Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Cxd64uDgQfH68qh79_wN7NoVNms.roa
File:                     Cxd64uDgQfH68qh79_wN7NoVNms.roa (raw, json)
Hash identifier:          TqSstVOw0ddVPkHkf9yyGcGnFO8TfcG3qG4uixX1B8k=
Subject key identifier:   0B:17:7A:E2:E0:E0:41:F1:FA:F2:A8:7B:F7:FC:0D:EC:DA:15:36:6B
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0189345D33692B4557B9640AE2342F8EBC67
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Cxd64uDgQfH68qh79_wN7NoVNms.roa
Signing time:             Sat 08 Jul 2023 07:17:50 +0000
ROA not before:           Sat 08 Jul 2023 07:17:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        5.105.128.0/24 maxlen: 24
                          5.105.160.0/24 maxlen: 24
                          5.105.89.0/24 maxlen: 24
                          5.105.86.0/24 maxlen: 24
                          5.105.88.0/24 maxlen: 24
                          5.105.87.0/24 maxlen: 24
                          5.105.250.0/24 maxlen: 24
                          5.105.251.0/24 maxlen: 24
                          5.105.255.0/24 maxlen: 24
                          5.105.254.0/24 maxlen: 24
                          5.105.176.0/24 maxlen: 24
                          5.105.191.0/24 maxlen: 24
                          5.105.190.0/24 maxlen: 24
                          5.105.192.0/24 maxlen: 24
                          5.105.194.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:34:5d:33:69:2b:45:57:b9:64:0a:e2:34:2f:8e:bc:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jul  8 07:17:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0b177ae2e0e041f1faf2a87bf7fc0decda15366b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:be:75:32:13:d1:2f:96:ba:15:3e:b4:b0:5a:
                    0e:bf:28:5a:77:cf:6f:21:71:cf:5f:ad:00:fa:54:
                    30:4e:58:2b:bf:f5:ab:10:b9:1f:10:17:9d:f7:84:
                    78:48:2d:b4:da:10:d3:3e:da:cf:b3:81:20:cc:aa:
                    df:37:05:56:3d:c8:57:ab:ee:58:1e:ad:27:85:ba:
                    a6:23:23:f8:43:b9:2a:4a:6f:f6:3f:f0:c2:d5:33:
                    86:0f:67:3a:14:0c:6f:16:1a:7b:37:5e:ee:b0:eb:
                    c6:9e:78:1b:8f:81:9f:11:cc:67:1d:7b:77:88:83:
                    e5:9d:22:4c:81:48:9c:ae:62:93:b2:be:24:2e:df:
                    d4:82:5e:2f:9d:b0:47:f2:f0:13:5b:13:75:ea:ef:
                    29:ab:b9:14:63:3a:4a:9f:d3:b0:be:fd:aa:d6:24:
                    6a:37:9e:00:9e:e4:d4:ae:07:cb:d0:cd:c5:fb:d5:
                    f3:25:60:7b:49:82:10:e2:4d:4e:b3:f3:a2:31:ba:
                    7b:d0:00:18:fe:3b:d7:e8:d0:ca:12:51:02:e1:c6:
                    fa:ed:6a:50:2b:1f:cc:e8:67:ed:59:7a:e6:64:25:
                    c3:c2:c1:44:a2:f7:c7:88:d3:df:77:bc:b8:00:8c:
                    23:c4:70:32:d3:04:90:bc:26:a9:51:9f:99:bc:be:
                    97:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:17:7A:E2:E0:E0:41:F1:FA:F2:A8:7B:F7:FC:0D:EC:DA:15:36:6B
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Cxd64uDgQfH68qh79_wN7NoVNms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.86.0-5.105.89.255
                  5.105.128.0/24
                  5.105.160.0/24
                  5.105.176.0/24
                  5.105.190.0-5.105.192.255
                  5.105.194.0/24
                  5.105.250.0/23
                  5.105.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:cf:62:67:a8:67:91:61:10:81:72:7e:96:d0:79:61:16:99:
         29:c8:68:d1:c7:36:60:bb:c9:ca:ef:bf:7b:96:79:86:0d:78:
         18:35:1d:0e:cf:59:30:1b:3b:61:81:76:c1:54:e5:32:d8:75:
         d9:35:0e:30:93:5f:43:c0:d7:45:82:a0:2e:c5:71:e1:bb:ed:
         78:2d:68:2b:86:dc:ed:56:a8:d3:5c:f8:71:6a:ec:b1:50:a5:
         10:57:84:27:ae:59:e6:ca:a2:02:51:5f:3d:31:e1:7d:24:39:
         58:8d:c2:5d:a1:a8:d8:be:39:4f:29:4f:75:50:ce:5b:08:fd:
         ba:a3:45:18:ed:e4:c8:64:0d:f6:5d:76:2c:90:52:40:68:3f:
         bd:3c:a2:ad:be:1a:bb:1b:84:be:89:22:ba:92:42:fc:71:6c:
         3d:18:fd:7c:87:44:a5:01:d5:ce:b3:a2:2c:36:69:71:d0:09:
         29:c9:c1:aa:71:72:d3:7f:21:2b:09:8d:ca:bb:ea:7f:ce:3b:
         19:65:50:43:d9:51:1e:cc:f0:23:6b:8a:0b:2e:48:20:79:82:
         88:5a:63:8c:57:51:63:09:86:c9:e9:b7:c0:1b:c1:fb:f9:c8:
         7d:a6:81:7d:22:f0:33:a7:48:3b:23:a2:93:50:c1:5c:50:77:
         f8:31:9e:62
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYk0XTNpK0VXuWQK4jQvjrxnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwNzA4MDcxNzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjE3N2FlMmUwZTA0MWYxZmFmMmE4N2JmN2ZjMGRlY2RhMTUzNjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz751MhPRL5a6FT60sFoOvyhad89v
IXHPX60A+lQwTlgrv/WrELkfEBed94R4SC202hDTPtrPs4EgzKrfNwVWPchXq+5Y
Hq0nhbqmIyP4Q7kqSm/2P/DC1TOGD2c6FAxvFhp7N17usOvGnngbj4GfEcxnHXt3
iIPlnSJMgUicrmKTsr4kLt/Ugl4vnbBH8vATWxN16u8pq7kUYzpKn9Owvv2q1iRq
N54AnuTUrgfL0M3F+9XzJWB7SYIQ4k1Os/OiMbp70AAY/jvX6NDKElEC4cb67WpQ
Kx/M6GftWXrmZCXDwsFEovfHiNPfd7y4AIwjxHAy0wSQvCapUZ+ZvL6XjwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFAsXeuLg4EHx+vKoe/f8DezaFTZrMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvQ3hkNjR1RGdRZkg2OHFoNzlfd043Tm9WTm1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAMAwDBAEFaVYD
BAEFaVgDBAAFaYADBAAFaaADBAAFabAwDAMEAQVpvgMEAAVpwAMEAAVpwgMEAQVp
+gMEAQVp/jANBgkqhkiG9w0BAQsFAAOCAQEAtM9iZ6hnkWEQgXJ+ltB5YRaZKcho
0cc2YLvJyu+/e5Z5hg14GDUdDs9ZMBs7YYF2wVTlMth12TUOMJNfQ8DXRYKgLsVx
4bvteC1oK4bc7Vao01z4cWrssVClEFeEJ65Z5sqiAlFfPTHhfSQ5WI3CXaGo2L45
TylPdVDOWwj9uqNFGO3kyGQN9l12LJBSQGg/vTyirb4auxuEvokiupJC/HFsPRj9
fIdEpQHVzrOiLDZpcdAJKcnBqnFy038hKwmNyrvqf847GWVQQ9lRHszwI2uKCy5I
IHmCiFpjjFdRYwmGyem3wBvB+/nIfaaBfSLwM6dIOyOik1DBXFB3+DGeYg==
-----END CERTIFICATE-----