Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/NK7wdmyVNq4Lih8XrRBChz-bUFo.roa
File:                     NK7wdmyVNq4Lih8XrRBChz-bUFo.roa (raw, json)
Hash identifier:          VSgc6HZIHIp3TAnXeotASUCjoea6cmsMLLGN7EwdieU=
Subject key identifier:   34:AE:F0:76:6C:95:36:AE:0B:8A:1F:17:AD:10:42:87:3F:9B:50:5A
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018848659EC39601E8C4E2D2E396F0821F64
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/NK7wdmyVNq4Lih8XrRBChz-bUFo.roa
Signing time:             Tue 23 May 2023 11:36:39 +0000
ROA not before:           Tue 23 May 2023 11:36:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15083
IP address blocks:        5.105.133.0/24 maxlen: 24
                          5.105.140.0/24 maxlen: 24
                          5.105.58.0/24 maxlen: 24
                          5.105.56.0/24 maxlen: 24
                          5.105.163.0/24 maxlen: 24
                          5.105.161.0/24 maxlen: 24
                          5.105.60.0/24 maxlen: 24
                          5.105.70.0/24 maxlen: 24
                          5.105.78.0/24 maxlen: 24
                          5.105.99.0/24 maxlen: 24
                          5.105.109.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:48:65:9e:c3:96:01:e8:c4:e2:d2:e3:96:f0:82:1f:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: May 23 11:36:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=34aef0766c9536ae0b8a1f17ad1042873f9b505a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:80:62:47:ce:df:d9:bb:d2:e0:d4:f3:3f:35:
                    ab:97:ca:c7:b4:c1:29:06:f7:a5:cd:4c:9c:54:eb:
                    00:18:67:80:d9:d6:6a:f4:2f:6b:9c:b3:fc:bd:d0:
                    a6:d1:2b:10:f6:29:d7:79:d2:1e:5d:45:50:b0:e5:
                    99:4a:53:24:7c:3d:f3:60:f5:c8:f4:24:66:96:51:
                    36:68:2c:b7:81:e6:77:45:f2:71:a9:a3:68:ef:28:
                    b0:f4:ff:c9:15:30:61:35:51:d0:c8:ae:f1:c1:a2:
                    22:f7:8f:94:58:98:d3:3f:95:67:91:25:4e:91:ac:
                    bd:5a:0d:af:aa:10:b0:d0:bb:d4:2f:f8:19:be:fb:
                    31:39:13:97:58:fc:25:7f:af:bf:97:10:8a:55:21:
                    c9:af:54:10:79:0c:81:88:47:c9:2f:64:02:9a:ab:
                    06:92:45:e8:d6:65:3e:dc:93:e4:2e:e3:33:7c:7c:
                    dc:7f:44:42:2b:12:a0:f6:f4:66:df:81:b2:fd:eb:
                    ea:e5:aa:fe:91:29:2f:f7:8f:44:40:bc:32:05:b2:
                    3d:8f:0c:37:f4:0f:4e:7f:f7:2c:6d:94:cd:59:46:
                    7b:6d:b7:a1:49:4d:72:ea:d3:7d:ce:3d:76:ab:47:
                    23:72:81:15:68:fa:63:fe:62:84:a8:b3:57:e0:02:
                    4e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:AE:F0:76:6C:95:36:AE:0B:8A:1F:17:AD:10:42:87:3F:9B:50:5A
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/NK7wdmyVNq4Lih8XrRBChz-bUFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.56.0/24
                  5.105.58.0/24
                  5.105.60.0/24
                  5.105.70.0/24
                  5.105.78.0/24
                  5.105.99.0/24
                  5.105.109.0/24
                  5.105.133.0/24
                  5.105.140.0/24
                  5.105.161.0/24
                  5.105.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:97:91:48:4d:69:cc:b1:cb:da:b5:3e:dc:ab:9a:de:01:7f:
         ee:f8:7e:90:13:b8:92:f1:ed:57:c8:8f:94:d5:a8:ce:5a:d4:
         21:48:8f:3f:3c:cd:47:9d:cb:1b:45:0d:80:85:7b:09:6c:18:
         f2:6c:43:5d:21:05:24:29:c6:63:14:81:01:3b:45:f9:32:ac:
         2a:7e:6a:3c:69:bb:5b:e4:46:05:d9:2e:e0:7b:98:9a:ab:e1:
         6d:72:c0:12:df:53:54:78:c7:2c:ba:9c:31:c3:bf:b6:65:46:
         4f:b6:21:75:78:2d:6b:68:f2:b7:1a:94:f7:6c:e1:0a:26:19:
         c0:1e:1b:01:db:9c:b0:3b:ca:00:5f:13:20:cc:26:1e:fd:7b:
         f5:45:50:0e:cd:64:bd:64:bf:8a:9d:44:fd:45:75:04:86:77:
         aa:63:43:a7:99:f7:43:fa:2c:00:39:1d:be:b8:6b:41:ba:bc:
         d0:d1:f0:45:9a:e3:e0:1f:8d:cd:e9:06:af:eb:8c:73:a7:47:
         47:ef:dd:af:05:cd:94:ca:34:fd:cb:27:e4:74:9d:fc:fd:da:
         8d:22:86:4b:d9:4f:6e:ff:f5:8d:ef:4b:9f:7b:d5:a7:bd:65:
         f6:82:37:39:65:34:9f:23:fa:de:31:19:f1:11:fe:a4:5c:3a:
         98:f9:0d:13
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYhIZZ7DlgHoxOLS45bwgh9kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwNTIzMTEzNjM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFlZjA3NjZjOTUzNmFlMGI4YTFmMTdhZDEwNDI4NzNmOWI1MDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoBiR87f2bvS4NTzPzWrl8rHtMEp
BvelzUycVOsAGGeA2dZq9C9rnLP8vdCm0SsQ9inXedIeXUVQsOWZSlMkfD3zYPXI
9CRmllE2aCy3geZ3RfJxqaNo7yiw9P/JFTBhNVHQyK7xwaIi94+UWJjTP5VnkSVO
kay9Wg2vqhCw0LvUL/gZvvsxOROXWPwlf6+/lxCKVSHJr1QQeQyBiEfJL2QCmqsG
kkXo1mU+3JPkLuMzfHzcf0RCKxKg9vRm34Gy/evq5ar+kSkv949EQLwyBbI9jww3
9A9Of/csbZTNWUZ7bbehSU1y6tN9zj12q0cjcoEVaPpj/mKEqLNX4AJOHQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDSu8HZslTauC4ofF60QQoc/m1BaMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvTks3d2RteVZOcTRMaWg4WHJSQkNoei1iVUZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABWk4AwQA
BWk6AwQABWk8AwQABWlGAwQABWlOAwQABWljAwQABWltAwQABWmFAwQABWmMAwQA
BWmhAwQABWmjMA0GCSqGSIb3DQEBCwUAA4IBAQDIl5FITWnMscvatT7cq5reAX/u
+H6QE7iS8e1XyI+U1ajOWtQhSI8/PM1HncsbRQ2AhXsJbBjybENdIQUkKcZjFIEB
O0X5Mqwqfmo8abtb5EYF2S7ge5iaq+FtcsAS31NUeMcsupwxw7+2ZUZPtiF1eC1r
aPK3GpT3bOEKJhnAHhsB25ywO8oAXxMgzCYe/Xv1RVAOzWS9ZL+KnUT9RXUEhneq
Y0OnmfdD+iwAOR2+uGtBurzQ0fBFmuPgH43N6Qav64xzp0dH792vBc2UyjT9yyfk
dJ38/dqNIoZL2U9u//WN70ufe9WnvWX2gjc5ZTSfI/reMRnxEf6kXDqY+Q0T
-----END CERTIFICATE-----