Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/dd3940-ffd6-4b69-9f01-fd8d25a263d2/1/ALO_Gx0TovRdMdGuE8x0KGJn2zk.roa
File:                     ALO_Gx0TovRdMdGuE8x0KGJn2zk.roa (raw, json)
Hash identifier:          WJZOdnv2ptZn4Ol0JmXz3PrRYeuBLrdp6Rd4+oyOTS8=
Subject key identifier:   00:B3:BF:1B:1D:13:A2:F4:5D:31:D1:AE:13:CC:74:28:62:67:DB:39
Certificate issuer:       /CN=079889d9de4f07014beb2c0a312cd73652a3fc38
Certificate serial:       01856EEFF7CF11D7B759B3C78D4151A0A7C6
Authority key identifier: 07:98:89:D9:DE:4F:07:01:4B:EB:2C:0A:31:2C:D7:36:52:A3:FC:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B5iJ2d5PBwFL6ywKMSzXNlKj_Dg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/dd3940-ffd6-4b69-9f01-fd8d25a263d2/1/ALO_Gx0TovRdMdGuE8x0KGJn2zk.roa
Signing time:             Sun 01 Jan 2023 20:04:58 +0000
ROA not before:           Sun 01 Jan 2023 20:04:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60592
IP address blocks:        185.82.213.0/24 maxlen: 24
                          185.82.212.0/24 maxlen: 24
                          185.82.214.0/24 maxlen: 24
                          185.28.192.0/24 maxlen: 24
                          185.28.194.0/24 maxlen: 24
                          185.28.193.0/24 maxlen: 24
                          185.38.111.0/24 maxlen: 24
                          185.38.110.0/24 maxlen: 24
                          185.38.109.0/24 maxlen: 24
                          185.38.108.0/24 maxlen: 24
                          91.207.189.0/24 maxlen: 24
                          91.207.188.0/24 maxlen: 24
                          2a00:fea0::/32 maxlen: 32
                          2a00:a160::/32 maxlen: 32
                          2a03:6920::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:ef:f7:cf:11:d7:b7:59:b3:c7:8d:41:51:a0:a7:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=079889d9de4f07014beb2c0a312cd73652a3fc38
        Validity
            Not Before: Jan  1 20:04:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=00b3bf1b1d13a2f45d31d1ae13cc74286267db39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f7:fc:64:2c:2e:24:86:c6:0e:e3:11:2e:32:
                    df:2d:44:f1:46:a9:fb:c7:41:d6:e0:16:0d:17:8d:
                    62:e1:19:a0:d3:b5:2e:f1:1e:53:04:60:94:61:34:
                    fd:19:f0:b1:a6:5d:ae:aa:ef:cd:2f:e7:d3:24:26:
                    11:7c:b8:f2:71:cd:0a:93:11:0e:d1:9f:30:41:e6:
                    e5:63:bd:03:75:f9:bc:a5:bf:49:41:c1:6b:27:29:
                    1f:23:72:9f:52:0c:d1:83:55:3a:cb:bd:dc:03:20:
                    66:0d:07:e5:d7:d2:5e:27:80:1a:eb:27:a1:a3:1e:
                    b9:49:13:65:86:10:b0:f8:3a:60:4b:16:29:bc:73:
                    c8:0e:f1:ea:b8:f1:ed:df:09:c5:4f:ff:1c:92:11:
                    6d:dc:40:f3:c7:fc:1e:22:eb:2c:c1:f1:7a:ca:3c:
                    c0:eb:16:61:6a:42:aa:0d:df:1e:d3:6f:44:d0:47:
                    9e:5f:5f:f2:74:69:dd:34:0e:2f:10:55:65:d1:c9:
                    0c:aa:84:ca:45:7a:4d:3f:ac:a4:99:96:44:7a:14:
                    c6:a2:ef:2f:26:f7:af:9e:a5:b5:48:63:d6:f0:0a:
                    3b:b7:f7:86:56:de:87:e5:fa:0c:49:87:a9:58:85:
                    69:01:c8:cb:35:4b:d7:1f:b3:9b:8e:b2:2d:02:c5:
                    21:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B3:BF:1B:1D:13:A2:F4:5D:31:D1:AE:13:CC:74:28:62:67:DB:39
            X509v3 Authority Key Identifier:
                keyid:07:98:89:D9:DE:4F:07:01:4B:EB:2C:0A:31:2C:D7:36:52:A3:FC:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B5iJ2d5PBwFL6ywKMSzXNlKj_Dg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/dd3940-ffd6-4b69-9f01-fd8d25a263d2/1/ALO_Gx0TovRdMdGuE8x0KGJn2zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/dd3940-ffd6-4b69-9f01-fd8d25a263d2/1/B5iJ2d5PBwFL6ywKMSzXNlKj_Dg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.188.0/23
                  185.28.192.0-185.28.194.255
                  185.38.108.0/22
                  185.82.212.0-185.82.214.255
                IPv6:
                  2a00:a160::/32
                  2a00:fea0::/32
                  2a03:6920::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:3a:46:d6:9b:28:82:86:52:06:2c:4d:85:47:33:12:41:6a:
         c7:ef:e4:0b:c9:01:1e:b7:45:de:a0:1b:0d:26:d0:cf:d4:42:
         2f:f1:a0:38:2c:75:05:5a:70:5e:73:e3:c6:e1:e1:21:13:2d:
         99:df:aa:e5:e0:d0:e3:96:34:ec:bc:e9:61:ce:21:5a:03:12:
         50:84:69:15:68:7d:83:8d:23:48:97:cf:ca:63:a0:c1:37:a8:
         25:2c:f9:e7:1b:31:5f:75:b3:bb:25:e2:6c:26:0f:4d:4c:db:
         68:58:7e:cd:ed:59:b7:5e:60:4d:ba:18:06:0c:a1:af:55:1e:
         ff:97:08:b9:63:d0:76:22:ab:75:27:04:f3:23:11:8e:5c:75:
         08:96:41:06:2d:13:2c:26:cd:9a:9c:39:78:39:85:76:20:f0:
         f6:cd:f6:7c:20:98:22:3c:59:d8:0a:a6:62:0d:9b:84:87:78:
         03:6f:37:c7:1c:44:ce:90:55:58:0e:e5:d0:ac:d0:2a:6e:e1:
         3b:99:2f:95:49:ce:6e:7e:24:6f:d2:aa:5d:4d:f7:88:cd:2c:
         3e:51:fd:83:ec:14:28:a0:cf:c3:6a:65:e8:06:1b:d4:ee:ce:
         c9:36:d8:23:4c:ec:0d:ab:87:d1:c3:1c:3e:88:9f:f7:02:ca:
         4d:5c:f4:23
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVu7/fPEde3WbPHjUFRoKfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3OTg4OWQ5ZGU0ZjA3MDE0YmViMmMwYTMxMmNkNzM2NTJh
M2ZjMzgwHhcNMjMwMTAxMjAwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGIzYmYxYjFkMTNhMmY0NWQzMWQxYWUxM2NjNzQyODYyNjdkYjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjff8ZCwuJIbGDuMRLjLfLUTxRqn7
x0HW4BYNF41i4Rmg07Uu8R5TBGCUYTT9GfCxpl2uqu/NL+fTJCYRfLjycc0KkxEO
0Z8wQeblY70Ddfm8pb9JQcFrJykfI3KfUgzRg1U6y73cAyBmDQfl19JeJ4Aa6yeh
ox65SRNlhhCw+DpgSxYpvHPIDvHquPHt3wnFT/8ckhFt3EDzx/weIusswfF6yjzA
6xZhakKqDd8e029E0EeeX1/ydGndNA4vEFVl0ckMqoTKRXpNP6ykmZZEehTGou8v
JvevnqW1SGPW8Ao7t/eGVt6H5foMSYepWIVpAcjLNUvXH7ObjrItAsUhTwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFACzvxsdE6L0XTHRrhPMdChiZ9s5MB8GA1UdIwQY
MBaAFAeYidneTwcBS+ssCjEs1zZSo/w4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjVpSjJkNVBCd0ZMNnl3S01TelhObEtqX0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9kZDM5NDAtZmZkNi00YjY5LTlmMDEt
ZmQ4ZDI1YTI2M2QyLzEvQUxPX0d4MFRvdlJkTWRHdUU4eDBLR0puMnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9kZDM5NDAtZmZkNi00YjY5LTlmMDEtZmQ4ZDI1YTI2M2Qy
LzEvQjVpSjJkNVBCd0ZMNnl3S01TelhObEtqX0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTAuBAIAATAoAwQBW8+8MAwD
BAa5HMADBAC5HMIDBAK5JmwwDAMEArlS1AMEALlS1jAbBAIAAjAVAwUAKgChYAMF
ACoA/qADBQAqA2kgMA0GCSqGSIb3DQEBCwUAA4IBAQBnOkbWmyiChlIGLE2FRzMS
QWrH7+QLyQEet0XeoBsNJtDP1EIv8aA4LHUFWnBec+PG4eEhEy2Z36rl4NDjljTs
vOlhziFaAxJQhGkVaH2DjSNIl8/KY6DBN6glLPnnGzFfdbO7JeJsJg9NTNtoWH7N
7Vm3XmBNuhgGDKGvVR7/lwi5Y9B2Iqt1JwTzIxGOXHUIlkEGLRMsJs2anDl4OYV2
IPD2zfZ8IJgiPFnYCqZiDZuEh3gDbzfHHETOkFVYDuXQrNAqbuE7mS+VSc5ufiRv
0qpdTfeIzSw+Uf2D7BQooM/DamXoBhvU7s7JNtgjTOwNq4fRwxw+iJ/3AspNXPQj
-----END CERTIFICATE-----