Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XNdIaCiP3UalMTW_9zIIHQSEupI.roa
File:                     XNdIaCiP3UalMTW_9zIIHQSEupI.roa (raw, json)
Hash identifier:          tLyKFBPou7Q01ddyO2L2WQODF93wNmMXNA+/jkc20bg=
Subject key identifier:   5C:D7:48:68:28:8F:DD:46:A5:31:35:BF:F7:32:08:1D:04:84:BA:92
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0188AFB612C54441E6C2EA55535235444700
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XNdIaCiP3UalMTW_9zIIHQSEupI.roa
Signing time:             Mon 12 Jun 2023 13:05:25 +0000
ROA not before:           Mon 12 Jun 2023 13:05:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207084
IP address blocks:        195.133.80.0/24 maxlen: 24
                          193.124.17.0/24 maxlen: 24
                          194.87.118.0/24 maxlen: 24
                          194.87.138.0/24 maxlen: 24
                          194.87.25.0/24 maxlen: 24
                          194.87.33.0/24 maxlen: 24
                          195.133.19.0/24 maxlen: 24
                          195.58.53.0/24 maxlen: 24
                          195.133.41.0/24 maxlen: 24
                          194.87.182.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:af:b6:12:c5:44:41:e6:c2:ea:55:53:52:35:44:47:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun 12 13:05:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cd74868288fdd46a53135bff732081d0484ba92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:77:7a:c4:d6:03:83:0f:f4:b9:d0:04:ab:b0:
                    88:2e:b5:4c:cd:a9:fa:9f:ae:0c:2e:9b:86:96:82:
                    31:a7:d9:c8:0e:08:9f:5b:77:26:a3:63:b3:3e:a7:
                    a6:73:22:fd:1b:61:b7:cb:63:b7:ab:55:94:9f:30:
                    6d:18:ce:9e:59:ce:98:2e:94:73:57:c4:14:5a:8d:
                    31:d2:0e:02:18:ff:57:39:60:cc:79:ea:33:e7:b7:
                    16:74:9f:f1:98:c3:50:3b:a3:47:6e:c1:dc:76:88:
                    4f:23:08:cd:6e:a6:4a:c2:50:f3:e0:bb:47:39:c7:
                    14:b9:5d:9b:c1:cc:07:58:0a:3b:cb:e1:91:96:ca:
                    c8:08:b5:ce:06:61:97:19:72:cb:71:61:ff:24:4c:
                    c3:b1:c2:28:47:8a:da:dd:fc:b1:23:a4:d9:3b:30:
                    14:ca:a8:53:80:1c:cb:2d:3c:50:70:e9:df:5c:b2:
                    2a:37:46:78:0d:53:a6:cd:27:30:72:37:75:f5:e2:
                    eb:13:6e:69:43:ed:2b:ab:b0:0c:3d:c0:aa:37:3a:
                    7c:ef:a5:26:96:02:d7:75:ee:36:84:d1:ce:aa:4f:
                    d6:be:64:39:18:38:26:d5:ce:6e:74:8a:2d:44:73:
                    bb:21:2f:4a:86:f3:04:86:a1:4c:31:40:59:05:fa:
                    eb:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D7:48:68:28:8F:DD:46:A5:31:35:BF:F7:32:08:1D:04:84:BA:92
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XNdIaCiP3UalMTW_9zIIHQSEupI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.17.0/24
                  194.87.25.0/24
                  194.87.33.0/24
                  194.87.118.0/24
                  194.87.138.0/24
                  194.87.182.0/24
                  195.58.53.0/24
                  195.133.19.0/24
                  195.133.41.0/24
                  195.133.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:2a:3a:f7:7c:d7:db:d3:9b:9c:99:a8:07:44:7d:fb:d4:53:
         1b:6e:6b:02:64:41:ec:74:cc:e9:8f:33:12:be:6a:bf:65:43:
         69:a3:99:76:f8:e7:6b:6d:ee:21:c4:3e:29:90:ce:4e:7d:fd:
         04:8a:7e:8a:3b:e5:93:20:e0:cb:73:7b:7f:cf:1b:6b:04:57:
         d5:7e:ec:f3:d4:b2:36:11:85:65:05:ed:a1:76:83:ae:b1:f4:
         6e:d0:59:3f:b5:ab:aa:39:bb:0d:c1:c9:26:32:ef:d3:77:ef:
         2c:59:f1:13:9b:62:f4:23:bf:22:24:ec:26:24:7d:60:e8:01:
         bd:b4:1e:bc:ff:57:25:a8:be:8d:3f:ab:74:28:c5:5a:7b:c0:
         ed:3a:93:36:81:1e:00:23:41:b3:bc:c7:ad:74:1c:77:39:2a:
         43:85:d1:72:92:e5:e4:b5:6d:9e:45:94:8b:fd:85:8b:b9:9c:
         73:34:4f:54:df:a3:01:04:e4:df:e3:20:f5:f9:33:e9:84:d3:
         4d:e7:15:7b:30:dd:e7:7f:ec:4c:21:6b:fa:aa:69:e4:0a:2a:
         ba:24:6d:67:1b:4c:75:45:e2:98:ff:59:90:29:51:2f:67:2b:
         f4:09:00:e2:93:0c:5b:74:0b:04:c3:80:fc:75:03:d1:6d:ec:
         6e:b7:8f:36
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYivthLFREHmwupVU1I1REcAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNjEyMTMwNTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Q3NDg2ODI4OGZkZDQ2YTUzMTM1YmZmNzMyMDgxZDA0ODRiYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXd6xNYDgw/0udAEq7CILrVMzan6
n64MLpuGloIxp9nIDgifW3cmo2OzPqemcyL9G2G3y2O3q1WUnzBtGM6eWc6YLpRz
V8QUWo0x0g4CGP9XOWDMeeoz57cWdJ/xmMNQO6NHbsHcdohPIwjNbqZKwlDz4LtH
OccUuV2bwcwHWAo7y+GRlsrICLXOBmGXGXLLcWH/JEzDscIoR4ra3fyxI6TZOzAU
yqhTgBzLLTxQcOnfXLIqN0Z4DVOmzScwcjd19eLrE25pQ+0rq7AMPcCqNzp876Um
lgLXde42hNHOqk/WvmQ5GDgm1c5udIotRHO7IS9KhvMEhqFMMUBZBfrrqQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFFzXSGgoj91GpTE1v/cyCB0EhLqSMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWE5kSWFDaVAzVWFsTVRXXzl6SUlIUVNFdXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwXwRAwQA
wlcZAwQAwlchAwQAwld2AwQAwleKAwQAwle2AwQAwzo1AwQAw4UTAwQAw4UpAwQA
w4VQMA0GCSqGSIb3DQEBCwUAA4IBAQB5Kjr3fNfb05ucmagHRH371FMbbmsCZEHs
dMzpjzMSvmq/ZUNpo5l2+Odrbe4hxD4pkM5Off0Ein6KO+WTIODLc3t/zxtrBFfV
fuzz1LI2EYVlBe2hdoOusfRu0Fk/tauqObsNwckmMu/Td+8sWfETm2L0I78iJOwm
JH1g6AG9tB68/1clqL6NP6t0KMVae8DtOpM2gR4AI0GzvMetdBx3OSpDhdFykuXk
tW2eRZSL/YWLuZxzNE9U36MBBOTf4yD1+TPphNNN5xV7MN3nf+xMIWv6qmnkCiq6
JG1nG0x1ReKY/1mQKVEvZyv0CQDikwxbdAsEw4D8dQPRbexut482
-----END CERTIFICATE-----