Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/aCv_kbJ-IPcQJoznLBlVPK1M4A8.roa
File:                     aCv_kbJ-IPcQJoznLBlVPK1M4A8.roa (raw, json)
Hash identifier:          sdEMiTb1jtk+QICInhtNkl78XMqBJVNzPo+Vb8UgjdQ=
Subject key identifier:   68:2B:FF:91:B2:7E:20:F7:10:26:8C:E7:2C:19:55:3C:AD:4C:E0:0F
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0186169D8E67BCB1D9C09329B14FB02CBF14
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/aCv_kbJ-IPcQJoznLBlVPK1M4A8.roa
Signing time:             Fri 03 Feb 2023 09:31:09 +0000
ROA not before:           Fri 03 Feb 2023 09:31:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        5.105.29.0/24 maxlen: 24
                          5.105.138.0/23 maxlen: 24
                          5.105.142.0/23 maxlen: 24
                          5.105.248.0/23 maxlen: 24
                          5.105.164.0/23 maxlen: 24
                          5.105.68.0/23 maxlen: 24
                          5.105.186.0/23 maxlen: 24
                          5.105.198.0/23 maxlen: 24
                          5.105.206.0/23 maxlen: 24
                          5.105.202.0/23 maxlen: 24
                          5.105.112.0/23 maxlen: 24
                          5.105.114.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Thu 09 Feb 2023 21:17:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:16:9d:8e:67:bc:b1:d9:c0:93:29:b1:4f:b0:2c:bf:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Feb  3 09:31:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=682bff91b27e20f710268ce72c19553cad4ce00f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3f:aa:d4:6a:90:a9:25:bf:65:74:da:41:c6:
                    60:b7:a5:bb:f9:bd:8c:43:69:b8:ed:98:38:22:31:
                    ad:6e:ed:b3:5c:4f:ce:d7:31:97:46:f6:55:79:8e:
                    ca:e7:5f:b3:f4:2d:65:c8:4f:e5:45:71:ad:0b:89:
                    3b:2e:ed:ff:93:1e:dd:6a:c2:4c:e5:de:c6:e7:51:
                    6d:53:48:d5:10:d3:f2:8a:e6:c9:6b:f9:0c:18:0e:
                    18:9a:2b:4d:77:e8:c6:3d:36:aa:3a:cf:6e:30:df:
                    27:d0:80:1f:c1:06:68:88:34:b3:3d:e6:95:d1:8e:
                    b2:83:2e:91:48:19:fd:92:a5:04:6a:9b:09:3b:1c:
                    67:45:1b:19:43:ee:a5:5e:89:92:08:e4:6f:e3:3e:
                    07:4b:ab:1b:65:74:bb:3e:68:d0:89:0b:25:6f:7f:
                    b8:5a:16:41:a9:46:22:81:3b:c5:ac:28:e8:ce:41:
                    67:b7:46:ae:09:f5:86:c4:f5:75:32:14:d2:f0:89:
                    58:f0:2b:ef:1d:19:62:95:e2:c9:8f:72:79:72:41:
                    71:5a:dc:18:22:9f:fd:b2:58:d9:3d:62:4f:84:ec:
                    94:0f:d5:bd:0c:9f:54:21:01:29:5a:50:49:96:5d:
                    b4:b9:a7:e0:a5:5c:ee:f4:dd:63:c2:8f:2a:2e:22:
                    a3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:2B:FF:91:B2:7E:20:F7:10:26:8C:E7:2C:19:55:3C:AD:4C:E0:0F
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/aCv_kbJ-IPcQJoznLBlVPK1M4A8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.29.0/24
                  5.105.68.0/23
                  5.105.112.0/22
                  5.105.138.0/23
                  5.105.142.0/23
                  5.105.164.0/23
                  5.105.186.0/23
                  5.105.198.0/23
                  5.105.202.0/23
                  5.105.206.0/23
                  5.105.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:ca:3d:0a:e2:00:ca:90:84:da:a3:38:b0:ee:d6:e9:3f:ca:
         0a:01:7f:81:af:fc:b1:fa:5d:47:59:2b:5e:23:e7:5d:a8:b2:
         87:ff:ed:cc:00:98:9c:78:90:4e:77:3d:09:f7:03:9f:47:0d:
         28:d0:d5:9d:95:11:d6:3e:cf:b1:96:7e:61:95:94:f3:3a:bb:
         5c:7f:d7:5c:bd:7c:b7:5f:01:85:f0:3d:37:1f:68:31:19:19:
         75:eb:a5:d6:87:4a:6b:d5:77:9b:39:e2:09:8c:2f:68:3b:fb:
         81:d9:af:e0:48:ae:9b:3b:a6:af:a8:15:9b:88:50:6c:49:9f:
         53:35:29:c0:8e:0e:81:fc:aa:12:f5:dc:30:0c:85:45:11:3b:
         29:23:ee:23:99:a5:53:cd:e1:23:71:da:d3:58:75:fe:d8:cc:
         82:36:5b:2c:37:f1:17:ad:3d:c3:12:69:fd:4f:d4:10:65:50:
         1d:16:26:fb:3b:96:ab:39:51:8a:6b:c2:bc:57:88:9d:0e:4b:
         b5:2b:90:3f:f0:d5:e1:88:28:e1:93:c6:ec:7f:18:d2:eb:d2:
         56:ac:9c:9d:8a:8b:0f:6e:46:9f:00:46:9a:d9:28:6b:b2:65:
         91:fb:17:a4:0c:e2:f6:7a:75:b8:c0:e0:bd:6d:5d:57:ec:15:
         46:f2:56:9e
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYYWnY5nvLHZwJMpsU+wLL8UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwMjAzMDkzMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODJiZmY5MWIyN2UyMGY3MTAyNjhjZTcyYzE5NTUzY2FkNGNlMDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlz+q1GqQqSW/ZXTaQcZgt6W7+b2M
Q2m47Zg4IjGtbu2zXE/O1zGXRvZVeY7K51+z9C1lyE/lRXGtC4k7Lu3/kx7dasJM
5d7G51FtU0jVENPyiubJa/kMGA4YmitNd+jGPTaqOs9uMN8n0IAfwQZoiDSzPeaV
0Y6ygy6RSBn9kqUEapsJOxxnRRsZQ+6lXomSCORv4z4HS6sbZXS7PmjQiQslb3+4
WhZBqUYigTvFrCjozkFnt0auCfWGxPV1MhTS8IlY8CvvHRlileLJj3J5ckFxWtwY
Ip/9sljZPWJPhOyUD9W9DJ9UIQEpWlBJll20uafgpVzu9N1jwo8qLiKjCQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFGgr/5GyfiD3ECaM5ywZVTytTOAPMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvYUN2X2tiSi1JUGNRSm96bkxCbFZQSzFNNEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABWkdAwQB
BWlEAwQCBWlwAwQBBWmKAwQBBWmOAwQBBWmkAwQBBWm6AwQBBWnGAwQBBWnKAwQB
BWnOAwQBBWn4MA0GCSqGSIb3DQEBCwUAA4IBAQAsyj0K4gDKkITaoziw7tbpP8oK
AX+Br/yx+l1HWSteI+ddqLKH/+3MAJiceJBOdz0J9wOfRw0o0NWdlRHWPs+xln5h
lZTzOrtcf9dcvXy3XwGF8D03H2gxGRl166XWh0pr1XebOeIJjC9oO/uB2a/gSK6b
O6avqBWbiFBsSZ9TNSnAjg6B/KoS9dwwDIVFETspI+4jmaVTzeEjcdrTWHX+2MyC
NlssN/EXrT3DEmn9T9QQZVAdFib7O5arOVGKa8K8V4idDku1K5A/8NXhiCjhk8bs
fxjS69JWrJydiosPbkafAEaa2ShrsmWR+xekDOL2enW4wOC9bV1X7BVG8lae
-----END CERTIFICATE-----