Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/1oM89Bw0kVC7uo_uePO-OFRft8U.roa
File:                     1oM89Bw0kVC7uo_uePO-OFRft8U.roa (raw, json)
Hash identifier:          fXj3bsYMBiEJhw1upZKavgz2trEz7c72W35mfcZsB+0=
Subject key identifier:   D6:83:3C:F4:1C:34:91:50:BB:BA:8F:EE:78:F3:BE:38:54:5F:B7:C5
Certificate issuer:       /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial:       0189C08BB0028CBFFEC3686A78A1B4C547A3
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/1oM89Bw0kVC7uo_uePO-OFRft8U.roa
Signing time:             Fri 04 Aug 2023 12:35:27 +0000
ROA not before:           Fri 04 Aug 2023 12:35:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15589
IP address blocks:        217.15.208.0/20 maxlen: 24
                          212.90.0.0/19 maxlen: 24
                          213.183.128.0/19 maxlen: 24
                          81.92.32.0/20 maxlen: 24
                          194.153.192.0/20 maxlen: 24
                          83.211.0.0/16 maxlen: 24
                          213.136.128.0/18 maxlen: 24
                          212.110.0.0/19 maxlen: 24
                          194.153.208.0/22 maxlen: 24
                          62.94.0.0/16 maxlen: 24
                          213.198.128.0/18 maxlen: 24
                          2001:750::/29 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:c0:8b:b0:02:8c:bf:fe:c3:68:6a:78:a1:b4:c5:47:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
        Validity
            Not Before: Aug  4 12:35:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d6833cf41c349150bbba8fee78f3be38545fb7c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a8:67:49:0b:3a:28:c8:fa:30:8f:3a:37:93:
                    b4:d8:bd:9f:06:ff:a9:6e:a8:84:d0:5b:a7:51:a2:
                    60:22:87:ae:36:7e:c6:11:c5:a9:c7:95:21:c4:2a:
                    e8:dc:b7:d2:7a:b3:0e:0f:73:f0:88:79:97:2a:45:
                    6d:27:ec:88:03:49:89:41:2d:bf:b2:83:28:79:7d:
                    21:a4:dd:4b:c3:c0:d3:c0:47:5f:53:85:c2:f2:77:
                    ba:d6:29:1e:7f:41:83:dd:fe:ad:05:96:c4:f8:87:
                    25:f6:f5:8a:be:46:4c:af:f9:a1:07:9f:1c:74:1c:
                    88:3c:03:33:e8:c0:5f:60:57:02:1c:24:ca:21:27:
                    ae:32:89:17:06:ca:c8:62:68:7c:62:6e:0b:f0:bf:
                    37:b0:07:02:71:90:5e:72:7a:6b:02:73:a6:85:e8:
                    be:67:0b:b8:81:c0:cd:8c:62:6d:45:30:f0:b6:f9:
                    d1:5b:3d:b6:05:98:0f:7b:fe:84:a2:3b:80:c2:7f:
                    1a:63:87:62:3f:ce:42:04:1f:19:dc:bc:9f:9b:9b:
                    66:f2:73:af:83:b7:54:36:50:40:e4:ce:c8:6b:44:
                    bb:6d:6b:b1:55:e3:ad:e5:6d:ad:2d:96:ed:cb:95:
                    87:0d:d5:1b:b3:8e:a3:9a:da:72:08:95:58:03:d1:
                    68:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:83:3C:F4:1C:34:91:50:BB:BA:8F:EE:78:F3:BE:38:54:5F:B7:C5
            X509v3 Authority Key Identifier:
                keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/1oM89Bw0kVC7uo_uePO-OFRft8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.94.0.0/16
                  81.92.32.0/20
                  83.211.0.0/16
                  194.153.192.0-194.153.211.255
                  212.90.0.0/19
                  212.110.0.0/19
                  213.136.128.0/18
                  213.183.128.0/19
                  213.198.128.0/18
                  217.15.208.0/20
                IPv6:
                  2001:750::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:59:9b:a2:cf:67:46:0d:78:95:da:88:a6:a8:58:06:51:c7:
         9c:65:e8:17:6d:aa:af:7a:4e:cc:b2:ba:b5:50:6a:36:8b:0f:
         da:eb:49:32:7a:fb:d8:fe:05:2a:39:2b:a3:6d:57:fb:93:10:
         2c:e8:52:55:f9:03:c2:4a:75:cd:0a:59:2b:01:ac:19:13:1b:
         66:36:df:df:f5:4f:50:fb:8e:2a:97:6a:1f:bf:39:74:e6:31:
         01:a5:27:18:67:2b:a7:dc:9f:1d:83:a3:12:53:58:58:ab:a1:
         f7:b6:a8:c1:2a:f5:5a:38:e4:7e:ef:28:5d:8a:7c:8c:c0:be:
         6c:17:40:a4:94:f0:49:9c:dc:9e:45:5c:0c:26:0e:1d:e3:96:
         85:1c:14:2f:2c:25:22:7f:83:40:61:37:52:f6:e1:2e:a1:45:
         58:94:62:61:d0:9f:5b:63:ed:b6:6c:5e:09:39:37:88:51:6c:
         c1:9b:5b:02:8d:28:b8:50:29:7d:38:72:1d:63:32:31:8d:5d:
         73:a9:99:cd:dd:7c:e4:8d:ac:bf:0a:16:0a:3a:70:82:0f:6a:
         64:31:69:66:95:20:ec:f7:eb:ab:aa:37:df:02:fa:f1:a5:36:
         06:43:4c:d3:e6:91:d2:47:08:74:b7:1f:16:4a:c4:73:28:29:
         16:1a:3e:28
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYnAi7ACjL/+w2hqeKG0xUejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjMwODA0MTIzNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjgzM2NmNDFjMzQ5MTUwYmJiYThmZWU3OGYzYmUzODU0NWZiN2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxahnSQs6KMj6MI86N5O02L2fBv+p
bqiE0FunUaJgIoeuNn7GEcWpx5UhxCro3LfSerMOD3PwiHmXKkVtJ+yIA0mJQS2/
soMoeX0hpN1Lw8DTwEdfU4XC8ne61ikef0GD3f6tBZbE+Icl9vWKvkZMr/mhB58c
dByIPAMz6MBfYFcCHCTKISeuMokXBsrIYmh8Ym4L8L83sAcCcZBecnprAnOmhei+
Zwu4gcDNjGJtRTDwtvnRWz22BZgPe/6EojuAwn8aY4diP85CBB8Z3Lyfm5tm8nOv
g7dUNlBA5M7Ia0S7bWuxVeOt5W2tLZbty5WHDdUbs46jmtpyCJVYA9FooQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFNaDPPQcNJFQu7qP7njzvjhUX7fFMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvMW9NODlCdzBrVkM3dW9fdWVQTy1PRlJmdDhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwMAPl4DBARR
XCADAwBT0zAMAwQGwpnAAwQCwpnQAwQF1FoAAwQF1G4AAwQG1YiAAwQF1beAAwQG
1caAAwQE2Q/QMA0EAgACMAcDBQMgAQdQMA0GCSqGSIb3DQEBCwUAA4IBAQCRWZui
z2dGDXiV2oimqFgGUcecZegXbaqvek7Msrq1UGo2iw/a60kyevvY/gUqOSujbVf7
kxAs6FJV+QPCSnXNClkrAawZExtmNt/f9U9Q+44ql2ofvzl05jEBpScYZyun3J8d
g6MSU1hYq6H3tqjBKvVaOOR+7yhdinyMwL5sF0CklPBJnNyeRVwMJg4d45aFHBQv
LCUif4NAYTdS9uEuoUVYlGJh0J9bY+22bF4JOTeIUWzBm1sCjSi4UCl9OHIdYzIx
jV1zqZnN3Xzkjay/ChYKOnCCD2pkMWlmlSDs9+urqjffAvrxpTYGQ0zT5pHSRwh0
tx8WSsRzKCkWGj4o
-----END CERTIFICATE-----