Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/3un5ZXL1nJdQIqktTxmpBnRhtIw.roa
File:                     3un5ZXL1nJdQIqktTxmpBnRhtIw.roa (raw, json)
Hash identifier:          LiJ4hJsCasBGKwGe4QowHW2Gm7mpXn6SZoCpopFiOlM=
Subject key identifier:   DE:E9:F9:65:72:F5:9C:97:50:22:A9:2D:4F:19:A9:06:74:61:B4:8C
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       0185727A1E32B7230D7940672515502C4D58
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/3un5ZXL1nJdQIqktTxmpBnRhtIw.roa
Signing time:             Mon 02 Jan 2023 12:34:43 +0000
ROA not before:           Mon 02 Jan 2023 12:34:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51759
IP address blocks:        46.36.108.0/24 maxlen: 24
                          46.36.108.0/23 maxlen: 23
                          46.36.107.0/24 maxlen: 24
                          46.36.106.0/24 maxlen: 24
                          46.36.110.0/24 maxlen: 24
                          46.36.109.0/24 maxlen: 24
                          46.36.97.0/24 maxlen: 24
                          46.36.96.0/23 maxlen: 23
                          46.36.96.0/24 maxlen: 24
                          46.36.102.0/24 maxlen: 24
                          46.36.101.0/24 maxlen: 24
                          46.36.100.0/24 maxlen: 24
                          46.36.100.0/22 maxlen: 22
                          46.36.99.0/24 maxlen: 24
                          46.36.105.0/24 maxlen: 24
                          46.36.104.0/22 maxlen: 22
                          46.36.104.0/24 maxlen: 24
                          46.36.103.0/24 maxlen: 24
                          46.36.102.0/23 maxlen: 23

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:7a:1e:32:b7:23:0d:79:40:67:25:15:50:2c:4d:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Jan  2 12:34:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dee9f96572f59c975022a92d4f19a9067461b48c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:49:fe:3e:ff:53:de:8e:87:46:7c:32:62:e4:
                    81:62:8d:e4:cd:f9:e2:89:fd:12:14:14:97:72:a1:
                    5c:84:58:a4:7e:d7:37:f9:c3:58:ee:e8:36:6e:cc:
                    45:53:ba:e6:33:02:1d:10:98:4e:06:1a:70:15:f5:
                    95:ef:d2:20:42:41:cf:90:ee:4f:d1:97:ba:f2:c4:
                    0d:e0:af:7a:af:fa:5d:1a:7f:20:ae:3b:58:33:cc:
                    0c:2e:c8:b1:31:35:b6:83:02:d1:3f:aa:cf:32:58:
                    5a:2e:4d:8f:d6:1b:8a:28:29:6f:9c:70:2d:b0:2a:
                    cd:48:c6:6e:55:c8:32:4b:f3:f4:aa:b7:7c:91:85:
                    b0:0e:81:db:95:1a:12:57:49:8b:b5:d3:98:93:4f:
                    f0:17:0f:0a:e4:3e:90:13:74:54:94:eb:12:86:a2:
                    b9:26:2c:05:f2:e5:24:3b:e3:73:77:5b:7a:d6:46:
                    7a:75:f9:f0:93:d1:33:81:9b:3f:d7:48:14:a3:c7:
                    22:9c:c2:c3:07:f0:c7:56:06:8f:b1:3d:52:6d:a9:
                    a9:85:dc:04:ac:05:30:52:3a:af:b5:92:7d:f9:20:
                    71:37:19:ff:ce:31:9a:02:4d:05:c7:33:f2:5b:6c:
                    00:da:52:b5:c3:0c:11:fc:4c:4f:11:51:51:df:7b:
                    14:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:E9:F9:65:72:F5:9C:97:50:22:A9:2D:4F:19:A9:06:74:61:B4:8C
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/3un5ZXL1nJdQIqktTxmpBnRhtIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.96.0/23
                  46.36.99.0-46.36.110.255

    Signature Algorithm: sha256WithRSAEncryption
         0d:79:2d:f3:d7:cc:de:39:1a:39:9d:57:b4:41:0d:b5:c1:d7:
         b1:fd:95:b9:78:25:2b:e7:f3:6a:49:61:bd:22:17:90:f3:c8:
         ed:ef:10:3b:ce:c8:f0:38:3e:10:ef:41:3f:12:4e:97:04:7b:
         1b:8e:31:0f:8f:ac:9b:e3:e2:a0:60:fe:4f:ff:1f:cc:b4:7c:
         33:97:bd:c3:73:5a:0e:8e:de:03:d5:8e:cc:c2:44:9e:d9:c3:
         0e:b6:52:41:bc:e7:82:0f:d8:18:11:3c:0a:58:29:e8:75:09:
         a1:23:bc:c6:6d:79:7c:f3:d2:f0:52:1e:73:98:d6:c5:df:24:
         c6:5a:bd:52:2c:30:b1:42:02:a7:b7:91:75:be:e3:c6:69:90:
         e2:d3:a3:e6:f7:f0:8d:e4:99:71:4d:79:0d:bf:21:cf:40:37:
         f7:55:36:5c:e3:b5:a4:91:04:06:a9:e1:2d:08:73:04:3d:8c:
         fa:cc:93:17:2b:71:c5:3a:51:bc:23:62:01:d6:e7:92:61:ad:
         a7:00:75:cc:07:50:43:a9:8d:bc:1e:33:3d:e6:38:bf:e2:d0:
         cc:02:dc:f0:fe:6d:d1:22:11:e7:d8:e0:c2:03:7d:8e:68:b4:
         32:7e:47:18:3e:fb:34:01:7b:30:65:26:21:c0:0d:23:f6:0b:
         4d:30:e9:21
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVyeh4ytyMNeUBnJRVQLE1YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjMwMTAyMTIzNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWU5Zjk2NTcyZjU5Yzk3NTAyMmE5MmQ0ZjE5YTkwNjc0NjFiNDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUn+Pv9T3o6HRnwyYuSBYo3kzfni
if0SFBSXcqFchFikftc3+cNY7ug2bsxFU7rmMwIdEJhOBhpwFfWV79IgQkHPkO5P
0Ze68sQN4K96r/pdGn8grjtYM8wMLsixMTW2gwLRP6rPMlhaLk2P1huKKClvnHAt
sCrNSMZuVcgyS/P0qrd8kYWwDoHblRoSV0mLtdOYk0/wFw8K5D6QE3RUlOsShqK5
JiwF8uUkO+Nzd1t61kZ6dfnwk9EzgZs/10gUo8cinMLDB/DHVgaPsT1SbamphdwE
rAUwUjqvtZJ9+SBxNxn/zjGaAk0FxzPyW2wA2lK1wwwR/ExPEVFR33sUQwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFN7p+WVy9ZyXUCKpLU8ZqQZ0YbSMMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvM3VuNVpYTDFuSmRRSXFrdFR4bXBCblJodEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBLiRgMAwD
BAAuJGMDBAAuJG4wDQYJKoZIhvcNAQELBQADggEBAA15LfPXzN45GjmdV7RBDbXB
17H9lbl4JSvn82pJYb0iF5DzyO3vEDvOyPA4PhDvQT8STpcEexuOMQ+PrJvj4qBg
/k//H8y0fDOXvcNzWg6O3gPVjszCRJ7Zww62UkG854IP2BgRPApYKeh1CaEjvMZt
eXzz0vBSHnOY1sXfJMZavVIsMLFCAqe3kXW+48ZpkOLTo+b38I3kmXFNeQ2/Ic9A
N/dVNlzjtaSRBAap4S0IcwQ9jPrMkxcrccU6UbwjYgHW55JhracAdcwHUEOpjbwe
Mz3mOL/i0MwC3PD+bdEiEefY4MIDfY5otDJ+Rxg++zQBezBlJiHADSP2C00w6SE=
-----END CERTIFICATE-----