ea:b9:6b:91:d5:
                    8c:12:98:86:39:83:a4:48:b8:3d:a1:80:1e:68:76:
                    7e:57:05:96:19:99:02:95:fd:03:07:56:31:56:41:
                    67:cc:24:40:7f:88:8d:d8:71:f5:0b:0c:c5:dd:42:
                    c8:75:c6:2b:61:f3:b5:75:4a:4b:10:a6:98:4e:31:
                    be:07:7b:06:96:72:13:aa:0a:1c:42:bc:99:ee:c8:
                    c2:69:94:35:1a:00:67:a7:c8:a0:d9:5a:07:4e:6e:
                    7c:f0:7f:9c:68:63:22:08:59:83:0b:c2:14:0f:c6:
                    37:3a:ef:42:9a:f1:5e:06:a3:2d:94:4c:78:cd:4e:
                    01:2a:ed:bd:33:2e:f1:66:12:dc:95:4a:17:1c:c3:
                    c5:d3:2e:df:e3:9a:85:00:46:9f:e1:11:c6:99:8e:
                    f2:ba:1d:83:63:8b:a5:99:21:34:55:35:0b:c4:fe:
                    fc:62:60:c7:f4:d3:3b:40:2a:a9:55:64:84:d9:b7:
                    57:18:45:50:87:f9:42:37:16:8e:7a:c2:d8:5c:f0:
                    c2:6c:4f:7d:7a:5b:c1:5d:74:fe:fe:63:66:61:89:
                    9e:2f:9d:56:34:f7:97:c1:96:38:a7:9d:50:f1:ae:
                    43:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:B8:2D:EA:95:85:ED:AE:21:C8:31:48:D7:F6:5D:A3:95:FA:DD:51
            X509v3 Authority Key Identifier:
                keyid:7D:2A:E8:0C:DE:5C:D7:69:C8:F1:44:E6:C2:66:11:3B:FA:ED:EC:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fSroDN5c12nI8UTmwmYRO_rt7D4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/Frgt6pWF7a4hyDFI1_Zdo5X63VE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/fSroDN5c12nI8UTmwmYRO_rt7D4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.168.0/22
                  185.44.128.0/22
                  185.129.68.0/22
                  185.200.100.0/22
                IPv6:
                  2a01:74e0::/32
                  2a0a:aa40::/32
                  2a0a:aa42::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:f3:ec:a3:28:5d:fc:ea:3f:11:e3:37:c8:72:24:ad:65:af:
         5f:c8:e7:62:79:c0:e1:4a:ba:4c:a0:31:a3:41:1e:92:63:dc:
         36:64:ff:93:de:ec:c0:35:af:72:1f:6a:64:d7:e3:df:3e:1b:
         36:f1:1f:0a:eb:42:ce:10:de:9b:ea:49:13:14:08:4e:83:ab:
         ef:5e:f0:f8:e6:13:8c:95:6f:b5:77:84:6f:b5:dc:61:86:73:
         25:73:6f:03:7a:7f:fb:89:ad:49:8f:8b:ff:7c:f7:99:74:50:
         50:e3:6d:3f:78:d2:df:f5:5b:7d:d6:97:39:73:99:c6:3d:74:
         36:3c:0b:a4:87:f8:1e:43:b9:ad:d0:f3:3d:a6:b9:87:e9:59:
         e2:0a:ab:60:24:c6:ec:de:49:75:3f:f5:03:49:0c:20:42:96:
         3c:21:3a:dc:c5:e3:25:30:8d:50:1c:ff:bc:24:0f:8d:c3:ff:
         e6:7d:0d:0b:49:99:5e:d0:6d:2e:b3:64:4e:29:22:59:33:0f:
         ec:0a:83:d5:2f:ce:53:50:08:ba:a4:14:a7:bf:98:f2:66:19:
         9c:0f:c1:e5:49:c8:65:ea:46:53:58:9a:35:2d:61:0c:24:c1:
         83:70:8a:9c:49:30:42:c1:fb:0f:02:f4:c0:61:1e:a8:65:49:
         1b:d6:ee:e2
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYVxnoeI2mMnWksmSKZ1AzZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMmFlODBjZGU1Y2Q3NjljOGYxNDRlNmMyNjYxMTNiZmFl
ZGVjM2UwHhcNMjMwMTAyMDgzNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmI4MmRlYTk1ODVlZGFlMjFjODMxNDhkN2Y2NWRhMzk1ZmFkZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms7IOV8x+5urw+vyn8Uz9ql+YpGB
FGlY6rlrkdWMEpiGOYOkSLg9oYAeaHZ+VwWWGZkClf0DB1YxVkFnzCRAf4iN2HH1
CwzF3ULIdcYrYfO1dUpLEKaYTjG+B3sGlnITqgocQryZ7sjCaZQ1GgBnp8ig2VoH
Tm588H+caGMiCFmDC8IUD8Y3Ou9CmvFeBqMtlEx4zU4BKu29My7xZhLclUoXHMPF
0y7f45qFAEaf4RHGmY7yuh2DY4ulmSE0VTULxP78YmDH9NM7QCqpVWSE2bdXGEVQ
h/lCNxaOesLYXPDCbE99elvBXXT+/mNmYYmeL51WNPeXwZY4p51Q8a5DtwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFBa4LeqVhe2uIcgxSNf2XaOV+t1RMB8GA1UdIwQY
MBaAFH0q6AzeXNdpyPFE5sJmETv67ew+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlNyb0RONWMxMm5JOFVUbXdtWVJPX3J0N0Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9hMmVhNTEtODdhNi00ODE0LTliODIt
Mjc4Y2JiMGI0ZTczLzEvRnJndDZwV0Y3YTRoeURGSTFfWmRvNVg2M1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9hMmVhNTEtODdhNi00ODE0LTliODItMjc4Y2JiMGI0ZTcz
LzEvZlNyb0RONWMxMm5JOFVUbXdtWVJPX3J0N0Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAeBAIAATAYAwQCLZSoAwQC
uSyAAwQCuYFEAwQCuchkMBsEAgACMBUDBQAqAXTgAwUAKgqqQAMFACoKqkIwDQYJ
KoZIhvcNAQELBQADggEBALXz7KMoXfzqPxHjN8hyJK1lr1/I52J5wOFKukygMaNB
HpJj3DZk/5Pe7MA1r3IfamTX498+GzbxHwrrQs4Q3pvqSRMUCE6Dq+9e8PjmE4yV
b7V3hG+13GGGcyVzbwN6f/uJrUmPi/9895l0UFDjbT940t/1W33WlzlzmcY9dDY8
C6SH+B5Dua3Q8z2muYfpWeIKq2AkxuzeSXU/9QNJDCBCljwhOtzF4yUwjVAc/7wk
D43D/+Z9DQtJmV7QbS6zZE4pIlkzD+wKg9UvzlNQCLqkFKe/mPJmGZwPweVJyGXq
RlNYmjUtYQwkwYNwipxJMELB+w8C9MBhHqhlSRvW7uI=
-----END CERTIFICATE-----