Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/EKXvHMBSP3adaaHJan1WRmOsFuM.roa
File:                     EKXvHMBSP3adaaHJan1WRmOsFuM.roa (raw, json)
Hash identifier:          8DzRa0TJTESNIdclRpQ5Ps0fvcxyU1n+4nVqSBgXgdo=
Subject key identifier:   10:A5:EF:1C:C0:52:3F:76:9D:69:A1:C9:6A:7D:56:46:63:AC:16:E3
Certificate issuer:       /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial:       018962DA2631E4B09500223267014BA00B69
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/EKXvHMBSP3adaaHJan1WRmOsFuM.roa
Signing time:             Mon 17 Jul 2023 07:56:51 +0000
ROA not before:           Mon 17 Jul 2023 07:56:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61220
IP address blocks:        193.31.118.0/24 maxlen: 24
                          193.31.117.0/24 maxlen: 24
                          193.31.119.0/24 maxlen: 24
                          89.43.78.0/24 maxlen: 24
                          84.54.14.0/24 maxlen: 24
                          84.54.15.0/24 maxlen: 24
                          185.81.152.0/24 maxlen: 24
                          185.81.155.0/24 maxlen: 24
                          213.226.117.0/24 maxlen: 24
                          185.81.153.0/24 maxlen: 24
                          185.81.154.0/24 maxlen: 24
                          86.104.14.0/24 maxlen: 24
                          176.98.42.0/24 maxlen: 24
                          176.98.43.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:62:da:26:31:e4:b0:95:00:22:32:67:01:4b:a0:0b:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
        Validity
            Not Before: Jul 17 07:56:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=10a5ef1cc0523f769d69a1c96a7d564663ac16e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c4:c8:0a:f6:f7:ad:f7:0c:d4:e8:3a:e9:6e:
                    e6:29:62:fc:a6:98:6d:4a:24:6d:6e:3b:8f:e6:f9:
                    5d:6e:70:71:4b:f1:bf:34:c1:f4:70:11:77:c4:f2:
                    37:99:c9:55:d8:47:11:a1:4a:24:4c:8f:5a:da:9d:
                    0d:e2:f9:85:57:7f:a0:45:60:6f:a3:98:28:c7:dc:
                    14:8a:5a:5f:f1:f6:68:52:2f:19:fe:75:3a:29:80:
                    c9:f1:c5:50:62:24:77:8e:c6:1c:7a:33:65:76:fe:
                    78:80:c1:05:ec:d5:53:77:92:14:49:21:19:c3:e2:
                    9e:01:1d:e9:ca:ba:64:b3:35:0d:ee:62:35:cd:67:
                    5e:51:5b:1f:d6:ae:d0:e6:26:ba:43:fa:a0:39:a7:
                    a9:5b:3f:ed:c8:60:0d:16:97:d7:74:e9:08:53:39:
                    02:5b:cc:04:cd:c9:2b:ae:73:14:1b:ab:a1:bb:30:
                    5b:77:c0:3a:60:f9:2c:fc:5a:c0:48:17:05:f1:90:
                    18:dd:bd:d1:66:ab:d0:0d:ed:4c:47:4b:63:79:e7:
                    9a:76:3a:f6:6d:9f:93:3f:8f:2a:d2:44:c8:fd:d0:
                    5b:6f:02:c2:b5:f1:00:46:aa:92:b2:32:0c:47:9f:
                    bb:5e:c1:e3:01:3a:bc:7d:2e:c4:b6:03:2e:74:20:
                    92:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:A5:EF:1C:C0:52:3F:76:9D:69:A1:C9:6A:7D:56:46:63:AC:16:E3
            X509v3 Authority Key Identifier:
                keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/EKXvHMBSP3adaaHJan1WRmOsFuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.14.0/23
                  86.104.14.0/24
                  89.43.78.0/24
                  176.98.42.0/23
                  185.81.152.0/22
                  193.31.117.0-193.31.119.255
                  213.226.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:09:b3:36:fa:da:d9:66:01:85:a2:38:8d:32:e1:c7:df:0e:
         f4:ad:64:ee:c6:f6:23:cf:97:7a:e9:c8:98:9f:78:94:64:a3:
         51:2a:3b:6c:39:a1:ae:69:ec:22:c7:fb:b2:b8:fa:21:09:75:
         6b:81:e3:4d:69:a0:48:54:e4:1b:97:a3:42:cb:3a:cc:91:a0:
         76:0a:8f:69:37:fa:55:7a:46:fb:56:89:be:08:22:5e:e9:56:
         a2:d7:32:0c:0a:fa:12:49:21:76:ce:55:04:3f:30:b7:7e:1c:
         9f:00:c7:9f:f4:75:91:6a:e1:be:73:4f:fe:ef:ba:9b:9f:0a:
         9c:2d:64:3a:54:18:1e:3d:e0:9c:44:66:54:f6:41:c4:a1:cf:
         81:db:fd:4f:b8:6f:35:00:0b:2a:38:8a:cb:9c:99:69:ed:91:
         c4:72:96:68:67:81:b9:85:84:00:dd:d0:c8:b9:56:a0:15:c8:
         18:18:58:8b:30:ad:1f:f3:8d:85:2f:82:84:1f:cb:85:af:6d:
         d9:48:ad:dc:96:3d:94:72:84:05:55:ae:c6:70:d3:6a:7a:77:
         32:86:b4:2c:c5:43:77:f4:9d:49:26:81:59:4d:a3:be:7f:74:
         57:e3:a5:2e:14:c8:5d:49:4b:09:64:64:67:91:62:41:4d:2a:
         9a:48:c7:5b
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYli2iYx5LCVACIyZwFLoAtpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjMwNzE3MDc1NjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGE1ZWYxY2MwNTIzZjc2OWQ2OWExYzk2YTdkNTY0NjYzYWMxNmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsTICvb3rfcM1Og66W7mKWL8ppht
SiRtbjuP5vldbnBxS/G/NMH0cBF3xPI3mclV2EcRoUokTI9a2p0N4vmFV3+gRWBv
o5gox9wUilpf8fZoUi8Z/nU6KYDJ8cVQYiR3jsYcejNldv54gMEF7NVTd5IUSSEZ
w+KeAR3pyrpkszUN7mI1zWdeUVsf1q7Q5ia6Q/qgOaepWz/tyGANFpfXdOkIUzkC
W8wEzckrrnMUG6uhuzBbd8A6YPks/FrASBcF8ZAY3b3RZqvQDe1MR0tjeeeadjr2
bZ+TP48q0kTI/dBbbwLCtfEARqqSsjIMR5+7XsHjATq8fS7EtgMudCCS8wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFBCl7xzAUj92nWmhyWp9VkZjrBbjMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvRUtYdkhNQlNQM2FkYWFISmFuMVdSbU9zRnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBVDYOAwQA
VmgOAwQAWStOAwQBsGIqAwQCuVGYMAwDBADBH3UDBAPBH3ADBADV4nUwDQYJKoZI
hvcNAQELBQADggEBAKMJszb62tlmAYWiOI0y4cffDvStZO7G9iPPl3rpyJifeJRk
o1EqO2w5oa5p7CLH+7K4+iEJdWuB401poEhU5BuXo0LLOsyRoHYKj2k3+lV6RvtW
ib4IIl7pVqLXMgwK+hJJIXbOVQQ/MLd+HJ8Ax5/0dZFq4b5zT/7vupufCpwtZDpU
GB494JxEZlT2QcShz4Hb/U+4bzUACyo4isucmWntkcRylmhngbmFhADd0Mi5VqAV
yBgYWIswrR/zjYUvgoQfy4WvbdlIrdyWPZRyhAVVrsZw02p6dzKGtCzFQ3f0nUkm
gVlNo75/dFfjpS4UyF1JSwlkZGeRYkFNKppIx1s=
-----END CERTIFICATE-----