Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/bXX5SG4DBl-bbaGtcVDrJH8DZbw.roa
File:                     bXX5SG4DBl-bbaGtcVDrJH8DZbw.roa (raw, json)
Hash identifier:          BuJhiqe3ml/tSFYTJgCBJQuju//8N6CHNz6PovGGL70=
Subject key identifier:   6D:75:F9:48:6E:03:06:5F:9B:6D:A1:AD:71:50:EB:24:7F:03:65:BC
Certificate issuer:       /CN=a2ddaeb164e398214a171a0410e6b0232d642f50
Certificate serial:       0188E832881F0BFDF8314FDAA7B5B8798643
Authority key identifier: A2:DD:AE:B1:64:E3:98:21:4A:17:1A:04:10:E6:B0:23:2D:64:2F:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ot2usWTjmCFKFxoEEOawIy1kL1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/bXX5SG4DBl-bbaGtcVDrJH8DZbw.roa
Signing time:             Fri 23 Jun 2023 12:20:05 +0000
ROA not before:           Fri 23 Jun 2023 12:20:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3164
IP address blocks:        37.156.225.0/24 maxlen: 24
                          94.176.2.0/24 maxlen: 24
                          188.240.231.0/24 maxlen: 24
                          188.241.194.0/24 maxlen: 24
                          89.44.109.0/24 maxlen: 24
                          84.247.54.0/24 maxlen: 24
                          37.156.67.0/24 maxlen: 24
                          86.105.195.0/24 maxlen: 24
                          185.88.28.0/24 maxlen: 24
                          185.88.29.0/24 maxlen: 24
                          185.88.31.0/24 maxlen: 24
                          185.88.30.0/24 maxlen: 24
                          2a05:c5c0::/48 maxlen: 48
                          2a05:c5c0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e8:32:88:1f:0b:fd:f8:31:4f:da:a7:b5:b8:79:86:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2ddaeb164e398214a171a0410e6b0232d642f50
        Validity
            Not Before: Jun 23 12:20:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6d75f9486e03065f9b6da1ad7150eb247f0365bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:41:cb:8b:32:3f:fc:de:17:95:44:cb:d1:43:
                    b1:00:68:42:b4:53:19:2e:e0:e8:8c:65:5b:b7:6c:
                    bd:7a:56:6b:e3:ed:57:7c:c6:2d:be:2a:0d:2f:64:
                    4f:34:f8:3d:80:67:be:97:99:dd:ff:64:9a:21:8b:
                    8b:71:35:f8:5f:56:07:79:18:7f:e7:35:31:f4:a7:
                    9c:4d:ed:8f:dc:35:2a:42:ae:a4:ea:dd:fe:7e:e0:
                    f4:62:11:6f:1c:b6:c9:6b:29:0a:0a:e3:43:07:94:
                    8c:20:e4:27:7c:d8:1c:dc:61:cf:53:09:af:07:f2:
                    2c:f5:9a:7c:69:c2:3d:28:d4:4b:9b:00:38:db:46:
                    f6:43:69:5c:7a:09:49:dd:20:d5:0d:22:2d:ad:a4:
                    22:c1:58:31:54:12:df:90:be:0a:1c:5a:df:d5:7e:
                    11:fa:e1:7b:9e:04:c6:3f:a8:24:f6:8f:e0:7a:5b:
                    4f:33:c3:b7:a2:4f:a9:9f:7f:4b:78:10:8d:c3:39:
                    61:e5:92:81:c1:35:ed:8d:d8:c6:37:c3:9c:dd:e7:
                    d6:8e:90:1a:30:27:d0:2b:aa:e7:fe:23:bc:a6:10:
                    6f:ac:0d:e4:11:36:22:2c:b7:3f:97:c0:77:16:2e:
                    68:70:f3:fe:08:45:9f:d7:a2:70:e0:59:1c:48:60:
                    64:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:75:F9:48:6E:03:06:5F:9B:6D:A1:AD:71:50:EB:24:7F:03:65:BC
            X509v3 Authority Key Identifier:
                keyid:A2:DD:AE:B1:64:E3:98:21:4A:17:1A:04:10:E6:B0:23:2D:64:2F:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ot2usWTjmCFKFxoEEOawIy1kL1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/bXX5SG4DBl-bbaGtcVDrJH8DZbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/ot2usWTjmCFKFxoEEOawIy1kL1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.67.0/24
                  37.156.225.0/24
                  84.247.54.0/24
                  86.105.195.0/24
                  89.44.109.0/24
                  94.176.2.0/24
                  185.88.28.0/22
                  188.240.231.0/24
                  188.241.194.0/24
                IPv6:
                  2a05:c5c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         18:3e:10:01:73:70:79:3f:61:b9:3a:ad:1b:43:78:41:6f:59:
         ed:eb:a9:90:d7:65:9e:d5:9e:05:6f:82:ad:e3:95:e3:e9:3e:
         71:df:0f:0d:2f:4c:6d:75:28:37:5e:fb:3f:66:5b:74:82:7e:
         5f:ac:ff:c4:ad:42:8c:de:f5:84:2e:79:45:a1:09:e7:d4:c9:
         bf:c0:02:fe:4b:81:f8:8a:ec:ea:08:db:bb:5c:21:21:d9:03:
         b2:4e:1f:39:3b:7c:b2:0b:c6:33:da:52:2b:7e:81:8a:a3:b9:
         51:e5:87:04:7a:b8:1c:1c:54:85:8e:65:d6:d5:cc:70:d2:cf:
         6f:78:03:e0:8b:ac:2f:d6:b7:23:5d:3f:6c:29:18:72:ee:8d:
         93:d4:03:82:1a:d8:f6:07:ab:33:a5:da:09:ef:12:19:c5:cc:
         07:1b:f7:e6:fa:91:ea:43:18:66:7d:52:8b:1f:84:0c:2c:ca:
         d7:97:3f:11:18:fa:f4:2a:b7:02:e4:81:e2:e6:0f:46:7f:39:
         38:ab:77:6d:18:47:69:3d:eb:57:48:bd:3f:cd:88:73:67:ce:
         4a:34:22:44:7a:55:64:4f:9d:34:e5:bc:30:69:f8:cc:a3:2d:
         e2:76:a9:f5:a4:f0:57:fa:87:6a:88:07:7c:87:75:92:f0:fb:
         96:c0:f6:c2
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYjoMogfC/34MU/ap7W4eYZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZGRhZWIxNjRlMzk4MjE0YTE3MWEwNDEwZTZiMDIzMmQ2
NDJmNTAwHhcNMjMwNjIzMTIyMDA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDc1Zjk0ODZlMDMwNjVmOWI2ZGExYWQ3MTUwZWIyNDdmMDM2NWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUHLizI//N4XlUTL0UOxAGhCtFMZ
LuDojGVbt2y9elZr4+1XfMYtvioNL2RPNPg9gGe+l5nd/2SaIYuLcTX4X1YHeRh/
5zUx9KecTe2P3DUqQq6k6t3+fuD0YhFvHLbJaykKCuNDB5SMIOQnfNgc3GHPUwmv
B/Is9Zp8acI9KNRLmwA420b2Q2lceglJ3SDVDSItraQiwVgxVBLfkL4KHFrf1X4R
+uF7ngTGP6gk9o/geltPM8O3ok+pn39LeBCNwzlh5ZKBwTXtjdjGN8Oc3efWjpAa
MCfQK6rn/iO8phBvrA3kETYiLLc/l8B3Fi5ocPP+CEWf16Jw4FkcSGBkSQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFG11+UhuAwZfm22hrXFQ6yR/A2W8MB8GA1UdIwQY
MBaAFKLdrrFk45ghShcaBBDmsCMtZC9QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3QydXNXVGptQ0ZLRnhvRUVPYXdJeTFrTDFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80YWZkYTctODI5Yy00ODgwLWEwYzkt
MTEyZTExM2JiN2I3LzEvYlhYNVNHNERCbC1iYmFHdGNWRHJKSDhEWmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80YWZkYTctODI5Yy00ODgwLWEwYzktMTEyZTExM2JiN2I3
LzEvb3QydXNXVGptQ0ZLRnhvRUVPYXdJeTFrTDFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA8BAIAATA2AwQAJZxDAwQA
JZzhAwQAVPc2AwQAVmnDAwQAWSxtAwQAXrACAwQCuVgcAwQAvPDnAwQAvPHCMA8E
AgACMAkDBwEqBcXAAAAwDQYJKoZIhvcNAQELBQADggEBABg+EAFzcHk/Ybk6rRtD
eEFvWe3rqZDXZZ7VngVvgq3jlePpPnHfDw0vTG11KDde+z9mW3SCfl+s/8StQoze
9YQueUWhCefUyb/AAv5LgfiK7OoI27tcISHZA7JOHzk7fLILxjPaUit+gYqjuVHl
hwR6uBwcVIWOZdbVzHDSz294A+CLrC/WtyNdP2wpGHLujZPUA4Ia2PYHqzOl2gnv
EhnFzAcb9+b6kepDGGZ9UosfhAwsyteXPxEY+vQqtwLkgeLmD0Z/OTird20YR2k9
61dIvT/NiHNnzko0IkR6VWRPnTTlvDBp+MyjLeJ2qfWk8Ff6h2qIB3yHdZLw+5bA
9sI=
-----END CERTIFICATE-----