Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/a-N04ppRprAHpuDZS9-1OIfGm2o.roa
File:                     a-N04ppRprAHpuDZS9-1OIfGm2o.roa (raw, json)
Hash identifier:          MwYQl1cYMFz6gyYwO7XFxnjqhYTQkYehT64Hq7FaO1U=
Subject key identifier:   6B:E3:74:E2:9A:51:A6:B0:07:A6:E0:D9:4B:DF:B5:38:87:C6:9B:6A
Certificate issuer:       /CN=f08fba5263519b7c3a2155c69878217776defba0
Certificate serial:       0186CD0440C2EB815B83B2FFB606B17090AA
Authority key identifier: F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/a-N04ppRprAHpuDZS9-1OIfGm2o.roa
Signing time:             Fri 10 Mar 2023 19:34:13 +0000
ROA not before:           Fri 10 Mar 2023 19:34:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48847
IP address blocks:        185.12.223.0/24 maxlen: 24
                          185.12.222.0/24 maxlen: 24
                          185.12.221.0/24 maxlen: 24
                          185.12.220.0/22 maxlen: 22
                          185.12.221.152/29 maxlen: 29
                          109.233.21.92/30 maxlen: 30
                          109.233.17.0/24 maxlen: 24
                          109.233.16.0/24 maxlen: 24
                          109.233.16.0/21 maxlen: 21
                          109.233.20.0/24 maxlen: 24
                          109.233.19.128/25 maxlen: 25
                          109.233.19.0/24 maxlen: 24
                          109.233.18.0/24 maxlen: 24
                          109.233.23.0/24 maxlen: 24
                          109.233.22.0/24 maxlen: 24
                          109.233.21.0/24 maxlen: 24
                          109.233.19.128/30 maxlen: 30
                          109.233.20.196/30 maxlen: 30
                          109.233.21.100/30 maxlen: 30
                          2a03:6900::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cd:04:40:c2:eb:81:5b:83:b2:ff:b6:06:b1:70:90:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f08fba5263519b7c3a2155c69878217776defba0
        Validity
            Not Before: Mar 10 19:34:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6be374e29a51a6b007a6e0d94bdfb53887c69b6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:aa:8a:87:e0:f7:2a:eb:d0:a3:fe:e8:bb:72:
                    13:ed:1a:ce:64:9b:34:bc:5e:43:da:c2:10:a4:09:
                    bf:c8:fd:fb:17:3e:28:8f:96:25:04:1f:cb:99:c9:
                    b9:dd:8a:3f:fe:1f:d4:8d:0e:11:d0:ae:48:0c:71:
                    24:43:de:a7:b3:c6:42:bc:2b:13:4b:b7:30:08:5a:
                    8a:6e:39:59:e6:66:6a:40:ff:80:09:2c:9e:46:b8:
                    2a:f3:d8:93:f0:5e:d1:a0:ef:dc:75:15:54:6b:ad:
                    e8:31:3b:d6:b6:15:14:8a:be:e6:a6:db:76:76:c3:
                    49:35:10:4c:1b:81:51:55:d8:d8:34:73:ed:34:ef:
                    ef:fd:e2:11:89:e3:51:80:50:0c:51:2e:21:48:12:
                    e4:06:df:28:ca:18:7f:01:4f:a9:bc:a7:8e:d5:cf:
                    72:19:a5:90:47:b8:0b:67:a2:f8:7d:2b:ed:04:9c:
                    08:0c:25:c8:ff:93:b6:49:61:38:4e:2b:49:da:38:
                    88:47:5d:c4:fa:e2:d9:aa:85:80:a9:d7:b0:59:53:
                    02:10:17:4e:1e:df:08:5f:9d:a6:47:93:aa:22:bd:
                    cd:b2:08:06:d6:67:f9:67:e6:4d:81:0e:c3:95:ca:
                    48:35:18:5f:13:03:72:99:59:1c:9e:42:aa:db:4b:
                    e2:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:E3:74:E2:9A:51:A6:B0:07:A6:E0:D9:4B:DF:B5:38:87:C6:9B:6A
            X509v3 Authority Key Identifier:
                keyid:F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/a-N04ppRprAHpuDZS9-1OIfGm2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.16.0/21
                  185.12.220.0/22
                IPv6:
                  2a03:6900::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:8b:20:4a:5e:d9:64:70:f3:f0:19:35:73:84:62:a5:90:3f:
         85:b1:24:89:fd:2d:ad:19:2b:0e:50:8a:0f:96:c3:ba:5d:2a:
         11:58:46:eb:41:79:19:c2:38:0c:91:00:ad:e3:65:6e:c6:61:
         65:f1:7f:27:a5:f0:eb:4d:10:7a:58:94:62:b6:04:c1:62:99:
         c1:0a:50:20:48:75:ae:33:87:99:94:c8:9c:e1:55:e7:62:5c:
         4f:28:ef:56:81:96:c8:09:33:35:01:2a:e2:65:25:73:57:a3:
         f0:74:40:47:36:cb:22:95:ef:40:ca:04:2a:3d:fb:87:91:82:
         3e:c5:c6:9d:69:b3:3c:e0:19:25:4a:17:01:d3:30:4a:97:a6:
         c5:37:d6:e8:5c:ae:82:a7:c4:e7:b6:8d:43:13:f6:9e:cd:3c:
         34:10:c8:bc:8f:f2:eb:4b:68:25:1f:1c:40:97:0e:73:70:23:
         30:4c:32:3c:07:0a:d5:ab:6a:6a:88:fb:45:5a:a0:b6:c3:2b:
         b1:25:76:20:e7:1f:d8:41:78:fe:2e:c6:c2:66:bd:49:b5:31:
         74:cc:64:ac:31:31:57:1a:3e:a4:e5:f8:d2:85:87:c7:56:1d:
         69:43:70:7c:81:07:6d:d1:21:7e:87:cf:ff:0e:0b:7a:59:79:
         15:5a:79:9f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYbNBEDC64Fbg7L/tgaxcJCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGZiYTUyNjM1MTliN2MzYTIxNTVjNjk4NzgyMTc3NzZk
ZWZiYTAwHhcNMjMwMzEwMTkzNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmUzNzRlMjlhNTFhNmIwMDdhNmUwZDk0YmRmYjUzODg3YzY5YjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKqKh+D3KuvQo/7ou3IT7RrOZJs0
vF5D2sIQpAm/yP37Fz4oj5YlBB/Lmcm53Yo//h/UjQ4R0K5IDHEkQ96ns8ZCvCsT
S7cwCFqKbjlZ5mZqQP+ACSyeRrgq89iT8F7RoO/cdRVUa63oMTvWthUUir7mptt2
dsNJNRBMG4FRVdjYNHPtNO/v/eIRieNRgFAMUS4hSBLkBt8oyhh/AU+pvKeO1c9y
GaWQR7gLZ6L4fSvtBJwIDCXI/5O2SWE4TitJ2jiIR13E+uLZqoWAqdewWVMCEBdO
Ht8IX52mR5OqIr3NsggG1mf5Z+ZNgQ7DlcpINRhfEwNymVkcnkKq20vijwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGvjdOKaUaawB6bg2UvftTiHxptqMB8GA1UdIwQY
MBaAFPCPulJjUZt8OiFVxph4IXd23vugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgt
MDY0MTNjZWVmY2UwLzEvYS1OMDRwcFJwckFIcHVEWlM5LTFPSWZHbTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgtMDY0MTNjZWVmY2Uw
LzEvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbekQAwQC
uQzcMA0EAgACMAcDBQAqA2kAMA0GCSqGSIb3DQEBCwUAA4IBAQBIiyBKXtlkcPPw
GTVzhGKlkD+FsSSJ/S2tGSsOUIoPlsO6XSoRWEbrQXkZwjgMkQCt42VuxmFl8X8n
pfDrTRB6WJRitgTBYpnBClAgSHWuM4eZlMic4VXnYlxPKO9WgZbICTM1ASriZSVz
V6PwdEBHNssile9AygQqPfuHkYI+xcadabM84BklShcB0zBKl6bFN9boXK6Cp8Tn
to1DE/aezTw0EMi8j/LrS2glHxxAlw5zcCMwTDI8BwrVq2pqiPtFWqC2wyuxJXYg
5x/YQXj+LsbCZr1JtTF0zGSsMTFXGj6k5fjShYfHVh1pQ3B8gQdt0SF+h8//Dgt6
WXkVWnmf
-----END CERTIFICATE-----