Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NgReelEeZyduY3sYiT6hHsRb24I.roa
File:                     NgReelEeZyduY3sYiT6hHsRb24I.roa (raw, json)
Hash identifier:          Dt4zw0WOBnd+opbjw5EGXkv3BWv7wuLVvN0zSPSG+Pc=
Subject key identifier:   36:04:5E:7A:51:1E:67:27:6E:63:7B:18:89:3E:A1:1E:C4:5B:DB:82
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0189CB4EFD706A6555B3FFDB6FADE1C69AF5
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NgReelEeZyduY3sYiT6hHsRb24I.roa
Signing time:             Sun 06 Aug 2023 14:44:58 +0000
ROA not before:           Sun 06 Aug 2023 14:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213035
IP address blocks:        212.193.29.0/24 maxlen: 24
                          212.193.28.0/24 maxlen: 24
                          195.133.16.0/24 maxlen: 24
                          212.192.218.0/24 maxlen: 24
                          212.192.216.0/24 maxlen: 24
                          195.133.17.0/24 maxlen: 24
                          212.192.219.0/24 maxlen: 24
                          212.192.217.0/24 maxlen: 24
                          212.192.240.0/24 maxlen: 24
                          192.124.188.0/24 maxlen: 24
                          212.192.243.0/24 maxlen: 24
                          195.133.42.0/24 maxlen: 24
                          195.133.43.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:cb:4e:fd:70:6a:65:55:b3:ff:db:6f:ad:e1:c6:9a:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug  6 14:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=36045e7a511e67276e637b18893ea11ec45bdb82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:61:b7:21:21:1e:c9:6d:0f:e7:07:92:fd:a1:
                    4a:eb:f5:97:02:93:e7:87:f6:de:a4:21:bb:74:60:
                    c9:b5:f9:39:c8:23:f6:6e:51:e9:d0:c6:5f:cf:21:
                    40:28:09:49:09:98:8f:b6:7c:37:0d:26:66:a1:92:
                    38:21:3f:d3:66:b9:e5:69:59:2a:1d:08:ab:6f:7f:
                    1b:60:a9:30:e7:83:7a:c9:5e:b6:c7:44:23:e9:da:
                    1c:64:cd:1a:50:bd:5d:4a:50:95:67:90:f6:6a:83:
                    8d:2c:8b:37:5a:95:cc:8e:18:bf:55:53:60:59:cf:
                    85:6e:f9:7c:d6:d6:94:58:a6:76:7a:a3:8c:6e:6e:
                    ea:91:c8:f8:b3:d3:e8:ff:2f:63:9c:be:b6:09:06:
                    e0:73:a1:20:39:85:35:02:fd:ef:86:d8:aa:21:a8:
                    c0:44:b2:93:d8:7b:ca:f5:be:6e:ca:28:0f:f9:8a:
                    2f:c1:5f:7c:05:d3:0c:8e:31:f2:b0:96:89:02:2c:
                    9f:d5:8f:51:99:f7:65:2d:5c:9b:da:d4:5b:91:87:
                    6c:32:d2:ef:c9:ec:9f:21:97:33:91:a3:ee:93:ab:
                    64:3f:a6:bf:58:45:40:0b:35:c6:07:c2:84:ad:89:
                    2d:8e:c4:40:e3:65:bd:8d:21:f1:6c:2e:20:d3:67:
                    db:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:04:5E:7A:51:1E:67:27:6E:63:7B:18:89:3E:A1:1E:C4:5B:DB:82
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NgReelEeZyduY3sYiT6hHsRb24I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.188.0/24
                  195.133.16.0/23
                  195.133.42.0/23
                  212.192.216.0/22
                  212.192.240.0/24
                  212.192.243.0/24
                  212.193.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:97:c0:61:28:c9:01:3b:7e:d1:94:c2:71:90:81:49:8d:4b:
         91:9d:5b:4d:2c:9f:6f:ce:10:be:f0:50:1a:8f:00:05:76:bc:
         43:8f:70:c9:58:a8:9a:62:12:1f:02:0a:9f:0a:bd:61:c3:80:
         6e:55:86:5f:15:18:ce:67:60:9e:54:92:e2:61:70:7a:7d:44:
         6a:27:2e:ec:c2:38:36:0c:54:6b:a1:19:45:2f:1e:92:01:8c:
         69:33:48:7e:76:7a:86:1e:d8:1c:e7:f1:3b:1f:69:7c:7e:a5:
         fb:88:3f:45:cd:bd:64:45:18:31:45:5b:58:f4:95:7d:65:e1:
         64:37:2d:e5:af:50:c5:55:9a:0a:7b:7f:f2:41:5f:44:12:0f:
         cc:e4:a4:b8:85:1b:65:a5:8b:af:c3:0d:3e:b9:64:d6:69:2b:
         df:1d:dc:00:4f:94:b8:17:ee:c9:a0:63:11:35:64:e5:94:dd:
         4d:0b:a5:58:25:07:c2:76:30:a3:08:47:c4:3c:a5:0d:43:90:
         2c:49:a8:1f:e9:8d:56:c9:44:47:89:60:f9:ee:be:04:82:e6:
         c5:0a:5c:c6:69:dd:fc:0a:7e:5b:c5:52:65:7f:b0:45:85:7c:
         54:c7:de:96:a6:8a:38:5d:b5:b0:19:07:c1:28:67:09:b4:2c:
         44:36:d5:89
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYnLTv1wamVVs//bb63hxpr1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwODA2MTQ0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjA0NWU3YTUxMWU2NzI3NmU2MzdiMTg4OTNlYTExZWM0NWJkYjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGG3ISEeyW0P5weS/aFK6/WXApPn
h/bepCG7dGDJtfk5yCP2blHp0MZfzyFAKAlJCZiPtnw3DSZmoZI4IT/TZrnlaVkq
HQirb38bYKkw54N6yV62x0Qj6docZM0aUL1dSlCVZ5D2aoONLIs3WpXMjhi/VVNg
Wc+Fbvl81taUWKZ2eqOMbm7qkcj4s9Po/y9jnL62CQbgc6EgOYU1Av3vhtiqIajA
RLKT2HvK9b5uyigP+YovwV98BdMMjjHysJaJAiyf1Y9RmfdlLVyb2tRbkYdsMtLv
yeyfIZczkaPuk6tkP6a/WEVACzXGB8KErYktjsRA42W9jSHxbC4g02fbCQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDYEXnpRHmcnbmN7GIk+oR7EW9uCMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTmdSZWVsRWVaeWR1WTNzWWlUNmhIc1JiMjRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAwHy8AwQB
w4UQAwQBw4UqAwQC1MDYAwQA1MDwAwQA1MDzAwQB1MEcMA0GCSqGSIb3DQEBCwUA
A4IBAQCSl8BhKMkBO37RlMJxkIFJjUuRnVtNLJ9vzhC+8FAajwAFdrxDj3DJWKia
YhIfAgqfCr1hw4BuVYZfFRjOZ2CeVJLiYXB6fURqJy7swjg2DFRroRlFLx6SAYxp
M0h+dnqGHtgc5/E7H2l8fqX7iD9Fzb1kRRgxRVtY9JV9ZeFkNy3lr1DFVZoKe3/y
QV9EEg/M5KS4hRtlpYuvww0+uWTWaSvfHdwAT5S4F+7JoGMRNWTllN1NC6VYJQfC
djCjCEfEPKUNQ5AsSagf6Y1WyURHiWD57r4EgubFClzGad38Cn5bxVJlf7BFhXxU
x96Wpoo4XbWwGQfBKGcJtCxENtWJ
-----END CERTIFICATE-----