Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/P0gMGJ8WfwCOG8j9jgx1ieH1lTs.roa
File:                     P0gMGJ8WfwCOG8j9jgx1ieH1lTs.roa (raw, json)
Hash identifier:          B7m1QxMHeGfP3BH6vVjofqHFUfIQ+0absdNhZtkrU9w=
Subject key identifier:   3F:48:0C:18:9F:16:7F:00:8E:1B:C8:FD:8E:0C:75:89:E1:F5:95:3B
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018B6B3FCBB53B554B85297233C8D19B0933
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/P0gMGJ8WfwCOG8j9jgx1ieH1lTs.roa
Signing time:             Thu 26 Oct 2023 09:10:24 +0000
ROA not before:           Thu 26 Oct 2023 09:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6700
IP address blocks:        85.222.160.0/22 maxlen: 24
                          91.148.64.0/18 maxlen: 24
                          217.26.64.0/20 maxlen: 24
                          62.193.128.0/19 maxlen: 24
                          213.244.224.0/20 maxlen: 24
                          185.47.208.0/22 maxlen: 24
                          195.252.64.0/18 maxlen: 24
                          194.106.160.0/19 maxlen: 24
                          62.108.96.0/19 maxlen: 24
                          178.20.205.0/24 maxlen: 24
                          178.20.207.0/24 maxlen: 24
                          2001:8c8::/32 maxlen: 32
                          2a02:e40::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:6b:3f:cb:b5:3b:55:4b:85:29:72:33:c8:d1:9b:09:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Oct 26 09:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f480c189f167f008e1bc8fd8e0c7589e1f5953b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4b:41:6f:14:10:db:a3:4e:a8:bd:02:51:04:
                    78:79:9e:0f:0a:66:9d:2e:a0:ca:1e:5f:dd:d9:66:
                    42:37:7b:da:61:3c:b8:20:da:ef:88:78:79:ff:9d:
                    a5:73:ca:57:20:3a:b6:9a:cb:66:1f:c8:ed:a2:e6:
                    d4:56:ab:09:36:31:2d:52:d8:65:c5:53:2a:82:d0:
                    e9:97:ca:d6:c5:ab:51:5b:ac:2f:d7:4b:90:69:f1:
                    1b:27:de:91:ed:b5:23:e6:69:8f:25:82:94:21:db:
                    d0:2d:17:4d:be:20:20:78:c9:4d:a9:6f:d0:10:0e:
                    5f:31:09:aa:45:db:b6:06:29:8e:9f:df:2d:56:17:
                    d4:3e:28:5e:f2:29:2b:bb:2b:90:42:e5:37:1d:2a:
                    1f:b8:f3:56:d7:5e:bd:21:82:96:23:19:b0:f5:ca:
                    b0:f0:8b:5b:c0:91:22:2d:6a:9f:d3:58:5b:5c:b8:
                    0b:ed:89:9d:7c:49:71:37:6f:95:0f:a7:14:85:ef:
                    39:4d:38:81:1c:18:da:6b:98:9e:79:c2:14:bb:0e:
                    49:4c:c9:64:b6:3a:48:94:5a:54:20:41:44:6b:43:
                    a9:b0:30:34:3c:7b:ec:a9:20:a3:fc:57:f4:8e:81:
                    11:d7:02:e8:dd:82:84:30:d6:d8:4a:55:85:58:44:
                    23:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:48:0C:18:9F:16:7F:00:8E:1B:C8:FD:8E:0C:75:89:E1:F5:95:3B
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/P0gMGJ8WfwCOG8j9jgx1ieH1lTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.96.0/19
                  62.193.128.0/19
                  85.222.160.0/22
                  91.148.64.0/18
                  178.20.205.0/24
                  178.20.207.0/24
                  185.47.208.0/22
                  194.106.160.0/19
                  195.252.64.0/18
                  213.244.224.0/20
                  217.26.64.0/20
                IPv6:
                  2001:8c8::/32
                  2a02:e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:91:8e:b3:27:37:cf:17:ef:50:b2:f4:d1:8a:bf:70:79:07:
         f8:d6:8e:02:9e:a9:34:23:b1:26:c0:0e:89:e8:80:f2:28:7f:
         9d:30:b5:e7:1f:be:06:51:c4:9f:ef:92:ea:13:8e:fe:5e:5e:
         76:7c:6d:98:d6:73:6f:e1:b7:15:03:7d:a0:b5:63:78:84:f6:
         d6:ae:8a:72:4f:dd:b4:ff:99:6c:65:4b:6d:05:7a:3f:1f:39:
         9a:3b:53:b0:e0:17:4b:5c:a3:1b:fb:bd:1f:5c:18:c1:b3:67:
         8d:5b:4c:30:e5:48:5b:a8:54:ee:e7:ff:87:d9:cd:09:85:b0:
         a9:d7:bb:45:c9:27:9c:01:d9:5a:d7:bf:7a:a5:2c:78:85:ce:
         20:59:ae:4b:47:03:b9:8d:e3:c3:7f:91:0f:6b:f6:ff:5b:81:
         4c:59:e6:37:b9:32:1b:3a:9a:ee:7d:ec:16:0d:2c:c1:e0:dc:
         4a:87:b2:38:7c:08:1c:72:a6:c6:4b:9c:02:45:93:c5:54:82:
         d4:ac:2f:92:34:ea:21:de:66:f0:f8:56:7f:d5:50:f8:e4:6c:
         7b:35:ef:3e:ef:15:2e:b9:02:a4:73:80:3a:6f:ad:9d:b9:f3:
         0c:1c:53:c3:ad:0b:1f:59:5c:2b:9e:16:dc:15:a0:a8:a3:d5:
         96:9e:b8:b6
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYtrP8u1O1VLhSlyM8jRmwkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjMxMDI2MDkxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjQ4MGMxODlmMTY3ZjAwOGUxYmM4ZmQ4ZTBjNzU4OWUxZjU5NTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00tBbxQQ26NOqL0CUQR4eZ4PCmad
LqDKHl/d2WZCN3vaYTy4INrviHh5/52lc8pXIDq2mstmH8jtoubUVqsJNjEtUthl
xVMqgtDpl8rWxatRW6wv10uQafEbJ96R7bUj5mmPJYKUIdvQLRdNviAgeMlNqW/Q
EA5fMQmqRdu2BimOn98tVhfUPihe8ikruyuQQuU3HSofuPNW1169IYKWIxmw9cqw
8ItbwJEiLWqf01hbXLgL7YmdfElxN2+VD6cUhe85TTiBHBjaa5ieecIUuw5JTMlk
tjpIlFpUIEFEa0OpsDA0PHvsqSCj/Ff0joER1wLo3YKEMNbYSlWFWEQjIwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFD9IDBifFn8AjhvI/Y4MdYnh9ZU7MB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvUDBnTUdKOFdmd0NPRzhqOWpneDFpZUgxbFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQFPmxgAwQF
PsGAAwQCVd6gAwQGW5RAAwQAshTNAwQAshTPAwQCuS/QAwQFwmqgAwQGw/xAAwQE
1fTgAwQE2RpAMBQEAgACMA4DBQAgAQjIAwUAKgIOQDANBgkqhkiG9w0BAQsFAAOC
AQEAFpGOsyc3zxfvULL00Yq/cHkH+NaOAp6pNCOxJsAOieiA8ih/nTC15x++BlHE
n++S6hOO/l5ednxtmNZzb+G3FQN9oLVjeIT21q6Kck/dtP+ZbGVLbQV6Px85mjtT
sOAXS1yjG/u9H1wYwbNnjVtMMOVIW6hU7uf/h9nNCYWwqde7RcknnAHZWte/eqUs
eIXOIFmuS0cDuY3jw3+RD2v2/1uBTFnmN7kyGzqa7n3sFg0sweDcSoeyOHwIHHKm
xkucAkWTxVSC1KwvkjTqId5m8PhWf9VQ+ORsezXvPu8VLrkCpHOAOm+tnbnzDBxT
w60LH1lcK54W3BWgqKPVlp64tg==
-----END CERTIFICATE-----