Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/H8uo1Q9ki5H3otoxYeOxAzfsj5A.roa
File:                     H8uo1Q9ki5H3otoxYeOxAzfsj5A.roa (raw, json)
Hash identifier:          sjcGJhCylO3XKnpxxZEdxQUnet1hMAMqDJigMsB36GU=
Subject key identifier:   1F:CB:A8:D5:0F:64:8B:91:F7:A2:DA:31:61:E3:B1:03:37:EC:8F:90
Certificate issuer:       /CN=29b3a717665a1137e99dc8fad22e3e7f98db8973
Certificate serial:       018572C38A2453B647233F937821099E373D
Authority key identifier: 29:B3:A7:17:66:5A:11:37:E9:9D:C8:FA:D2:2E:3E:7F:98:DB:89:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KbOnF2ZaETfpncj60i4-f5jbiXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/H8uo1Q9ki5H3otoxYeOxAzfsj5A.roa
Signing time:             Mon 02 Jan 2023 13:54:55 +0000
ROA not before:           Mon 02 Jan 2023 13:54:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42675
IP address blocks:        217.64.148.0/23 maxlen: 23
                          185.157.162.0/24 maxlen: 24
                          217.64.150.0/24 maxlen: 24
                          185.157.160.0/23 maxlen: 23
                          2a07:a880:4603::/48 maxlen: 48
                          2a07:a880:3101::/48 maxlen: 48
                          2a07:a880:4601::/48 maxlen: 48
                          2a07:a880:4701::/48 maxlen: 48
                          2a07:a880:4604::/48 maxlen: 48
                          2a07:a880:4602::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:c3:8a:24:53:b6:47:23:3f:93:78:21:09:9e:37:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29b3a717665a1137e99dc8fad22e3e7f98db8973
        Validity
            Not Before: Jan  2 13:54:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1fcba8d50f648b91f7a2da3161e3b10337ec8f90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:17:55:6c:65:fe:a3:53:45:5a:6a:df:ed:44:
                    2c:18:67:7d:74:37:9f:c3:fc:1b:50:01:3e:b1:ce:
                    b7:2d:37:c9:b9:bb:e0:3a:a0:5d:52:a5:d8:c0:8c:
                    99:f6:de:5b:c7:87:6e:14:58:cb:24:c0:fc:d9:da:
                    10:9a:43:df:33:73:88:57:18:ab:07:a2:c0:a2:04:
                    e3:d3:ca:42:7c:ee:58:8d:bd:5f:64:7d:d6:5a:b5:
                    bc:96:ca:ef:2e:ae:d5:67:3d:32:d9:ff:e6:d4:58:
                    8f:97:a9:3c:54:2e:f1:cc:54:d2:72:83:6c:1c:2a:
                    01:56:2b:44:fc:87:7a:2d:bd:a9:c6:b1:3e:cd:0d:
                    d5:bb:ee:f6:9f:ae:86:5b:36:ce:78:1d:e4:73:ef:
                    1b:1e:31:75:55:07:38:31:6b:f5:60:cc:89:0f:75:
                    31:b4:8f:8d:1c:50:34:56:29:21:a9:77:d3:30:1e:
                    3f:95:9f:ae:20:26:7b:84:c2:48:d0:10:b5:d4:d9:
                    74:1a:df:86:63:3a:4f:fc:a9:52:28:dd:53:b2:51:
                    ee:c5:17:89:a6:e9:a9:77:7c:45:1a:05:db:19:e5:
                    57:c1:e2:96:64:eb:61:05:d7:c3:e4:c3:5e:cf:d4:
                    d0:3c:ff:25:09:c9:a6:96:d2:48:9e:d4:65:b6:3a:
                    5a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:CB:A8:D5:0F:64:8B:91:F7:A2:DA:31:61:E3:B1:03:37:EC:8F:90
            X509v3 Authority Key Identifier:
                keyid:29:B3:A7:17:66:5A:11:37:E9:9D:C8:FA:D2:2E:3E:7F:98:DB:89:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KbOnF2ZaETfpncj60i4-f5jbiXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/H8uo1Q9ki5H3otoxYeOxAzfsj5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/KbOnF2ZaETfpncj60i4-f5jbiXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.160.0-185.157.162.255
                  217.64.148.0-217.64.150.255
                IPv6:
                  2a07:a880:3101::/48
                  2a07:a880:4601::-2a07:a880:4604:ffff:ffff:ffff:ffff:ffff
                  2a07:a880:4701::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:53:ea:79:1e:72:a6:8c:2f:50:13:23:0f:c5:00:bf:21:ff:
         b0:94:52:b2:48:18:19:56:04:b3:18:b7:80:9b:3f:1a:43:3e:
         48:0d:36:01:ff:d7:04:34:f2:7a:17:ed:fe:9d:f0:09:a8:1f:
         64:39:a8:b3:c4:8e:f9:81:5c:5a:82:1c:d7:97:19:c7:cd:a0:
         f2:2b:67:bd:c1:a9:c6:05:ca:b5:e5:d7:50:83:25:0f:a0:21:
         32:74:e2:5b:36:7c:55:c4:a3:1a:2b:29:01:eb:b8:54:91:72:
         d6:19:92:bc:62:04:a1:4d:1a:ae:ad:df:47:38:f2:04:0c:1e:
         4a:00:aa:a0:b2:a3:b8:d6:96:df:12:36:af:48:13:b2:fd:d0:
         2c:89:6c:c0:15:1e:d7:92:dd:42:4d:eb:87:7f:28:82:a4:28:
         53:40:6e:29:86:f5:5c:8a:fd:d0:e5:d3:31:41:72:15:c7:63:
         e9:53:c8:f5:f0:be:7e:a1:ae:62:3a:38:58:16:39:ae:48:8a:
         4d:40:8e:ae:f2:bf:02:91:24:c6:cb:86:b2:60:40:3e:78:7c:
         92:dc:43:f2:72:d8:e9:87:4f:ac:aa:04:6d:2f:d6:1d:3a:c5:
         b4:bd:96:7c:99:25:3e:1b:d3:14:a6:f6:d7:36:47:de:5c:94:
         2f:43:87:8d
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVyw4okU7ZHIz+TeCEJnjc9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YjNhNzE3NjY1YTExMzdlOTlkYzhmYWQyMmUzZTdmOThk
Yjg5NzMwHhcNMjMwMTAyMTM1NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmNiYThkNTBmNjQ4YjkxZjdhMmRhMzE2MWUzYjEwMzM3ZWM4ZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRdVbGX+o1NFWmrf7UQsGGd9dDef
w/wbUAE+sc63LTfJubvgOqBdUqXYwIyZ9t5bx4duFFjLJMD82doQmkPfM3OIVxir
B6LAogTj08pCfO5Yjb1fZH3WWrW8lsrvLq7VZz0y2f/m1FiPl6k8VC7xzFTScoNs
HCoBVitE/Id6Lb2pxrE+zQ3Vu+72n66GWzbOeB3kc+8bHjF1VQc4MWv1YMyJD3Ux
tI+NHFA0VikhqXfTMB4/lZ+uICZ7hMJI0BC11Nl0Gt+GYzpP/KlSKN1TslHuxReJ
pumpd3xFGgXbGeVXweKWZOthBdfD5MNez9TQPP8lCcmmltJIntRltjpaVwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFB/LqNUPZIuR96LaMWHjsQM37I+QMB8GA1UdIwQY
MBaAFCmzpxdmWhE36Z3I+tIuPn+Y24lzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JPbkYyWmFFVGZwbmNqNjBpNC1mNWpiaVhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hY2QyOGUtNTJhZS00YWM5LWIwMjgt
NjY5ZjdhNzYxNjMxLzEvSDh1bzFROWtpNUgzb3RveFllT3hBemZzajVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hY2QyOGUtNTJhZS00YWM5LWIwMjgtNjY5ZjdhNzYxNjMx
LzEvS2JPbkYyWmFFVGZwbmNqNjBpNC1mNWpiaVhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjAiBAIAATAcMAwDBAW5naAD
BAC5naIwDAMEAtlAlAMEANlAljAsBAIAAjAmAwcAKgeogDEBMBIDBwAqB6iARgED
BwAqB6iARgQDBwAqB6iARwEwDQYJKoZIhvcNAQELBQADggEBADNT6nkecqaML1AT
Iw/FAL8h/7CUUrJIGBlWBLMYt4CbPxpDPkgNNgH/1wQ08noX7f6d8AmoH2Q5qLPE
jvmBXFqCHNeXGcfNoPIrZ73BqcYFyrXl11CDJQ+gITJ04ls2fFXEoxorKQHruFSR
ctYZkrxiBKFNGq6t30c48gQMHkoAqqCyo7jWlt8SNq9IE7L90CyJbMAVHteS3UJN
64d/KIKkKFNAbimG9VyK/dDl0zFBchXHY+lTyPXwvn6hrmI6OFgWOa5Iik1Ajq7y
vwKRJMbLhrJgQD54fJLcQ/Jy2OmHT6yqBG0v1h06xbS9lnyZJT4b0xSm9tc2R95c
lC9Dh40=
-----END CERTIFICATE-----