Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/1-iWXfaw5LFQGq_kzuqoMJw9FHfA.roa
File:                     1-iWXfaw5LFQGq_kzuqoMJw9FHfA.roa (raw, json)
Hash identifier:          HHs5KB1YanA6BZ+sgX/JFXT/jbVA/UFnSLJvGR3cEQE=
Subject key identifier:   FA:25:97:7D:AC:39:2C:54:06:AB:F9:33:BA:AA:0C:27:0F:45:1D:F0
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0185EDD7969A851E0EAEE23A55D415719985
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/1-iWXfaw5LFQGq_kzuqoMJw9FHfA.roa
Signing time:             Thu 26 Jan 2023 11:30:07 +0000
ROA not before:           Thu 26 Jan 2023 11:30:07 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     40676
IP address blocks:        5.105.124.0/24 maxlen: 24
                          5.105.129.0/24 maxlen: 24
                          5.105.135.0/24 maxlen: 24
                          5.105.84.0/24 maxlen: 24
                          5.105.98.0/24 maxlen: 24
                          5.105.94.0/24 maxlen: 24
                          5.105.105.0/24 maxlen: 24
                          5.105.102.0/24 maxlen: 24
                          5.105.238.0/24 maxlen: 24
                          5.105.241.0/24 maxlen: 24
                          5.105.27.0/24 maxlen: 24
                          5.105.252.0/24 maxlen: 24
                          5.105.253.0/24 maxlen: 24
                          5.105.188.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:ed:d7:96:9a:85:1e:0e:ae:e2:3a:55:d4:15:71:99:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jan 26 11:30:07 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fa25977dac392c5406abf933baaa0c270f451df0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:14:e3:0d:a9:7a:6c:dd:5d:c8:b2:fb:50:22:
                    c5:d2:64:41:97:4f:d4:2e:61:ca:de:0b:9d:08:2c:
                    02:17:f2:2e:5d:48:6a:8b:78:85:c2:8d:18:bb:1d:
                    18:c7:84:d3:fa:8f:78:cc:7a:13:0d:d8:c3:7f:08:
                    ff:d2:8e:3d:5c:bd:26:b0:d8:82:27:31:26:da:42:
                    01:f2:af:c3:f0:d7:d5:97:51:51:02:19:dd:ea:a2:
                    ea:bc:d9:fa:22:03:39:8b:4e:e0:52:63:c7:5d:f6:
                    72:27:72:79:55:13:56:37:38:17:4b:a5:fe:c5:71:
                    c6:ab:f2:62:b4:73:cc:72:a5:39:f4:35:8a:e1:8a:
                    53:d7:89:ee:bc:ed:78:e1:1a:e2:f1:83:60:3c:71:
                    2a:20:11:52:a5:b0:10:47:49:d7:88:c1:94:d9:7d:
                    d7:46:dc:68:15:8a:5c:bc:5b:18:c3:53:22:b2:65:
                    53:a3:ca:06:59:93:2d:c2:34:2f:86:6a:57:b9:d9:
                    d6:a7:fa:02:e6:09:28:12:fe:1f:6a:69:da:19:8f:
                    5f:f7:18:7c:05:9e:e6:a6:6c:8f:4b:67:89:fc:fd:
                    e7:b6:c4:e7:98:0f:af:c4:ae:fa:45:e8:c5:2d:0c:
                    20:03:13:3b:b3:5f:df:62:81:6d:c7:e8:dc:48:fb:
                    34:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:25:97:7D:AC:39:2C:54:06:AB:F9:33:BA:AA:0C:27:0F:45:1D:F0
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/1-iWXfaw5LFQGq_kzuqoMJw9FHfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.27.0/24
                  5.105.84.0/24
                  5.105.94.0/24
                  5.105.98.0/24
                  5.105.102.0/24
                  5.105.105.0/24
                  5.105.124.0/24
                  5.105.129.0/24
                  5.105.135.0/24
                  5.105.188.0/24
                  5.105.238.0/24
                  5.105.241.0/24
                  5.105.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:d7:3a:50:e9:24:da:c7:b7:1d:05:bd:ad:f9:b9:f0:f5:2a:
         47:00:88:b0:54:f2:cf:f3:54:bc:c3:1a:2a:48:9c:ae:aa:9a:
         c7:5c:6a:6d:4d:62:c7:24:16:0b:e3:e4:a5:c5:a7:a5:08:a2:
         51:ea:b2:94:94:d4:ee:cf:fe:6d:95:c1:e5:0c:ef:f8:24:71:
         16:23:67:6e:fb:dc:bf:db:2a:53:36:fe:95:24:8c:05:0d:a8:
         fe:a2:94:1c:aa:1e:a2:6e:6e:75:d9:36:d0:de:bb:9d:4a:75:
         d8:2f:95:86:56:44:75:2e:e8:19:16:56:01:9e:c8:a6:c9:1e:
         d1:a1:e4:4b:d2:56:52:e1:a4:02:be:be:53:9c:97:59:22:a7:
         91:6a:52:d1:07:14:bc:3e:94:79:b6:6e:67:60:d1:b5:f1:32:
         05:70:fe:e0:ee:e5:a6:36:c5:41:25:4f:12:ae:6a:60:17:15:
         b6:8b:f8:d2:e6:b1:72:e7:d1:41:69:21:1d:00:27:bc:6b:ac:
         2c:b4:bd:64:03:a6:d3:97:07:8e:98:7d:a6:cc:96:3c:e8:ef:
         fd:4b:fb:88:4f:fe:86:c4:1e:8b:1d:3b:93:e1:7f:79:14:5d:
         bf:11:48:b5:ec:4b:4c:de:37:a7:ef:59:4d:f5:29:d7:64:63:
         60:9f:8c:8b
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYXt15aahR4OruI6VdQVcZmFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwMTI2MTEzMDA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTI1OTc3ZGFjMzkyYzU0MDZhYmY5MzNiYWFhMGMyNzBmNDUxZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBTjDal6bN1dyLL7UCLF0mRBl0/U
LmHK3gudCCwCF/IuXUhqi3iFwo0Yux0Yx4TT+o94zHoTDdjDfwj/0o49XL0msNiC
JzEm2kIB8q/D8NfVl1FRAhnd6qLqvNn6IgM5i07gUmPHXfZyJ3J5VRNWNzgXS6X+
xXHGq/JitHPMcqU59DWK4YpT14nuvO144Rri8YNgPHEqIBFSpbAQR0nXiMGU2X3X
RtxoFYpcvFsYw1MismVTo8oGWZMtwjQvhmpXudnWp/oC5gkoEv4famnaGY9f9xh8
BZ7mpmyPS2eJ/P3ntsTnmA+vxK76RejFLQwgAxM7s1/fYoFtx+jcSPs0AwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFPoll32sOSxUBqv5M7qqDCcPRR3wMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvMS1pV1hmYXc1TEZRR3Ffa3p1cW9NSnc5RkhmQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvOGZjNzQ2LWZjMDgtNDIxMS1iYTNiLTg5MzkwNmZiNzg1
OC8xLzNmaTBVbFRsUncwZFRNNXZ0OV9VME5nN1hWay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBnBggrBgEFBQcBBwEB/wRYMFYwVAQCAAEwTgMEAAVpGwME
AAVpVAMEAAVpXgMEAAVpYgMEAAVpZgMEAAVpaQMEAAVpfAMEAAVpgQMEAAVphwME
AAVpvAMEAAVp7gMEAAVp8QMEAQVp/DANBgkqhkiG9w0BAQsFAAOCAQEARtc6UOkk
2se3HQW9rfm58PUqRwCIsFTyz/NUvMMaKkicrqqax1xqbU1ixyQWC+PkpcWnpQii
UeqylJTU7s/+bZXB5Qzv+CRxFiNnbvvcv9sqUzb+lSSMBQ2o/qKUHKoeom5uddk2
0N67nUp12C+VhlZEdS7oGRZWAZ7Ipske0aHkS9JWUuGkAr6+U5yXWSKnkWpS0QcU
vD6UebZuZ2DRtfEyBXD+4O7lpjbFQSVPEq5qYBcVtov40uaxcufRQWkhHQAnvGus
LLS9ZAOm05cHjph9psyWPOjv/Uv7iE/+hsQeix07k+F/eRRdvxFItexLTN43p+9Z
TfUp12RjYJ+Miw==
-----END CERTIFICATE-----