Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/M9X5nfwHldQyw4ChG3UTvHG8Hzo.roa
File:                     M9X5nfwHldQyw4ChG3UTvHG8Hzo.roa (raw, json)
Hash identifier:          OxSl7y3JI1jaxH6n1t0LctqHvkxqj5reg2UGz3TWQ8g=
Subject key identifier:   33:D5:F9:9D:FC:07:95:D4:32:C3:80:A1:1B:75:13:BC:71:BC:1F:3A
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CA6C4B609741D41F0B0B48B4A757738FE
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/M9X5nfwHldQyw4ChG3UTvHG8Hzo.roa
Signing time:             Tue 26 Dec 2023 15:35:58 +0000
ROA not before:           Tue 26 Dec 2023 15:35:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212271
IP address blocks:        2a05:4140::/29 maxlen: 48
                          2a05:4143::/32 maxlen: 48
                          2a05:4140:187::/48 maxlen: 48
                          2a05:4140:32::/48 maxlen: 48
                          2a11:e102::/32 maxlen: 32
                          2a05:4140:100::/40 maxlen: 48
                          2a05:4140:400::/40 maxlen: 48
                          2a05:4140:300::/40 maxlen: 40
                          2a05:4140:30::/48 maxlen: 48
                          2a05:4140:190::/48 maxlen: 48
                          2a05:4140:10::/48 maxlen: 48
                          2a05:4140:16::/48 maxlen: 48
                          2a05:4140:31::/48 maxlen: 48
                          2a05:4140:4::/48 maxlen: 48
                          2a05:4144::/32 maxlen: 32
                          2a05:4140:5::/48 maxlen: 48
                          2a05:4140:15::/48 maxlen: 48
                          2a05:4140:8::/48 maxlen: 48
                          2a05:4140:3::/48 maxlen: 48
                          2a05:4140:33::/48 maxlen: 48
                          2a05:4140:29::/48 maxlen: 48
                          2a05:4140:9::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:a6:c4:b6:09:74:1d:41:f0:b0:b4:8b:4a:75:77:38:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Dec 26 15:35:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=33d5f99dfc0795d432c380a11b7513bc71bc1f3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:89:25:bf:26:3d:cb:3d:92:d2:a9:99:ec:83:
                    00:03:5d:6f:9a:7e:72:60:3c:67:83:1e:f6:b5:86:
                    ff:7e:f5:9e:4a:c5:31:ce:b4:38:d7:93:f4:7d:72:
                    ef:fd:6b:97:79:8b:44:a9:53:2d:94:9b:9b:fb:7e:
                    46:17:b7:39:c9:3b:5f:88:c7:cd:51:2d:1e:47:c3:
                    3f:1b:6a:65:20:30:57:25:42:11:6f:00:90:19:07:
                    c5:40:a3:4e:aa:88:d0:c9:e6:c2:ad:80:04:cb:ea:
                    9e:37:ea:4e:5b:99:89:cb:10:ad:46:d4:18:5d:04:
                    bf:11:86:a9:9e:9e:4b:f7:69:70:83:79:f9:e8:14:
                    7d:b2:89:1f:10:18:74:3a:f3:e7:8d:08:2b:ec:67:
                    49:ca:42:e7:2a:23:8b:9b:09:c5:6f:7a:ec:83:61:
                    25:d2:a0:36:97:91:2e:b7:56:67:6b:30:35:25:6d:
                    cc:c5:98:6c:04:56:04:05:a6:40:51:e9:75:ae:1d:
                    95:57:3c:4f:de:73:a6:60:26:6d:c4:2a:64:18:60:
                    2e:fa:ae:0c:bb:9d:d1:41:db:61:03:3f:05:9e:83:
                    6b:f5:2e:de:9f:96:7d:e8:bf:88:ff:d7:8c:e2:59:
                    6b:c8:f3:f1:28:90:84:9d:98:e8:70:50:fc:d4:41:
                    86:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:D5:F9:9D:FC:07:95:D4:32:C3:80:A1:1B:75:13:BC:71:BC:1F:3A
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/M9X5nfwHldQyw4ChG3UTvHG8Hzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140::/29
                  2a11:e102::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:38:2e:e5:be:b1:38:87:36:5b:2d:bf:46:b6:ea:ad:fc:6f:
         85:78:f7:28:cb:5c:75:60:f9:bd:77:fe:fe:f3:22:03:7d:40:
         6b:d1:dd:87:cf:e8:ad:cf:08:ba:3e:32:34:dc:84:bd:65:c7:
         0e:57:7c:c2:87:e2:46:49:33:23:96:2e:78:fb:7a:d0:48:37:
         d9:57:4f:ba:43:61:c9:d0:a2:c7:d0:fc:f1:51:f0:c0:4d:09:
         86:95:b8:4b:54:f9:c6:77:6c:b9:5c:a8:b6:4f:a8:85:6d:1e:
         27:5f:39:13:08:53:18:c2:8f:84:71:98:a1:fe:72:5e:e7:e2:
         c9:26:c8:f0:0d:97:ba:d8:9a:99:fa:cf:fa:b6:ee:17:85:22:
         01:c7:28:38:4e:52:61:7a:a5:32:c6:9e:2f:8a:e2:39:52:3c:
         2e:1e:9d:d9:5b:b9:ed:db:12:c9:5f:fb:7b:e3:24:4d:c9:5f:
         0f:24:97:fb:dd:ec:b9:e1:d4:e6:6c:17:d9:89:6a:a4:ca:15:
         2f:d4:bd:39:51:83:a2:f8:cb:fc:03:2a:bb:6d:a5:87:81:0b:
         ef:8b:38:e9:c2:11:45:6f:40:db:55:2c:e4:0b:51:50:2e:77:
         1c:fb:f1:42:5e:af:db:ba:35:27:95:b2:3b:ef:21:c0:9c:b7:
         21:84:b1:f8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYymxLYJdB1B8LC0i0p1dzj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjMxMjI2MTUzNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2Q1Zjk5ZGZjMDc5NWQ0MzJjMzgwYTExYjc1MTNiYzcxYmMxZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYklvyY9yz2S0qmZ7IMAA11vmn5y
YDxngx72tYb/fvWeSsUxzrQ415P0fXLv/WuXeYtEqVMtlJub+35GF7c5yTtfiMfN
US0eR8M/G2plIDBXJUIRbwCQGQfFQKNOqojQyebCrYAEy+qeN+pOW5mJyxCtRtQY
XQS/EYapnp5L92lwg3n56BR9sokfEBh0OvPnjQgr7GdJykLnKiOLmwnFb3rsg2El
0qA2l5Eut1ZnazA1JW3MxZhsBFYEBaZAUel1rh2VVzxP3nOmYCZtxCpkGGAu+q4M
u53RQdthAz8FnoNr9S7en5Z96L+I/9eM4llryPPxKJCEnZjocFD81EGGLQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDPV+Z38B5XUMsOAoRt1E7xxvB86MB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvTTlYNW5md0hsZFF5dzRDaEczVVR2SEc4SHpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgVBQAMF
ACoR4QIwDQYJKoZIhvcNAQELBQADggEBAAw4LuW+sTiHNlstv0a26q38b4V49yjL
XHVg+b13/v7zIgN9QGvR3YfP6K3PCLo+MjTchL1lxw5XfMKH4kZJMyOWLnj7etBI
N9lXT7pDYcnQosfQ/PFR8MBNCYaVuEtU+cZ3bLlcqLZPqIVtHidfORMIUxjCj4Rx
mKH+cl7n4skmyPANl7rYmpn6z/q27heFIgHHKDhOUmF6pTLGni+K4jlSPC4endlb
ue3bEslf+3vjJE3JXw8kl/vd7Lnh1OZsF9mJaqTKFS/UvTlRg6L4y/wDKrttpYeB
C++LOOnCEUVvQNtVLOQLUVAudxz78UJer9u6NSeVsjvvIcCctyGEsfg=
-----END CERTIFICATE-----