Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/1-QKDefCsLohM9EEt_UQaoG2_whU.roa
File:                     1-QKDefCsLohM9EEt_UQaoG2_whU.roa (raw, json)
Hash identifier:          YD8Vd4VmVOFMIqaRhc/v2MCJ+QFY9fACkG9TWZmRWDg=
Subject key identifier:   F9:02:83:79:F0:AC:2E:88:4C:F4:41:2D:FD:44:1A:A0:6D:BF:C2:15
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       018B0177B37F1F6D90F769A95853EDAF25A0
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/1-QKDefCsLohM9EEt_UQaoG2_whU.roa
Signing time:             Thu 05 Oct 2023 20:11:43 +0000
ROA not before:           Thu 05 Oct 2023 20:11:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12599
IP address blocks:        212.64.218.0/24 maxlen: 24
                          212.64.220.0/24 maxlen: 24
                          212.64.192.0/24 maxlen: 24
                          212.64.194.0/24 maxlen: 24
                          212.64.197.0/24 maxlen: 24
                          212.64.196.0/24 maxlen: 24
                          212.64.198.0/24 maxlen: 24
                          212.64.199.0/24 maxlen: 24
                          212.64.200.0/24 maxlen: 24
                          212.64.204.0/24 maxlen: 24
                          212.64.203.0/24 maxlen: 24
                          212.64.205.0/24 maxlen: 24
                          212.64.206.0/24 maxlen: 24
                          212.64.209.0/24 maxlen: 24
                          212.64.208.0/24 maxlen: 24
                          212.64.212.0/24 maxlen: 24
                          212.64.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:01:77:b3:7f:1f:6d:90:f7:69:a9:58:53:ed:af:25:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Oct  5 20:11:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f9028379f0ac2e884cf4412dfd441aa06dbfc215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:45:7f:06:2c:92:41:1c:5c:c3:0b:f8:91:c4:
                    80:12:f8:99:31:f4:21:b7:75:2f:ff:83:fe:a1:72:
                    21:eb:a4:9d:23:e1:63:89:b6:64:2e:85:f5:76:1c:
                    a2:fd:ef:7d:bf:81:5d:dd:e0:81:9e:e5:81:b5:0c:
                    52:bc:37:de:47:c8:9a:3f:90:5a:61:ae:7f:93:fe:
                    61:17:8f:c1:5d:3c:34:31:b6:a0:f3:9d:9f:1b:6a:
                    fc:44:b2:ef:ca:6b:80:1e:8b:16:8c:30:e5:ca:f9:
                    3d:1d:aa:f2:b6:e9:7b:ac:b0:27:4b:34:00:bd:2b:
                    ea:f5:34:26:6a:57:2a:fa:11:87:be:16:04:a5:84:
                    a9:9d:7e:64:0f:8b:c7:35:44:a8:1c:8b:70:98:b5:
                    4f:32:d4:ff:5a:d8:fe:d1:cf:06:13:64:db:30:86:
                    c2:19:46:86:70:1e:e5:34:9c:f4:98:ae:ca:c3:01:
                    1f:84:41:83:a9:da:79:f4:cd:ec:8e:29:0a:75:d4:
                    35:b7:3f:ee:80:f6:6d:9f:0c:19:58:06:d4:2a:53:
                    fb:a3:6d:a3:52:a0:a9:b5:56:ed:cd:c5:23:d4:e6:
                    3c:3b:41:80:e2:97:a9:e7:a2:b4:31:7f:44:c7:e8:
                    a5:16:75:22:4c:d7:1f:68:55:45:4d:97:9c:1c:91:
                    9c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:02:83:79:F0:AC:2E:88:4C:F4:41:2D:FD:44:1A:A0:6D:BF:C2:15
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/1-QKDefCsLohM9EEt_UQaoG2_whU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.192.0/24
                  212.64.194.0/24
                  212.64.196.0-212.64.200.255
                  212.64.203.0-212.64.209.255
                  212.64.212.0/24
                  212.64.218.0/24
                  212.64.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:93:d4:1c:d5:49:85:7a:28:2e:b2:7f:b1:c4:02:51:09:e8:
         5a:22:06:bb:6c:22:22:c0:af:cb:f8:63:51:9b:11:2a:a1:52:
         fb:a2:30:b3:b3:59:0b:69:d0:92:36:76:a2:db:89:ee:f9:cb:
         7c:4c:42:c0:1b:54:16:d6:a2:1b:a1:b9:69:d0:a5:2e:c4:cf:
         fe:5d:ad:bb:17:2d:14:ff:e4:79:ab:3a:e9:19:5e:fd:bb:16:
         6d:c3:9c:99:e9:6e:6a:da:bc:de:fd:75:04:4e:ec:8a:cb:d4:
         bf:7a:eb:ff:eb:f3:c4:d5:0d:b7:9a:f0:5b:81:dd:02:08:fc:
         f8:a6:12:fa:7a:7e:d4:31:37:bb:1a:28:69:72:8d:78:81:04:
         9b:36:2e:22:15:d4:4d:ad:c5:58:e2:0f:3f:78:db:80:af:13:
         d6:b1:0b:55:2e:a1:b2:3c:27:1a:6d:e3:a7:6a:32:bf:21:06:
         fc:ff:e3:b4:7a:95:95:87:98:b0:9e:7c:40:63:ba:b7:c1:47:
         4d:60:aa:9d:43:f0:9a:63:27:7d:3a:16:38:71:a7:bd:ba:d0:
         2a:43:3e:c3:e8:c7:e5:30:bc:c9:16:89:ee:2b:61:52:7e:b9:
         7c:32:15:55:f3:96:fb:b2:8b:ec:50:76:72:cd:83:e6:51:65:
         ee:f4:d9:29
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYsBd7N/H22Q92mpWFPtryWgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjMxMDA1MjAxMTQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTAyODM3OWYwYWMyZTg4NGNmNDQxMmRmZDQ0MWFhMDZkYmZjMjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEV/BiySQRxcwwv4kcSAEviZMfQh
t3Uv/4P+oXIh66SdI+FjibZkLoX1dhyi/e99v4Fd3eCBnuWBtQxSvDfeR8iaP5Ba
Ya5/k/5hF4/BXTw0Mbag852fG2r8RLLvymuAHosWjDDlyvk9Harytul7rLAnSzQA
vSvq9TQmalcq+hGHvhYEpYSpnX5kD4vHNUSoHItwmLVPMtT/Wtj+0c8GE2TbMIbC
GUaGcB7lNJz0mK7KwwEfhEGDqdp59M3sjikKddQ1tz/ugPZtnwwZWAbUKlP7o22j
UqCptVbtzcUj1OY8O0GA4pep56K0MX9Ex+ilFnUiTNcfaFVFTZecHJGc9wIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFPkCg3nwrC6ITPRBLf1EGqBtv8IVMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvMS1RS0RlZkNzTG9oTTlFRXRfVVFhb0cyX3doVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmMvYzNhZDJlLWI1MmUtNDQxYy04OWJhLTQ0YWI3YTlkN2Rl
YS8xL1prRDRuT0ltUmJseWw5ZUFOeWJjTDdEbDlMay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBTBggrBgEFBQcBBwEB/wREMEIwQAQCAAEwOgMEANRAwAME
ANRAwjAMAwQC1EDEAwQA1EDIMAwDBADUQMsDBAHUQNADBADUQNQDBADUQNoDBADU
QNwwDQYJKoZIhvcNAQELBQADggEBAE6T1BzVSYV6KC6yf7HEAlEJ6FoiBrtsIiLA
r8v4Y1GbESqhUvuiMLOzWQtp0JI2dqLbie75y3xMQsAbVBbWohuhuWnQpS7Ez/5d
rbsXLRT/5HmrOukZXv27Fm3DnJnpbmravN79dQRO7IrL1L966//r88TVDbea8FuB
3QII/PimEvp6ftQxN7saKGlyjXiBBJs2LiIV1E2txVjiDz9424CvE9axC1UuobI8
Jxpt46dqMr8hBvz/47R6lZWHmLCefEBjurfBR01gqp1D8JpjJ306Fjhxp7260CpD
PsPox+UwvMkWie4rYVJ+uXwyFVXzlvuyi+xQdnLNg+ZRZe702Sk=
-----END CERTIFICATE-----