Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/_205HCo_NH4jPDVa0NZGNk6EIxo.roa
File:                     _205HCo_NH4jPDVa0NZGNk6EIxo.roa (raw, json)
Hash identifier:          13FB8CfJ3OtbcVzZnMNctQbN8fePhoYqxkdCYwgT0p8=
Subject key identifier:   FF:6D:39:1C:2A:3F:34:7E:23:3C:35:5A:D0:D6:46:36:4E:84:23:1A
Certificate issuer:       /CN=10543a5197eb2544447e9d36b3ebf14452c777eb
Certificate serial:       018570705914152B939A6B3A67BB2D0D8B62
Authority key identifier: 10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/_205HCo_NH4jPDVa0NZGNk6EIxo.roa
Signing time:             Mon 02 Jan 2023 03:04:48 +0000
ROA not before:           Mon 02 Jan 2023 03:04:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2110
IP address blocks:        193.95.128.0/18 maxlen: 24
                          194.125.0.0/17 maxlen: 17
                          213.202.128.0/18 maxlen: 18
                          192.111.39.0/24 maxlen: 24
                          78.16.0.0/14 maxlen: 14
                          212.2.160.0/19 maxlen: 19
                          185.146.180.0/22 maxlen: 22
                          185.146.180.0/24 maxlen: 24
                          193.120.52.0/24 maxlen: 24
                          194.145.128.0/21 maxlen: 21
                          193.120.216.0/24 maxlen: 24
                          194.46.192.0/18 maxlen: 18
                          193.120.0.0/16 maxlen: 16
                          193.203.128.0/19 maxlen: 19
                          194.165.160.0/19 maxlen: 19
                          2001:7c8::/29 maxlen: 29
                          2001:7c8::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:70:59:14:15:2b:93:9a:6b:3a:67:bb:2d:0d:8b:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10543a5197eb2544447e9d36b3ebf14452c777eb
        Validity
            Not Before: Jan  2 03:04:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff6d391c2a3f347e233c355ad0d646364e84231a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ac:f2:44:b6:b6:5a:64:ce:14:d6:ed:9d:a3:
                    4b:61:40:0b:bc:0d:c9:65:7c:e2:53:28:03:7b:f7:
                    de:1a:4c:fe:0d:16:37:03:83:f8:e9:ae:52:5a:31:
                    76:e2:3a:a0:81:2a:fa:50:12:38:61:d8:29:42:62:
                    8c:2f:b0:5e:d9:3c:4e:b3:ff:2c:04:b6:c0:de:9d:
                    91:e1:be:95:ae:e6:00:9b:37:da:59:b4:16:f0:70:
                    e6:4c:8f:02:30:1e:c0:75:ed:cc:16:7c:6e:30:f8:
                    e6:8c:6e:11:20:0c:8b:89:ab:3d:72:e6:fb:04:47:
                    cf:0b:34:32:2d:58:78:c0:00:5f:39:46:e5:1a:b6:
                    00:51:03:38:54:9c:54:72:e4:7c:a0:7a:d4:ec:d4:
                    6c:5d:15:90:a4:a7:5c:3b:aa:91:2c:1c:95:e7:9d:
                    c0:cf:43:38:c8:63:60:95:45:2d:04:bd:52:da:a8:
                    12:3a:08:dd:ac:39:31:7d:7b:37:a9:4b:7f:7e:53:
                    0f:3d:59:f3:d6:89:c9:06:16:9a:40:75:75:d9:01:
                    ec:6a:52:bf:29:ee:a4:00:80:41:9e:11:a1:b2:d5:
                    e6:a4:14:f1:40:e2:4b:3b:93:66:45:f9:69:12:50:
                    15:5a:c5:03:62:6c:37:01:f7:f8:fa:06:c4:b4:a8:
                    e0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:6D:39:1C:2A:3F:34:7E:23:3C:35:5A:D0:D6:46:36:4E:84:23:1A
            X509v3 Authority Key Identifier:
                keyid:10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/_205HCo_NH4jPDVa0NZGNk6EIxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.16.0.0/14
                  185.146.180.0/22
                  192.111.39.0/24
                  193.95.128.0/18
                  193.120.0.0/16
                  193.203.128.0/19
                  194.46.192.0/18
                  194.125.0.0/17
                  194.145.128.0/21
                  194.165.160.0/19
                  212.2.160.0/19
                  213.202.128.0/18
                IPv6:
                  2001:7c8::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:fc:62:71:03:9c:13:93:14:4b:ec:c0:bd:d7:36:ab:21:2e:
         1d:aa:cb:5d:13:ed:92:fa:eb:f8:9b:d3:78:47:83:c4:47:10:
         c4:13:84:cb:9e:60:c4:26:ce:c1:d7:d8:62:05:9e:a1:2b:8a:
         b4:91:a1:7a:f9:06:5b:8e:8d:a5:a8:7e:98:ab:84:fa:f7:f1:
         3e:c4:cc:6c:4b:f7:f4:72:51:48:1f:8b:0a:86:9b:e7:19:e5:
         3b:a0:75:ca:ae:95:4e:8d:14:08:f8:fe:89:74:07:9d:fd:f8:
         27:55:8a:c4:76:ab:3c:cb:e7:1d:bf:b6:63:2f:fe:56:15:2b:
         e2:d0:b5:7e:6d:80:a6:48:5b:c6:df:20:a0:9f:c3:c5:e6:33:
         50:e3:07:10:72:f8:cb:8e:52:36:db:c9:02:34:86:e3:5b:53:
         0e:69:2f:25:b6:bc:d6:5d:3c:21:3f:9e:6b:b1:5e:e3:cb:9c:
         de:be:03:51:4a:2b:cc:28:af:2d:d5:c1:c3:36:65:60:f2:8c:
         8b:21:84:44:65:49:be:a8:51:a8:07:3e:9c:b2:30:90:09:9d:
         23:f1:9a:e7:b1:a0:60:87:70:1e:31:ff:f2:48:e3:d1:7e:cc:
         d8:11:96:14:11:bd:08:0c:65:b0:a1:0c:ae:fd:76:39:cf:a1:
         0d:7a:6c:7e
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYVwcFkUFSuTmms6Z7stDYtiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTQzYTUxOTdlYjI1NDQ0NDdlOWQzNmIzZWJmMTQ0NTJj
Nzc3ZWIwHhcNMjMwMTAyMDMwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjZkMzkxYzJhM2YzNDdlMjMzYzM1NWFkMGQ2NDYzNjRlODQyMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6zyRLa2WmTOFNbtnaNLYUALvA3J
ZXziUygDe/feGkz+DRY3A4P46a5SWjF24jqggSr6UBI4YdgpQmKML7Be2TxOs/8s
BLbA3p2R4b6VruYAmzfaWbQW8HDmTI8CMB7Ade3MFnxuMPjmjG4RIAyLias9cub7
BEfPCzQyLVh4wABfOUblGrYAUQM4VJxUcuR8oHrU7NRsXRWQpKdcO6qRLByV553A
z0M4yGNglUUtBL1S2qgSOgjdrDkxfXs3qUt/flMPPVnz1onJBhaaQHV12QHsalK/
Ke6kAIBBnhGhstXmpBTxQOJLO5NmRflpElAVWsUDYmw3Aff4+gbEtKjgnQIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFP9tORwqPzR+Izw1WtDWRjZOhCMaMB8GA1UdIwQY
MBaAFBBUOlGX6yVERH6dNrPr8URSx3frMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmIt
ZjdlMGM1ZTI3MDJlLzEvXzIwNUhDb19OSDRqUERWYTBOWkdOazZFSXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmItZjdlMGM1ZTI3MDJl
LzEvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwMCThADBAK5
krQDBADAbycDBAbBX4ADAwDBeAMEBcHLgAMEBsIuwAMEB8J9AAMEA8KRgAMEBcKl
oAMEBdQCoAMEBtXKgDANBAIAAjAHAwUDIAEHyDANBgkqhkiG9w0BAQsFAAOCAQEA
JvxicQOcE5MUS+zAvdc2qyEuHarLXRPtkvrr+JvTeEeDxEcQxBOEy55gxCbOwdfY
YgWeoSuKtJGhevkGW46Npah+mKuE+vfxPsTMbEv39HJRSB+LCoab5xnlO6B1yq6V
To0UCPj+iXQHnf34J1WKxHarPMvnHb+2Yy/+VhUr4tC1fm2Apkhbxt8goJ/DxeYz
UOMHEHL4y45SNtvJAjSG41tTDmkvJba81l08IT+ea7Fe48uc3r4DUUorzCivLdXB
wzZlYPKMiyGERGVJvqhRqAc+nLIwkAmdI/Ga57GgYIdwHjH/8kjj0X7M2BGWFBG9
CAxlsKEMrv12Oc+hDXpsfg==
-----END CERTIFICATE-----