Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/Wo8Ocnw7KXfgrvKoWbMDg2y_inI.roa
File:                     Wo8Ocnw7KXfgrvKoWbMDg2y_inI.roa (raw, json)
Hash identifier:          K/jyp99IFJIwIwBoKwGd/shuswY01gMPmuiX5s/Cz+8=
Subject key identifier:   5A:8F:0E:72:7C:3B:29:77:E0:AE:F2:A8:59:B3:03:83:6C:BF:8A:72
Certificate issuer:       /CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
Certificate serial:       018770A0F3082B18B402CA154A2182E44903
Authority key identifier: 08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/Wo8Ocnw7KXfgrvKoWbMDg2y_inI.roa
Signing time:             Tue 11 Apr 2023 14:03:28 +0000
ROA not before:           Tue 11 Apr 2023 14:03:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60134
IP address blocks:        45.152.157.0/24 maxlen: 24
                          45.152.156.0/24 maxlen: 24
                          193.30.129.0/24 maxlen: 24
                          45.152.158.0/24 maxlen: 24
                          45.152.159.0/24 maxlen: 24
                          185.158.253.0/24 maxlen: 24
                          185.158.252.0/22 maxlen: 22
                          185.158.252.0/24 maxlen: 24
                          185.158.255.0/24 maxlen: 24
                          185.158.254.0/24 maxlen: 24
                          45.144.206.0/24 maxlen: 24
                          45.144.205.0/24 maxlen: 24
                          45.144.204.0/22 maxlen: 22
                          45.144.204.0/24 maxlen: 24
                          45.144.207.0/24 maxlen: 24
                          213.232.248.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:70:a0:f3:08:2b:18:b4:02:ca:15:4a:21:82:e4:49:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
        Validity
            Not Before: Apr 11 14:03:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5a8f0e727c3b2977e0aef2a859b303836cbf8a72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:fc:49:a2:28:e8:5f:96:65:61:c1:df:bf:4e:
                    fe:de:5a:51:66:b9:ba:7f:4e:fb:83:56:0f:12:f9:
                    72:e6:fc:9f:d0:52:a2:6b:b5:ac:93:6d:54:a5:b8:
                    82:d7:da:77:ea:d3:e0:3b:82:9f:4a:c0:09:e7:6d:
                    a1:66:96:1e:a5:f7:9d:3a:d6:8e:12:7d:6f:ce:24:
                    b9:ca:16:4a:77:02:b3:2c:5c:30:1a:af:bb:08:3e:
                    48:7d:8b:ef:b2:0f:f5:d2:38:9c:20:81:68:7c:57:
                    35:bf:c7:8d:80:3d:bb:9f:37:15:6e:f4:dd:2d:c7:
                    31:eb:5d:7f:f0:72:b0:30:5b:39:3c:56:b6:75:13:
                    7d:82:ae:a3:b6:9d:b1:34:ae:da:bb:4e:02:d6:30:
                    52:00:4f:21:a0:3a:3a:c7:bd:6e:92:e2:cf:f6:49:
                    b4:01:f5:b7:3e:d9:81:c7:2f:b9:7a:ff:4a:0a:30:
                    7f:0d:8a:05:15:33:fa:b8:30:5a:9b:fa:c5:5a:40:
                    bb:d5:42:1b:30:74:a0:ed:ae:cf:de:c0:59:37:ad:
                    70:ee:e6:79:92:e6:36:b0:04:5a:3b:f3:0b:db:61:
                    c2:aa:db:2f:cd:43:0c:f0:ba:e3:9e:76:d2:fd:53:
                    59:e1:48:29:3e:3f:1c:f4:b1:6d:4c:4b:65:d6:dc:
                    46:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:8F:0E:72:7C:3B:29:77:E0:AE:F2:A8:59:B3:03:83:6C:BF:8A:72
            X509v3 Authority Key Identifier:
                keyid:08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/Wo8Ocnw7KXfgrvKoWbMDg2y_inI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.204.0/22
                  45.152.156.0/22
                  185.158.252.0/22
                  193.30.129.0/24
                  213.232.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:a7:ce:75:1d:ad:36:80:1a:88:53:30:75:9c:54:65:bc:9b:
         38:0c:b2:90:2b:8f:fc:b6:1d:04:e1:ee:8d:1c:0d:c6:b6:9f:
         62:e8:09:4f:14:9d:7d:ef:0f:9f:e4:dc:c8:d6:e6:e0:25:c8:
         9e:a5:c3:7c:76:9b:e3:90:09:7a:5b:97:62:2a:42:97:d5:79:
         7c:1d:95:69:90:e8:9e:ef:0f:7c:1e:67:68:64:e5:aa:6a:6a:
         c4:d9:05:de:18:07:eb:14:d3:db:e4:6f:6f:96:ba:60:db:11:
         22:c8:25:42:6b:b4:0d:ad:16:d5:0a:1a:88:19:bc:03:79:78:
         d8:e5:ae:ad:8a:11:a3:71:1f:0f:d8:6d:a9:30:37:97:b5:a2:
         67:9d:c1:67:e8:56:f3:b6:4a:fa:2a:ee:7e:5f:34:a1:72:f5:
         dc:bf:0d:5d:fd:91:b3:f3:87:a1:cf:bd:8e:e4:cd:6f:0f:4b:
         6f:4a:1b:28:ed:65:57:b0:50:e8:55:d9:a5:6e:6d:e8:76:c0:
         25:73:ea:75:25:0e:81:0f:4e:c9:bb:a7:0b:be:29:20:b2:30:
         83:2e:73:f6:b3:28:0e:fd:0e:2a:6d:b7:34:c4:20:89:e6:f9:
         0e:56:6b:96:85:b0:0c:e5:1e:36:51:d6:d2:58:5a:df:96:56:
         77:e0:ab:51
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYdwoPMIKxi0AsoVSiGC5EkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDNhNTE1NjgzZTlkZGI4NWQzOGU3YWIzOWMzM2FlZGFj
YWY3ZWYwHhcNMjMwNDExMTQwMzI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YThmMGU3MjdjM2IyOTc3ZTBhZWYyYTg1OWIzMDM4MzZjYmY4YTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/xJoijoX5ZlYcHfv07+3lpRZrm6
f077g1YPEvly5vyf0FKia7Wsk21UpbiC19p36tPgO4KfSsAJ522hZpYepfedOtaO
En1vziS5yhZKdwKzLFwwGq+7CD5IfYvvsg/10jicIIFofFc1v8eNgD27nzcVbvTd
Lccx611/8HKwMFs5PFa2dRN9gq6jtp2xNK7au04C1jBSAE8hoDo6x71ukuLP9km0
AfW3PtmBxy+5ev9KCjB/DYoFFTP6uDBam/rFWkC71UIbMHSg7a7P3sBZN61w7uZ5
kuY2sARaO/ML22HCqtsvzUMM8LrjnnbS/VNZ4UgpPj8c9LFtTEtl1txGpwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFqPDnJ8Oyl34K7yqFmzA4Nsv4pyMB8GA1UdIwQY
MBaAFAjTpRVoPp3bhdOOerOcM67ayvfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05PbEZXZy1uZHVGMDQ1NnM1d3pydHJLOS04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82N2NmYTAtYTMyYi00MDYzLTkzNzAt
MGI1YzVkOTQ0MjZhLzEvV284T2NudzdLWGZncnZLb1diTURnMnlfaW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82N2NmYTAtYTMyYi00MDYzLTkzNzAtMGI1YzVkOTQ0MjZh
LzEvQ05PbEZXZy1uZHVGMDQ1NnM1d3pydHJLOS04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCLZDMAwQC
LZicAwQCuZ78AwQAwR6BAwQA1ej4MA0GCSqGSIb3DQEBCwUAA4IBAQApp851Ha02
gBqIUzB1nFRlvJs4DLKQK4/8th0E4e6NHA3Gtp9i6AlPFJ197w+f5NzI1ubgJcie
pcN8dpvjkAl6W5diKkKX1Xl8HZVpkOie7w98HmdoZOWqamrE2QXeGAfrFNPb5G9v
lrpg2xEiyCVCa7QNrRbVChqIGbwDeXjY5a6tihGjcR8P2G2pMDeXtaJnncFn6Fbz
tkr6Ku5+XzShcvXcvw1d/ZGz84ehz72O5M1vD0tvShso7WVXsFDoVdmlbm3odsAl
c+p1JQ6BD07Ju6cLvikgsjCDLnP2sygO/Q4qbbc0xCCJ5vkOVmuWhbAM5R42UdbS
WFrfllZ34KtR
-----END CERTIFICATE-----