Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/OEU-WadiCE-SXQwohBUlX3pNd0o.roa
File:                     OEU-WadiCE-SXQwohBUlX3pNd0o.roa (raw, json)
Hash identifier:          Wln/cyCNuM/nAkavPM9SD0bx7CZ0jYQaqH5XPXLTCXE=
Subject key identifier:   38:45:3E:59:A7:62:08:4F:92:5D:0C:28:84:15:25:5F:7A:4D:77:4A
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       0185DE1D9488EAB7F89BBC1211A72AA2E1A7
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/OEU-WadiCE-SXQwohBUlX3pNd0o.roa
Signing time:             Mon 23 Jan 2023 10:12:38 +0000
ROA not before:           Mon 23 Jan 2023 10:12:38 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206092
IP address blocks:        185.118.78.0/24 maxlen: 24
                          213.21.229.0/24 maxlen: 24
                          213.21.233.0/24 maxlen: 24
                          213.21.246.0/24 maxlen: 24
                          213.21.250.0/24 maxlen: 24
                          213.21.251.0/24 maxlen: 24
                          213.21.247.0/24 maxlen: 24
                          193.68.85.0/24 maxlen: 24
                          213.21.254.0/24 maxlen: 24
                          193.68.91.0/24 maxlen: 24
                          193.68.95.0/24 maxlen: 24
                          193.68.92.0/24 maxlen: 24
                          213.21.226.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:de:1d:94:88:ea:b7:f8:9b:bc:12:11:a7:2a:a2:e1:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jan 23 10:12:38 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38453e59a762084f925d0c288415255f7a4d774a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e5:e3:db:19:0c:01:04:9f:75:7b:a4:0b:47:
                    7c:fb:b2:f9:9b:9a:62:72:b0:c8:06:c1:f1:0e:57:
                    54:be:f9:6a:5d:3a:17:f7:44:b2:c1:01:d6:23:14:
                    32:ed:07:cf:ce:3f:ea:67:0e:3a:08:92:09:ba:16:
                    3a:10:14:c1:c4:ea:ee:a9:28:ca:6d:c3:43:ab:25:
                    4b:6d:1e:37:86:6e:92:43:c3:14:00:9f:50:5d:84:
                    82:39:de:82:66:81:47:e3:3e:8c:97:ff:ce:95:07:
                    f8:2f:39:d7:8a:e5:1b:ea:8e:c5:67:e5:a8:93:f4:
                    b9:ec:3f:f8:da:55:1f:df:c1:c1:1d:a1:13:7c:d7:
                    32:d6:6e:2c:50:78:26:03:cf:7d:a9:8c:dd:68:b7:
                    d1:6f:62:79:86:e9:ca:36:c6:00:36:b5:fb:56:c7:
                    66:e6:ba:77:40:3f:f3:84:40:f9:15:9b:2d:67:79:
                    97:92:82:6b:52:8a:4f:69:90:c1:57:4f:89:0b:57:
                    52:3d:62:c1:fe:57:25:7b:ce:30:2e:da:22:77:95:
                    64:4c:5b:ca:1d:7d:ba:77:c4:75:8c:1a:72:5c:82:
                    79:84:3e:de:3c:40:1e:d1:03:81:7e:77:0b:f7:e5:
                    6b:b7:8b:a9:cc:05:3d:bf:c4:0d:93:42:f7:c0:5a:
                    b2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:45:3E:59:A7:62:08:4F:92:5D:0C:28:84:15:25:5F:7A:4D:77:4A
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/OEU-WadiCE-SXQwohBUlX3pNd0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.78.0/24
                  193.68.85.0/24
                  193.68.91.0-193.68.92.255
                  193.68.95.0/24
                  213.21.226.0/24
                  213.21.229.0/24
                  213.21.233.0/24
                  213.21.246.0/23
                  213.21.250.0/23
                  213.21.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:ca:3c:f2:91:05:1c:f0:c6:3b:31:8a:95:9b:69:c0:75:fc:
         e1:c0:ca:5e:10:19:01:c9:ca:b2:94:6a:bf:9a:84:3c:74:7a:
         75:43:d2:12:29:4c:70:c3:ce:83:6a:92:97:eb:e8:63:33:5b:
         02:58:63:a1:14:6b:35:81:2e:95:e6:eb:a8:22:33:b1:72:47:
         9d:5c:ed:21:25:ae:c1:49:5b:e4:e1:36:66:4d:8f:dc:d7:22:
         bf:5a:cf:99:5f:81:76:17:36:e1:6c:8e:bc:30:78:45:66:53:
         85:59:83:4d:d7:88:c3:16:02:24:90:38:1e:52:4d:b0:b7:59:
         c6:73:b7:dc:9a:40:50:0e:2e:ef:80:34:5e:7a:80:6f:c4:b0:
         23:7e:38:9e:29:06:0f:34:65:eb:d2:20:61:cb:71:f2:e6:fe:
         01:dd:d8:2f:e4:5f:d1:97:f8:92:8b:bb:c1:dd:19:5b:d4:ab:
         1a:20:59:8a:2e:de:cb:60:dc:00:24:73:8b:8f:02:69:13:14:
         54:23:15:0b:7c:30:d0:d4:87:b4:d4:bc:75:70:35:83:fc:b0:
         9a:34:c9:78:c5:1f:99:d4:39:e1:d0:84:89:0b:e4:c1:e1:ef:
         1f:e6:bb:64:3b:59:f9:9f:32:47:b7:83:92:07:f7:e2:8c:95:
         bc:c5:80:0a
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYXeHZSI6rf4m7wSEacqouGnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjMwMTIzMTAxMjM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODQ1M2U1OWE3NjIwODRmOTI1ZDBjMjg4NDE1MjU1ZjdhNGQ3NzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuXj2xkMAQSfdXukC0d8+7L5m5pi
crDIBsHxDldUvvlqXToX90SywQHWIxQy7QfPzj/qZw46CJIJuhY6EBTBxOruqSjK
bcNDqyVLbR43hm6SQ8MUAJ9QXYSCOd6CZoFH4z6Ml//OlQf4LznXiuUb6o7FZ+Wo
k/S57D/42lUf38HBHaETfNcy1m4sUHgmA899qYzdaLfRb2J5hunKNsYANrX7Vsdm
5rp3QD/zhED5FZstZ3mXkoJrUopPaZDBV0+JC1dSPWLB/lcle84wLtoid5VkTFvK
HX26d8R1jBpyXIJ5hD7ePEAe0QOBfncL9+Vrt4upzAU9v8QNk0L3wFqyRwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFDhFPlmnYghPkl0MKIQVJV96TXdKMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvT0VVLVdhZGlDRS1TWFF3b2hCVWxYM3BOZDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAuXZOAwQA
wURVMAwDBADBRFsDBADBRFwDBADBRF8DBADVFeIDBADVFeUDBADVFekDBAHVFfYD
BAHVFfoDBADVFf4wDQYJKoZIhvcNAQELBQADggEBAATKPPKRBRzwxjsxipWbacB1
/OHAyl4QGQHJyrKUar+ahDx0enVD0hIpTHDDzoNqkpfr6GMzWwJYY6EUazWBLpXm
66giM7FyR51c7SElrsFJW+ThNmZNj9zXIr9az5lfgXYXNuFsjrwweEVmU4VZg03X
iMMWAiSQOB5STbC3WcZzt9yaQFAOLu+ANF56gG/EsCN+OJ4pBg80ZevSIGHLcfLm
/gHd2C/kX9GX+JKLu8HdGVvUqxogWYou3stg3AAkc4uPAmkTFFQjFQt8MNDUh7TU
vHVwNYP8sJo0yXjFH5nUOeHQhIkL5MHh7x/mu2Q7WfmfMke3g5IH9+KMlbzFgAo=
-----END CERTIFICATE-----