Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/u3mlW_7xttAFokdhUG7zT2CvW_U.roa
File:                     u3mlW_7xttAFokdhUG7zT2CvW_U.roa (raw, json)
Hash identifier:          DLDQ0oGfhNWH/G0ml8sHQM/MJpQGd3vO4spk6yPxOTo=
Subject key identifier:   BB:79:A5:5B:FE:F1:B6:D0:05:A2:47:61:50:6E:F3:4F:60:AF:5B:F5
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       01856F26D4A49BC79C7C5A9D4AD343578399
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/u3mlW_7xttAFokdhUG7zT2CvW_U.roa
Signing time:             Sun 01 Jan 2023 21:04:53 +0000
ROA not before:           Sun 01 Jan 2023 21:04:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        185.132.125.0/24 maxlen: 24
                          45.136.196.0/24 maxlen: 24
                          45.136.197.0/24 maxlen: 24
                          45.136.198.0/24 maxlen: 24
                          45.136.199.0/24 maxlen: 24
                          176.97.64.0/23 maxlen: 23
                          185.87.148.0/23 maxlen: 23
                          188.116.22.0/24 maxlen: 24
                          195.54.171.0/24 maxlen: 24
                          176.97.70.0/23 maxlen: 23
                          176.97.68.0/23 maxlen: 23
                          176.97.66.0/23 maxlen: 23
                          176.97.72.0/24 maxlen: 24
                          176.97.73.0/24 maxlen: 24
                          176.97.75.0/24 maxlen: 24
                          176.97.76.0/24 maxlen: 24
                          5.61.62.0/23 maxlen: 23
                          5.61.60.0/23 maxlen: 23

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:26:d4:a4:9b:c7:9c:7c:5a:9d:4a:d3:43:57:83:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  1 21:04:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bb79a55bfef1b6d005a24761506ef34f60af5bf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:89:93:1b:85:76:21:8b:0d:79:43:e3:4e:fd:
                    7b:54:3c:5c:51:e5:7b:8f:0d:a1:f8:c7:e9:61:27:
                    6f:f6:31:53:75:bc:3c:cb:7c:b3:e2:30:c2:f2:a5:
                    4d:72:1a:c5:55:37:28:c2:2b:d7:8f:26:78:60:1b:
                    3a:3d:21:77:5b:76:2a:3c:82:d5:14:97:03:a5:cd:
                    ef:38:17:71:0a:df:7f:b2:65:ed:b4:4c:be:b5:e1:
                    47:e6:ad:aa:05:57:2b:05:e5:7b:03:fd:9e:68:66:
                    40:d2:81:f8:db:92:b9:1e:2e:db:22:43:4b:90:15:
                    6f:4f:6e:74:79:fb:7b:d3:3c:14:99:7f:41:b1:47:
                    17:d4:99:c0:66:52:9e:81:03:c0:4e:60:68:35:ff:
                    85:35:8d:a2:d7:86:76:ec:ea:a8:31:28:98:46:df:
                    6b:f3:a7:e8:e8:86:b9:e1:5d:a9:3b:8d:eb:ec:52:
                    15:c9:63:e8:aa:47:8b:9c:86:d0:e6:5e:a7:7b:da:
                    27:b5:85:9a:22:70:b4:00:2e:52:7e:0b:56:00:5c:
                    c4:79:c9:d3:60:0c:51:75:94:43:25:f4:1d:67:f0:
                    8d:08:2d:6f:26:dc:ef:c4:7b:e5:81:9f:4f:c4:a2:
                    6f:e1:63:8d:a8:fb:2c:0b:ce:a2:6d:9f:f1:32:0a:
                    e4:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:79:A5:5B:FE:F1:B6:D0:05:A2:47:61:50:6E:F3:4F:60:AF:5B:F5
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/u3mlW_7xttAFokdhUG7zT2CvW_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.60.0/22
                  45.136.196.0/22
                  176.97.64.0-176.97.73.255
                  176.97.75.0-176.97.76.255
                  185.87.148.0/23
                  185.132.125.0/24
                  188.116.22.0/24
                  195.54.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:ad:ec:67:c7:f0:f4:ef:4a:fc:4a:f8:28:7c:b7:3a:99:4c:
         ac:56:e6:53:44:87:8f:20:6e:6d:f9:bd:a8:43:c4:f1:ab:a8:
         f4:4c:76:5d:36:98:b6:bd:b4:73:24:38:c4:e3:ca:00:2e:5a:
         d7:91:3f:f7:e7:5b:9a:cb:cc:73:58:ba:ca:ae:98:fa:96:28:
         d7:7b:f7:66:2c:e6:52:a7:69:81:7c:76:82:87:cb:99:8b:ab:
         86:63:45:5e:7b:7f:3e:64:53:d7:38:06:e5:fe:b9:b3:e4:5c:
         ef:0e:62:4b:cc:10:35:84:a0:c3:1f:33:3c:b3:07:a2:b1:2c:
         47:80:48:03:af:52:12:9a:de:8a:1e:68:3b:cd:72:f7:52:d1:
         f6:d8:f9:4b:4c:c3:15:65:a1:94:67:f0:46:31:48:e5:3c:e7:
         3b:5a:5d:b5:e1:ef:0f:ad:6c:9d:37:f4:fa:2f:e3:b8:f7:7e:
         3a:66:ce:be:bf:2d:4a:71:c8:f9:a9:cf:5a:e0:4a:5f:43:16:
         2f:4c:b4:38:2b:e9:2e:4d:c1:d8:e5:28:9a:07:39:26:0e:b3:
         e6:93:f0:ed:b1:6a:b0:0d:1d:81:25:f2:bd:bd:47:c7:42:1d:
         fd:e4:6f:e1:39:e7:76:d3:4d:a9:f6:cd:a3:25:5e:2a:fa:aa:
         f3:ec:07:28
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYVvJtSkm8ecfFqdStNDV4OZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjMwMTAxMjEwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjc5YTU1YmZlZjFiNmQwMDVhMjQ3NjE1MDZlZjM0ZjYwYWY1YmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArImTG4V2IYsNeUPjTv17VDxcUeV7
jw2h+MfpYSdv9jFTdbw8y3yz4jDC8qVNchrFVTcowivXjyZ4YBs6PSF3W3YqPILV
FJcDpc3vOBdxCt9/smXttEy+teFH5q2qBVcrBeV7A/2eaGZA0oH425K5Hi7bIkNL
kBVvT250eft70zwUmX9BsUcX1JnAZlKegQPATmBoNf+FNY2i14Z27OqoMSiYRt9r
86fo6Ia54V2pO43r7FIVyWPoqkeLnIbQ5l6ne9ontYWaInC0AC5SfgtWAFzEecnT
YAxRdZRDJfQdZ/CNCC1vJtzvxHvlgZ9PxKJv4WONqPssC86ibZ/xMgrkjwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFLt5pVv+8bbQBaJHYVBu809gr1v1MB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvdTNtbFdfN3h0dEFGb2tkaFVHN3pUMkN2V19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCBT08AwQC
LYjEMAwDBAawYUADBAGwYUgwDAMEALBhSwMEALBhTAMEAblXlAMEALmEfQMEALx0
FgMEAMM2qzANBgkqhkiG9w0BAQsFAAOCAQEAua3sZ8fw9O9K/Er4KHy3OplMrFbm
U0SHjyBubfm9qEPE8auo9Ex2XTaYtr20cyQ4xOPKAC5a15E/9+dbmsvMc1i6yq6Y
+pYo13v3ZizmUqdpgXx2gofLmYurhmNFXnt/PmRT1zgG5f65s+Rc7w5iS8wQNYSg
wx8zPLMHorEsR4BIA69SEpreih5oO81y91LR9tj5S0zDFWWhlGfwRjFI5TznO1pd
teHvD61snTf0+i/juPd+OmbOvr8tSnHI+anPWuBKX0MWL0y0OCvpLk3B2OUomgc5
Jg6z5pPw7bFqsA0dgSXyvb1Hx0Id/eRv4TnndtNNqfbNoyVeKvqq8+wHKA==
-----END CERTIFICATE-----