Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/zryvP2jJaDDqqW5c9LrVS_LIByU.roa
File:                     zryvP2jJaDDqqW5c9LrVS_LIByU.roa (raw, json)
Hash identifier:          5oxcOumkdwebEBRcdg3uLhbsvEEkqww5FEmmU2dFiKY=
Subject key identifier:   CE:BC:AF:3F:68:C9:68:30:EA:A9:6E:5C:F4:BA:D5:4B:F2:C8:07:25
Certificate issuer:       /CN=c0fbd5876613edc56e0f5de468cce5eb2885ff29
Certificate serial:       01896CBC4BBCD90652DBE184165DACFAE42E
Authority key identifier: C0:FB:D5:87:66:13:ED:C5:6E:0F:5D:E4:68:CC:E5:EB:28:85:FF:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/zryvP2jJaDDqqW5c9LrVS_LIByU.roa
Signing time:             Wed 19 Jul 2023 06:00:26 +0000
ROA not before:           Wed 19 Jul 2023 06:00:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203724
IP address blocks:        185.212.107.0/24 maxlen: 24
                          185.212.106.0/24 maxlen: 24
                          185.125.226.0/24 maxlen: 24
                          185.125.225.0/24 maxlen: 24
                          185.125.224.0/24 maxlen: 24
                          185.212.105.0/24 maxlen: 24
                          185.125.227.0/24 maxlen: 24
                          2a06:bcc0:5::/48 maxlen: 48
                          2a06:bcc0:9::/48 maxlen: 48
                          2a06:bcc0:4::/48 maxlen: 48
                          2a06:bcc0:2::/48 maxlen: 48
                          2a06:bcc0:3::/48 maxlen: 48
                          2a06:bcc0:1::/48 maxlen: 48
                          2a06:bcc0:11::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6c:bc:4b:bc:d9:06:52:db:e1:84:16:5d:ac:fa:e4:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0fbd5876613edc56e0f5de468cce5eb2885ff29
        Validity
            Not Before: Jul 19 06:00:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cebcaf3f68c96830eaa96e5cf4bad54bf2c80725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d4:5b:e3:83:7c:67:c1:3e:0a:ce:2a:1b:7b:
                    b6:c1:5a:a8:49:8b:12:63:4b:53:e5:7e:2c:71:75:
                    ea:9c:fd:df:d1:75:37:ad:0a:b8:3b:f3:50:b9:ac:
                    be:2e:ff:79:6f:33:07:a9:bd:e9:fa:df:80:48:f2:
                    f6:73:8f:98:ed:5c:8e:ac:fc:c3:97:fb:9f:9d:f5:
                    44:ac:57:19:72:4a:04:24:49:15:2f:59:bd:d7:17:
                    8e:6b:71:da:af:c9:a8:f5:75:c7:e0:27:9e:9b:83:
                    b5:35:ee:9f:13:90:85:34:44:b4:92:fc:fb:e1:eb:
                    c2:0c:49:04:af:f8:2e:49:48:a8:08:0f:29:3d:ec:
                    ad:9d:18:46:f8:b9:1b:32:9e:92:15:6f:e7:7f:c0:
                    70:8a:cc:c7:0c:b0:20:ae:b6:81:cd:25:36:d7:00:
                    37:c0:02:83:d8:6f:ab:68:b8:c4:c8:f9:84:37:66:
                    ab:76:8d:1d:57:a2:dd:fc:09:86:ca:71:f9:be:18:
                    38:4a:59:31:66:c1:f8:19:c9:f0:39:5d:dd:2b:8f:
                    ef:9f:26:48:e1:03:ad:9f:cf:0b:04:c5:2f:39:b9:
                    07:1a:a3:40:b0:3c:bd:6e:89:4b:86:ea:b5:45:6b:
                    df:5e:77:ca:7c:2d:49:5b:8f:fe:7f:59:06:64:6c:
                    55:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:BC:AF:3F:68:C9:68:30:EA:A9:6E:5C:F4:BA:D5:4B:F2:C8:07:25
            X509v3 Authority Key Identifier:
                keyid:C0:FB:D5:87:66:13:ED:C5:6E:0F:5D:E4:68:CC:E5:EB:28:85:FF:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/zryvP2jJaDDqqW5c9LrVS_LIByU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.224.0/22
                  185.212.105.0-185.212.107.255
                IPv6:
                  2a06:bcc0:1::-2a06:bcc0:5:ffff:ffff:ffff:ffff:ffff
                  2a06:bcc0:9::/48
                  2a06:bcc0:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:da:f4:4a:7c:51:cc:92:98:7a:2b:5b:ec:00:95:0b:3e:ac:
         8b:8b:3e:4f:33:65:b7:65:26:c3:df:0a:c8:e8:e0:11:9d:26:
         ab:18:9a:c8:6b:6b:b9:18:44:36:5f:10:a4:55:9f:56:22:60:
         bf:a9:10:84:5a:64:83:c4:e0:e3:ef:d4:5a:66:63:76:62:07:
         d0:0b:b2:41:d6:59:5b:a0:7a:bb:4e:a3:bc:c8:fe:68:62:b0:
         16:85:2b:43:fb:30:cf:74:77:c7:85:e0:71:6c:bf:da:98:bc:
         2a:4d:c7:41:df:47:7b:31:09:bd:8a:53:0c:92:ac:27:59:8b:
         c3:96:ec:ae:95:3d:bf:b0:ca:cf:7f:9c:ad:b6:84:36:24:1a:
         ed:20:f5:02:bc:57:59:e0:fa:f7:4d:f0:3d:4b:e7:e4:a5:4c:
         53:d0:d5:c3:dc:76:f3:17:bb:0f:04:82:1c:25:a6:cd:b6:23:
         1a:d8:22:9c:05:59:39:4e:b9:fd:e6:e2:a9:2f:52:49:4b:c1:
         59:a1:60:3f:90:57:eb:8b:fe:39:76:c8:b4:34:49:76:c3:3a:
         57:66:32:56:df:8f:3a:db:1d:a6:d5:c0:bb:ae:12:e5:9d:02:
         94:b3:0d:a6:6d:c8:c2:47:fc:ac:37:65:ad:b1:fd:e1:2a:e2:
         80:8b:09:59
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYlsvEu82QZS2+GEFl2s+uQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZmJkNTg3NjYxM2VkYzU2ZTBmNWRlNDY4Y2NlNWViMjg4
NWZmMjkwHhcNMjMwNzE5MDYwMDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWJjYWYzZjY4Yzk2ODMwZWFhOTZlNWNmNGJhZDU0YmYyYzgwNzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NRb44N8Z8E+Cs4qG3u2wVqoSYsS
Y0tT5X4scXXqnP3f0XU3rQq4O/NQuay+Lv95bzMHqb3p+t+ASPL2c4+Y7VyOrPzD
l/ufnfVErFcZckoEJEkVL1m91xeOa3Har8mo9XXH4Ceem4O1Ne6fE5CFNES0kvz7
4evCDEkEr/guSUioCA8pPeytnRhG+LkbMp6SFW/nf8BwiszHDLAgrraBzSU21wA3
wAKD2G+raLjEyPmEN2ardo0dV6Ld/AmGynH5vhg4SlkxZsH4GcnwOV3dK4/vnyZI
4QOtn88LBMUvObkHGqNAsDy9bolLhuq1RWvfXnfKfC1JW4/+f1kGZGxV0wIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFM68rz9oyWgw6qluXPS61UvyyAclMB8GA1UdIwQY
MBaAFMD71YdmE+3Fbg9d5GjM5esohf8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1B2VmgyWVQ3Y1Z1RDEza2FNemw2eWlGX3lrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wMWViYzItODRkMC00YWUzLWEyYzIt
YTNiNmJlNGE5ZTliLzEvenJ5dlAyakphRERxcVc1YzlMclZTX0xJQnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wMWViYzItODRkMC00YWUzLWEyYzItYTNiNmJlNGE5ZTli
LzEvd1B2VmgyWVQ3Y1Z1RDEza2FNemw2eWlGX3lrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAaBAIAATAUAwQCuX3gMAwD
BAC51GkDBAK51GgwLAQCAAIwJjASAwcAKga8wAABAwcBKga8wAAEAwcAKga8wAAJ
AwcAKga8wAARMA0GCSqGSIb3DQEBCwUAA4IBAQC02vRKfFHMkph6K1vsAJULPqyL
iz5PM2W3ZSbD3wrI6OARnSarGJrIa2u5GEQ2XxCkVZ9WImC/qRCEWmSDxODj79Ra
ZmN2YgfQC7JB1llboHq7TqO8yP5oYrAWhStD+zDPdHfHheBxbL/amLwqTcdB30d7
MQm9ilMMkqwnWYvDluyulT2/sMrPf5yttoQ2JBrtIPUCvFdZ4Pr3TfA9S+fkpUxT
0NXD3HbzF7sPBIIcJabNtiMa2CKcBVk5Trn95uKpL1JJS8FZoWA/kFfri/45dsi0
NEl2wzpXZjJW34862x2m1cC7rhLlnQKUsw2mbcjCR/ysN2Wtsf3hKuKAiwlZ
-----END CERTIFICATE-----