Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/mOl_kLx9wKzQS1PsMuOShUrHqjI.roa
File:                     mOl_kLx9wKzQS1PsMuOShUrHqjI.roa (raw, json)
Hash identifier:          9G2GI4YLPv78F1OXGfzSQ8wZZ3mP7OiGqLg4o4wOJZA=
Subject key identifier:   98:E9:7F:90:BC:7D:C0:AC:D0:4B:53:EC:32:E3:92:85:4A:C7:AA:32
Certificate issuer:       /CN=0e0f4872ad1c1f4fcb213b6b2edb388a2d9c9a23
Certificate serial:       018BEC9EF1C015C6CA792B782C42B0C2A409
Authority key identifier: 0E:0F:48:72:AD:1C:1F:4F:CB:21:3B:6B:2E:DB:38:8A:2D:9C:9A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/mOl_kLx9wKzQS1PsMuOShUrHqjI.roa
Signing time:             Mon 20 Nov 2023 12:05:21 +0000
ROA not before:           Mon 20 Nov 2023 12:05:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5391
IP address blocks:        93.140.0.0/16 maxlen: 16
                          89.172.0.0/16 maxlen: 16
                          78.2.0.0/16 maxlen: 16
                          195.29.0.0/16 maxlen: 18
                          93.141.0.0/16 maxlen: 16
                          78.0.0.0/16 maxlen: 16
                          93.139.0.0/16 maxlen: 16
                          78.1.0.0/16 maxlen: 16
                          93.143.0.0/16 maxlen: 16
                          93.138.0.0/16 maxlen: 16
                          93.136.0.0/16 maxlen: 16
                          78.3.0.0/16 maxlen: 16
                          83.131.0.0/16 maxlen: 16
                          83.131.8.0/24 maxlen: 24
                          93.142.0.0/16 maxlen: 16
                          93.137.0.0/16 maxlen: 18

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ec:9e:f1:c0:15:c6:ca:79:2b:78:2c:42:b0:c2:a4:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0f4872ad1c1f4fcb213b6b2edb388a2d9c9a23
        Validity
            Not Before: Nov 20 12:05:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=98e97f90bc7dc0acd04b53ec32e392854ac7aa32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f8:55:20:4c:bf:ec:b1:db:a2:36:de:11:19:
                    b1:41:6c:c4:69:30:26:6b:da:af:10:ac:dd:cf:c8:
                    1b:60:3f:08:c4:17:c9:a6:94:e3:fa:94:52:de:a6:
                    15:25:98:5e:ed:90:86:98:d3:64:4b:06:e0:74:16:
                    4c:dd:7c:8d:9a:e5:dc:08:ed:a9:00:5f:18:d8:54:
                    83:5a:cf:e5:2a:9d:21:d6:31:66:f9:c6:4e:32:e5:
                    5c:54:1c:d0:2c:10:72:70:e7:51:99:fd:e5:f0:ef:
                    f6:df:36:a1:92:4d:1a:8c:17:d0:b9:b9:c0:7a:54:
                    98:f5:8e:1a:7d:6d:3b:ab:f4:80:b3:68:7e:89:b2:
                    c7:a9:15:2c:61:c5:ec:df:55:89:2a:c1:02:4e:44:
                    00:46:37:80:5e:30:a3:d8:f6:0b:cc:e4:f7:7a:87:
                    7a:dc:0f:f5:8e:69:16:f7:5e:a5:11:0e:3b:00:65:
                    ed:37:c2:25:e8:91:34:0b:01:20:a4:1d:83:d7:ca:
                    5d:0e:da:67:e2:ad:08:c3:db:19:07:5e:b2:24:bf:
                    a8:2e:0f:c6:f1:f2:89:fc:32:89:54:35:a7:d9:93:
                    8b:fb:36:64:a0:a2:fd:18:c8:f4:7e:c6:48:22:6b:
                    59:96:3c:c5:8b:7b:06:b0:99:50:a3:91:4b:df:0b:
                    1c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:E9:7F:90:BC:7D:C0:AC:D0:4B:53:EC:32:E3:92:85:4A:C7:AA:32
            X509v3 Authority Key Identifier:
                keyid:0E:0F:48:72:AD:1C:1F:4F:CB:21:3B:6B:2E:DB:38:8A:2D:9C:9A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dg9Icq0cH0_LITtrLts4ii2cmiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/mOl_kLx9wKzQS1PsMuOShUrHqjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dc5a62-064b-45b0-b89d-c01f80a1c805/1/Dg9Icq0cH0_LITtrLts4ii2cmiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.0.0.0/14
                  83.131.0.0/16
                  89.172.0.0/16
                  93.136.0.0/13
                  195.29.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5b:6c:f7:35:b6:5f:2c:d7:db:6c:27:2d:dd:1a:4b:7d:e1:67:
         c2:90:4e:91:18:78:11:09:49:8b:6f:cf:34:0f:53:bd:f3:10:
         c9:74:45:37:6b:13:06:45:ad:6f:78:35:3b:19:c9:73:bb:f3:
         51:bd:4a:09:cf:ae:d9:0b:8f:54:65:4b:a6:08:e2:9d:ea:72:
         4e:92:62:11:cf:e9:79:c0:40:c6:2e:61:56:c8:ca:cf:e6:00:
         e8:03:1a:96:7e:67:76:4f:45:ee:53:aa:a4:8d:c0:38:79:13:
         22:95:53:3f:1f:d1:ba:82:bb:8f:42:2a:54:f1:ad:72:37:b5:
         d0:57:ad:99:b1:4a:d2:4d:5d:73:1f:f3:39:01:d2:32:be:f0:
         19:ee:2d:96:80:11:b2:dd:e6:72:37:78:19:71:bc:e2:d4:e2:
         0e:95:21:c2:5a:6d:03:78:12:1b:05:0a:a8:e9:21:eb:e8:ac:
         ca:f5:ac:0b:35:1b:4e:fa:d7:28:2a:d1:ab:43:a9:c5:c2:6c:
         39:f1:c8:d3:f4:92:2b:89:21:61:93:0b:f1:c5:2b:0e:8d:52:
         d7:eb:e0:8e:8b:da:d7:81:9b:f3:30:3f:0e:73:d6:1e:a0:d5:
         1f:43:06:b2:ee:44:cc:7b:7e:b4:d8:05:ed:6c:5a:db:9a:72:
         50:ad:ed:d4
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYvsnvHAFcbKeSt4LEKwwqQJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGY0ODcyYWQxYzFmNGZjYjIxM2I2YjJlZGIzODhhMmQ5
YzlhMjMwHhcNMjMxMTIwMTIwNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGU5N2Y5MGJjN2RjMGFjZDA0YjUzZWMzMmUzOTI4NTRhYzdhYTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/hVIEy/7LHbojbeERmxQWzEaTAm
a9qvEKzdz8gbYD8IxBfJppTj+pRS3qYVJZhe7ZCGmNNkSwbgdBZM3XyNmuXcCO2p
AF8Y2FSDWs/lKp0h1jFm+cZOMuVcVBzQLBBycOdRmf3l8O/23zahkk0ajBfQubnA
elSY9Y4afW07q/SAs2h+ibLHqRUsYcXs31WJKsECTkQARjeAXjCj2PYLzOT3eod6
3A/1jmkW916lEQ47AGXtN8Il6JE0CwEgpB2D18pdDtpn4q0Iw9sZB16yJL+oLg/G
8fKJ/DKJVDWn2ZOL+zZkoKL9GMj0fsZIImtZljzFi3sGsJlQo5FL3wscHQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFJjpf5C8fcCs0EtT7DLjkoVKx6oyMB8GA1UdIwQY
MBaAFA4PSHKtHB9PyyE7ay7bOIotnJojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGc5SWNxMGNIMF9MSVR0ckx0czRpaTJjbWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kYzVhNjItMDY0Yi00NWIwLWI4OWQt
YzAxZjgwYTFjODA1LzEvbU9sX2tMeDl3S3pRUzFQc011T1NoVXJIcWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kYzVhNjItMDY0Yi00NWIwLWI4OWQtYzAxZjgwYTFjODA1
LzEvRGc5SWNxMGNIMF9MSVR0ckx0czRpaTJjbWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAATAZAwMCTgADAwBT
gwMDAFmsAwMDXYgDAwDDHTANBgkqhkiG9w0BAQsFAAOCAQEAW2z3NbZfLNfbbCct
3RpLfeFnwpBOkRh4EQlJi2/PNA9TvfMQyXRFN2sTBkWtb3g1OxnJc7vzUb1KCc+u
2QuPVGVLpgjinepyTpJiEc/pecBAxi5hVsjKz+YA6AMaln5ndk9F7lOqpI3AOHkT
IpVTPx/RuoK7j0IqVPGtcje10FetmbFK0k1dcx/zOQHSMr7wGe4tloARst3mcjd4
GXG84tTiDpUhwlptA3gSGwUKqOkh6+isyvWsCzUbTvrXKCrRq0OpxcJsOfHI0/SS
K4khYZML8cUrDo1S1+vgjova14Gb8zA/DnPWHqDVH0MGsu5EzHt+tNgF7Wxa25py
UK3t1A==
-----END CERTIFICATE-----