Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/SmhWiEfMRu24P_gndULmpJyTHvw.roa
File:                     SmhWiEfMRu24P_gndULmpJyTHvw.roa (raw, json)
Hash identifier:          gBwPjhYAFjDpqQ67QFDTg5FnIVdXk7qqwK3ulqiYOP4=
Subject key identifier:   4A:68:56:88:47:CC:46:ED:B8:3F:F8:27:75:42:E6:A4:9C:93:1E:FC
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       0187C873BF7D083787902A28106694B4B077
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/SmhWiEfMRu24P_gndULmpJyTHvw.roa
Signing time:             Fri 28 Apr 2023 15:20:41 +0000
ROA not before:           Fri 28 Apr 2023 15:20:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200088
IP address blocks:        5.44.46.0/24 maxlen: 24
                          5.44.47.0/24 maxlen: 24
                          185.166.196.0/24 maxlen: 24
                          185.166.197.0/24 maxlen: 24
                          81.200.157.0/24 maxlen: 24
                          81.200.154.0/24 maxlen: 24
                          81.200.156.0/24 maxlen: 24
                          81.200.155.0/24 maxlen: 24
                          89.191.226.0/24 maxlen: 24
                          45.95.235.0/24 maxlen: 24
                          194.31.173.0/24 maxlen: 24
                          37.220.81.0/24 maxlen: 24
                          194.31.175.0/24 maxlen: 24
                          194.31.174.0/24 maxlen: 24
                          37.220.83.0/24 maxlen: 24
                          37.220.82.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c8:73:bf:7d:08:37:87:90:2a:28:10:66:94:b4:b0:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Apr 28 15:20:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a68568847cc46edb83ff8277542e6a49c931efc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:15:6a:50:6a:c1:25:00:b2:ea:14:8b:c8:5e:
                    3e:54:34:cb:f0:1e:a4:18:a4:96:38:db:ff:61:2d:
                    6f:ce:9c:5e:73:65:88:0c:47:a3:8d:8c:a0:e8:a9:
                    3e:d3:38:b3:58:64:79:96:1a:4b:37:e3:f0:f1:a6:
                    c9:16:30:6c:2e:07:c7:0e:87:b8:4d:f8:37:89:da:
                    08:d0:70:f8:1c:bf:99:2b:76:10:ca:d8:ff:17:a0:
                    2a:11:52:f4:0b:76:d3:57:22:92:d7:02:fd:da:ef:
                    c5:43:47:cd:cc:85:00:8e:a2:6c:91:c0:79:ee:89:
                    21:ba:7a:63:99:00:59:dc:0c:d2:e1:64:aa:b3:ea:
                    f1:4e:0a:6d:fe:66:22:4f:08:69:b4:36:a6:18:e1:
                    b2:90:38:e6:93:e7:8c:e7:b8:ae:c3:5e:2d:a9:34:
                    fb:8f:46:b8:49:6f:15:23:b4:aa:f2:34:9e:64:41:
                    08:e7:59:c3:ba:76:34:20:9e:97:c1:c8:0f:70:81:
                    df:1e:70:5c:9f:75:b3:82:d1:9a:27:ce:39:1d:fa:
                    78:8f:9b:f3:62:cc:5b:d6:60:35:36:2d:86:76:fa:
                    d1:8b:a1:98:85:a4:29:4d:6d:6b:67:44:89:9e:9b:
                    99:80:0b:cc:ce:71:92:86:c8:92:72:5d:e7:7e:a2:
                    57:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:68:56:88:47:CC:46:ED:B8:3F:F8:27:75:42:E6:A4:9C:93:1E:FC
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/SmhWiEfMRu24P_gndULmpJyTHvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.46.0/23
                  37.220.81.0-37.220.83.255
                  45.95.235.0/24
                  81.200.154.0-81.200.157.255
                  89.191.226.0/24
                  185.166.196.0/23
                  194.31.173.0-194.31.175.255

    Signature Algorithm: sha256WithRSAEncryption
         4a:de:79:cf:de:55:39:27:81:72:0c:f3:e9:64:82:ea:3a:61:
         0b:d3:61:ac:5c:ab:73:7a:f2:ae:40:09:5d:fe:f0:fa:73:a1:
         51:3d:50:a3:1a:8a:4c:20:68:44:54:99:eb:bf:63:90:75:8b:
         e4:ed:a6:0b:8e:a4:18:fa:e3:ea:de:94:eb:08:cc:7f:29:d9:
         8b:d4:0d:d8:3f:12:f0:a0:a4:2f:47:14:46:5f:fd:dd:9f:2b:
         51:18:aa:3e:e2:e3:8c:c9:d2:ad:e8:b1:1c:39:ba:e3:18:1a:
         45:99:19:c7:11:99:25:f0:39:2f:ed:24:41:60:99:06:da:e3:
         fe:e5:48:b4:14:f0:c9:39:73:f7:fd:df:8d:b7:14:25:2e:59:
         10:54:fa:88:85:07:25:c9:91:76:5b:75:5f:8c:e8:c6:21:90:
         30:a5:3e:65:e3:50:69:ef:f5:6b:37:18:f2:bd:87:1e:cb:e3:
         b3:ae:95:0b:89:85:56:b6:93:a1:e6:0b:54:39:8f:18:4e:6c:
         2a:83:8a:f6:10:39:08:c9:e7:b1:e2:20:90:2e:e7:8a:d5:5b:
         71:fa:14:f0:68:36:51:71:6d:f5:72:2d:1a:f2:38:9f:5e:6c:
         1f:ed:28:a5:cd:91:30:f9:12:82:fe:54:b3:e7:d4:df:2d:27:
         e0:f1:a5:7c
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYfIc799CDeHkCooEGaUtLB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwNDI4MTUyMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTY4NTY4ODQ3Y2M0NmVkYjgzZmY4Mjc3NTQyZTZhNDljOTMxZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRVqUGrBJQCy6hSLyF4+VDTL8B6k
GKSWONv/YS1vzpxec2WIDEejjYyg6Kk+0zizWGR5lhpLN+Pw8abJFjBsLgfHDoe4
Tfg3idoI0HD4HL+ZK3YQytj/F6AqEVL0C3bTVyKS1wL92u/FQ0fNzIUAjqJskcB5
7okhunpjmQBZ3AzS4WSqs+rxTgpt/mYiTwhptDamGOGykDjmk+eM57iuw14tqTT7
j0a4SW8VI7Sq8jSeZEEI51nDunY0IJ6XwcgPcIHfHnBcn3WzgtGaJ845Hfp4j5vz
Ysxb1mA1Ni2GdvrRi6GYhaQpTW1rZ0SJnpuZgAvMznGShsiScl3nfqJXeQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFEpoVohHzEbtuD/4J3VC5qSckx78MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvU21oV2lFZk1SdTI0UF9nbmRVTG1wSnlUSHZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBBSwuMAwD
BAAl3FEDBAIl3FADBAAtX+swDAMEAVHImgMEAVHInAMEAFm/4gMEAbmmxDAMAwQA
wh+tAwQEwh+gMA0GCSqGSIb3DQEBCwUAA4IBAQBK3nnP3lU5J4FyDPPpZILqOmEL
02GsXKtzevKuQAld/vD6c6FRPVCjGopMIGhEVJnrv2OQdYvk7aYLjqQY+uPq3pTr
CMx/KdmL1A3YPxLwoKQvRxRGX/3dnytRGKo+4uOMydKt6LEcObrjGBpFmRnHEZkl
8Dkv7SRBYJkG2uP+5Ui0FPDJOXP3/d+NtxQlLlkQVPqIhQclyZF2W3VfjOjGIZAw
pT5l41Bp7/VrNxjyvYcey+OzrpULiYVWtpOh5gtUOY8YTmwqg4r2EDkIyeex4iCQ
LueK1Vtx+hTwaDZRcW31ci0a8jifXmwf7SilzZEw+RKC/lSz59TfLSfg8aV8
-----END CERTIFICATE-----