Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/KViao_NbOv3JHot7pmwMvpATwco.roa
File:                     KViao_NbOv3JHot7pmwMvpATwco.roa (raw, json)
Hash identifier:          1vMr3lw5VeN+vL7q23uLtHY1XVITrNdnSCKDZHFTgNw=
Subject key identifier:   29:58:9A:A3:F3:5B:3A:FD:C9:1E:8B:7B:A6:6C:0C:BE:90:13:C1:CA
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01880B14AE1B09765B0C8595A3F8A4835C71
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/KViao_NbOv3JHot7pmwMvpATwco.roa
Signing time:             Thu 11 May 2023 13:51:24 +0000
ROA not before:           Thu 11 May 2023 13:51:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     399130
IP address blocks:        195.138.109.0/24 maxlen: 24
                          195.138.110.0/24 maxlen: 24
                          195.138.116.0/24 maxlen: 24
                          195.138.117.0/24 maxlen: 24
                          195.138.115.0/24 maxlen: 24
                          195.138.113.0/24 maxlen: 24
                          195.138.125.0/24 maxlen: 24
                          195.138.123.0/24 maxlen: 24
                          195.138.124.0/24 maxlen: 24
                          195.138.119.0/24 maxlen: 24
                          195.138.121.0/24 maxlen: 24
                          195.138.126.0/24 maxlen: 24
                          195.138.127.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:0b:14:ae:1b:09:76:5b:0c:85:95:a3:f8:a4:83:5c:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: May 11 13:51:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=29589aa3f35b3afdc91e8b7ba66c0cbe9013c1ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6c:57:a2:93:1e:a8:61:b3:f0:82:4f:7a:2a:
                    ae:a3:d3:b1:bc:c3:22:56:59:7a:53:0d:8e:91:c1:
                    6a:3d:3c:c9:cd:62:bf:84:4e:40:c9:fa:90:b7:64:
                    db:10:ef:ed:b6:14:3d:b9:a5:97:0b:87:d8:ff:ad:
                    b2:ef:ab:72:54:0f:a2:ab:cc:4f:30:c8:da:7f:ad:
                    73:47:38:20:04:8e:32:d2:7f:89:a8:06:7d:0e:62:
                    9d:14:bd:58:e5:44:25:86:e8:95:72:e1:e5:29:b7:
                    58:fd:ae:46:6a:e9:31:5e:e6:25:93:a9:22:8d:8c:
                    f0:0f:57:0d:a0:5e:38:a8:46:ec:07:0a:23:7d:3d:
                    ec:8e:54:41:54:5e:80:c9:b2:e9:8e:be:24:5e:76:
                    f9:62:18:e6:aa:0a:18:2f:69:23:5c:38:37:45:24:
                    f9:62:d5:4f:7e:cb:17:6d:74:fa:7e:38:6d:16:30:
                    ba:c5:dc:77:92:09:d6:89:14:20:83:04:a9:81:3f:
                    b5:6d:8c:0d:fe:cc:f3:06:71:cb:a6:a9:2c:57:6d:
                    e4:12:09:aa:3a:b1:9b:e7:e5:79:b6:70:47:ca:f2:
                    f0:0b:89:bf:4c:3e:dc:39:d4:1b:b4:cd:71:c4:a2:
                    c6:32:37:4d:18:76:d1:5a:18:e5:e9:5a:57:09:e2:
                    7f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:58:9A:A3:F3:5B:3A:FD:C9:1E:8B:7B:A6:6C:0C:BE:90:13:C1:CA
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/KViao_NbOv3JHot7pmwMvpATwco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.109.0-195.138.110.255
                  195.138.113.0/24
                  195.138.115.0-195.138.117.255
                  195.138.119.0/24
                  195.138.121.0/24
                  195.138.123.0-195.138.127.255

    Signature Algorithm: sha256WithRSAEncryption
         5b:67:b9:df:bc:cb:69:cf:db:b0:2a:0c:23:20:a6:4f:42:fc:
         9e:81:5c:d4:eb:a5:4a:eb:21:cb:8a:e4:ab:60:cd:17:d9:a1:
         ce:a3:25:9f:3e:0e:7a:ae:02:44:41:09:5d:c6:87:b0:74:e4:
         5e:8f:15:d7:4c:5f:14:d3:4d:f4:29:dc:18:df:61:0f:1c:2d:
         c6:e0:48:40:0b:2a:58:6a:5e:e2:0b:79:65:df:27:be:f6:65:
         f9:9a:3a:a1:62:29:42:dc:c9:fb:97:42:34:50:3b:eb:94:05:
         c2:83:1f:b3:b0:6c:7d:46:a5:cf:c0:0e:e2:5b:0d:72:9e:2e:
         c9:bf:07:ca:a2:3b:ca:a8:51:db:3d:68:01:12:f4:10:f4:e0:
         32:67:a7:a5:f8:a2:6d:fc:0b:ca:e1:6d:3b:50:b6:7f:41:79:
         42:9e:3a:5a:ce:2a:6d:ff:f4:56:8b:02:66:d1:c3:ee:c0:95:
         1a:ad:ec:04:4b:37:67:cf:9f:a8:b2:db:c4:19:f7:1f:bf:8a:
         e9:4d:a7:e0:6f:38:b6:a3:a9:52:1a:39:86:a9:dd:72:2e:27:
         dc:ef:22:cd:ab:a9:4e:32:34:d0:6e:7d:b5:42:28:8c:f9:cc:
         30:de:cb:b4:85:70:bf:df:70:f8:34:be:30:1f:05:33:ab:48:
         0b:2a:85:0d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYgLFK4bCXZbDIWVo/ikg1xxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwNTExMTM1MTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTU4OWFhM2YzNWIzYWZkYzkxZThiN2JhNjZjMGNiZTkwMTNjMWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGxXopMeqGGz8IJPeiquo9OxvMMi
Vll6Uw2OkcFqPTzJzWK/hE5AyfqQt2TbEO/tthQ9uaWXC4fY/62y76tyVA+iq8xP
MMjaf61zRzggBI4y0n+JqAZ9DmKdFL1Y5UQlhuiVcuHlKbdY/a5GaukxXuYlk6ki
jYzwD1cNoF44qEbsBwojfT3sjlRBVF6AybLpjr4kXnb5YhjmqgoYL2kjXDg3RST5
YtVPfssXbXT6fjhtFjC6xdx3kgnWiRQggwSpgT+1bYwN/szzBnHLpqksV23kEgmq
OrGb5+V5tnBHyvLwC4m/TD7cOdQbtM1xxKLGMjdNGHbRWhjl6VpXCeJ/JwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFClYmqPzWzr9yR6Le6ZsDL6QE8HKMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvS1ZpYW9fTmJPdjNKSG90N3Btd012cEFUd2NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8MAwDBADDim0D
BADDim4DBADDinEwDAMEAMOKcwMEAcOKdAMEAMOKdwMEAMOKeTAMAwQAw4p7AwQH
w4oAMA0GCSqGSIb3DQEBCwUAA4IBAQBbZ7nfvMtpz9uwKgwjIKZPQvyegVzU66VK
6yHLiuSrYM0X2aHOoyWfPg56rgJEQQldxoewdORejxXXTF8U0030KdwY32EPHC3G
4EhACypYal7iC3ll3ye+9mX5mjqhYilC3Mn7l0I0UDvrlAXCgx+zsGx9RqXPwA7i
Ww1yni7JvwfKojvKqFHbPWgBEvQQ9OAyZ6el+KJt/AvK4W07ULZ/QXlCnjpazipt
//RWiwJm0cPuwJUarewESzdnz5+ostvEGfcfv4rpTafgbzi2o6lSGjmGqd1yLifc
7yLNq6lOMjTQbn21QiiM+cww3su0hXC/33D4NL4wHwUzq0gLKoUN
-----END CERTIFICATE-----