Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/zlCp-RcPa3dXfeF7_skwhoS94L0.roa
File:                     zlCp-RcPa3dXfeF7_skwhoS94L0.roa (raw, json)
Hash identifier:          yNbNY9QkFioYJA9AOrpS5zcWi5XxAAb7++Co6I/gNTw=
Subject key identifier:   CE:50:A9:F9:17:0F:6B:77:57:7D:E1:7B:FE:C9:30:86:84:BD:E0:BD
Certificate issuer:       /CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Certificate serial:       018A2C9FB8682CA07179569D6DE281CB205F
Authority key identifier: 0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/zlCp-RcPa3dXfeF7_skwhoS94L0.roa
Signing time:             Fri 25 Aug 2023 12:16:19 +0000
ROA not before:           Fri 25 Aug 2023 12:16:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8849
IP address blocks:        185.230.245.0/24 maxlen: 24
                          91.192.81.0/24 maxlen: 24
                          5.44.249.0/24 maxlen: 24
                          185.140.210.0/24 maxlen: 24
                          185.140.211.0/24 maxlen: 24
                          62.122.187.0/24 maxlen: 24
                          185.147.53.0/24 maxlen: 24
                          95.174.71.0/24 maxlen: 24
                          95.174.68.0/24 maxlen: 24
                          95.174.69.0/24 maxlen: 24
                          95.174.70.0/24 maxlen: 24
                          89.40.226.0/24 maxlen: 24
                          88.210.36.0/23 maxlen: 24
                          2a06:f902:4000::/36 maxlen: 36
                          2a06:f901:c000::/36 maxlen: 36
                          2a06:f901:8000::/36 maxlen: 36
                          2a06:f901:4000::/36 maxlen: 36

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:2c:9f:b8:68:2c:a0:71:79:56:9d:6d:e2:81:cb:20:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
        Validity
            Not Before: Aug 25 12:16:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ce50a9f9170f6b77577de17bfec9308684bde0bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5f:cd:02:0f:a2:89:36:c2:61:01:93:7b:0c:
                    02:ae:61:7a:73:0a:49:af:2c:24:01:18:18:09:ff:
                    fc:1e:3b:f6:dc:30:b9:20:db:f0:5e:97:12:5d:e1:
                    c0:c0:38:9c:35:4d:e8:cf:4a:f7:70:86:2e:48:ff:
                    9d:ec:f2:23:58:6a:40:5b:8f:7b:d3:79:cc:65:da:
                    8d:fd:98:70:8e:ba:e3:d9:db:b4:70:13:94:84:87:
                    6e:0f:cd:4d:8b:7c:77:a5:cd:cb:4f:ad:fe:fa:8c:
                    ad:2c:8b:bc:3a:6d:7e:c0:46:97:c4:65:74:ce:89:
                    7f:43:b3:80:2c:7c:38:5e:15:65:19:bd:1d:c3:e7:
                    56:df:e4:a5:67:54:2a:49:0a:7a:ee:24:ae:01:05:
                    cc:64:e9:40:dc:a8:68:74:1f:9c:84:a7:6f:c5:c4:
                    2f:71:5e:d2:f4:1b:af:09:da:9c:3a:1e:31:a6:82:
                    78:cb:de:fa:56:ba:ba:35:3f:8f:d5:57:b6:a8:c9:
                    88:27:f7:05:b2:5e:d5:82:d4:e8:85:31:77:fa:b1:
                    48:bf:0a:49:3b:32:c6:2f:8a:a7:11:e7:a3:d4:9b:
                    7d:71:81:9c:02:d6:45:cf:70:48:bf:78:00:de:d3:
                    a6:25:7d:d8:5c:f6:c0:5b:b2:2f:15:10:a0:f7:f0:
                    90:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:50:A9:F9:17:0F:6B:77:57:7D:E1:7B:FE:C9:30:86:84:BD:E0:BD
            X509v3 Authority Key Identifier:
                keyid:0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/zlCp-RcPa3dXfeF7_skwhoS94L0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.249.0/24
                  62.122.187.0/24
                  88.210.36.0/23
                  89.40.226.0/24
                  91.192.81.0/24
                  95.174.68.0/22
                  185.140.210.0/23
                  185.147.53.0/24
                  185.230.245.0/24
                IPv6:
                  2a06:f901:4000::/36
                  2a06:f901:8000::/36
                  2a06:f901:c000::/36
                  2a06:f902:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         0d:ef:72:2b:8a:b8:da:a1:7a:10:46:5b:38:cb:89:98:1d:2b:
         d6:0c:09:11:73:52:bd:e2:f2:00:b0:f5:41:64:5c:04:ee:a3:
         cb:33:6a:9b:21:c1:7f:ee:d2:01:90:96:d8:8c:cf:ab:a4:bb:
         36:97:c6:84:53:cb:ca:d8:ce:07:a0:1a:43:89:19:e9:95:a6:
         6e:81:12:43:7b:0f:4a:48:b4:aa:53:42:eb:ee:16:ea:69:d3:
         99:b7:8e:1e:52:d4:47:43:0a:46:f1:6e:be:0d:e9:77:03:fc:
         4d:47:d9:cb:86:5d:58:69:1c:80:46:1e:c5:3d:4f:29:9c:e3:
         09:b9:92:9f:f3:af:3c:c5:42:06:06:62:4a:c4:ca:b0:ba:77:
         ed:00:e6:0a:eb:62:eb:41:da:60:cc:63:75:f1:f1:f3:d4:58:
         5a:8e:fc:8c:ad:32:e4:89:60:f3:35:14:6a:57:6d:0c:99:19:
         8d:12:eb:a3:9c:1c:10:8c:86:e2:25:42:7f:d5:b2:10:54:3b:
         19:9d:f3:df:20:26:34:8d:e1:b2:d8:66:91:d9:03:2b:07:91:
         9e:63:a6:10:e9:ef:c1:06:26:c1:02:ff:73:50:b7:ce:aa:6d:
         be:87:94:ac:13:66:66:7f:a0:6b:60:5b:ff:c8:66:3c:9d:15:
         c0:d4:7f:19
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYosn7hoLKBxeVadbeKByyBfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZWJmYmZkNmY5MzdjNWFlMzllM2UzOGU4YWI4Mzg0MTA3
NDIxYTYwHhcNMjMwODI1MTIxNjE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTUwYTlmOTE3MGY2Yjc3NTc3ZGUxN2JmZWM5MzA4Njg0YmRlMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgF/NAg+iiTbCYQGTewwCrmF6cwpJ
rywkARgYCf/8Hjv23DC5INvwXpcSXeHAwDicNU3oz0r3cIYuSP+d7PIjWGpAW497
03nMZdqN/Zhwjrrj2du0cBOUhIduD81Ni3x3pc3LT63++oytLIu8Om1+wEaXxGV0
zol/Q7OALHw4XhVlGb0dw+dW3+SlZ1QqSQp67iSuAQXMZOlA3KhodB+chKdvxcQv
cV7S9BuvCdqcOh4xpoJ4y976Vrq6NT+P1Ve2qMmIJ/cFsl7VgtTohTF3+rFIvwpJ
OzLGL4qnEeej1Jt9cYGcAtZFz3BIv3gA3tOmJX3YXPbAW7IvFRCg9/CQnwIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFM5QqfkXD2t3V33he/7JMIaEveC9MB8GA1UdIwQY
MBaAFA/r+/1vk3xa454+OOirg4QQdCGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGIt
N2Q3MDM3NGQ3NmQyLzEvemxDcC1SY1BhM2RYZmVGN19za3dob1M5NEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGItN2Q3MDM3NGQ3NmQy
LzEvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjA8BAIAATA2AwQABSz5AwQA
Pnq7AwQBWNIkAwQAWSjiAwQAW8BRAwQCX65EAwQBuYzSAwQAuZM1AwQAueb1MCYE
AgACMCADBgQqBvkBQAMGBCoG+QGAAwYEKgb5AcADBgQqBvkCQDANBgkqhkiG9w0B
AQsFAAOCAQEADe9yK4q42qF6EEZbOMuJmB0r1gwJEXNSveLyALD1QWRcBO6jyzNq
myHBf+7SAZCW2IzPq6S7NpfGhFPLytjOB6AaQ4kZ6ZWmboESQ3sPSki0qlNC6+4W
6mnTmbeOHlLUR0MKRvFuvg3pdwP8TUfZy4ZdWGkcgEYexT1PKZzjCbmSn/OvPMVC
BgZiSsTKsLp37QDmCuti60HaYMxjdfHx89RYWo78jK0y5Ilg8zUUaldtDJkZjRLr
o5wcEIyG4iVCf9WyEFQ7GZ3z3yAmNI3hsthmkdkDKweRnmOmEOnvwQYmwQL/c1C3
zqptvoeUrBNmZn+ga2Bb/8hmPJ0VwNR/GQ==
-----END CERTIFICATE-----