Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/wxSZnhzLGAGrYAx-oUX1hTKRLJQ.roa
File:                     wxSZnhzLGAGrYAx-oUX1hTKRLJQ.roa (raw, json)
Hash identifier:          UVIWoWmQ/sY98pR6F66EN/GfZZRZNALoUUXkzw99+IE=
Subject key identifier:   C3:14:99:9E:1C:CB:18:01:AB:60:0C:7E:A1:45:F5:85:32:91:2C:94
Certificate issuer:       /CN=cb20606de730456edd7335cc882cbdf4396f3460
Certificate serial:       018ACBDF81FECBF5180A0BF4C300E6D74CDB
Authority key identifier: CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/wxSZnhzLGAGrYAx-oUX1hTKRLJQ.roa
Signing time:             Mon 25 Sep 2023 10:25:37 +0000
ROA not before:           Mon 25 Sep 2023 10:25:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44914
IP address blocks:        78.28.0.0/19 maxlen: 19
                          78.28.32.0/19 maxlen: 19
                          78.28.32.0/21 maxlen: 21
                          78.28.40.0/21 maxlen: 21
                          188.125.128.0/20 maxlen: 20
                          188.125.144.0/22 maxlen: 22
                          188.125.148.0/22 maxlen: 22
                          188.125.152.0/22 maxlen: 22
                          188.125.157.0/24 maxlen: 24
                          78.28.58.0/23 maxlen: 23
                          78.28.56.0/23 maxlen: 23
                          78.28.62.0/23 maxlen: 23
                          78.28.60.0/22 maxlen: 22
                          2a02:e88:8000::/48 maxlen: 48
                          2a02:e88:8100::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:cb:df:81:fe:cb:f5:18:0a:0b:f4:c3:00:e6:d7:4c:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb20606de730456edd7335cc882cbdf4396f3460
        Validity
            Not Before: Sep 25 10:25:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c314999e1ccb1801ab600c7ea145f58532912c94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:50:30:7b:58:3d:56:68:26:9b:39:b7:13:0f:
                    d6:4b:18:76:e3:4a:6b:8b:2e:0b:4f:41:68:ee:19:
                    dd:04:be:bb:8e:23:ba:e4:38:d6:3e:66:e2:98:54:
                    57:b5:26:de:96:21:d5:78:69:2f:78:ad:a6:4f:bd:
                    3a:61:33:95:10:b5:93:42:2b:49:5e:f3:28:2f:4d:
                    94:0d:0a:4b:a5:9a:8c:d2:c1:46:39:c9:54:cb:38:
                    ff:e2:16:87:b0:78:83:5b:2d:d9:5c:69:4c:60:41:
                    b4:52:e9:99:2d:5e:f8:2d:b8:37:ad:77:9e:db:ba:
                    10:23:7c:e3:86:cf:5c:8a:1e:cb:91:14:14:33:95:
                    13:3c:e7:b6:a7:c4:a4:82:e2:6c:ae:e2:c8:8e:07:
                    68:4d:e1:ab:c0:2f:c4:69:3a:c6:f3:a9:1b:26:cc:
                    15:8b:bc:0c:6c:d2:57:64:1d:23:b4:84:34:37:fd:
                    f7:6d:b1:4c:d8:b1:10:6f:a3:52:a5:cb:83:90:12:
                    c5:f2:f5:27:20:78:ab:55:88:91:7b:dd:d9:35:6f:
                    e2:eb:f9:6f:2e:fb:86:52:53:ce:e2:fb:68:59:86:
                    10:0a:e3:75:78:18:06:3d:5e:6a:c2:9e:93:06:e4:
                    ee:47:00:de:ba:ce:af:a5:52:3f:da:57:18:8a:65:
                    b0:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:14:99:9E:1C:CB:18:01:AB:60:0C:7E:A1:45:F5:85:32:91:2C:94
            X509v3 Authority Key Identifier:
                keyid:CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/wxSZnhzLGAGrYAx-oUX1hTKRLJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.28.0.0/18
                  188.125.128.0-188.125.155.255
                  188.125.157.0/24
                IPv6:
                  2a02:e88:8000::/48
                  2a02:e88:8100::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:e5:85:df:68:9e:d7:b2:09:cc:69:4f:d8:81:94:48:0b:4b:
         f8:61:79:7d:78:98:0b:5f:f6:2d:7a:89:59:d5:8b:0f:b8:ce:
         60:2f:b4:eb:da:ba:bf:e0:ff:e7:a8:72:4c:78:b5:7c:a4:45:
         de:6a:2a:0c:27:d5:f7:a5:ae:4a:c3:54:92:36:ca:fa:e0:01:
         9c:f9:e5:3c:c1:73:b1:ed:1a:b7:21:53:5c:94:13:c9:f9:a4:
         fe:d6:b4:b6:b2:0f:42:2c:88:62:0d:12:b0:45:4b:e3:e9:29:
         6b:aa:4f:c8:4f:35:0a:1a:16:1c:e7:e9:5d:5b:4f:52:78:01:
         95:cf:86:72:b1:c9:b2:7a:68:76:b2:49:f9:0a:61:9c:b5:ea:
         c2:13:31:41:06:98:d4:c3:52:5b:ee:2d:69:02:f0:aa:05:29:
         17:a3:26:a7:26:e5:cf:af:37:0a:7a:1e:ac:81:87:16:93:11:
         41:07:22:72:24:22:f0:ff:a5:f3:6f:88:39:a0:e4:b4:c5:ac:
         27:5d:f5:e2:36:ef:10:77:d3:ac:5b:0c:08:d0:cf:a9:b9:d7:
         30:61:dd:52:79:e2:ec:6e:10:14:1b:e4:3e:d6:f8:c5:b3:f9:
         8d:dd:06:1c:6a:dd:bc:50:9c:8d:42:f4:fc:9a:6e:86:d2:4b:
         ce:4a:bf:23
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYrL34H+y/UYCgv0wwDm10zbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMjA2MDZkZTczMDQ1NmVkZDczMzVjYzg4MmNiZGY0Mzk2
ZjM0NjAwHhcNMjMwOTI1MTAyNTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzE0OTk5ZTFjY2IxODAxYWI2MDBjN2VhMTQ1ZjU4NTMyOTEyYzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1Awe1g9Vmgmmzm3Ew/WSxh240pr
iy4LT0Fo7hndBL67jiO65DjWPmbimFRXtSbeliHVeGkveK2mT706YTOVELWTQitJ
XvMoL02UDQpLpZqM0sFGOclUyzj/4haHsHiDWy3ZXGlMYEG0UumZLV74Lbg3rXee
27oQI3zjhs9cih7LkRQUM5UTPOe2p8SkguJsruLIjgdoTeGrwC/EaTrG86kbJswV
i7wMbNJXZB0jtIQ0N/33bbFM2LEQb6NSpcuDkBLF8vUnIHirVYiRe93ZNW/i6/lv
LvuGUlPO4vtoWYYQCuN1eBgGPV5qwp6TBuTuRwDeus6vpVI/2lcYimWwAQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFMMUmZ4cyxgBq2AMfqFF9YUykSyUMB8GA1UdIwQY
MBaAFMsgYG3nMEVu3XM1zIgsvfQ5bzRgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQt
YjNkODZhYTQzYmM1LzEvd3hTWm5oekxHQUdyWUF4LW9VWDFoVEtSTEpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQtYjNkODZhYTQzYmM1
LzEveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAgBAIAATAaAwQGThwAMAwD
BAe8fYADBAK8fZgDBAC8fZ0wGAQCAAIwEgMHACoCDoiAAAMHACoCDoiBADANBgkq
hkiG9w0BAQsFAAOCAQEANeWF32ie17IJzGlP2IGUSAtL+GF5fXiYC1/2LXqJWdWL
D7jOYC+069q6v+D/56hyTHi1fKRF3moqDCfV96WuSsNUkjbK+uABnPnlPMFzse0a
tyFTXJQTyfmk/ta0trIPQiyIYg0SsEVL4+kpa6pPyE81ChoWHOfpXVtPUngBlc+G
crHJsnpodrJJ+QphnLXqwhMxQQaY1MNSW+4taQLwqgUpF6Mmpyblz683CnoerIGH
FpMRQQciciQi8P+l82+IOaDktMWsJ1314jbvEHfTrFsMCNDPqbnXMGHdUnni7G4Q
FBvkPtb4xbP5jd0GHGrdvFCcjUL0/JpuhtJLzkq/Iw==
-----END CERTIFICATE-----