Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/D86pKtd5IuaMQT9mwoG0TnR51Dg.roa
File:                     D86pKtd5IuaMQT9mwoG0TnR51Dg.roa (raw, json)
Hash identifier:          gVg4smFvsh3LXNXSma9ZT2tH91PB5InWPb2K4nsbx3M=
Subject key identifier:   0F:CE:A9:2A:D7:79:22:E6:8C:41:3F:66:C2:81:B4:4E:74:79:D4:38
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018A5A54AB1F1CC7CA0521ECF2D3332C1234
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/D86pKtd5IuaMQT9mwoG0TnR51Dg.roa
Signing time:             Sun 03 Sep 2023 09:16:52 +0000
ROA not before:           Sun 03 Sep 2023 09:16:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     174
IP address blocks:        5.105.128.0/24 maxlen: 24
                          5.105.248.0/23 maxlen: 24
                          217.67.78.0/23 maxlen: 24
                          5.105.178.0/24 maxlen: 24
                          5.105.182.0/24 maxlen: 24
                          5.105.181.0/24 maxlen: 24
                          5.105.180.0/24 maxlen: 24
                          5.105.206.0/24 maxlen: 24
                          5.105.110.0/24 maxlen: 24
                          5.105.3.0/24 maxlen: 24
                          5.105.114.0/23 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:5a:54:ab:1f:1c:c7:ca:05:21:ec:f2:d3:33:2c:12:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Sep  3 09:16:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0fcea92ad77922e68c413f66c281b44e7479d438
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:cc:d8:41:74:66:0e:9c:51:60:8e:cd:84:ff:
                    8c:8e:60:51:de:19:64:74:d0:60:13:cb:41:ce:31:
                    12:93:33:c9:7c:f4:b3:ea:ca:fd:4f:1e:62:65:e6:
                    5d:e7:7c:63:78:3b:c2:56:94:08:63:cf:d4:d5:46:
                    29:fd:77:02:cf:07:db:12:c8:0d:90:72:7d:06:03:
                    ad:44:d2:31:c4:25:a5:53:77:9d:1b:49:82:87:68:
                    f4:7f:36:45:43:da:98:88:67:fd:20:a5:b7:56:b9:
                    cd:ec:43:f4:5f:8b:98:c0:4c:f5:97:59:7e:fb:58:
                    57:67:5d:47:22:9c:6a:00:e1:7e:6a:c5:6d:93:41:
                    62:6c:3e:b6:f2:12:cb:b1:0f:6b:0b:3d:7a:7b:91:
                    e8:5b:13:3c:3e:fd:f8:89:6c:7f:65:bc:ee:d5:f2:
                    4a:42:53:df:87:70:3d:f6:09:f2:29:2c:5d:bb:b5:
                    da:2e:7f:fa:2f:1f:20:2b:e7:f7:14:a6:f4:b7:12:
                    97:27:12:b1:62:4d:bc:29:01:bd:8e:7c:91:58:b0:
                    eb:4a:33:6f:30:3f:47:48:1b:b2:5c:b3:2e:72:5c:
                    89:22:0d:29:a8:09:54:8c:72:ca:89:db:10:65:c6:
                    8e:6b:54:61:c3:c8:f9:66:b7:b2:cf:a0:14:b1:21:
                    6c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:CE:A9:2A:D7:79:22:E6:8C:41:3F:66:C2:81:B4:4E:74:79:D4:38
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/D86pKtd5IuaMQT9mwoG0TnR51Dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.3.0/24
                  5.105.110.0/24
                  5.105.114.0/23
                  5.105.128.0/24
                  5.105.178.0/24
                  5.105.180.0-5.105.182.255
                  5.105.206.0/24
                  5.105.248.0/23
                  217.67.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:1d:8a:46:64:62:51:d3:fc:80:34:1c:66:3d:ec:9b:7c:b0:
         9b:99:96:fe:88:65:14:0e:c1:d5:2f:05:97:e7:fb:a4:bf:58:
         88:04:be:67:80:96:8d:b5:c7:86:b7:a4:c9:f9:47:1a:77:5c:
         0f:f6:16:42:81:cf:b5:93:f5:07:64:9b:d2:bb:95:6d:b5:21:
         ef:83:16:4b:b2:8c:49:70:6a:db:73:e0:c8:45:1f:5a:87:ec:
         c4:97:a4:48:cd:70:90:ed:61:e6:05:12:42:99:6a:56:74:44:
         7b:83:be:13:e1:ea:36:04:88:37:e6:4f:b3:a5:38:a9:65:43:
         19:6d:ac:2a:fd:8d:4c:bb:cd:c5:16:d4:24:d8:55:af:d6:e9:
         63:f7:75:e1:2a:e5:b8:6b:07:08:01:e5:2c:63:50:aa:1d:c8:
         03:9b:23:9a:0a:10:67:22:38:79:d6:91:dc:85:be:8e:ea:02:
         52:e5:ec:42:d1:da:7b:b9:e6:6f:10:21:48:b7:58:42:a8:04:
         90:a7:76:ec:5d:26:d8:21:8a:0f:6e:6c:28:c2:cf:0e:1c:42:
         b4:18:86:34:8e:7a:87:74:9a:a4:13:a5:43:0d:b0:51:b0:e8:
         cb:de:52:5b:e3:f7:4e:cf:df:5b:46:28:f3:b5:07:7a:76:89:
         96:f9:f7:6c
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYpaVKsfHMfKBSHs8tMzLBI0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwOTAzMDkxNjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmNlYTkyYWQ3NzkyMmU2OGM0MTNmNjZjMjgxYjQ0ZTc0NzlkNDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyszYQXRmDpxRYI7NhP+MjmBR3hlk
dNBgE8tBzjESkzPJfPSz6sr9Tx5iZeZd53xjeDvCVpQIY8/U1UYp/XcCzwfbEsgN
kHJ9BgOtRNIxxCWlU3edG0mCh2j0fzZFQ9qYiGf9IKW3VrnN7EP0X4uYwEz1l1l+
+1hXZ11HIpxqAOF+asVtk0FibD628hLLsQ9rCz16e5HoWxM8Pv34iWx/Zbzu1fJK
QlPfh3A99gnyKSxdu7XaLn/6Lx8gK+f3FKb0txKXJxKxYk28KQG9jnyRWLDrSjNv
MD9HSBuyXLMuclyJIg0pqAlUjHLKidsQZcaOa1Rhw8j5Zreyz6AUsSFsPQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFA/OqSrXeSLmjEE/ZsKBtE50edQ4MB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvRDg2cEt0ZDVJdWFNUVQ5bXdvRzBUblI1MURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABWkDAwQA
BWluAwQBBWlyAwQABWmAAwQABWmyMAwDBAIFabQDBAAFabYDBAAFac4DBAEFafgD
BAHZQ04wDQYJKoZIhvcNAQELBQADggEBAAYdikZkYlHT/IA0HGY97Jt8sJuZlv6I
ZRQOwdUvBZfn+6S/WIgEvmeAlo21x4a3pMn5Rxp3XA/2FkKBz7WT9Qdkm9K7lW21
Ie+DFkuyjElwattz4MhFH1qH7MSXpEjNcJDtYeYFEkKZalZ0RHuDvhPh6jYEiDfm
T7OlOKllQxltrCr9jUy7zcUW1CTYVa/W6WP3deEq5bhrBwgB5SxjUKodyAObI5oK
EGciOHnWkdyFvo7qAlLl7ELR2nu55m8QIUi3WEKoBJCnduxdJtghig9ubCjCzw4c
QrQYhjSOeod0mqQTpUMNsFGw6MveUlvj907P31tGKPO1B3p2iZb592w=
-----END CERTIFICATE-----