Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Z1tfAApR1Rt-qbTM3wz3cbrhl7k.roa
File:                     Z1tfAApR1Rt-qbTM3wz3cbrhl7k.roa (raw, json)
Hash identifier:          WSB5zuz2/8R5GQY6QWlVqjHmLrFCAdjeORXNt145ArE=
Subject key identifier:   67:5B:5F:00:0A:51:D5:1B:7E:A9:B4:CC:DF:0C:F7:71:BA:E1:97:B9
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018A4AB97D3D9513835150F4370E633D3CF9
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Z1tfAApR1Rt-qbTM3wz3cbrhl7k.roa
Signing time:             Thu 31 Aug 2023 08:33:04 +0000
ROA not before:           Thu 31 Aug 2023 08:33:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        5.105.128.0/24 maxlen: 24
                          5.105.160.0/24 maxlen: 24
                          5.105.89.0/24 maxlen: 24
                          5.105.86.0/24 maxlen: 24
                          5.105.88.0/24 maxlen: 24
                          5.105.87.0/24 maxlen: 24
                          5.105.110.0/24 maxlen: 24
                          5.105.248.0/23 maxlen: 24
                          5.105.250.0/24 maxlen: 24
                          5.105.251.0/24 maxlen: 24
                          5.105.255.0/24 maxlen: 24
                          5.105.254.0/24 maxlen: 24
                          5.105.176.0/24 maxlen: 24
                          5.105.191.0/24 maxlen: 24
                          5.105.190.0/24 maxlen: 24
                          5.105.192.0/24 maxlen: 24
                          5.105.194.0/24 maxlen: 24
                          5.105.206.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:4a:b9:7d:3d:95:13:83:51:50:f4:37:0e:63:3d:3c:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Aug 31 08:33:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=675b5f000a51d51b7ea9b4ccdf0cf771bae197b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:3b:3c:3f:3f:6b:ba:3c:a1:9a:bd:bb:c9:11:
                    dd:bd:c0:09:1e:ca:0e:29:c4:bf:1a:cb:ff:db:73:
                    91:dd:3d:5e:8e:bb:f8:27:dc:da:0a:36:79:3e:df:
                    3a:b0:2f:b1:b1:ca:74:5d:a3:ae:f1:33:73:13:21:
                    fc:af:17:82:29:ba:f3:9c:fb:2f:4c:16:9c:fe:35:
                    24:b1:a8:9c:6c:8f:68:fe:76:76:6a:44:48:73:95:
                    41:12:a3:0a:a9:b6:8b:c1:f2:8c:06:3e:93:fa:c4:
                    b5:5c:64:3b:0a:4f:23:21:77:83:ac:14:b8:86:de:
                    bb:21:2e:e3:ff:98:66:4c:06:5c:71:b7:69:b6:35:
                    f1:8d:f9:d7:04:69:a9:14:8d:46:55:e0:10:a1:88:
                    c9:2c:5d:d0:9b:45:e8:77:7d:d6:4b:86:53:88:91:
                    7a:6d:a6:08:53:27:37:34:fe:59:72:f8:db:ff:15:
                    71:69:f1:f7:a1:0d:11:fe:b7:49:5c:8e:b9:4a:af:
                    22:09:5b:9e:8a:54:32:e0:68:a9:d0:61:c3:69:51:
                    d0:33:37:52:50:00:00:f9:0d:59:5c:7c:a3:3c:14:
                    ca:d7:38:ee:60:cf:30:21:7b:dd:7e:e4:64:d6:e7:
                    12:d7:a9:e5:6e:0e:9a:3f:e9:ec:d4:92:87:74:a8:
                    c4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:5B:5F:00:0A:51:D5:1B:7E:A9:B4:CC:DF:0C:F7:71:BA:E1:97:B9
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/Z1tfAApR1Rt-qbTM3wz3cbrhl7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.86.0-5.105.89.255
                  5.105.110.0/24
                  5.105.128.0/24
                  5.105.160.0/24
                  5.105.176.0/24
                  5.105.190.0-5.105.192.255
                  5.105.194.0/24
                  5.105.206.0/24
                  5.105.248.0/22
                  5.105.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:d2:44:42:9d:aa:f7:8e:0c:84:6e:1e:d1:e8:62:c1:6e:ff:
         b6:0c:70:bc:eb:3e:e4:bb:79:18:21:71:26:18:95:7d:5e:a2:
         a8:e5:f8:3e:04:f2:61:ef:d5:dc:69:ee:60:64:0c:b6:a0:9e:
         74:b7:4c:c9:7e:38:2f:2f:b4:cb:1d:29:e4:30:8f:6a:d9:6d:
         93:d0:0f:da:de:9b:7e:b0:f2:fc:5b:7b:be:88:01:55:b3:af:
         4e:e4:0d:8d:db:be:3c:18:4f:0d:19:4d:c1:bb:18:e3:04:db:
         af:08:c8:30:40:bb:bc:a1:ca:21:45:e1:32:68:4a:17:b2:0f:
         7f:e7:2c:c5:7c:1e:4f:3d:b0:1f:2d:f1:25:56:2c:12:e0:5b:
         d9:02:60:0f:60:8a:a8:d4:a6:c1:79:db:39:ee:a4:51:ff:ea:
         4b:91:9b:99:b7:3e:08:75:50:da:dc:2b:73:4b:d5:e7:72:47:
         b7:01:b9:e8:12:e5:d7:ec:f3:41:45:ca:f2:eb:15:2e:00:68:
         28:42:7c:4a:ef:d9:89:42:07:ba:68:3d:75:c0:3a:30:85:d2:
         60:ad:32:30:0e:44:e5:df:be:0b:96:01:ec:cc:3d:20:94:6f:
         91:fa:1a:55:36:33:57:a9:20:d9:1d:04:0b:8d:d7:e8:35:ac:
         40:60:61:e3
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYpKuX09lRODUVD0Nw5jPTz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwODMxMDgzMzA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzViNWYwMDBhNTFkNTFiN2VhOWI0Y2NkZjBjZjc3MWJhZTE5N2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzs8Pz9rujyhmr27yRHdvcAJHsoO
KcS/Gsv/23OR3T1ejrv4J9zaCjZ5Pt86sC+xscp0XaOu8TNzEyH8rxeCKbrznPsv
TBac/jUksaicbI9o/nZ2akRIc5VBEqMKqbaLwfKMBj6T+sS1XGQ7Ck8jIXeDrBS4
ht67IS7j/5hmTAZccbdptjXxjfnXBGmpFI1GVeAQoYjJLF3Qm0Xod33WS4ZTiJF6
baYIUyc3NP5Zcvjb/xVxafH3oQ0R/rdJXI65Sq8iCVueilQy4Gip0GHDaVHQMzdS
UAAA+Q1ZXHyjPBTK1zjuYM8wIXvdfuRk1ucS16nlbg6aP+ns1JKHdKjEiwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFGdbXwAKUdUbfqm0zN8M93G64Ze5MB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvWjF0ZkFBcFIxUnQtcWJUTTN3ejNjYnJobDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBAEFaVYD
BAEFaVgDBAAFaW4DBAAFaYADBAAFaaADBAAFabAwDAMEAQVpvgMEAAVpwAMEAAVp
wgMEAAVpzgMEAgVp+AMEAQVp/jANBgkqhkiG9w0BAQsFAAOCAQEArtJEQp2q944M
hG4e0ehiwW7/tgxwvOs+5Lt5GCFxJhiVfV6iqOX4PgTyYe/V3GnuYGQMtqCedLdM
yX44Ly+0yx0p5DCPatltk9AP2t6bfrDy/Ft7vogBVbOvTuQNjdu+PBhPDRlNwbsY
4wTbrwjIMEC7vKHKIUXhMmhKF7IPf+csxXweTz2wHy3xJVYsEuBb2QJgD2CKqNSm
wXnbOe6kUf/qS5Gbmbc+CHVQ2twrc0vV53JHtwG56BLl1+zzQUXK8usVLgBoKEJ8
Su/ZiUIHumg9dcA6MIXSYK0yMA5E5d++C5YB7Mw9IJRvkfoaVTYzV6kg2R0EC43X
6DWsQGBh4w==
-----END CERTIFICATE-----