Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/KBFVhjIKpuX0DrK73qHQQwxjUqE.roa
File:                     KBFVhjIKpuX0DrK73qHQQwxjUqE.roa (raw, json)
Hash identifier:          1nG86F1V/y9o159pkTHoF7W+QVSjuCfJcXnhdy6oTy4=
Subject key identifier:   28:11:55:86:32:0A:A6:E5:F4:0E:B2:BB:DE:A1:D0:43:0C:63:52:A1
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       01870DB9673D1AA9DAFB425B3F36CC1B42A2
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/KBFVhjIKpuX0DrK73qHQQwxjUqE.roa
Signing time:             Thu 23 Mar 2023 09:07:46 +0000
ROA not before:           Thu 23 Mar 2023 09:07:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212815
IP address blocks:        5.105.230.0/24 maxlen: 24
                          5.105.19.0/24 maxlen: 24
                          5.105.24.0/24 maxlen: 24
                          5.105.25.0/24 maxlen: 24
                          5.105.33.0/24 maxlen: 24
                          5.105.40.0/24 maxlen: 24
                          5.105.43.0/24 maxlen: 24
                          5.105.50.0/24 maxlen: 24
                          5.105.57.0/24 maxlen: 24
                          5.105.65.0/24 maxlen: 24
                          5.105.81.0/24 maxlen: 24
                          5.105.96.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0d:b9:67:3d:1a:a9:da:fb:42:5b:3f:36:cc:1b:42:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Mar 23 09:07:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=28115586320aa6e5f40eb2bbdea1d0430c6352a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d9:14:85:d7:d9:bf:75:14:f2:f3:42:b7:fc:
                    5f:0e:43:5e:6a:bf:f2:eb:96:53:b8:4b:2e:8e:e7:
                    55:f8:b8:10:fe:09:f3:4f:16:86:12:cd:de:67:7f:
                    2d:7f:d4:89:24:2f:a9:fe:13:0f:06:74:55:8f:34:
                    50:f2:d5:e9:9a:0b:bb:60:52:83:10:d6:83:d8:38:
                    39:3a:18:95:a0:4a:1b:d5:16:21:46:75:64:79:6f:
                    84:12:9b:d8:50:0c:d6:6a:ca:69:a7:22:7a:07:f6:
                    92:b3:a1:2d:60:25:8a:dd:a7:9f:62:cd:9f:42:9e:
                    36:60:5a:c5:7a:61:8a:6a:82:75:01:7e:d1:ce:5b:
                    3e:7f:0b:36:a8:84:2d:a2:93:ca:67:bb:ad:47:f5:
                    73:6f:05:d0:02:db:34:5f:d7:99:5d:00:ab:5f:ff:
                    64:f8:17:e0:e0:ef:7e:6a:96:75:00:00:09:22:25:
                    be:f1:cd:0e:45:2d:b8:55:50:1b:50:bd:30:60:17:
                    27:17:8a:9d:e5:35:90:b9:81:1e:8c:32:2a:af:4b:
                    88:cb:78:fd:cd:5d:c5:92:e1:45:0c:94:42:6a:46:
                    1d:50:65:1e:4a:43:25:f1:39:11:62:2d:d0:cf:a3:
                    9b:a6:bf:29:15:e3:79:a0:53:ed:c2:1d:15:23:66:
                    aa:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:11:55:86:32:0A:A6:E5:F4:0E:B2:BB:DE:A1:D0:43:0C:63:52:A1
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/KBFVhjIKpuX0DrK73qHQQwxjUqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.19.0/24
                  5.105.24.0/23
                  5.105.33.0/24
                  5.105.40.0/24
                  5.105.43.0/24
                  5.105.50.0/24
                  5.105.57.0/24
                  5.105.65.0/24
                  5.105.81.0/24
                  5.105.96.0/24
                  5.105.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:ee:fd:e8:41:c9:7c:83:12:d6:30:76:69:9a:cb:73:02:ed:
         ed:f2:d9:64:10:94:90:17:10:3f:86:b5:9a:b9:18:60:78:82:
         43:99:b7:6b:0a:3c:76:db:f0:a1:8c:fd:1d:36:92:d7:c2:3f:
         d1:13:cd:07:b2:65:fa:64:86:45:be:f5:45:e9:87:1d:25:54:
         69:09:5f:6a:a0:ad:d5:03:46:59:c5:57:9c:85:ec:e5:c8:ff:
         d6:a6:2b:42:81:36:52:69:5f:13:00:13:e1:43:35:87:fa:b8:
         20:40:a7:a0:aa:e8:b2:9a:7c:19:7c:46:45:30:04:81:58:69:
         a5:cc:88:37:ad:02:4e:06:27:b0:4f:39:46:24:3c:ff:a1:21:
         d5:e4:c6:87:24:6d:f1:eb:17:8c:4f:cf:44:c0:f9:96:d5:e0:
         de:bd:8e:70:60:58:4b:36:87:d6:c2:6b:e0:11:44:c5:8b:bb:
         f0:f6:12:0d:93:01:11:b7:d2:20:06:c5:36:da:aa:3a:f0:ab:
         ec:12:d9:7a:6c:87:bf:29:91:05:6e:b5:e7:70:8c:7c:4b:4a:
         d0:cd:bd:27:08:83:ec:88:59:62:b3:f8:8c:47:80:d6:10:a7:
         80:ba:ad:7b:0e:09:5d:47:d1:2d:90:aa:76:1f:d7:25:1e:1f:
         97:cb:ee:8a
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYcNuWc9Gqna+0JbPzbMG0KiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwMzIzMDkwNzQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODExNTU4NjMyMGFhNmU1ZjQwZWIyYmJkZWExZDA0MzBjNjM1MmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtkUhdfZv3UU8vNCt/xfDkNear/y
65ZTuEsujudV+LgQ/gnzTxaGEs3eZ38tf9SJJC+p/hMPBnRVjzRQ8tXpmgu7YFKD
ENaD2Dg5OhiVoEob1RYhRnVkeW+EEpvYUAzWaspppyJ6B/aSs6EtYCWK3aefYs2f
Qp42YFrFemGKaoJ1AX7Rzls+fws2qIQtopPKZ7utR/VzbwXQAts0X9eZXQCrX/9k
+Bfg4O9+apZ1AAAJIiW+8c0ORS24VVAbUL0wYBcnF4qd5TWQuYEejDIqr0uIy3j9
zV3FkuFFDJRCakYdUGUeSkMl8TkRYi3Qz6Obpr8pFeN5oFPtwh0VI2aqmQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCgRVYYyCqbl9A6yu96h0EMMY1KhMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvS0JGVmhqSUtwdVgwRHJLNzNxSFFRd3hqVXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABWkTAwQB
BWkYAwQABWkhAwQABWkoAwQABWkrAwQABWkyAwQABWk5AwQABWlBAwQABWlRAwQA
BWlgAwQABWnmMA0GCSqGSIb3DQEBCwUAA4IBAQCK7v3oQcl8gxLWMHZpmstzAu3t
8tlkEJSQFxA/hrWauRhgeIJDmbdrCjx22/ChjP0dNpLXwj/RE80HsmX6ZIZFvvVF
6YcdJVRpCV9qoK3VA0ZZxVechezlyP/WpitCgTZSaV8TABPhQzWH+rggQKegquiy
mnwZfEZFMASBWGmlzIg3rQJOBiewTzlGJDz/oSHV5MaHJG3x6xeMT89EwPmW1eDe
vY5wYFhLNofWwmvgEUTFi7vw9hINkwERt9IgBsU22qo68KvsEtl6bIe/KZEFbrXn
cIx8S0rQzb0nCIPsiFlis/iMR4DWEKeAuq17DgldR9EtkKp2H9clHh+Xy+6K
-----END CERTIFICATE-----