Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/lrosrCnWdABagHSxPaHSVkULULs.roa
File:                     lrosrCnWdABagHSxPaHSVkULULs.roa (raw, json)
Hash identifier:          jtRgTsmGOU/GSPJrNhgqLckJbGuFoP36JqSKaRk2tUA=
Subject key identifier:   96:BA:2C:AC:29:D6:74:00:5A:80:74:B1:3D:A1:D2:56:45:0B:50:BB
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       0185A33D57619CE16A36F8B074964719B584
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/lrosrCnWdABagHSxPaHSVkULULs.roa
Signing time:             Wed 11 Jan 2023 23:49:44 +0000
ROA not before:           Wed 11 Jan 2023 23:49:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     64249
IP address blocks:        5.182.199.0/24 maxlen: 24
                          193.148.94.0/24 maxlen: 24
                          79.98.181.0/24 maxlen: 24
                          45.67.143.0/24 maxlen: 24
                          45.67.144.0/24 maxlen: 24
                          45.67.142.0/24 maxlen: 24
                          92.249.28.0/24 maxlen: 24
                          63.246.157.0/24 maxlen: 24
                          63.246.156.0/24 maxlen: 24
                          94.154.168.0/23 maxlen: 23
                          94.154.176.0/24 maxlen: 24
                          94.154.179.0/24 maxlen: 24
                          63.246.128.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a3:3d:57:61:9c:e1:6a:36:f8:b0:74:96:47:19:b5:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan 11 23:49:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=96ba2cac29d674005a8074b13da1d256450b50bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2d:af:40:99:8f:d8:e9:7b:76:c1:50:a2:cb:
                    1e:79:16:b2:f6:8f:3a:7a:b1:aa:47:c5:31:7a:92:
                    e2:65:24:f6:7a:98:e5:80:3b:f5:43:4e:57:fe:73:
                    09:89:80:bd:fd:67:ab:d1:f6:a0:9c:4d:31:92:0e:
                    32:eb:00:49:83:e5:0d:cf:b4:a5:8e:4d:60:59:f2:
                    8d:70:34:c4:60:07:49:2b:ce:84:02:f5:09:c2:bc:
                    fc:00:d4:ab:31:29:20:32:41:94:13:03:47:22:30:
                    a2:4e:90:4d:62:3b:c2:eb:bf:4f:2e:a7:80:44:3d:
                    4e:ab:09:76:51:b7:7a:4b:60:2d:90:e7:08:bf:52:
                    00:1e:de:8a:a2:05:7e:ba:bc:06:2f:01:cb:7c:ff:
                    d1:d1:d7:6f:44:e9:a2:5a:8c:1f:e5:8d:8b:95:dd:
                    fa:65:83:39:c0:68:27:72:7a:34:25:6c:67:bf:57:
                    9a:ee:7f:a6:e6:8e:f8:4c:3b:c0:51:c8:6a:df:8c:
                    43:d1:ff:21:9d:47:b3:fe:db:6f:56:26:6f:94:41:
                    f1:92:05:bc:ba:fd:76:ae:9d:36:54:d9:ab:93:8a:
                    5e:cc:c0:58:92:f7:40:ef:b6:61:26:be:37:41:0a:
                    23:83:36:1d:9b:59:1a:e6:82:6e:5e:5d:23:11:d4:
                    f2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:BA:2C:AC:29:D6:74:00:5A:80:74:B1:3D:A1:D2:56:45:0B:50:BB
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/lrosrCnWdABagHSxPaHSVkULULs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.199.0/24
                  45.67.142.0-45.67.144.255
                  63.246.128.0/24
                  63.246.156.0/23
                  79.98.181.0/24
                  92.249.28.0/24
                  94.154.168.0/23
                  94.154.176.0/24
                  94.154.179.0/24
                  193.148.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:c0:47:57:88:a0:ea:be:77:a0:df:42:25:26:b2:59:11:35:
         42:d4:17:a4:ae:7e:9e:1e:2d:fe:cc:85:d7:32:88:3c:f5:5b:
         9c:46:17:54:f0:31:d8:25:37:b8:2f:4f:75:81:fe:3d:5f:cc:
         0c:63:ee:d2:76:70:5e:eb:80:53:cc:ea:32:a9:4b:76:c8:00:
         17:23:60:fa:a5:66:85:a2:56:cf:e0:e4:3b:43:25:88:ca:04:
         04:ca:70:f1:31:d0:6b:41:4a:30:c8:ee:7f:30:fe:5d:16:ab:
         26:85:d9:04:16:a4:0b:51:07:93:88:92:4e:1c:c4:cc:68:9d:
         07:7b:88:54:39:a7:a9:32:9f:dd:91:46:03:c5:29:c8:9a:7c:
         3f:1f:83:c4:9c:9d:c6:eb:9f:34:3f:a1:a9:e7:d5:8b:44:47:
         b8:5f:29:e3:fb:ef:d4:49:09:09:94:24:13:87:2b:dd:6c:91:
         29:57:b9:11:4a:36:83:e8:3f:40:5f:e9:b7:c9:54:03:ae:9c:
         e6:8b:f0:9e:cd:8a:89:f6:1a:cd:bc:f5:f9:67:77:81:7f:8a:
         ea:79:bb:34:5f:b0:b0:2f:7d:13:ed:aa:8a:06:27:59:68:3b:
         bc:b0:7a:41:3a:8c:69:82:9e:91:1e:38:73:0d:0a:bd:c4:b4:
         e7:55:64:90
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYWjPVdhnOFqNviwdJZHGbWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjMwMTExMjM0OTQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmJhMmNhYzI5ZDY3NDAwNWE4MDc0YjEzZGExZDI1NjQ1MGI1MGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoy2vQJmP2Ol7dsFQosseeRay9o86
erGqR8UxepLiZST2epjlgDv1Q05X/nMJiYC9/Wer0fagnE0xkg4y6wBJg+UNz7Sl
jk1gWfKNcDTEYAdJK86EAvUJwrz8ANSrMSkgMkGUEwNHIjCiTpBNYjvC679PLqeA
RD1Oqwl2Ubd6S2AtkOcIv1IAHt6KogV+urwGLwHLfP/R0ddvROmiWowf5Y2Lld36
ZYM5wGgncno0JWxnv1ea7n+m5o74TDvAUchq34xD0f8hnUez/ttvViZvlEHxkgW8
uv12rp02VNmrk4pezMBYkvdA77ZhJr43QQojgzYdm1ka5oJuXl0jEdTyzQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJa6LKwp1nQAWoB0sT2h0lZFC1C7MB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvbHJvc3JDbldkQUJhZ0hTeFBhSFNWa1VMVUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQABbbHMAwD
BAEtQ44DBAAtQ5ADBAA/9oADBAE/9pwDBABPYrUDBABc+RwDBAFemqgDBABemrAD
BABemrMDBADBlF4wDQYJKoZIhvcNAQELBQADggEBADzAR1eIoOq+d6DfQiUmslkR
NULUF6Sufp4eLf7MhdcyiDz1W5xGF1TwMdglN7gvT3WB/j1fzAxj7tJ2cF7rgFPM
6jKpS3bIABcjYPqlZoWiVs/g5DtDJYjKBATKcPEx0GtBSjDI7n8w/l0WqyaF2QQW
pAtRB5OIkk4cxMxonQd7iFQ5p6kyn92RRgPFKciafD8fg8ScncbrnzQ/oann1YtE
R7hfKeP779RJCQmUJBOHK91skSlXuRFKNoPoP0Bf6bfJVAOunOaL8J7Nion2Gs28
9flnd4F/iup5uzRfsLAvfRPtqooGJ1loO7ywekE6jGmCnpEeOHMNCr3EtOdVZJA=
-----END CERTIFICATE-----