Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/3STTM8x_KVdOno05kYhLfDoC1aM.roa
File:                     3STTM8x_KVdOno05kYhLfDoC1aM.roa (raw, json)
Hash identifier:          l0kwnSu1a2C07I8z3otR1EZ2KdzrwHHYm+ZeGOouPOA=
Subject key identifier:   DD:24:D3:33:CC:7F:29:57:4E:9E:8D:39:91:88:4B:7C:3A:02:D5:A3
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018966AEB307089494FB654C3DF04C465421
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/3STTM8x_KVdOno05kYhLfDoC1aM.roa
Signing time:             Tue 18 Jul 2023 01:47:52 +0000
ROA not before:           Tue 18 Jul 2023 01:47:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.36.231.0/24 maxlen: 24
                          188.240.83.0/24 maxlen: 24
                          84.247.20.0/24 maxlen: 24
                          46.102.174.0/24 maxlen: 24
                          89.37.128.0/24 maxlen: 24
                          62.112.30.0/24 maxlen: 24
                          93.114.69.0/24 maxlen: 24
                          176.223.190.0/24 maxlen: 24
                          94.177.113.0/24 maxlen: 24
                          94.177.118.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:66:ae:b3:07:08:94:94:fb:65:4c:3d:f0:4c:46:54:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jul 18 01:47:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd24d333cc7f29574e9e8d3991884b7c3a02d5a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:32:d7:0d:56:09:23:d5:a8:ff:e3:30:7f:bf:
                    a0:2e:74:4f:69:b4:38:f3:99:d6:a7:ee:90:be:d4:
                    80:09:79:da:11:ca:c6:90:95:92:bf:df:22:24:a6:
                    47:d6:a5:65:89:e4:90:cb:fd:a7:73:29:71:07:22:
                    c5:91:98:92:32:41:7f:56:eb:84:33:b6:94:30:1d:
                    91:a2:a5:31:aa:05:b0:8a:c1:85:b2:3e:dd:35:9a:
                    90:f2:c3:05:b1:90:46:69:de:0a:ac:c1:68:e9:a2:
                    68:0b:4d:e9:b2:27:55:b9:ba:98:79:be:a5:35:46:
                    a1:24:7a:34:1a:da:84:07:53:18:5e:26:02:b6:f8:
                    a2:9a:39:9f:68:71:a5:4c:5a:2e:d3:27:a2:2e:f9:
                    37:01:0a:39:0a:dc:22:92:9c:f1:68:d9:13:d5:cd:
                    f7:5a:fe:9d:4d:2e:3d:b8:b9:62:a1:8f:b4:52:96:
                    39:d4:e2:1e:6b:ab:47:45:52:0b:aa:32:76:c3:49:
                    58:5b:ef:57:6b:85:19:4a:04:92:c9:d9:e4:de:c0:
                    f8:4a:33:98:0f:c8:c6:13:69:1c:c5:46:a7:53:2c:
                    66:3b:06:0d:1d:e8:8b:0a:43:a6:53:e3:fc:86:cc:
                    ba:e5:dd:6f:76:31:1f:90:0e:b3:cd:7c:64:32:b1:
                    9f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:24:D3:33:CC:7F:29:57:4E:9E:8D:39:91:88:4B:7C:3A:02:D5:A3
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/3STTM8x_KVdOno05kYhLfDoC1aM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.174.0/24
                  62.112.30.0/24
                  84.247.20.0/24
                  89.36.231.0/24
                  89.37.128.0/24
                  93.114.69.0/24
                  94.177.113.0/24
                  94.177.118.0/24
                  176.223.190.0/24
                  188.240.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:2e:b7:65:88:de:31:93:1b:df:47:52:ee:7d:f7:44:6c:f7:
         e3:ed:c8:e4:9a:f3:ea:9d:97:98:9c:12:65:a3:9a:95:e0:e7:
         65:3e:1d:a3:46:c3:71:fc:d5:ec:27:36:e8:ec:1d:9f:ec:b2:
         7a:f9:c5:57:08:90:d7:90:ad:04:cb:38:02:db:a1:49:78:1a:
         97:c5:26:c5:59:c2:dd:40:c4:02:93:e8:17:1c:96:a1:3e:eb:
         72:f0:47:c5:31:a2:9d:91:7d:98:b5:b8:ad:22:ce:a3:92:db:
         de:f2:59:9e:d7:d6:7e:e2:2b:85:7d:c3:80:57:b5:32:cf:d3:
         87:e3:69:d9:da:d7:39:46:82:29:61:71:84:bb:0c:72:53:ff:
         39:35:aa:6a:7b:5b:27:b0:c4:5f:0e:6b:fa:d2:82:16:58:b8:
         8d:79:7b:c6:e3:71:26:30:55:ec:d6:e2:1e:94:47:5b:19:08:
         12:40:8e:c9:c0:34:e5:b4:5f:b2:b0:c1:00:a5:5d:1d:cd:fe:
         76:c5:60:4a:e2:1c:18:64:2e:89:f2:49:44:61:e0:cf:29:77:
         1c:e5:97:36:52:73:5b:46:c3:bb:30:56:1c:43:4f:76:80:f3:
         53:2d:38:9f:3b:85:3c:04:8a:28:19:4a:ce:a2:5c:06:ff:de:
         86:d5:d4:a6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYlmrrMHCJSU+2VMPfBMRlQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNzE4MDE0NzUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDI0ZDMzM2NjN2YyOTU3NGU5ZThkMzk5MTg4NGI3YzNhMDJkNWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTLXDVYJI9Wo/+Mwf7+gLnRPabQ4
85nWp+6QvtSACXnaEcrGkJWSv98iJKZH1qVlieSQy/2ncylxByLFkZiSMkF/VuuE
M7aUMB2RoqUxqgWwisGFsj7dNZqQ8sMFsZBGad4KrMFo6aJoC03psidVubqYeb6l
NUahJHo0GtqEB1MYXiYCtviimjmfaHGlTFou0yeiLvk3AQo5CtwikpzxaNkT1c33
Wv6dTS49uLlioY+0UpY51OIea6tHRVILqjJ2w0lYW+9Xa4UZSgSSydnk3sD4SjOY
D8jGE2kcxUanUyxmOwYNHeiLCkOmU+P8hsy65d1vdjEfkA6zzXxkMrGf0QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFN0k0zPMfylXTp6NOZGIS3w6AtWjMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvM1NUVE04eF9LVmRPbm8wNWtZaExmRG9DMWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALmauAwQA
PnAeAwQAVPcUAwQAWSTnAwQAWSWAAwQAXXJFAwQAXrFxAwQAXrF2AwQAsN++AwQA
vPBTMA0GCSqGSIb3DQEBCwUAA4IBAQAeLrdliN4xkxvfR1LuffdEbPfj7cjkmvPq
nZeYnBJlo5qV4OdlPh2jRsNx/NXsJzbo7B2f7LJ6+cVXCJDXkK0EyzgC26FJeBqX
xSbFWcLdQMQCk+gXHJahPuty8EfFMaKdkX2YtbitIs6jktve8lme19Z+4iuFfcOA
V7Uyz9OH42nZ2tc5RoIpYXGEuwxyU/85Napqe1snsMRfDmv60oIWWLiNeXvG43Em
MFXs1uIelEdbGQgSQI7JwDTltF+ysMEApV0dzf52xWBK4hwYZC6J8klEYeDPKXcc
5Zc2UnNbRsO7MFYcQ092gPNTLTifO4U8BIooGUrOolwG/96G1dSm
-----END CERTIFICATE-----