Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/t7uPMQyqWGvTDvqtI8byzzPrIXc.roa
File:                     t7uPMQyqWGvTDvqtI8byzzPrIXc.roa (raw, json)
Hash identifier:          +fE0fL9sOTFQyw45a/J15Y5iHBf2BGmWA/JRqHeYR/Q=
Subject key identifier:   B7:BB:8F:31:0C:AA:58:6B:D3:0E:FA:AD:23:C6:F2:CF:33:EB:21:77
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018725098FAC36E8D423BECECACD23A4FBA8
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/t7uPMQyqWGvTDvqtI8byzzPrIXc.roa
Signing time:             Mon 27 Mar 2023 21:46:36 +0000
ROA not before:           Mon 27 Mar 2023 21:46:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        5.105.138.0/23 maxlen: 23
                          5.105.142.0/23 maxlen: 23
                          5.105.248.0/23 maxlen: 24
                          5.105.164.0/23 maxlen: 24
                          5.105.68.0/23 maxlen: 24
                          5.105.186.0/23 maxlen: 24
                          5.105.198.0/23 maxlen: 24
                          5.105.206.0/23 maxlen: 24
                          5.105.202.0/23 maxlen: 24
                          5.105.112.0/23 maxlen: 24
                          5.105.114.0/23 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:25:09:8f:ac:36:e8:d4:23:be:ce:ca:cd:23:a4:fb:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Mar 27 21:46:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b7bb8f310caa586bd30efaad23c6f2cf33eb2177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9d:c4:67:d9:b5:d3:61:8b:6c:64:74:43:b1:
                    01:a7:1a:e4:a1:59:36:b5:4f:21:25:c0:a0:41:5b:
                    2d:a6:42:ea:43:33:7e:be:c5:0f:7d:8a:2a:8c:c1:
                    08:08:ac:b3:d8:91:ec:45:ab:9c:d0:ce:3f:9e:67:
                    e7:33:5a:1b:7b:63:72:9d:30:80:e7:25:08:4a:42:
                    fd:5e:8f:9d:84:8a:99:40:53:1e:88:de:80:5e:ad:
                    1e:50:1b:94:64:2c:dd:ef:a2:9e:3f:6b:0a:d8:ac:
                    68:af:07:dd:49:f0:33:85:ff:aa:2a:ec:80:c8:4b:
                    9e:c2:25:11:5b:96:52:6a:ae:50:34:f8:b8:8c:0b:
                    5e:79:77:2c:c2:a0:ab:cb:81:99:17:ea:00:0f:96:
                    ba:05:d5:8c:76:ea:7e:53:55:c2:bf:cb:34:ab:52:
                    f3:39:14:ba:bf:52:71:27:0e:ba:6e:3a:9d:bc:19:
                    79:78:9b:d7:8f:92:0d:9b:2e:01:98:9d:53:00:51:
                    77:ff:12:d4:40:71:c7:9e:d2:5b:ac:06:10:ab:9b:
                    fa:52:d2:a1:95:fb:d6:e7:41:ec:88:ed:e2:af:80:
                    35:c0:bc:1a:a2:62:80:34:87:40:e8:24:86:17:73:
                    af:cb:32:9c:41:27:1a:40:01:cb:21:ac:b7:7e:3c:
                    26:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:BB:8F:31:0C:AA:58:6B:D3:0E:FA:AD:23:C6:F2:CF:33:EB:21:77
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/t7uPMQyqWGvTDvqtI8byzzPrIXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.68.0/23
                  5.105.112.0/22
                  5.105.138.0/23
                  5.105.142.0/23
                  5.105.164.0/23
                  5.105.186.0/23
                  5.105.198.0/23
                  5.105.202.0/23
                  5.105.206.0/23
                  5.105.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:0c:1f:0b:24:f6:92:4e:4b:ca:56:eb:39:d8:6a:8c:54:8d:
         43:35:da:a6:8c:10:9c:14:21:64:b1:70:60:c8:50:be:ea:2d:
         b5:e0:a2:7b:e7:be:8c:fa:97:15:69:07:e5:12:79:ab:7b:72:
         48:f0:5b:55:c6:b4:5a:af:57:f9:ee:aa:42:8e:7f:c9:48:3b:
         94:36:6b:1f:0d:cc:e7:7a:dd:88:31:84:42:96:1d:f0:be:a5:
         ea:87:9a:d8:e1:ff:10:41:0a:80:8b:22:78:b0:2e:5c:46:b8:
         fe:ad:a1:e1:40:24:35:f8:8b:1d:9b:01:61:04:21:78:6c:4f:
         68:33:12:ba:99:8d:16:ed:f4:10:b3:c2:af:14:91:e8:c9:1a:
         84:a7:14:8a:c5:a4:de:49:9c:97:41:46:a8:3b:37:6a:d8:b0:
         7e:7d:71:82:78:71:16:db:ec:3f:86:07:0c:77:be:5e:c8:36:
         c4:5d:37:5e:3c:02:8e:ed:b5:a3:6e:b7:8f:c6:64:07:c5:a1:
         5e:98:47:c7:9e:a5:2d:29:80:40:61:6f:e3:1a:24:53:66:43:
         fd:56:06:e9:5f:73:60:55:d2:30:f7:f6:01:42:86:3d:86:9e:
         96:02:3a:0b:67:23:4b:24:7e:5d:91:5b:c6:f4:67:16:f9:42:
         46:d4:2c:0f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYclCY+sNujUI77Oys0jpPuoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwMzI3MjE0NjM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2JiOGYzMTBjYWE1ODZiZDMwZWZhYWQyM2M2ZjJjZjMzZWIyMTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAup3EZ9m102GLbGR0Q7EBpxrkoVk2
tU8hJcCgQVstpkLqQzN+vsUPfYoqjMEICKyz2JHsRauc0M4/nmfnM1obe2NynTCA
5yUISkL9Xo+dhIqZQFMeiN6AXq0eUBuUZCzd76KeP2sK2KxorwfdSfAzhf+qKuyA
yEuewiURW5ZSaq5QNPi4jAteeXcswqCry4GZF+oAD5a6BdWMdup+U1XCv8s0q1Lz
ORS6v1JxJw66bjqdvBl5eJvXj5INmy4BmJ1TAFF3/xLUQHHHntJbrAYQq5v6UtKh
lfvW50HsiO3ir4A1wLwaomKANIdA6CSGF3OvyzKcQScaQAHLIay3fjwmQwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLe7jzEMqlhr0w76rSPG8s8z6yF3MB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvdDd1UE1ReXFXR3ZURHZxdEk4Ynl6elBySVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBBWlEAwQC
BWlwAwQBBWmKAwQBBWmOAwQBBWmkAwQBBWm6AwQBBWnGAwQBBWnKAwQBBWnOAwQB
BWn4MA0GCSqGSIb3DQEBCwUAA4IBAQC5DB8LJPaSTkvKVus52GqMVI1DNdqmjBCc
FCFksXBgyFC+6i214KJ7576M+pcVaQflEnmre3JI8FtVxrRar1f57qpCjn/JSDuU
NmsfDcznet2IMYRClh3wvqXqh5rY4f8QQQqAiyJ4sC5cRrj+raHhQCQ1+IsdmwFh
BCF4bE9oMxK6mY0W7fQQs8KvFJHoyRqEpxSKxaTeSZyXQUaoOzdq2LB+fXGCeHEW
2+w/hgcMd75eyDbEXTdePAKO7bWjbrePxmQHxaFemEfHnqUtKYBAYW/jGiRTZkP9
VgbpX3NgVdIw9/YBQoY9hp6WAjoLZyNLJH5dkVvG9GcW+UJG1CwP
-----END CERTIFICATE-----