Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/7HRWTvNewcQiFwkD6ub7I8m4XiA.roa
File:                     7HRWTvNewcQiFwkD6ub7I8m4XiA.roa (raw, json)
Hash identifier:          /Vf1yQpMt9r+DVC+PAuZbLFEHHhArv4XSkHaaaGRRPM=
Subject key identifier:   EC:74:56:4E:F3:5E:C1:C4:22:17:09:03:EA:E6:FB:23:C9:B8:5E:20
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       018B158BA6E13398ADDCA02FE870E51E9986
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/7HRWTvNewcQiFwkD6ub7I8m4XiA.roa
Signing time:             Mon 09 Oct 2023 17:45:55 +0000
ROA not before:           Mon 09 Oct 2023 17:45:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51759
IP address blocks:        46.36.108.0/24 maxlen: 24
                          46.36.108.0/23 maxlen: 23
                          46.36.107.0/24 maxlen: 24
                          46.36.106.0/24 maxlen: 24
                          46.36.110.0/24 maxlen: 24
                          46.36.109.0/24 maxlen: 24
                          46.36.97.0/24 maxlen: 24
                          46.36.96.0/23 maxlen: 23
                          46.36.96.0/24 maxlen: 24
                          46.36.102.0/24 maxlen: 24
                          46.36.101.0/24 maxlen: 24
                          46.36.100.0/24 maxlen: 24
                          46.36.100.0/22 maxlen: 22
                          46.36.105.0/24 maxlen: 24
                          46.36.104.0/22 maxlen: 22
                          46.36.104.0/24 maxlen: 24
                          46.36.103.0/24 maxlen: 24
                          46.36.102.0/23 maxlen: 23

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:15:8b:a6:e1:33:98:ad:dc:a0:2f:e8:70:e5:1e:99:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Oct  9 17:45:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ec74564ef35ec1c422170903eae6fb23c9b85e20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:89:fc:5f:15:fa:23:1e:df:f2:a7:d4:af:c5:
                    88:53:0b:f1:6b:95:4c:1d:07:5a:92:9b:2e:3d:dd:
                    d3:71:2d:18:80:6a:94:92:67:8b:c4:44:91:5a:2a:
                    7a:59:83:fc:d9:6d:83:fd:77:ec:28:e2:0b:ad:86:
                    b1:37:fd:4c:92:46:45:74:07:58:7e:d3:03:2b:56:
                    b6:cc:66:96:0b:1d:65:3d:ce:cb:de:54:0a:aa:f3:
                    97:23:fd:5e:37:24:4a:27:25:2f:7f:b5:35:0c:83:
                    1a:e0:d4:1b:60:08:02:53:77:b7:f8:44:cb:3f:50:
                    cd:35:91:5b:7c:d5:bf:f5:bd:95:ca:47:b3:6c:bd:
                    96:c9:2a:92:69:07:79:52:11:3e:f1:48:bb:4c:01:
                    96:cc:7f:fb:6f:90:21:ca:b8:b8:de:35:57:d6:8d:
                    66:d5:01:6b:fb:b6:92:e3:40:e2:31:5d:55:ab:18:
                    f5:aa:43:54:9f:80:f5:94:3b:5d:8d:2e:cf:02:df:
                    ce:63:02:f0:b7:df:7b:a7:63:26:68:97:46:f8:1c:
                    64:69:1e:f8:bf:c1:5b:e0:e9:91:49:dd:47:52:7b:
                    94:aa:e2:e5:14:1e:12:8b:e8:99:ad:cb:d4:7a:d4:
                    a9:96:64:24:9f:cf:37:47:f1:a0:f9:ba:b2:c7:4f:
                    c6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:74:56:4E:F3:5E:C1:C4:22:17:09:03:EA:E6:FB:23:C9:B8:5E:20
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/7HRWTvNewcQiFwkD6ub7I8m4XiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.96.0/23
                  46.36.100.0-46.36.110.255

    Signature Algorithm: sha256WithRSAEncryption
         34:08:e7:3d:72:6e:6b:52:06:83:e1:8a:92:10:1f:4f:5e:f2:
         00:e9:65:76:40:eb:1c:9d:1d:7c:63:d4:3b:ba:bd:93:41:8d:
         bf:22:b0:77:7e:42:17:db:96:e6:c1:af:c7:55:97:98:e5:dc:
         e3:36:ef:f4:66:ec:cf:57:38:56:b6:24:47:74:82:11:99:07:
         18:c5:3e:b1:1d:9c:db:7d:f7:71:6d:97:e1:81:fc:ec:eb:f4:
         43:cb:31:c2:4c:4e:ae:dc:5e:fe:9a:61:27:22:81:83:2d:48:
         6f:d3:c1:2b:09:1e:8a:d1:dc:10:c5:4b:86:62:cc:bc:60:97:
         c6:ee:a8:3d:ec:05:01:48:09:2d:09:03:ce:c9:68:94:c4:1d:
         4a:12:49:b4:d8:94:1f:b1:3a:aa:f5:d5:96:da:21:a5:b9:ce:
         a9:b5:d2:49:0f:3d:10:1c:62:4d:0e:3d:0f:46:5b:1b:7d:b5:
         01:f9:ce:82:73:dc:ab:b1:32:45:4f:4d:bd:3a:3d:66:ee:28:
         a5:14:67:34:96:24:60:a8:7b:20:cc:3b:4c:70:b3:ec:1d:c0:
         20:81:f4:e8:a2:52:44:b7:f2:c4:ee:bf:f0:c0:90:50:41:87:
         f2:9c:02:4d:c9:fe:a8:ed:1e:52:09:c9:e4:ba:de:49:66:9e:
         60:dc:b3:f5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYsVi6bhM5it3KAv6HDlHpmGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjMxMDA5MTc0NTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzc0NTY0ZWYzNWVjMWM0MjIxNzA5MDNlYWU2ZmIyM2M5Yjg1ZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYn8XxX6Ix7f8qfUr8WIUwvxa5VM
HQdakpsuPd3TcS0YgGqUkmeLxESRWip6WYP82W2D/XfsKOILrYaxN/1MkkZFdAdY
ftMDK1a2zGaWCx1lPc7L3lQKqvOXI/1eNyRKJyUvf7U1DIMa4NQbYAgCU3e3+ETL
P1DNNZFbfNW/9b2VykezbL2WySqSaQd5UhE+8Ui7TAGWzH/7b5Ahyri43jVX1o1m
1QFr+7aS40DiMV1Vqxj1qkNUn4D1lDtdjS7PAt/OYwLwt997p2MmaJdG+BxkaR74
v8Fb4OmRSd1HUnuUquLlFB4Si+iZrcvUetSplmQkn883R/Gg+bqyx0/GnwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOx0Vk7zXsHEIhcJA+rm+yPJuF4gMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvN0hSV1R2TmV3Y1FpRndrRDZ1YjdJOG00WGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBLiRgMAwD
BAIuJGQDBAAuJG4wDQYJKoZIhvcNAQELBQADggEBADQI5z1ybmtSBoPhipIQH09e
8gDpZXZA6xydHXxj1Du6vZNBjb8isHd+QhfblubBr8dVl5jl3OM27/Rm7M9XOFa2
JEd0ghGZBxjFPrEdnNt993Ftl+GB/Ozr9EPLMcJMTq7cXv6aYScigYMtSG/TwSsJ
HorR3BDFS4ZizLxgl8buqD3sBQFICS0JA87JaJTEHUoSSbTYlB+xOqr11ZbaIaW5
zqm10kkPPRAcYk0OPQ9GWxt9tQH5zoJz3KuxMkVPTb06PWbuKKUUZzSWJGCoeyDM
O0xws+wdwCCB9OiiUkS38sTuv/DAkFBBh/KcAk3J/qjtHlIJyeS63klmnmDcs/U=
-----END CERTIFICATE-----