Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/I9yAlki3RMiF1ST_ZOVbixlz-cw.roa
File:                     I9yAlki3RMiF1ST_ZOVbixlz-cw.roa (raw, json)
Hash identifier:          36tJLgZY3WqFBwomVrsTK43XhIaY7j3zwhmKVueuQBI=
Subject key identifier:   23:DC:80:96:48:B7:44:C8:85:D5:24:FF:64:E5:5B:8B:19:73:F9:CC
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01883DFC4BAC8EF65F36DA5EE3558F317E83
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/I9yAlki3RMiF1ST_ZOVbixlz-cw.roa
Signing time:             Sun 21 May 2023 11:05:24 +0000
ROA not before:           Sun 21 May 2023 11:05:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15611
IP address blocks:        213.176.96.0/24 maxlen: 24
                          213.176.4.0/24 maxlen: 24
                          213.176.5.0/24 maxlen: 24
                          62.60.132.0/22 maxlen: 24
                          62.60.136.0/24 maxlen: 24
                          62.60.137.0/24 maxlen: 24
                          62.60.139.0/24 maxlen: 24
                          62.60.140.0/24 maxlen: 24
                          62.60.143.0/24 maxlen: 24
                          62.60.141.0/24 maxlen: 24
                          62.60.142.0/24 maxlen: 24
                          62.60.145.0/24 maxlen: 24
                          213.176.124.0/24 maxlen: 24
                          213.176.125.0/24 maxlen: 24
                          213.176.122.0/24 maxlen: 24
                          213.176.123.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:3d:fc:4b:ac:8e:f6:5f:36:da:5e:e3:55:8f:31:7e:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: May 21 11:05:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=23dc809648b744c885d524ff64e55b8b1973f9cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:94:c0:5a:58:34:84:92:e8:63:72:db:54:16:
                    ff:72:93:1b:0c:d8:a2:b0:36:11:03:ca:84:a9:4f:
                    d4:56:dd:87:d3:73:2d:40:d3:f8:54:0f:74:32:eb:
                    93:2d:cf:5c:31:66:ca:8c:e6:42:1a:06:56:cf:57:
                    87:63:21:0c:72:6c:d7:a9:12:6d:b2:fd:e7:2b:08:
                    f9:5f:11:32:35:9e:1f:1c:3d:87:f4:f0:32:4b:9c:
                    79:5a:df:da:3d:6e:f3:12:a7:d8:49:3e:2c:77:0f:
                    46:e4:cb:a6:fa:ac:38:e7:52:e3:bb:76:da:ab:bf:
                    4d:06:b0:b6:9b:5f:f6:9c:ac:0f:6e:2b:43:a2:ab:
                    36:21:89:8c:a9:6e:47:9e:88:9f:1f:15:bd:c7:fb:
                    fc:81:ae:c7:78:70:f1:b9:7c:79:80:d4:e7:85:93:
                    35:22:fd:83:3c:ef:9f:7a:8a:cf:83:b3:ba:38:85:
                    e9:a8:a3:7b:e9:3e:07:d3:70:e1:8e:43:84:3b:05:
                    a1:cf:df:d6:20:f4:79:ea:b6:f8:c7:ee:10:b4:fa:
                    ab:37:c9:dd:c7:70:da:56:c7:3a:01:dd:dd:01:54:
                    5e:70:ac:92:09:5d:25:47:5d:96:72:48:1c:72:96:
                    35:98:0d:2e:dd:9b:aa:9a:cc:c4:0d:8a:90:2f:57:
                    62:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:DC:80:96:48:B7:44:C8:85:D5:24:FF:64:E5:5B:8B:19:73:F9:CC
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/I9yAlki3RMiF1ST_ZOVbixlz-cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.132.0-62.60.137.255
                  62.60.139.0-62.60.143.255
                  62.60.145.0/24
                  213.176.4.0/23
                  213.176.96.0/24
                  213.176.122.0-213.176.125.255

    Signature Algorithm: sha256WithRSAEncryption
         5d:4b:38:f8:d1:5a:20:35:0b:9f:f8:7d:7f:7f:6a:25:cd:e9:
         63:13:30:f6:52:11:7e:68:a3:36:c2:82:60:b5:98:ed:58:0b:
         21:15:60:99:ad:d8:45:3e:d2:be:8a:94:70:bc:5d:9b:d2:ad:
         49:a5:fb:00:2c:d0:e0:f3:a9:8d:e7:0a:a3:74:8a:7d:e5:77:
         f5:25:3b:75:5d:a4:22:be:ff:0a:aa:39:13:a9:38:b3:fd:69:
         fd:39:1a:75:1c:2e:1f:88:69:17:bb:a6:05:92:1e:60:8f:cb:
         96:3e:37:af:4f:b4:f7:7c:a1:96:0b:c1:4f:57:9f:f7:a0:93:
         dc:03:8b:c6:95:59:64:0a:25:d3:36:41:15:7a:0e:13:bc:8c:
         a5:6a:4d:93:60:b5:24:7e:8b:d7:8e:8d:b0:00:30:12:68:80:
         72:cf:8d:b7:b1:ab:d9:01:c5:49:93:3f:49:1b:46:6f:b1:87:
         b6:01:2a:5a:be:0a:3e:46:de:8e:eb:a0:cf:61:29:4d:8f:11:
         6d:b3:92:ab:fe:4e:bd:43:3f:f2:37:82:4b:9a:55:c1:53:3c:
         81:32:02:f8:f3:6a:a9:d1:92:c9:43:bb:9e:95:c5:d4:34:aa:
         0a:7a:c2:ed:19:a9:52:ff:08:19:22:40:59:21:8e:11:36:ac:
         77:f0:16:38
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYg9/EusjvZfNtpe41WPMX6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjMwNTIxMTEwNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2RjODA5NjQ4Yjc0NGM4ODVkNTI0ZmY2NGU1NWI4YjE5NzNmOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppTAWlg0hJLoY3LbVBb/cpMbDNii
sDYRA8qEqU/UVt2H03MtQNP4VA90MuuTLc9cMWbKjOZCGgZWz1eHYyEMcmzXqRJt
sv3nKwj5XxEyNZ4fHD2H9PAyS5x5Wt/aPW7zEqfYST4sdw9G5Mum+qw451Lju3ba
q79NBrC2m1/2nKwPbitDoqs2IYmMqW5HnoifHxW9x/v8ga7HeHDxuXx5gNTnhZM1
Iv2DPO+feorPg7O6OIXpqKN76T4H03DhjkOEOwWhz9/WIPR56rb4x+4QtPqrN8nd
x3DaVsc6Ad3dAVRecKySCV0lR12WckgccpY1mA0u3ZuqmszEDYqQL1di1wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCPcgJZIt0TIhdUk/2TlW4sZc/nMMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvSTl5QWxraTNSTWlGMVNUX1pPVmJpeGx6LWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBAI+PIQD
BAE+PIgwDAMEAD48iwMEBD48gAMEAD48kQMEAdWwBAMEANWwYDAMAwQB1bB6AwQB
1bB8MA0GCSqGSIb3DQEBCwUAA4IBAQBdSzj40VogNQuf+H1/f2olzeljEzD2UhF+
aKM2woJgtZjtWAshFWCZrdhFPtK+ipRwvF2b0q1JpfsALNDg86mN5wqjdIp95Xf1
JTt1XaQivv8KqjkTqTiz/Wn9ORp1HC4fiGkXu6YFkh5gj8uWPjevT7T3fKGWC8FP
V5/3oJPcA4vGlVlkCiXTNkEVeg4TvIylak2TYLUkfovXjo2wADASaIByz423savZ
AcVJkz9JG0ZvsYe2ASpavgo+Rt6O66DPYSlNjxFts5Kr/k69Qz/yN4JLmlXBUzyB
MgL482qp0ZLJQ7uelcXUNKoKesLtGalS/wgZIkBZIY4RNqx38BY4
-----END CERTIFICATE-----