Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/0JghGrdWIushfwhm3-7A8HPQi_8.roa
File:                     0JghGrdWIushfwhm3-7A8HPQi_8.roa (raw, json)
Hash identifier:          ohaxE3++Cke0wJNuenAj1t6k2uBGncKoykisdmmwP6o=
Subject key identifier:   D0:98:21:1A:B7:56:22:EB:21:7F:08:66:DF:EE:C0:F0:73:D0:8B:FF
Certificate issuer:       /CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Certificate serial:       018571556E84CF6E2FFA7ACD5E41177C9BEF
Authority key identifier: 8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/0JghGrdWIushfwhm3-7A8HPQi_8.roa
Signing time:             Mon 02 Jan 2023 07:15:02 +0000
ROA not before:           Mon 02 Jan 2023 07:15:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207710
IP address blocks:        178.171.48.0/23 maxlen: 23
                          178.171.50.0/23 maxlen: 23
                          178.171.62.0/23 maxlen: 23
                          178.171.60.0/23 maxlen: 23
                          158.46.188.0/22 maxlen: 24
                          178.171.104.0/24 maxlen: 24
                          158.46.196.0/22 maxlen: 22
                          178.171.0.0/20 maxlen: 20
                          178.171.119.0/24 maxlen: 24
                          178.171.20.0/22 maxlen: 24
                          178.171.32.0/22 maxlen: 22

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:55:6e:84:cf:6e:2f:fa:7a:cd:5e:41:17:7c:9b:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
        Validity
            Not Before: Jan  2 07:15:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d098211ab75622eb217f0866dfeec0f073d08bff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:79:26:ce:61:8a:06:4b:5d:fd:8d:d6:2e:c6:
                    69:3b:0f:1d:69:d3:5f:dd:be:cf:8a:c8:7f:1e:63:
                    75:7b:4e:2c:70:60:2f:5a:e6:65:f2:09:97:6a:dd:
                    29:b1:5d:4f:3c:03:85:98:b7:9f:ed:1f:3b:7c:3a:
                    34:ed:6e:7b:4b:32:a9:89:05:94:86:eb:63:d8:fc:
                    ff:ff:9b:b9:28:a8:04:1d:e0:a8:9a:cd:e6:2d:74:
                    a1:7b:ee:09:24:61:ba:b1:e1:09:bd:60:28:1f:59:
                    c0:7e:9c:b5:8f:92:d4:3b:e1:65:75:56:2c:3c:89:
                    92:ff:58:4a:fb:37:4c:28:e4:42:09:4a:d0:0d:3e:
                    04:2c:b9:7c:e6:6c:c0:cf:77:d7:9a:3d:9b:5b:48:
                    fa:29:c0:da:39:a1:95:0d:52:a7:97:f4:c0:d0:5b:
                    5e:4c:26:8d:ca:23:3f:76:23:03:ac:da:af:01:a4:
                    56:35:4d:36:f7:c2:6b:cf:61:3a:e3:47:93:a7:63:
                    0c:18:3c:9b:40:eb:e2:6d:91:cc:98:1e:33:95:07:
                    ed:6e:b6:39:b9:01:2c:2a:04:36:ad:00:29:bd:3f:
                    5a:a0:84:a3:af:42:9e:31:90:c7:ce:2b:e5:72:ea:
                    d7:3e:c4:c0:c4:cf:72:83:c1:20:bf:99:08:4c:6e:
                    be:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:98:21:1A:B7:56:22:EB:21:7F:08:66:DF:EE:C0:F0:73:D0:8B:FF
            X509v3 Authority Key Identifier:
                keyid:8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/0JghGrdWIushfwhm3-7A8HPQi_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.46.188.0/22
                  158.46.196.0/22
                  178.171.0.0/20
                  178.171.20.0/22
                  178.171.32.0/22
                  178.171.48.0/22
                  178.171.60.0/22
                  178.171.104.0/24
                  178.171.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:c7:44:60:db:17:a9:b1:f4:27:5f:cc:ba:1f:1e:3c:c7:25:
         41:ea:8c:d3:b7:b3:4e:b0:8a:06:aa:76:7d:e8:c7:12:0c:10:
         e0:1b:58:1d:e4:7e:f0:bf:5e:09:72:19:a6:52:87:72:be:29:
         82:e8:46:68:f8:84:50:17:17:c7:a4:27:20:66:73:9f:19:57:
         0f:03:3b:05:c1:45:d8:b5:49:9c:9d:31:7e:10:13:24:60:b2:
         9e:88:8d:85:d6:48:f4:a8:24:9f:10:ce:5e:0b:30:71:73:dc:
         7a:8a:62:11:72:fe:cf:41:3f:5c:90:82:d7:4a:71:4c:d6:6d:
         b6:21:95:f2:58:34:c2:c8:4c:5d:cf:54:8f:68:cd:59:96:87:
         21:4b:1e:c7:83:41:e2:16:7d:55:07:ae:c6:5d:22:f2:8b:49:
         97:6a:f7:19:70:8f:80:1f:c7:d4:f6:a8:39:8e:3c:8c:d2:c1:
         0f:ee:48:a9:37:39:24:e2:11:65:86:f6:ee:46:ca:c6:cf:2f:
         19:b0:d4:57:b2:65:53:12:12:a3:90:13:ec:ec:ec:dc:2d:e1:
         75:ba:df:1b:38:94:26:6a:ed:e0:0b:47:f5:ab:91:5d:17:eb:
         b8:55:85:dc:af:71:6d:18:10:e5:bb:65:7a:78:0f:06:f0:6e:
         e2:89:79:e8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVxVW6Ez24v+nrNXkEXfJvvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMTFjYjAxNWRmOWJhYWI2MTIyOGRiYmNlMTdkZDRlMDBl
NjNjMTMwHhcNMjMwMTAyMDcxNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDk4MjExYWI3NTYyMmViMjE3ZjA4NjZkZmVlYzBmMDczZDA4YmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3kmzmGKBktd/Y3WLsZpOw8dadNf
3b7Pish/HmN1e04scGAvWuZl8gmXat0psV1PPAOFmLef7R87fDo07W57SzKpiQWU
hutj2Pz//5u5KKgEHeComs3mLXShe+4JJGG6seEJvWAoH1nAfpy1j5LUO+FldVYs
PImS/1hK+zdMKORCCUrQDT4ELLl85mzAz3fXmj2bW0j6KcDaOaGVDVKnl/TA0Fte
TCaNyiM/diMDrNqvAaRWNU0298Jrz2E640eTp2MMGDybQOvibZHMmB4zlQftbrY5
uQEsKgQ2rQApvT9aoISjr0KeMZDHzivlcurXPsTAxM9yg8Egv5kITG6+qwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNCYIRq3ViLrIX8IZt/uwPBz0Iv/MB8GA1UdIwQY
MBaAFI0RywFd+bqrYSKNu84X3U4A5jwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEt
YmE3NzFmZmQyNjljLzEvMEpnaEdyZFdJdXNoZndobTMtN0E4SFBRaV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEtYmE3NzFmZmQyNjlj
LzEvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCni68AwQC
ni7EAwQEsqsAAwQCsqsUAwQCsqsgAwQCsqswAwQCsqs8AwQAsqtoAwQAsqt3MA0G
CSqGSIb3DQEBCwUAA4IBAQB5x0Rg2xepsfQnX8y6Hx48xyVB6ozTt7NOsIoGqnZ9
6McSDBDgG1gd5H7wv14JchmmUodyvimC6EZo+IRQFxfHpCcgZnOfGVcPAzsFwUXY
tUmcnTF+EBMkYLKeiI2F1kj0qCSfEM5eCzBxc9x6imIRcv7PQT9ckILXSnFM1m22
IZXyWDTCyExdz1SPaM1ZlochSx7Hg0HiFn1VB67GXSLyi0mXavcZcI+AH8fU9qg5
jjyM0sEP7kipNzkk4hFlhvbuRsrGzy8ZsNRXsmVTEhKjkBPs7OzcLeF1ut8bOJQm
au3gC0f1q5FdF+u4VYXcr3FtGBDlu2V6eA8G8G7iiXno
-----END CERTIFICATE-----