Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZLMF-sC20uqKIDizs5AMLuaeHB8.roa
File:                     ZLMF-sC20uqKIDizs5AMLuaeHB8.roa (raw, json)
Hash identifier:          L7+12+V7aMDhB7gQ0aLDLgJ1yBKdAP/jEEk/Sq3lXDo=
Subject key identifier:   64:B3:05:FA:C0:B6:D2:EA:8A:20:38:B3:B3:90:0C:2E:E6:9E:1C:1F
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       018AEBD5EC4BFC1B0EB17A23484E414C160B
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZLMF-sC20uqKIDizs5AMLuaeHB8.roa
Signing time:             Sun 01 Oct 2023 15:22:59 +0000
ROA not before:           Sun 01 Oct 2023 15:22:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12599
IP address blocks:        212.64.218.0/24 maxlen: 24
                          212.64.220.0/24 maxlen: 24
                          212.64.192.0/24 maxlen: 24
                          212.64.194.0/24 maxlen: 24
                          212.64.197.0/24 maxlen: 24
                          212.64.196.0/24 maxlen: 24
                          212.64.198.0/24 maxlen: 24
                          212.64.199.0/24 maxlen: 24
                          212.64.200.0/24 maxlen: 24
                          212.64.202.0/24 maxlen: 24
                          212.64.204.0/24 maxlen: 24
                          212.64.203.0/24 maxlen: 24
                          212.64.205.0/24 maxlen: 24
                          212.64.206.0/24 maxlen: 24
                          212.64.209.0/24 maxlen: 24
                          212.64.208.0/24 maxlen: 24
                          212.64.212.0/24 maxlen: 24
                          212.64.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:eb:d5:ec:4b:fc:1b:0e:b1:7a:23:48:4e:41:4c:16:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Oct  1 15:22:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=64b305fac0b6d2ea8a2038b3b3900c2ee69e1c1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:0d:2f:49:e3:01:5d:6c:74:bf:30:f0:88:a4:
                    18:7d:f1:6b:5a:b1:52:e5:8f:5a:69:d3:2d:14:68:
                    14:9c:9d:ea:52:98:9f:b4:b6:32:41:8b:06:a1:d1:
                    5d:18:80:22:71:af:f5:95:24:05:a3:37:6a:09:d9:
                    78:bf:03:40:5d:f1:ff:dc:5c:59:46:17:e5:17:9a:
                    35:66:07:86:8b:2b:e5:33:85:6b:20:31:2c:25:5c:
                    dd:84:da:48:0e:9f:b2:44:33:d4:b8:b4:e2:8d:1c:
                    fc:0d:70:1c:91:c7:b2:71:ba:45:a4:30:8d:37:bd:
                    2b:17:49:b1:d8:48:00:49:d0:9c:e2:ac:c6:0a:ad:
                    71:24:37:2c:21:5e:8b:0c:8f:16:27:c7:74:6b:52:
                    a7:c8:e3:4b:1b:aa:41:f3:69:5a:63:ac:e2:0d:72:
                    30:70:53:9c:0a:05:ab:54:68:43:92:72:85:48:f2:
                    02:86:d4:ae:eb:c9:db:c7:a9:87:a2:de:5a:a8:37:
                    bb:27:69:50:59:f3:f2:89:2e:14:95:b2:9c:e5:28:
                    e1:80:32:e2:ed:8d:82:38:b4:a7:61:5b:00:93:f7:
                    6e:19:c5:fb:d4:2d:67:47:53:3c:84:c9:bc:ce:23:
                    38:a3:c6:79:c0:d4:6d:22:8e:b4:ad:72:1a:61:3b:
                    9b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:B3:05:FA:C0:B6:D2:EA:8A:20:38:B3:B3:90:0C:2E:E6:9E:1C:1F
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZLMF-sC20uqKIDizs5AMLuaeHB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.192.0/24
                  212.64.194.0/24
                  212.64.196.0-212.64.200.255
                  212.64.202.0-212.64.209.255
                  212.64.212.0/24
                  212.64.218.0/24
                  212.64.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:7d:94:49:c3:82:68:5a:eb:cb:81:65:d6:7c:59:28:cc:4c:
         19:4b:5e:b8:be:f5:94:4b:1a:e9:9a:22:59:b9:ea:14:bb:49:
         25:98:f3:94:db:7c:03:9f:d5:87:b4:ea:12:49:fe:4b:69:16:
         ef:1f:7a:b3:03:f3:f5:41:6c:ca:ce:eb:a3:37:19:12:a9:7f:
         db:e7:db:96:c8:2f:be:13:8e:e6:f3:4d:54:bd:a9:fb:af:40:
         ca:36:a1:e8:00:b0:43:1a:22:9c:c0:ad:40:a3:3a:4b:63:6d:
         45:19:70:ac:d7:f0:66:95:f9:b9:af:97:b1:a0:9a:61:55:44:
         5b:de:0c:97:1e:73:d9:eb:0f:40:f6:f4:02:63:18:2f:d2:81:
         92:2e:d5:d1:b9:f0:fc:04:74:a3:06:45:be:82:8e:00:ac:4d:
         dc:4e:f8:04:88:8a:9f:8e:ed:2c:d2:1a:fe:65:40:11:e3:c9:
         dd:f9:d9:f6:0c:dd:90:04:d3:61:dc:95:4d:fa:87:ae:5e:e1:
         58:7d:e9:38:08:e7:26:fe:9b:b1:ec:85:94:2d:96:fa:f7:a4:
         0f:07:be:e9:9d:a3:43:f6:b0:38:e4:8f:7e:6c:05:bf:74:d4:
         d5:f6:62:a3:a4:0f:a0:e3:b2:41:af:96:d0:f6:11:da:96:4d:
         8d:60:22:91
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYrr1exL/BsOsXojSE5BTBYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjMxMDAxMTUyMjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGIzMDVmYWMwYjZkMmVhOGEyMDM4YjNiMzkwMGMyZWU2OWUxYzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlg0vSeMBXWx0vzDwiKQYffFrWrFS
5Y9aadMtFGgUnJ3qUpiftLYyQYsGodFdGIAica/1lSQFozdqCdl4vwNAXfH/3FxZ
RhflF5o1ZgeGiyvlM4VrIDEsJVzdhNpIDp+yRDPUuLTijRz8DXAckceycbpFpDCN
N70rF0mx2EgASdCc4qzGCq1xJDcsIV6LDI8WJ8d0a1KnyONLG6pB82laY6ziDXIw
cFOcCgWrVGhDknKFSPIChtSu68nbx6mHot5aqDe7J2lQWfPyiS4UlbKc5SjhgDLi
7Y2COLSnYVsAk/duGcX71C1nR1M8hMm8ziM4o8Z5wNRtIo60rXIaYTubVwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFGSzBfrAttLqiiA4s7OQDC7mnhwfMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvWkxNRi1zQzIwdXFLSURpenM1QU1MdWFlSEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQA1EDAAwQA
1EDCMAwDBALUQMQDBADUQMgwDAMEAdRAygMEAdRA0AMEANRA1AMEANRA2gMEANRA
3DANBgkqhkiG9w0BAQsFAAOCAQEAcX2UScOCaFrry4Fl1nxZKMxMGUteuL71lEsa
6ZoiWbnqFLtJJZjzlNt8A5/Vh7TqEkn+S2kW7x96swPz9UFsys7rozcZEql/2+fb
lsgvvhOO5vNNVL2p+69Ayjah6ACwQxoinMCtQKM6S2NtRRlwrNfwZpX5ua+XsaCa
YVVEW94Mlx5z2esPQPb0AmMYL9KBki7V0bnw/AR0owZFvoKOAKxN3E74BIiKn47t
LNIa/mVAEePJ3fnZ9gzdkATTYdyVTfqHrl7hWH3pOAjnJv6bseyFlC2W+vekDwe+
6Z2jQ/awOOSPfmwFv3TU1fZio6QPoOOyQa+W0PYR2pZNjWAikQ==
-----END CERTIFICATE-----