Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/8MXD6mzATSdOO6Y3GI84BmFSOP0.roa
File:                     8MXD6mzATSdOO6Y3GI84BmFSOP0.roa (raw, json)
Hash identifier:          35N8AgWt7EoYu394fs4JhqzlF9TgnW6Cp72Bq7b9Sak=
Subject key identifier:   F0:C5:C3:EA:6C:C0:4D:27:4E:3B:A6:37:18:8F:38:06:61:52:38:FD
Certificate issuer:       /CN=02bbd4f865a12d79a09a034486ce61ba023882c7
Certificate serial:       018C9BDD441CB490DAD0A6C5E2AEB0ADEA5F
Authority key identifier: 02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/8MXD6mzATSdOO6Y3GI84BmFSOP0.roa
Signing time:             Sun 24 Dec 2023 12:46:58 +0000
ROA not before:           Sun 24 Dec 2023 12:46:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51020
IP address blocks:        5.62.136.0/24 maxlen: 24
                          5.62.142.0/24 maxlen: 24
                          5.62.128.0/24 maxlen: 24
                          5.62.129.0/24 maxlen: 24
                          185.69.4.0/23 maxlen: 23
                          185.69.4.0/24 maxlen: 24
                          185.69.5.0/24 maxlen: 24
                          185.69.6.0/24 maxlen: 24
                          37.77.51.0/24 maxlen: 24
                          37.77.49.0/24 maxlen: 24
                          37.77.50.0/24 maxlen: 24
                          37.77.48.0/24 maxlen: 24
                          37.77.54.0/24 maxlen: 24
                          37.77.55.0/24 maxlen: 24
                          37.77.52.0/24 maxlen: 24
                          37.77.53.0/24 maxlen: 24
                          31.7.84.0/24 maxlen: 24
                          31.7.81.0/24 maxlen: 24
                          31.7.86.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:9b:dd:44:1c:b4:90:da:d0:a6:c5:e2:ae:b0:ad:ea:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02bbd4f865a12d79a09a034486ce61ba023882c7
        Validity
            Not Before: Dec 24 12:46:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f0c5c3ea6cc04d274e3ba637188f3806615238fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f6:93:b0:fa:c3:2f:16:2c:97:52:34:45:a2:
                    b7:5c:13:0c:23:00:66:89:e3:f1:07:e6:20:a7:00:
                    02:0f:45:36:97:10:c2:cc:f1:99:0f:92:1a:c2:0d:
                    0f:ad:a0:bd:23:9f:21:a4:52:26:77:23:82:3b:b0:
                    e1:ff:9a:20:ed:24:06:0d:18:24:36:3b:8a:e3:7d:
                    d2:9a:82:b3:15:d2:fd:02:e6:8b:57:b8:ae:4b:5c:
                    ea:d9:4b:49:54:64:a9:2e:ea:6b:05:c9:1e:6e:a6:
                    5b:10:d2:f6:d0:af:c2:ec:37:73:9d:1b:c1:c0:f8:
                    ec:cb:17:e4:df:08:08:61:2d:7a:1a:ad:9b:7c:9a:
                    cd:26:38:0c:c9:b8:5c:22:89:66:8f:ee:77:a2:35:
                    3e:1b:a5:a8:65:85:33:b7:78:85:44:c6:45:20:b5:
                    36:55:cf:11:20:04:cb:d5:96:9f:fd:b1:b4:d9:d8:
                    c6:ac:43:c1:24:10:3b:db:02:57:cd:83:ef:1f:61:
                    92:25:12:6b:1d:c3:de:0b:35:54:cc:04:95:05:8d:
                    1c:f4:97:63:7c:22:1a:21:73:06:32:65:eb:13:3e:
                    49:ba:f0:4c:06:1d:55:42:da:89:ba:25:15:07:9b:
                    56:32:9d:2d:22:8a:45:12:30:af:35:75:ff:ac:06:
                    73:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:C5:C3:EA:6C:C0:4D:27:4E:3B:A6:37:18:8F:38:06:61:52:38:FD
            X509v3 Authority Key Identifier:
                keyid:02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/8MXD6mzATSdOO6Y3GI84BmFSOP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/ArvU-GWhLXmgmgNEhs5hugI4gsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.128.0/23
                  5.62.136.0/24
                  5.62.142.0/24
                  31.7.81.0/24
                  31.7.84.0/24
                  31.7.86.0/24
                  37.77.48.0/21
                  185.69.4.0-185.69.6.255

    Signature Algorithm: sha256WithRSAEncryption
         8e:68:6b:03:31:21:2b:a6:c6:6a:95:e2:a9:a0:3f:44:43:b5:
         66:d7:0a:a1:fd:d9:f6:93:5d:fa:25:74:3d:19:25:27:0f:a0:
         63:6a:c0:00:f4:2c:21:ce:67:8b:56:94:3d:84:d8:b8:06:23:
         48:46:58:be:79:59:7b:24:85:74:fc:cb:a9:aa:86:af:15:31:
         d8:2d:4a:b8:0d:33:cc:6b:df:12:35:67:c1:f7:14:d4:2c:83:
         8a:00:99:af:b0:c5:56:b3:b0:66:51:23:55:63:9a:6a:7a:59:
         9f:e2:8f:d3:65:3c:7d:22:6c:29:98:d6:75:45:cb:05:91:e3:
         78:6a:93:88:89:d7:42:b3:7a:5e:ec:11:50:3f:67:9b:e8:55:
         c5:38:d3:30:25:f1:de:c2:09:f9:06:d6:92:50:21:bb:fe:81:
         1d:fb:16:0e:89:94:aa:1c:c9:85:d5:48:c3:90:9a:d3:22:48:
         72:cf:97:e1:05:19:d4:d9:6a:c0:6b:c4:1d:e2:c5:c9:dc:8e:
         74:1c:ff:4c:ae:51:eb:92:b9:d5:7f:1b:e6:ba:da:ad:bc:a3:
         0a:0e:b5:ad:f5:a9:fa:c9:76:2d:42:eb:88:f4:db:49:e3:67:
         37:fd:02:d3:e6:21:c5:cf:a5:ef:1b:b1:00:ba:47:18:68:ef:
         61:1d:a4:3c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYyb3UQctJDa0KbF4q6wrepfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYmJkNGY4NjVhMTJkNzlhMDlhMDM0NDg2Y2U2MWJhMDIz
ODgyYzcwHhcNMjMxMjI0MTI0NjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGM1YzNlYTZjYzA0ZDI3NGUzYmE2MzcxODhmMzgwNjYxNTIzOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfaTsPrDLxYsl1I0RaK3XBMMIwBm
iePxB+YgpwACD0U2lxDCzPGZD5Iawg0PraC9I58hpFImdyOCO7Dh/5og7SQGDRgk
NjuK433SmoKzFdL9AuaLV7iuS1zq2UtJVGSpLuprBckebqZbENL20K/C7DdznRvB
wPjsyxfk3wgIYS16Gq2bfJrNJjgMybhcIolmj+53ojU+G6WoZYUzt3iFRMZFILU2
Vc8RIATL1Zaf/bG02djGrEPBJBA72wJXzYPvH2GSJRJrHcPeCzVUzASVBY0c9Jdj
fCIaIXMGMmXrEz5JuvBMBh1VQtqJuiUVB5tWMp0tIopFEjCvNXX/rAZzwQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFPDFw+pswE0nTjumNxiPOAZhUjj9MB8GA1UdIwQY
MBaAFAK71PhloS15oJoDRIbOYboCOILHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUt
MGE5ODA0OGNkZjcyLzEvOE1YRDZtekFUU2RPTzZZM0dJODRCbUZTT1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUtMGE5ODA0OGNkZjcy
LzEvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBBT6AAwQA
BT6IAwQABT6OAwQAHwdRAwQAHwdUAwQAHwdWAwQDJU0wMAwDBAK5RQQDBAC5RQYw
DQYJKoZIhvcNAQELBQADggEBAI5oawMxISumxmqV4qmgP0RDtWbXCqH92faTXfol
dD0ZJScPoGNqwAD0LCHOZ4tWlD2E2LgGI0hGWL55WXskhXT8y6mqhq8VMdgtSrgN
M8xr3xI1Z8H3FNQsg4oAma+wxVazsGZRI1Vjmmp6WZ/ij9NlPH0ibCmY1nVFywWR
43hqk4iJ10Kzel7sEVA/Z5voVcU40zAl8d7CCfkG1pJQIbv+gR37Fg6JlKocyYXV
SMOQmtMiSHLPl+EFGdTZasBrxB3ixcncjnQc/0yuUeuSudV/G+a62q28owoOta31
qfrJdi1C64j020njZzf9AtPmIcXPpe8bsQC6Rxho72EdpDw=
-----END CERTIFICATE-----