Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/nb_3kmOcnGt57mkf35mfD9dIOnk.roa
File:                     nb_3kmOcnGt57mkf35mfD9dIOnk.roa (raw, json)
Hash identifier:          bRgDdWS7wYUb3yhZhi991YsMEkTa1HrvUvg94qnzRXQ=
Subject key identifier:   9D:BF:F7:92:63:9C:9C:6B:79:EE:69:1F:DF:99:9F:0F:D7:48:3A:79
Certificate issuer:       /CN=84f824d32df1a5113d82101345d785a38addbde5
Certificate serial:       018806D963A0D01380464D8CE76CBBE81800
Authority key identifier: 84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/nb_3kmOcnGt57mkf35mfD9dIOnk.roa
Signing time:             Wed 10 May 2023 18:08:10 +0000
ROA not before:           Wed 10 May 2023 18:08:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209854
IP address blocks:        188.209.125.0/24 maxlen: 24
                          188.209.124.0/24 maxlen: 24
                          193.30.255.0/24 maxlen: 24
                          89.41.27.0/24 maxlen: 24
                          93.119.125.0/24 maxlen: 24
                          89.37.93.0/24 maxlen: 24
                          89.37.94.0/24 maxlen: 24
                          188.208.223.0/24 maxlen: 24
                          77.81.91.0/24 maxlen: 24
                          77.81.90.0/24 maxlen: 24
                          89.42.154.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:06:d9:63:a0:d0:13:80:46:4d:8c:e7:6c:bb:e8:18:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84f824d32df1a5113d82101345d785a38addbde5
        Validity
            Not Before: May 10 18:08:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9dbff792639c9c6b79ee691fdf999f0fd7483a79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:cc:9b:5e:2d:43:fb:70:8f:a2:3f:2a:1e:68:
                    1b:c2:21:40:49:76:c9:bb:a0:66:1b:cc:9b:33:92:
                    e8:d7:5b:b4:61:40:47:89:d5:bf:bc:a5:50:09:2c:
                    95:aa:f5:04:dd:66:f2:d7:c5:ae:ba:b2:74:91:d9:
                    f8:a0:4c:1e:01:d5:bb:23:57:f5:7b:46:ca:05:25:
                    4b:de:35:80:6c:c6:5b:b5:fd:ff:4a:fe:4e:70:da:
                    82:37:e0:44:42:bb:b7:71:3f:1f:a5:5f:b8:b3:41:
                    95:49:57:c1:b6:04:71:27:bb:27:34:f4:8b:e6:8e:
                    f8:e1:39:c2:ea:ef:7f:ee:74:03:2a:4d:0c:70:31:
                    3b:7c:b3:b1:d1:5a:7e:f9:e8:c3:68:aa:92:b7:58:
                    b8:87:a4:8b:c9:2f:70:44:9f:86:5a:fe:ab:a2:ab:
                    7e:c8:1c:46:6b:cb:4f:c6:9e:5b:93:ad:56:10:99:
                    51:8a:5c:21:a7:0b:d2:79:99:c7:c8:b2:49:b6:fb:
                    8e:92:fb:00:13:4e:6e:44:d2:e2:f3:23:f0:b3:85:
                    37:66:d4:69:1a:01:fa:fe:82:2b:b5:8f:1a:a1:c5:
                    90:5f:11:b7:cd:fe:92:93:e8:c1:f3:c9:9b:05:7a:
                    3e:a5:72:c5:80:81:d4:0c:71:2a:0b:8a:e3:e4:5f:
                    f5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:BF:F7:92:63:9C:9C:6B:79:EE:69:1F:DF:99:9F:0F:D7:48:3A:79
            X509v3 Authority Key Identifier:
                keyid:84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/nb_3kmOcnGt57mkf35mfD9dIOnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.90.0/23
                  89.37.93.0-89.37.94.255
                  89.41.27.0/24
                  89.42.154.0/24
                  93.119.125.0/24
                  188.208.223.0/24
                  188.209.124.0/23
                  193.30.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:4f:62:e2:09:37:d8:98:13:07:29:1d:c6:45:0e:a1:ea:3f:
         7a:a5:ca:ae:37:05:06:fb:b3:05:f1:0e:4e:78:eb:52:51:07:
         34:95:b8:2f:74:5d:28:d6:5a:ba:b6:80:58:a0:99:40:bb:79:
         c6:0c:06:94:b8:f7:1f:f9:4a:10:b0:8e:0e:ce:0e:74:82:fc:
         65:21:0a:48:c2:6e:f5:03:3b:39:11:82:23:35:24:e8:07:07:
         96:3a:08:a5:c0:d9:71:0f:5f:e6:5d:88:91:47:64:48:d2:42:
         a3:6c:1f:c8:c0:56:20:7b:c0:10:90:b6:06:03:50:74:0e:8d:
         c3:e9:c5:d9:41:44:c3:2e:39:ec:d2:86:60:2e:3f:60:45:20:
         f2:a1:c2:ca:05:20:e3:a3:7b:24:33:46:38:e6:88:f5:91:f7:
         80:f6:0d:51:94:2c:99:ee:63:dd:a5:c9:dd:fa:fe:ce:3a:83:
         fb:45:37:96:30:2f:c1:da:47:84:1f:27:1e:81:09:b6:08:38:
         da:9d:03:b2:23:29:9d:24:3f:3b:f0:f6:9a:23:3c:0a:57:86:
         7f:f9:76:8d:a9:2f:f2:9e:9e:a4:ed:a1:47:ad:18:b5:71:1a:
         35:68:4c:8d:72:d6:73:27:02:ff:86:69:4b:4c:2d:a0:3d:38:
         da:59:9c:61
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYgG2WOg0BOARk2M52y76BgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZjgyNGQzMmRmMWE1MTEzZDgyMTAxMzQ1ZDc4NWEzOGFk
ZGJkZTUwHhcNMjMwNTEwMTgwODEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGJmZjc5MjYzOWM5YzZiNzllZTY5MWZkZjk5OWYwZmQ3NDgzYTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cybXi1D+3CPoj8qHmgbwiFASXbJ
u6BmG8ybM5Lo11u0YUBHidW/vKVQCSyVqvUE3Wby18WuurJ0kdn4oEweAdW7I1f1
e0bKBSVL3jWAbMZbtf3/Sv5OcNqCN+BEQru3cT8fpV+4s0GVSVfBtgRxJ7snNPSL
5o744TnC6u9/7nQDKk0McDE7fLOx0Vp++ejDaKqSt1i4h6SLyS9wRJ+GWv6roqt+
yBxGa8tPxp5bk61WEJlRilwhpwvSeZnHyLJJtvuOkvsAE05uRNLi8yPws4U3ZtRp
GgH6/oIrtY8aocWQXxG3zf6Sk+jB88mbBXo+pXLFgIHUDHEqC4rj5F/1swIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFJ2/95JjnJxree5pH9+Znw/XSDp5MB8GA1UdIwQY
MBaAFIT4JNMt8aURPYIQE0XXhaOK3b3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgt
NDM3Mzk0OTM4YzUyLzEvbmJfM2ttT2NuR3Q1N21rZjM1bWZEOWRJT25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgtNDM3Mzk0OTM4YzUy
LzEvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBTVFaMAwD
BABZJV0DBABZJV4DBABZKRsDBABZKpoDBABdd30DBAC80N8DBAG80XwDBADBHv8w
DQYJKoZIhvcNAQELBQADggEBADpPYuIJN9iYEwcpHcZFDqHqP3qlyq43BQb7swXx
Dk5461JRBzSVuC90XSjWWrq2gFigmUC7ecYMBpS49x/5ShCwjg7ODnSC/GUhCkjC
bvUDOzkRgiM1JOgHB5Y6CKXA2XEPX+ZdiJFHZEjSQqNsH8jAViB7wBCQtgYDUHQO
jcPpxdlBRMMuOezShmAuP2BFIPKhwsoFIOOjeyQzRjjmiPWR94D2DVGULJnuY92l
yd36/s46g/tFN5YwL8HaR4QfJx6BCbYIONqdA7IjKZ0kPzvw9pojPApXhn/5do2p
L/KenqTtoUetGLVxGjVoTI1y1nMnAv+GaUtMLaA9ONpZnGE=
-----END CERTIFICATE-----