Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3OKLRY1h2DCEHMZTrzFX8xTu014.roa
File:                     3OKLRY1h2DCEHMZTrzFX8xTu014.roa (raw, json)
Hash identifier:          ryIn+0cihINq29aegFFIzpLOELaJc83ocJI6A59bnuI=
Subject key identifier:   DC:E2:8B:45:8D:61:D8:30:84:1C:C6:53:AF:31:57:F3:14:EE:D3:5E
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018677BD91FF271C4B12CBC4F2F5CEC6E906
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3OKLRY1h2DCEHMZTrzFX8xTu014.roa
Signing time:             Wed 22 Feb 2023 06:09:17 +0000
ROA not before:           Wed 22 Feb 2023 06:09:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1299
IP address blocks:        185.244.222.0/23 maxlen: 23
                          185.244.221.0/24 maxlen: 24
                          185.228.227.0/24 maxlen: 24
                          89.31.219.0/24 maxlen: 24
                          193.84.135.0/24 maxlen: 24
                          217.74.19.0/24 maxlen: 24
                          84.245.48.0/21 maxlen: 21
                          84.245.58.0/23 maxlen: 23
                          84.245.56.0/24 maxlen: 24
                          84.245.60.0/22 maxlen: 22

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:77:bd:91:ff:27:1c:4b:12:cb:c4:f2:f5:ce:c6:e9:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 22 06:09:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dce28b458d61d830841cc653af3157f314eed35e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:cb:c3:5e:8e:4b:38:82:f1:dd:9d:3d:ea:df:
                    81:78:30:3f:10:3c:e0:06:48:7e:c6:dc:d4:c6:97:
                    03:50:db:d2:3e:72:be:0f:d2:e0:5d:69:58:65:ee:
                    6a:59:9c:f6:d3:d1:21:39:3c:ac:0b:d6:2c:17:93:
                    0a:05:a9:26:f3:a5:99:08:cf:d3:04:1a:fd:2c:5d:
                    35:c7:14:94:ce:53:95:a2:b6:65:df:fe:3c:91:b4:
                    4f:5a:19:0c:d5:92:72:f0:e0:26:6a:29:93:76:91:
                    3c:39:c2:3c:46:d9:c6:7b:c3:e3:5d:52:8b:35:b4:
                    b4:ea:26:20:93:cc:a7:09:f3:13:4d:a3:45:ca:c6:
                    7a:80:11:ed:0a:73:96:39:3d:59:34:2e:4d:f0:dd:
                    e2:c5:09:a4:14:98:b4:dd:3f:b3:da:75:92:54:9a:
                    1b:b4:0f:87:e4:4d:f7:10:e7:bb:a0:5a:4f:4b:f4:
                    8f:f8:6d:ae:c0:10:5d:92:dc:4b:62:8e:1b:6f:ec:
                    87:48:eb:47:0e:27:8c:11:6b:a5:3d:d6:75:70:2e:
                    ca:80:6d:13:08:cb:42:50:70:58:a5:78:ed:2b:6c:
                    0d:a0:28:5b:a2:da:91:98:a0:e4:d0:b9:b6:d3:05:
                    bb:36:92:fd:54:0a:4a:90:85:6b:45:60:8f:ad:e0:
                    03:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E2:8B:45:8D:61:D8:30:84:1C:C6:53:AF:31:57:F3:14:EE:D3:5E
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3OKLRY1h2DCEHMZTrzFX8xTu014.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.245.48.0-84.245.56.255
                  84.245.58.0-84.245.63.255
                  89.31.219.0/24
                  185.228.227.0/24
                  185.244.221.0-185.244.223.255
                  193.84.135.0/24
                  217.74.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:2e:cc:32:29:b4:37:ef:17:08:78:10:29:c7:20:3b:49:7e:
         fa:27:c2:25:61:1b:40:44:04:12:87:cc:de:f0:81:ea:89:91:
         64:d5:67:91:34:d3:e0:3e:76:82:25:c3:6a:bb:a8:52:63:44:
         cb:cd:76:48:a5:8b:ea:d3:0a:2b:ae:29:04:71:fb:4b:99:d6:
         fb:42:2a:1d:5e:03:f2:29:94:18:53:6a:0a:82:05:ae:02:75:
         00:de:62:66:77:6a:90:fe:63:62:f4:fa:03:a7:4f:01:03:1f:
         92:46:b9:25:23:4a:2e:af:ce:49:da:53:25:73:90:f0:70:f7:
         7c:0f:d5:aa:36:94:38:b1:eb:9d:47:93:9d:36:bf:1f:bc:27:
         de:2d:f3:81:4e:4a:21:19:20:8f:84:3a:4d:b2:6c:81:a3:bf:
         bf:54:6f:f8:35:d4:7b:3d:e8:2d:4b:f6:48:3c:cf:84:62:e2:
         3a:0f:fa:bb:70:85:0c:3c:58:7e:92:f6:c3:90:40:d7:e6:1b:
         5d:6f:c5:2e:d4:67:e0:a2:1d:db:67:4a:18:c0:4f:a0:a9:27:
         ef:24:8b:a1:0b:d1:0d:73:59:db:b3:ce:d3:47:21:9c:80:2a:
         ed:a2:68:49:10:8a:06:53:85:8e:51:ad:b7:09:b0:7a:ba:08:
         47:2c:80:ab
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYZ3vZH/JxxLEsvE8vXOxukGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjIyMDYwOTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2UyOGI0NThkNjFkODMwODQxY2M2NTNhZjMxNTdmMzE0ZWVkMzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsvDXo5LOILx3Z096t+BeDA/EDzg
Bkh+xtzUxpcDUNvSPnK+D9LgXWlYZe5qWZz209EhOTysC9YsF5MKBakm86WZCM/T
BBr9LF01xxSUzlOVorZl3/48kbRPWhkM1ZJy8OAmaimTdpE8OcI8RtnGe8PjXVKL
NbS06iYgk8ynCfMTTaNFysZ6gBHtCnOWOT1ZNC5N8N3ixQmkFJi03T+z2nWSVJob
tA+H5E33EOe7oFpPS/SP+G2uwBBdktxLYo4bb+yHSOtHDieMEWulPdZ1cC7KgG0T
CMtCUHBYpXjtK2wNoChbotqRmKDk0Lm20wW7NpL9VApKkIVrRWCPreADhQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFNzii0WNYdgwhBzGU68xV/MU7tNeMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvM09LTFJZMWgyRENFSE1aVHJ6Rlg4eFR1MDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCMAwDBARU9TAD
BABU9TgwDAMEAVT1OgMEBlT1AAMEAFkf2wMEALnk4zAMAwQAufTdAwQFufTAAwQA
wVSHAwQA2UoTMA0GCSqGSIb3DQEBCwUAA4IBAQAuLswyKbQ37xcIeBApxyA7SX76
J8IlYRtARAQSh8ze8IHqiZFk1WeRNNPgPnaCJcNqu6hSY0TLzXZIpYvq0worrikE
cftLmdb7QiodXgPyKZQYU2oKggWuAnUA3mJmd2qQ/mNi9PoDp08BAx+SRrklI0ou
r85J2lMlc5DwcPd8D9WqNpQ4seudR5OdNr8fvCfeLfOBTkohGSCPhDpNsmyBo7+/
VG/4NdR7PegtS/ZIPM+EYuI6D/q7cIUMPFh+kvbDkEDX5htdb8Uu1Gfgoh3bZ0oY
wE+gqSfvJIuhC9ENc1nbs87TRyGcgCrtomhJEIoGU4WOUa23CbB6ughHLICr
-----END CERTIFICATE-----