Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/96wbxySEZRf2AoLOJgot0CRCWj8.roa
File:                     96wbxySEZRf2AoLOJgot0CRCWj8.roa (raw, json)
Hash identifier:          YIAv1QL+n8pBfoH7/mEu1ODGvgYT/ctQNlGBULJI0M4=
Subject key identifier:   F7:AC:1B:C7:24:84:65:17:F6:02:82:CE:26:0A:2D:D0:24:42:5A:3F
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018AC665D68F3F9B8387704DDAABE6A4DC64
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/96wbxySEZRf2AoLOJgot0CRCWj8.roa
Signing time:             Sun 24 Sep 2023 08:54:37 +0000
ROA not before:           Sun 24 Sep 2023 08:54:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49392
IP address blocks:        194.87.118.0/23 maxlen: 24
                          194.87.220.0/24 maxlen: 24
                          193.124.254.0/24 maxlen: 24
                          195.133.10.0/23 maxlen: 23
                          194.135.32.0/24 maxlen: 24
                          185.72.10.0/24 maxlen: 24
                          195.133.26.0/23 maxlen: 24
                          212.192.13.0/24 maxlen: 24
                          195.133.56.0/23 maxlen: 23
                          195.133.52.0/23 maxlen: 23

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:c6:65:d6:8f:3f:9b:83:87:70:4d:da:ab:e6:a4:dc:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 24 08:54:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f7ac1bc724846517f60282ce260a2dd024425a3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:13:ba:c5:dd:7b:7c:83:28:35:e6:5d:0a:1b:
                    db:3a:79:a0:bc:82:bf:02:ac:2f:41:2a:5c:f9:aa:
                    20:82:4a:e8:ac:a3:f2:5d:77:18:a3:9b:5d:4e:23:
                    76:44:b2:cc:e5:55:6b:0c:77:d2:bc:81:65:96:89:
                    96:1b:11:c9:68:ac:74:91:dc:3c:95:46:96:12:37:
                    e1:39:66:74:c2:75:99:be:9e:25:6a:f3:85:dc:64:
                    28:1c:da:c0:80:f7:06:a6:17:28:71:e3:cd:09:f7:
                    69:34:35:55:25:7b:e8:30:bd:6d:b1:55:68:22:ed:
                    4d:92:4a:5f:5b:fb:e5:38:0b:f8:7d:e9:38:d2:52:
                    92:da:2d:ce:8c:ec:ec:6d:db:2c:c2:dc:86:52:89:
                    25:4e:02:be:39:db:2c:40:a0:a5:b6:14:03:30:4a:
                    c9:3a:cf:c2:85:34:8b:d8:62:b2:ca:6b:65:32:36:
                    3c:a8:f3:20:72:09:e1:90:8f:be:4d:f7:e2:db:dc:
                    01:a4:0c:79:31:88:88:6a:93:db:ec:a7:dd:1e:95:
                    7a:50:11:0f:92:8a:ae:c4:3a:36:26:b6:f1:01:c8:
                    18:57:3f:4e:f2:fb:da:93:dd:55:d1:05:74:89:35:
                    0b:5b:ca:d9:c9:f5:5f:61:9b:56:65:2f:0a:8a:a7:
                    75:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:AC:1B:C7:24:84:65:17:F6:02:82:CE:26:0A:2D:D0:24:42:5A:3F
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/96wbxySEZRf2AoLOJgot0CRCWj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.10.0/24
                  193.124.254.0/24
                  194.87.118.0/23
                  194.87.220.0/24
                  194.135.32.0/24
                  195.133.10.0/23
                  195.133.26.0/23
                  195.133.52.0/23
                  195.133.56.0/23
                  212.192.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:dd:c8:87:e3:35:ec:32:58:19:84:71:cf:31:9e:95:d6:89:
         70:03:57:41:d3:62:cf:48:a2:f7:35:95:ab:18:f6:52:7e:ba:
         6d:d9:4b:36:d4:89:d0:80:12:e0:33:4b:a1:31:2f:e6:8e:50:
         70:d7:23:c3:76:f6:89:2d:a5:14:a8:bb:d5:88:6c:0a:80:2b:
         40:96:a5:c9:33:00:5b:fb:38:6d:c3:d5:1f:3e:60:a5:c2:41:
         ab:44:79:db:bb:77:0c:0e:bf:d7:64:72:22:0d:e3:13:55:8d:
         db:cd:b8:a8:09:4f:d9:95:1f:2d:39:03:dd:ab:29:01:40:11:
         d7:c2:0f:87:f3:d0:19:6b:8b:ba:42:3a:3f:82:dd:19:e9:91:
         4c:66:6e:93:d5:1a:21:22:a8:d9:07:e3:a6:ed:46:c8:df:ac:
         a1:c9:f3:ee:de:40:de:25:37:16:f1:24:3d:bd:19:cb:b3:60:
         ca:4a:72:45:1a:d1:7e:6f:7d:7e:60:77:d8:ec:98:d4:b8:48:
         e0:40:bb:83:68:d8:74:e8:43:d7:79:93:fb:a4:bc:f3:d9:c4:
         1c:b7:2b:48:fc:a3:89:4b:9c:44:90:3c:f6:db:b7:37:20:0c:
         2f:e0:22:35:c4:3b:5a:23:e6:21:92:8a:19:07:8d:ab:2f:51:
         b8:2c:97:09
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYrGZdaPP5uDh3BN2qvmpNxkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwOTI0MDg1NDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2FjMWJjNzI0ODQ2NTE3ZjYwMjgyY2UyNjBhMmRkMDI0NDI1YTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRO6xd17fIMoNeZdChvbOnmgvIK/
AqwvQSpc+aoggkrorKPyXXcYo5tdTiN2RLLM5VVrDHfSvIFllomWGxHJaKx0kdw8
lUaWEjfhOWZ0wnWZvp4lavOF3GQoHNrAgPcGphcocePNCfdpNDVVJXvoML1tsVVo
Iu1NkkpfW/vlOAv4fek40lKS2i3OjOzsbdsswtyGUoklTgK+OdssQKClthQDMErJ
Os/ChTSL2GKyymtlMjY8qPMgcgnhkI++Tffi29wBpAx5MYiIapPb7KfdHpV6UBEP
koquxDo2JrbxAcgYVz9O8vvak91V0QV0iTULW8rZyfVfYZtWZS8Kiqd1VwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPesG8ckhGUX9gKCziYKLdAkQlo/MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOTZ3Ynh5U0VaUmYyQW9MT0pnb3QwQ1JDV2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAuUgKAwQA
wXz+AwQBwld2AwQAwlfcAwQAwocgAwQBw4UKAwQBw4UaAwQBw4U0AwQBw4U4AwQA
1MANMA0GCSqGSIb3DQEBCwUAA4IBAQCK3ciH4zXsMlgZhHHPMZ6V1olwA1dB02LP
SKL3NZWrGPZSfrpt2Us21InQgBLgM0uhMS/mjlBw1yPDdvaJLaUUqLvViGwKgCtA
lqXJMwBb+zhtw9UfPmClwkGrRHnbu3cMDr/XZHIiDeMTVY3bzbioCU/ZlR8tOQPd
qykBQBHXwg+H89AZa4u6Qjo/gt0Z6ZFMZm6T1RohIqjZB+Om7UbI36yhyfPu3kDe
JTcW8SQ9vRnLs2DKSnJFGtF+b31+YHfY7JjUuEjgQLuDaNh06EPXeZP7pLzz2cQc
tytI/KOJS5xEkDz227c3IAwv4CI1xDtaI+YhkooZB42rL1G4LJcJ
-----END CERTIFICATE-----