Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/OQwIkmyfCYzAdq6ijDwzmczcwKs.roa
File:                     OQwIkmyfCYzAdq6ijDwzmczcwKs.roa (raw, json)
Hash identifier:          UcKX/I0gDP8S9FV1ja0a0YZkkCiSnf6yJ5cukn3NLjg=
Subject key identifier:   39:0C:08:92:6C:9F:09:8C:C0:76:AE:A2:8C:3C:33:99:CC:DC:C0:AB
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       01896AB8DB297F608B4ED75EF1CB692141D3
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/OQwIkmyfCYzAdq6ijDwzmczcwKs.roa
Signing time:             Tue 18 Jul 2023 20:37:26 +0000
ROA not before:           Tue 18 Jul 2023 20:37:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        5.105.128.0/24 maxlen: 24
                          5.105.160.0/24 maxlen: 24
                          5.105.89.0/24 maxlen: 24
                          5.105.86.0/24 maxlen: 24
                          5.105.88.0/24 maxlen: 24
                          5.105.87.0/24 maxlen: 24
                          5.105.250.0/24 maxlen: 24
                          5.105.251.0/24 maxlen: 24
                          5.105.255.0/24 maxlen: 24
                          5.105.254.0/24 maxlen: 24
                          5.105.176.0/24 maxlen: 24
                          5.105.191.0/24 maxlen: 24
                          5.105.190.0/24 maxlen: 24
                          5.105.192.0/24 maxlen: 24
                          5.105.194.0/24 maxlen: 24
                          5.105.206.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6a:b8:db:29:7f:60:8b:4e:d7:5e:f1:cb:69:21:41:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jul 18 20:37:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=390c08926c9f098cc076aea28c3c3399ccdcc0ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ed:c3:06:59:7c:00:9b:14:d7:75:96:ce:88:
                    6e:fd:e9:45:96:e7:c4:d3:4f:63:86:ca:2f:d4:78:
                    54:ec:7d:3a:c9:fe:e2:f9:49:fe:1d:1d:92:5e:73:
                    b0:2f:a5:19:31:b2:a6:cb:34:6e:fb:e0:4c:47:5a:
                    a7:7c:08:2a:d9:fa:d7:5d:91:c4:0d:bd:1c:16:51:
                    58:e3:b7:e8:86:cd:25:94:90:d1:9a:d0:38:e9:72:
                    53:e9:46:32:af:22:c7:05:c6:da:67:18:1e:14:45:
                    db:c3:02:73:7e:9e:6e:6a:7f:76:52:1d:ad:c3:9e:
                    b9:33:5d:c9:5c:de:44:dd:9d:55:4f:34:e9:19:61:
                    7b:fd:45:f0:b9:07:57:fd:f9:2e:94:5a:9a:c9:3a:
                    40:7e:d2:24:54:92:96:2c:8a:e5:64:9c:d5:12:13:
                    70:4b:a0:d3:4c:53:56:49:2f:db:a9:bb:4f:f3:26:
                    72:b4:9f:96:65:62:e5:a9:21:80:91:70:a3:e6:b3:
                    6d:b8:29:99:64:62:7e:ae:39:d9:89:c0:39:e8:2f:
                    09:0b:69:00:02:f9:13:82:71:21:a0:50:49:81:26:
                    7b:ab:9f:65:2b:26:04:60:b5:bf:c3:37:8f:d0:d5:
                    0a:34:04:85:ac:46:68:db:64:8d:53:55:16:b9:47:
                    fa:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:0C:08:92:6C:9F:09:8C:C0:76:AE:A2:8C:3C:33:99:CC:DC:C0:AB
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/OQwIkmyfCYzAdq6ijDwzmczcwKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.86.0-5.105.89.255
                  5.105.128.0/24
                  5.105.160.0/24
                  5.105.176.0/24
                  5.105.190.0-5.105.192.255
                  5.105.194.0/24
                  5.105.206.0/24
                  5.105.250.0/23
                  5.105.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ca:0a:de:2f:85:97:66:ca:cf:ac:c6:25:f0:11:50:d0:3a:eb:
         e3:24:72:b6:2a:95:29:d7:c6:a3:a1:db:84:5e:a5:eb:60:8c:
         ba:27:88:c3:c5:30:0c:64:b2:e9:ba:15:4d:0c:2c:74:0c:76:
         aa:f1:e9:57:f2:45:c0:71:b0:5b:38:1a:b2:78:9a:13:cf:cb:
         14:66:45:29:0c:1e:85:f1:37:3b:32:33:a2:b4:a0:63:17:3b:
         af:39:6c:c0:c6:ab:3c:40:84:b1:76:e6:9b:03:32:6b:8f:5b:
         17:46:fa:e2:c7:bd:73:14:ad:2c:38:6c:26:fd:06:49:c7:07:
         e0:86:82:4d:5b:08:7b:57:d0:c0:19:5a:2b:3c:15:aa:30:ca:
         ae:ea:02:8d:f2:f4:6f:ef:5a:42:46:f4:61:21:4b:ea:05:92:
         fe:96:15:d5:08:35:09:f3:86:ba:6d:81:99:ad:9d:f5:8a:dd:
         91:b4:09:79:f0:5f:3a:9a:a1:f7:ef:4b:ae:c6:ea:7a:41:fb:
         2d:ad:b8:1e:c5:19:aa:61:85:f0:0a:e4:df:3e:03:f2:56:42:
         30:e6:40:12:91:6a:7d:85:cd:2e:72:84:c3:09:2b:51:fb:8a:
         e0:ba:4b:35:6e:bf:11:eb:c2:e4:cb:d1:2d:65:d4:16:0b:9c:
         4b:0a:98:1d
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYlquNspf2CLTtde8ctpIUHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwNzE4MjAzNzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTBjMDg5MjZjOWYwOThjYzA3NmFlYTI4YzNjMzM5OWNjZGNjMGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2O3DBll8AJsU13WWzohu/elFlufE
009jhsov1HhU7H06yf7i+Un+HR2SXnOwL6UZMbKmyzRu++BMR1qnfAgq2frXXZHE
Db0cFlFY47fohs0llJDRmtA46XJT6UYyryLHBcbaZxgeFEXbwwJzfp5uan92Uh2t
w565M13JXN5E3Z1VTzTpGWF7/UXwuQdX/fkulFqayTpAftIkVJKWLIrlZJzVEhNw
S6DTTFNWSS/bqbtP8yZytJ+WZWLlqSGAkXCj5rNtuCmZZGJ+rjnZicA56C8JC2kA
AvkTgnEhoFBJgSZ7q59lKyYEYLW/wzeP0NUKNASFrEZo22SNU1UWuUf6ewIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDkMCJJsnwmMwHauoow8M5nM3MCrMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvT1F3SWtteWZDWXpBZHE2aWpEd3ptY3pjd0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGMAwDBAEFaVYD
BAEFaVgDBAAFaYADBAAFaaADBAAFabAwDAMEAQVpvgMEAAVpwAMEAAVpwgMEAAVp
zgMEAQVp+gMEAQVp/jANBgkqhkiG9w0BAQsFAAOCAQEAygreL4WXZsrPrMYl8BFQ
0Drr4yRytiqVKdfGo6HbhF6l62CMuieIw8UwDGSy6boVTQwsdAx2qvHpV/JFwHGw
WzgasniaE8/LFGZFKQwehfE3OzIzorSgYxc7rzlswMarPECEsXbmmwMya49bF0b6
4se9cxStLDhsJv0GSccH4IaCTVsIe1fQwBlaKzwVqjDKruoCjfL0b+9aQkb0YSFL
6gWS/pYV1Qg1CfOGum2Bma2d9YrdkbQJefBfOpqh9+9LrsbqekH7La24HsUZqmGF
8Ark3z4D8lZCMOZAEpFqfYXNLnKEwwkrUfuK4LpLNW6/EevC5MvRLWXUFgucSwqY
HQ==
-----END CERTIFICATE-----