Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/1-pxh9WF47e2Wv2EAopJOPw1UQZ0.roa
File:                     1-pxh9WF47e2Wv2EAopJOPw1UQZ0.roa (raw, json)
Hash identifier:          Utp64sSo6wqkJKTOaGC2YhGXGwharBRhXZmJSpjVpMk=
Subject key identifier:   FA:9C:61:F5:61:78:ED:ED:96:BF:61:00:A2:92:4E:3F:0D:54:41:9D
Certificate issuer:       /CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
Certificate serial:       01857039791FA4D89FB2D928F7DF829BFBD2
Authority key identifier: 9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/1-pxh9WF47e2Wv2EAopJOPw1UQZ0.roa
Signing time:             Mon 02 Jan 2023 02:04:52 +0000
ROA not before:           Mon 02 Jan 2023 02:04:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35237
IP address blocks:        194.54.15.0/24 maxlen: 24
                          194.54.14.0/24 maxlen: 24
                          185.157.96.0/23 maxlen: 24
                          84.252.144.0/24 maxlen: 24
                          84.252.144.0/23 maxlen: 24
                          84.252.145.0/24 maxlen: 24
                          185.157.99.0/24 maxlen: 24
                          84.252.149.0/24 maxlen: 24
                          84.252.150.0/24 maxlen: 24
                          84.252.147.0/24 maxlen: 24
                          84.252.146.0/24 maxlen: 24
                          91.217.194.0/24 maxlen: 24
                          195.43.144.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:39:79:1f:a4:d8:9f:b2:d9:28:f7:df:82:9b:fb:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
        Validity
            Not Before: Jan  2 02:04:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fa9c61f56178eded96bf6100a2924e3f0d54419d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:98:22:4b:bd:bc:20:1b:3a:2d:1d:46:53:16:
                    e3:4d:08:5e:9c:9b:6a:09:f0:31:b7:3f:09:83:8f:
                    60:13:09:1a:06:9a:4f:d6:ef:cf:0e:8c:f8:fe:c0:
                    12:94:1c:e5:64:3e:1b:9f:2a:cf:3a:63:87:a9:d1:
                    fb:ce:4b:e9:41:0e:d8:32:26:8f:78:52:a6:a5:9d:
                    da:fb:05:45:2b:3b:53:71:da:3b:e1:50:08:98:9f:
                    35:e7:89:56:2f:19:93:ab:22:2b:67:0d:72:4c:0b:
                    5e:36:b6:dc:97:55:0f:5d:42:ff:5f:cc:7a:11:7a:
                    33:78:48:7c:8b:a0:ba:92:22:20:4c:31:e9:f0:29:
                    1a:4a:b9:ce:38:86:f0:db:32:b3:eb:b6:65:78:79:
                    7f:05:30:7e:00:84:26:22:a5:21:7c:6a:75:a8:b9:
                    c8:40:bc:67:5c:70:bd:e8:2f:55:ab:80:2b:50:1d:
                    4f:8b:46:35:82:cf:1d:45:b0:34:33:dc:a9:19:e3:
                    ba:74:6c:63:ca:fd:fc:f1:e9:31:31:16:49:dd:a7:
                    5c:b3:e3:6a:0b:ad:c5:3e:32:e2:42:66:8e:83:96:
                    47:f0:c0:6a:c9:6d:c9:02:3b:46:cb:57:a1:5e:73:
                    67:25:19:d9:c9:cb:5e:b3:40:c1:b1:cd:e3:d6:21:
                    78:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:9C:61:F5:61:78:ED:ED:96:BF:61:00:A2:92:4E:3F:0D:54:41:9D
            X509v3 Authority Key Identifier:
                keyid:9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/1-pxh9WF47e2Wv2EAopJOPw1UQZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/mlJqc86Pn2LBShGi6pE-wnPVjEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.144.0/22
                  84.252.149.0-84.252.150.255
                  91.217.194.0/24
                  185.157.96.0/23
                  185.157.99.0/24
                  194.54.14.0/23
                  195.43.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:f5:64:6c:bc:f4:1d:52:f2:13:cc:5d:f8:8e:9f:e1:35:d1:
         33:db:14:f1:09:b4:6d:de:94:12:52:e1:8d:13:0c:8e:bf:5c:
         74:b1:a4:3c:a8:53:7b:da:d4:f9:05:08:a2:b3:12:19:d6:6b:
         0a:9e:ed:dc:61:49:90:56:3b:e0:a2:28:06:e2:61:41:a2:71:
         14:2b:85:fe:23:b5:71:02:36:42:43:78:27:05:a0:e6:22:b7:
         ac:74:ca:5a:32:c4:93:50:1c:01:c1:ca:25:d3:2b:73:9e:ec:
         ac:32:d6:b8:cb:8d:f5:76:84:ea:6d:f8:f7:b3:69:1c:17:62:
         c3:c9:e7:d3:28:ac:48:39:73:cf:8f:68:82:bd:29:d9:d8:57:
         c9:5e:6b:54:bf:d7:bf:16:90:30:6f:a1:56:d2:ca:1d:3c:78:
         04:a6:83:c8:c3:a6:71:f1:a2:89:c7:61:07:fe:9e:65:1d:bf:
         43:c4:87:11:4d:b7:bf:b5:64:c4:7b:86:c7:5b:f9:9e:04:db:
         3a:df:d4:55:f9:03:ef:ae:f9:69:8c:34:d5:9b:4e:b2:00:48:
         15:fe:42:b9:1e:10:94:94:45:19:3d:41:da:06:c0:d7:bf:37:
         b4:5a:cc:f9:66:9f:4c:7d:50:dd:05:e2:e8:93:d0:7f:6c:b4:
         a7:9c:ca:47
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVwOXkfpNifstko99+Cm/vSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNTI2YTczY2U4ZjlmNjJjMTRhMTFhMmVhOTEzZWMyNzNk
NThjNDYwHhcNMjMwMTAyMDIwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTljNjFmNTYxNzhlZGVkOTZiZjYxMDBhMjkyNGUzZjBkNTQ0MTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJgiS728IBs6LR1GUxbjTQhenJtq
CfAxtz8Jg49gEwkaBppP1u/PDoz4/sASlBzlZD4bnyrPOmOHqdH7zkvpQQ7YMiaP
eFKmpZ3a+wVFKztTcdo74VAImJ8154lWLxmTqyIrZw1yTAteNrbcl1UPXUL/X8x6
EXozeEh8i6C6kiIgTDHp8CkaSrnOOIbw2zKz67ZleHl/BTB+AIQmIqUhfGp1qLnI
QLxnXHC96C9Vq4ArUB1Pi0Y1gs8dRbA0M9ypGeO6dGxjyv388ekxMRZJ3adcs+Nq
C63FPjLiQmaOg5ZH8MBqyW3JAjtGy1ehXnNnJRnZyctes0DBsc3j1iF46QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFPqcYfVheO3tlr9hAKKSTj8NVEGdMB8GA1UdIwQY
MBaAFJpSanPOj59iwUoRouqRPsJz1YxGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWxKcWM4NlBuMkxCU2hHaTZwRS13blBWakVZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82ZmNkY2EtZDEyMS00MzkxLTljZmMt
N2QxNmI5MGRiZTcyLzEvMS1weGg5V0Y0N2UyV3YyRUFvcEpPUHcxVVFaMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2IvNmZjZGNhLWQxMjEtNDM5MS05Y2ZjLTdkMTZiOTBkYmU3
Mi8xL21sSnFjODZQbjJMQlNoR2k2cEUtd25QVmpFWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBLBggrBgEFBQcBBwEB/wQ8MDowOAQCAAEwMgMEAlT8kDAM
AwQAVPyVAwQAVPyWAwQAW9nCAwQBuZ1gAwQAuZ1jAwQBwjYOAwQAwyuQMA0GCSqG
SIb3DQEBCwUAA4IBAQAd9WRsvPQdUvITzF34jp/hNdEz2xTxCbRt3pQSUuGNEwyO
v1x0saQ8qFN72tT5BQiisxIZ1msKnu3cYUmQVjvgoigG4mFBonEUK4X+I7VxAjZC
Q3gnBaDmIresdMpaMsSTUBwBwcol0ytznuysMta4y431doTqbfj3s2kcF2LDyefT
KKxIOXPPj2iCvSnZ2FfJXmtUv9e/FpAwb6FW0sodPHgEpoPIw6Zx8aKJx2EH/p5l
Hb9DxIcRTbe/tWTEe4bHW/meBNs639RV+QPvrvlpjDTVm06yAEgV/kK5HhCUlEUZ
PUHaBsDXvze0Wsz5Zp9MfVDdBeLok9B/bLSnnMpH
-----END CERTIFICATE-----