Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/OiVqpitZajgUzrHQ1j9oMeqjEVM.roa
File:                     OiVqpitZajgUzrHQ1j9oMeqjEVM.roa (raw, json)
Hash identifier:          l8Z2CslRUD/1htNzVr0acccemHxvtYrLF4acOpYYsaA=
Subject key identifier:   3A:25:6A:A6:2B:59:6A:38:14:CE:B1:D0:D6:3F:68:31:EA:A3:11:53
Certificate issuer:       /CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
Certificate serial:       0187E74772AE59A41795B7814EFCBD446E42
Authority key identifier: 9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/OiVqpitZajgUzrHQ1j9oMeqjEVM.roa
Signing time:             Thu 04 May 2023 15:00:31 +0000
ROA not before:           Thu 04 May 2023 15:00:31 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35237
IP address blocks:        185.157.96.0/23 maxlen: 24
                          84.252.144.0/24 maxlen: 24
                          84.252.144.0/23 maxlen: 24
                          84.252.145.0/24 maxlen: 24
                          185.157.99.0/24 maxlen: 24
                          84.252.149.0/24 maxlen: 24
                          84.252.150.0/24 maxlen: 24
                          84.252.147.0/24 maxlen: 24
                          84.252.146.0/24 maxlen: 24
                          91.217.194.0/24 maxlen: 24
                          194.54.15.0/24 maxlen: 24
                          194.54.14.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e7:47:72:ae:59:a4:17:95:b7:81:4e:fc:bd:44:6e:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
        Validity
            Not Before: May  4 15:00:31 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a256aa62b596a3814ceb1d0d63f6831eaa31153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c4:e6:d8:ee:64:30:86:2a:e5:7f:ab:b5:d2:
                    7f:9b:26:83:4c:4f:ff:4d:1a:ed:aa:0c:3c:1e:2e:
                    4f:bd:cc:f5:b2:1e:7b:7e:84:1f:d3:e4:74:87:a3:
                    65:ed:27:b8:3b:f5:e0:18:7e:48:a1:11:e0:5a:9d:
                    24:7c:30:2e:61:a4:82:b5:cb:4c:91:d6:e3:ae:f9:
                    41:3d:3b:fb:e3:fc:90:b5:49:8b:03:ad:9c:42:08:
                    c7:9b:bf:b7:83:94:b3:d7:ab:21:40:1d:2c:bd:f9:
                    ae:16:75:c6:2b:5e:ba:02:5d:e7:6c:3b:ae:55:1f:
                    be:46:57:48:fc:ef:4a:6c:76:c0:76:b7:d1:c9:fc:
                    f0:39:80:81:47:8b:a8:fb:12:49:14:71:68:b9:ac:
                    fb:dd:60:70:bc:72:79:75:d7:52:e9:e0:3e:c0:80:
                    bb:98:a4:24:15:c0:57:99:c6:b7:70:3d:8b:81:8d:
                    d2:2f:7d:0a:05:94:20:2b:fd:b2:42:38:e8:81:49:
                    2d:9d:65:b1:93:a1:65:e9:89:0b:54:94:3e:bc:e7:
                    39:91:1a:7c:03:99:1b:f4:cf:ee:9e:f1:7c:75:81:
                    14:3d:72:8a:6c:80:c4:63:a1:6a:b4:8f:1e:d3:7a:
                    fe:45:68:b0:42:b9:ce:a2:7a:cf:2f:55:71:de:6a:
                    13:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:25:6A:A6:2B:59:6A:38:14:CE:B1:D0:D6:3F:68:31:EA:A3:11:53
            X509v3 Authority Key Identifier:
                keyid:9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/OiVqpitZajgUzrHQ1j9oMeqjEVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/mlJqc86Pn2LBShGi6pE-wnPVjEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.144.0/22
                  84.252.149.0-84.252.150.255
                  91.217.194.0/24
                  185.157.96.0/23
                  185.157.99.0/24
                  194.54.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:5e:12:87:16:3f:d2:10:25:27:67:77:17:42:dc:38:62:e6:
         79:75:13:c3:d6:ad:4f:ec:1e:d6:b7:af:b3:f6:24:83:a4:ad:
         ac:21:c4:0b:2b:50:b2:75:ff:27:f2:76:7a:5e:73:93:01:e3:
         14:05:d2:f0:d5:17:48:4a:e2:4c:1b:fd:4a:2d:b0:10:51:9c:
         bb:e8:15:7c:69:99:22:df:5a:9d:a5:f4:82:73:ca:9a:7f:7f:
         f0:5a:7c:a1:62:f0:d9:69:cb:ca:1a:c0:2a:1f:08:c0:6e:48:
         68:c1:c6:65:99:97:e7:a1:d4:9d:f9:19:a1:fb:06:d3:ed:00:
         60:f1:ed:d6:a4:0e:00:23:64:3b:47:6b:42:d0:92:a9:be:1e:
         bb:fd:3d:4f:fd:7c:f8:9f:f4:d8:8c:1e:4c:f4:f7:5e:5f:43:
         4a:8d:a7:4f:c3:90:ff:ab:e7:44:93:99:d0:39:f4:d8:37:89:
         bd:0f:5f:ac:e9:56:10:e6:92:bf:df:b8:f8:40:c7:c5:50:00:
         35:12:22:88:85:2c:f8:2a:9f:88:ed:5f:5e:97:4c:f3:ad:27:
         40:c9:bd:5d:95:15:73:7a:01:55:6b:16:e6:2e:d6:fa:a5:6c:
         3d:cf:e6:0b:50:6d:77:0d:24:d2:d3:1e:6c:0d:a5:df:06:c5:
         2e:89:93:b9
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYfnR3KuWaQXlbeBTvy9RG5CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNTI2YTczY2U4ZjlmNjJjMTRhMTFhMmVhOTEzZWMyNzNk
NThjNDYwHhcNMjMwNTA0MTUwMDMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTI1NmFhNjJiNTk2YTM4MTRjZWIxZDBkNjNmNjgzMWVhYTMxMTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncTm2O5kMIYq5X+rtdJ/myaDTE//
TRrtqgw8Hi5Pvcz1sh57foQf0+R0h6Nl7Se4O/XgGH5IoRHgWp0kfDAuYaSCtctM
kdbjrvlBPTv74/yQtUmLA62cQgjHm7+3g5Sz16shQB0svfmuFnXGK166Al3nbDuu
VR++RldI/O9KbHbAdrfRyfzwOYCBR4uo+xJJFHFouaz73WBwvHJ5dddS6eA+wIC7
mKQkFcBXmca3cD2LgY3SL30KBZQgK/2yQjjogUktnWWxk6Fl6YkLVJQ+vOc5kRp8
A5kb9M/unvF8dYEUPXKKbIDEY6FqtI8e03r+RWiwQrnOonrPL1Vx3moTwQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDolaqYrWWo4FM6x0NY/aDHqoxFTMB8GA1UdIwQY
MBaAFJpSanPOj59iwUoRouqRPsJz1YxGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWxKcWM4NlBuMkxCU2hHaTZwRS13blBWakVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82ZmNkY2EtZDEyMS00MzkxLTljZmMt
N2QxNmI5MGRiZTcyLzEvT2lWcXBpdFphamdVenJIUTFqOW9NZXFqRVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82ZmNkY2EtZDEyMS00MzkxLTljZmMtN2QxNmI5MGRiZTcy
LzEvbWxKcWM4NlBuMkxCU2hHaTZwRS13blBWakVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQCVPyQMAwD
BABU/JUDBABU/JYDBABb2cIDBAG5nWADBAC5nWMDBAHCNg4wDQYJKoZIhvcNAQEL
BQADggEBAGpeEocWP9IQJSdndxdC3Dhi5nl1E8PWrU/sHta3r7P2JIOkrawhxAsr
ULJ1/yfydnpec5MB4xQF0vDVF0hK4kwb/UotsBBRnLvoFXxpmSLfWp2l9IJzypp/
f/BafKFi8Nlpy8oawCofCMBuSGjBxmWZl+eh1J35GaH7BtPtAGDx7dakDgAjZDtH
a0LQkqm+Hrv9PU/9fPif9NiMHkz0915fQ0qNp0/DkP+r50STmdA59Ng3ib0PX6zp
VhDmkr/fuPhAx8VQADUSIoiFLPgqn4jtX16XTPOtJ0DJvV2VFXN6AVVrFuYu1vql
bD3P5gtQbXcNJNLTHmwNpd8GxS6Jk7k=
-----END CERTIFICATE-----