Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/8Ucsq-m4V7oVuTMO8IL8p6888zg.roa
File:                     8Ucsq-m4V7oVuTMO8IL8p6888zg.roa (raw, json)
Hash identifier:          5pGipsuXDDGmKw1V/+y7nXYoxKNjJ/f+LHl6tRyzxS0=
Subject key identifier:   F1:47:2C:AB:E9:B8:57:BA:15:B9:33:0E:F0:82:FC:A7:AF:3C:F3:38
Certificate issuer:       /CN=58d2d2715f43f747bea762dce166bca4b8e965eb
Certificate serial:       01862B8C230FE962DBA2029BE38774C3E2EE
Authority key identifier: 58:D2:D2:71:5F:43:F7:47:BE:A7:62:DC:E1:66:BC:A4:B8:E9:65:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WNLScV9D90e-p2Lc4Wa8pLjpZes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/8Ucsq-m4V7oVuTMO8IL8p6888zg.roa
Signing time:             Tue 07 Feb 2023 11:04:09 +0000
ROA not before:           Tue 07 Feb 2023 11:04:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8560
IP address blocks:        85.215.200.0/22 maxlen: 24
                          85.215.204.0/22 maxlen: 24
                          85.215.208.0/21 maxlen: 24
                          85.215.216.0/22 maxlen: 24
                          85.215.224.0/20 maxlen: 24
                          85.215.220.0/22 maxlen: 24
                          85.215.240.0/22 maxlen: 24
                          85.215.248.0/22 maxlen: 24
                          85.215.160.0/19 maxlen: 24
                          185.56.148.0/22 maxlen: 24
                          85.215.192.0/21 maxlen: 24
                          2a01:239:100::/40 maxlen: 48
                          2a01:239:200::/39 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Dec 2023 14:42:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:2b:8c:23:0f:e9:62:db:a2:02:9b:e3:87:74:c3:e2:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58d2d2715f43f747bea762dce166bca4b8e965eb
        Validity
            Not Before: Feb  7 11:04:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f1472cabe9b857ba15b9330ef082fca7af3cf338
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:41:ae:33:c6:bc:83:c4:fc:80:a6:1e:35:d6:
                    88:35:86:55:3e:cd:63:de:fe:97:fc:a0:ee:53:79:
                    17:69:5f:fd:04:2b:1d:9d:fc:dd:00:e4:55:b0:71:
                    64:f9:cc:df:b6:60:0f:f4:50:d6:e6:d4:f9:e7:9a:
                    e3:52:0c:49:df:ee:35:96:76:8c:32:17:29:ef:d9:
                    7f:5e:12:70:c5:97:e5:94:aa:42:72:b8:d5:4e:ef:
                    7c:fe:21:c6:d7:91:6f:4d:79:a1:a9:f7:0d:ca:f4:
                    0a:36:0c:98:8d:ab:cc:f5:54:14:d6:0c:1c:0f:f2:
                    0a:96:65:d0:dc:e9:96:fb:96:32:4e:06:7e:2b:4d:
                    26:a7:9c:61:dd:6c:17:93:54:70:16:07:92:7a:15:
                    76:92:cb:53:49:ef:7a:49:cd:4a:c4:7d:61:98:e1:
                    d0:f4:44:3b:6f:56:8e:f7:b9:9b:e2:de:27:d2:90:
                    0b:94:cb:d8:9c:60:2d:5f:1e:5c:2c:ba:4e:b7:72:
                    ff:a3:af:da:51:b9:97:01:c6:1d:3e:53:0c:b6:99:
                    65:29:ad:97:d7:b2:7e:c5:44:35:00:7f:c0:f0:4c:
                    65:88:48:0a:e9:b9:33:20:65:1c:ff:25:aa:ca:20:
                    09:1a:44:d8:27:95:8a:dc:6a:ec:c8:41:84:d4:59:
                    84:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:47:2C:AB:E9:B8:57:BA:15:B9:33:0E:F0:82:FC:A7:AF:3C:F3:38
            X509v3 Authority Key Identifier:
                keyid:58:D2:D2:71:5F:43:F7:47:BE:A7:62:DC:E1:66:BC:A4:B8:E9:65:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WNLScV9D90e-p2Lc4Wa8pLjpZes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/8Ucsq-m4V7oVuTMO8IL8p6888zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/WNLScV9D90e-p2Lc4Wa8pLjpZes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.215.160.0-85.215.243.255
                  85.215.248.0/22
                  185.56.148.0/22
                IPv6:
                  2a01:239:100::-2a01:239:3ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         67:e0:39:f7:18:b8:8e:f1:8b:36:e1:44:d5:d7:24:4d:67:a7:
         dd:e5:14:ce:bc:80:2e:a1:f2:7c:4a:4c:78:68:1e:3b:49:36:
         9f:3f:ad:d7:c1:be:bf:80:01:15:82:0c:42:cb:ae:51:03:50:
         b1:bb:ab:e0:68:5f:9a:4d:5d:8a:d6:08:58:b2:35:50:af:3c:
         9f:59:0b:36:42:ec:b4:3f:5a:ff:cd:69:a8:84:84:45:73:8a:
         97:81:8a:ef:e3:cc:f5:d6:c0:70:1d:ae:00:7c:e1:39:c0:50:
         e0:d6:84:53:8d:d0:db:5e:2d:45:cd:85:01:ad:f6:d3:02:40:
         d7:df:a8:67:57:f2:da:af:36:4e:4e:c1:77:a5:26:82:31:e1:
         9e:ec:3b:55:2d:7a:ef:8b:03:ae:3f:d4:11:6e:b1:34:ea:f5:
         f1:4c:e9:b3:d8:bd:6b:5b:62:6a:31:b4:c1:1c:93:4b:1c:74:
         04:9c:ee:82:2d:de:a4:3a:8e:5d:05:8c:99:12:25:a4:f3:28:
         65:3e:a9:2a:7d:2f:ec:e5:d1:00:45:88:72:7c:c6:f4:83:3a:
         3f:6d:c0:56:0b:84:16:5e:9f:ab:0d:6d:2f:f4:02:a7:b1:f4:
         dd:17:86:b4:25:82:3e:d1:ef:a4:36:0b:a1:ef:05:db:41:3e:
         a3:77:46:75
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYYrjCMP6WLbogKb44d0w+LuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZDJkMjcxNWY0M2Y3NDdiZWE3NjJkY2UxNjZiY2E0Yjhl
OTY1ZWIwHhcNMjMwMjA3MTEwNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTQ3MmNhYmU5Yjg1N2JhMTViOTMzMGVmMDgyZmNhN2FmM2NmMzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kGuM8a8g8T8gKYeNdaINYZVPs1j
3v6X/KDuU3kXaV/9BCsdnfzdAORVsHFk+czftmAP9FDW5tT555rjUgxJ3+41lnaM
Mhcp79l/XhJwxZfllKpCcrjVTu98/iHG15FvTXmhqfcNyvQKNgyYjavM9VQU1gwc
D/IKlmXQ3OmW+5YyTgZ+K00mp5xh3WwXk1RwFgeSehV2kstTSe96Sc1KxH1hmOHQ
9EQ7b1aO97mb4t4n0pALlMvYnGAtXx5cLLpOt3L/o6/aUbmXAcYdPlMMtpllKa2X
17J+xUQ1AH/A8ExliEgK6bkzIGUc/yWqyiAJGkTYJ5WK3GrsyEGE1FmEuQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFPFHLKvpuFe6FbkzDvCC/KevPPM4MB8GA1UdIwQY
MBaAFFjS0nFfQ/dHvqdi3OFmvKS46WXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV05MU2NWOUQ5MGUtcDJMYzRXYThwTGpwWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kNjdiN2ItYzc5OC00OTAxLTgwZjkt
ZTM4MzQ1MTZmYzA4LzEvOFVjc3EtbTRWN29WdVRNTzhJTDhwNjg4OHpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kNjdiN2ItYzc5OC00OTAxLTgwZjktZTM4MzQ1MTZmYzA4
LzEvV05MU2NWOUQ5MGUtcDJMYzRXYThwTGpwWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAgBAIAATAaMAwDBAVV16AD
BAJV1/ADBAJV1/gDBAK5OJQwGAQCAAIwEjAQAwYAKgECOQEDBgIqAQI5ADANBgkq
hkiG9w0BAQsFAAOCAQEAZ+A59xi4jvGLNuFE1dckTWen3eUUzryALqHyfEpMeGge
O0k2nz+t18G+v4ABFYIMQsuuUQNQsbur4Ghfmk1ditYIWLI1UK88n1kLNkLstD9a
/81pqISERXOKl4GK7+PM9dbAcB2uAHzhOcBQ4NaEU43Q214tRc2FAa320wJA19+o
Z1fy2q82Tk7Bd6UmgjHhnuw7VS1674sDrj/UEW6xNOr18Uzps9i9a1tiajG0wRyT
Sxx0BJzugi3epDqOXQWMmRIlpPMoZT6pKn0v7OXRAEWIcnzG9IM6P23AVguEFl6f
qw1tL/QCp7H03ReGtCWCPtHvpDYLoe8F20E+o3dGdQ==
-----END CERTIFICATE-----