Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/jhfyKIPUuYvxnIKS6LhO97rO2us.roa
File:                     jhfyKIPUuYvxnIKS6LhO97rO2us.roa (raw, json)
Hash identifier:          KSMqotdgtKBZAsCwdD6rkAbb8YtT2xJLB7TlFo8+Yws=
Subject key identifier:   8E:17:F2:28:83:D4:B9:8B:F1:9C:82:92:E8:B8:4E:F7:BA:CE:DA:EB
Certificate issuer:       /CN=80bd00829536d47745f47da9d1a8a72f6dd462d4
Certificate serial:       01869D87AC3EABD910AB9DE76DE3ADA420BD
Authority key identifier: 80:BD:00:82:95:36:D4:77:45:F4:7D:A9:D1:A8:A7:2F:6D:D4:62:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/jhfyKIPUuYvxnIKS6LhO97rO2us.roa
Signing time:             Wed 01 Mar 2023 14:15:59 +0000
ROA not before:           Wed 01 Mar 2023 14:15:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62179
IP address blocks:        185.110.135.0/24 maxlen: 24
                          88.135.16.0/24 maxlen: 24
                          88.135.17.0/24 maxlen: 24
                          88.135.21.0/24 maxlen: 24
                          88.135.22.0/24 maxlen: 24
                          88.135.23.0/24 maxlen: 24
                          88.135.24.0/24 maxlen: 24
                          88.135.18.0/24 maxlen: 24
                          88.135.19.0/24 maxlen: 24
                          88.135.20.0/24 maxlen: 24
                          88.135.31.0/24 maxlen: 24
                          88.135.28.0/24 maxlen: 24
                          88.135.29.0/24 maxlen: 24
                          88.135.30.0/24 maxlen: 24
                          88.135.25.0/24 maxlen: 24
                          88.135.26.0/24 maxlen: 24
                          88.135.27.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:9d:87:ac:3e:ab:d9:10:ab:9d:e7:6d:e3:ad:a4:20:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80bd00829536d47745f47da9d1a8a72f6dd462d4
        Validity
            Not Before: Mar  1 14:15:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e17f22883d4b98bf19c8292e8b84ef7bacedaeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:01:81:d4:18:2b:49:d4:0d:86:31:e5:94:3c:
                    7b:50:d8:e5:a4:0f:79:d8:c0:23:de:00:3a:59:13:
                    37:6e:d7:24:c3:8e:74:67:ae:f1:5e:7e:3a:d8:54:
                    30:88:50:cc:9b:fb:95:70:34:4b:f1:f3:24:06:c6:
                    8d:70:46:9a:9d:76:e7:af:ad:78:95:87:8e:4f:38:
                    95:2c:d2:20:8f:81:90:0f:d8:f3:52:9b:e4:06:75:
                    77:77:ae:68:46:b3:37:68:23:74:e5:79:8d:be:6f:
                    b1:d2:db:9a:6b:21:da:1f:64:12:51:26:2e:da:20:
                    79:f5:df:6b:90:20:28:3f:05:df:c7:cc:f8:fb:cf:
                    63:b8:a4:fd:fd:01:f1:8b:fa:0e:89:81:95:a0:22:
                    8c:9d:2b:8d:62:8a:e6:60:16:45:20:a8:20:73:2c:
                    46:ec:ba:56:29:34:77:67:af:d8:4f:5c:38:5d:63:
                    ee:33:b1:ea:1a:43:b1:75:f2:03:21:81:04:63:2f:
                    e4:90:16:1a:22:7f:a3:b1:f7:3a:ed:b3:d3:95:33:
                    35:be:de:1f:4c:ec:51:97:d0:2e:a3:34:5f:4f:0a:
                    cf:c4:5c:5b:78:69:57:2d:4e:7e:df:6a:15:cb:b9:
                    ba:e2:39:c1:ad:a0:07:5f:7a:fa:98:8e:93:df:22:
                    d0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:17:F2:28:83:D4:B9:8B:F1:9C:82:92:E8:B8:4E:F7:BA:CE:DA:EB
            X509v3 Authority Key Identifier:
                keyid:80:BD:00:82:95:36:D4:77:45:F4:7D:A9:D1:A8:A7:2F:6D:D4:62:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/jhfyKIPUuYvxnIKS6LhO97rO2us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.16.0/20
                  185.110.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:d0:41:28:13:16:2c:49:72:e3:70:35:5e:36:1e:97:da:a2:
         c3:01:7f:3c:4b:a6:2b:5b:6c:81:40:62:d8:ad:be:d7:1a:79:
         0e:46:c0:c3:28:93:da:37:18:98:c3:e5:f9:bd:ac:a6:26:e9:
         0d:87:97:61:88:6c:f6:c1:bc:c9:9a:ac:61:17:5e:54:fd:33:
         16:32:b5:6d:05:43:7d:fb:4e:c5:25:ce:3e:ee:05:cb:04:2f:
         41:87:7d:34:c5:78:97:eb:92:28:1d:ed:05:27:1e:c1:55:bb:
         6a:1f:10:15:a9:87:1a:94:44:05:8b:db:ee:eb:3e:0f:50:ae:
         a2:f7:ca:eb:69:97:ff:d9:24:63:13:2b:1f:60:d9:be:24:39:
         8b:6a:0f:b5:e9:1c:34:38:28:54:e4:4f:77:1b:44:d6:c0:f8:
         4e:8f:b3:49:58:be:76:05:1b:22:67:03:8f:15:40:7c:20:b6:
         63:12:9b:99:7b:48:92:c7:7b:93:7d:31:83:60:ce:b3:a4:0d:
         db:79:c9:c5:70:fe:db:9b:cf:b3:ab:16:73:90:f3:3a:6d:0b:
         43:17:8b:7d:30:f3:93:6c:e2:7c:74:8d:ad:49:09:0c:7d:97:
         a9:91:73:b9:f8:4f:a1:d5:85:36:a8:04:69:b7:ee:54:a5:0f:
         78:39:24:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYadh6w+q9kQq53nbeOtpCC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYmQwMDgyOTUzNmQ0Nzc0NWY0N2RhOWQxYThhNzJmNmRk
NDYyZDQwHhcNMjMwMzAxMTQxNTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTE3ZjIyODgzZDRiOThiZjE5YzgyOTJlOGI4NGVmN2JhY2VkYWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwGB1BgrSdQNhjHllDx7UNjlpA95
2MAj3gA6WRM3btckw450Z67xXn462FQwiFDMm/uVcDRL8fMkBsaNcEaanXbnr614
lYeOTziVLNIgj4GQD9jzUpvkBnV3d65oRrM3aCN05XmNvm+x0tuaayHaH2QSUSYu
2iB59d9rkCAoPwXfx8z4+89juKT9/QHxi/oOiYGVoCKMnSuNYormYBZFIKggcyxG
7LpWKTR3Z6/YT1w4XWPuM7HqGkOxdfIDIYEEYy/kkBYaIn+jsfc67bPTlTM1vt4f
TOxRl9AuozRfTwrPxFxbeGlXLU5+32oVy7m64jnBraAHX3r6mI6T3yLQiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI4X8iiD1LmL8ZyCkui4Tve6ztrrMB8GA1UdIwQY
MBaAFIC9AIKVNtR3RfR9qdGopy9t1GLUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0wwQWdwVTIxSGRGOUgycDBhaW5MMjNVWXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi82NGUxOWYtZmU1NC00MmNkLTg5MjMt
MDliOTkyMGZlMDBmLzEvamhmeUtJUFV1WXZ4bklLUzZMaE85N3JPMnVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi82NGUxOWYtZmU1NC00MmNkLTg5MjMtMDliOTkyMGZlMDBm
LzEvZ0wwQWdwVTIxSGRGOUgycDBhaW5MMjNVWXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEWIcQAwQA
uW6HMA0GCSqGSIb3DQEBCwUAA4IBAQBG0EEoExYsSXLjcDVeNh6X2qLDAX88S6Yr
W2yBQGLYrb7XGnkORsDDKJPaNxiYw+X5vaymJukNh5dhiGz2wbzJmqxhF15U/TMW
MrVtBUN9+07FJc4+7gXLBC9Bh300xXiX65IoHe0FJx7BVbtqHxAVqYcalEQFi9vu
6z4PUK6i98rraZf/2SRjEysfYNm+JDmLag+16Rw0OChU5E93G0TWwPhOj7NJWL52
BRsiZwOPFUB8ILZjEpuZe0iSx3uTfTGDYM6zpA3becnFcP7bm8+zqxZzkPM6bQtD
F4t9MPOTbOJ8dI2tSQkMfZepkXO5+E+h1YU2qARpt+5UpQ94OSQh
-----END CERTIFICATE-----