Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/906768-cdeb-40d2-b2a2-63cd3c861d8e/1/CkbP-rpfXGEOxMUmbzWZrBfC3bY.roa
File:                     CkbP-rpfXGEOxMUmbzWZrBfC3bY.roa (raw, json)
Hash identifier:          7jxvOk4jaAQ6IQrQgtYu8+QfpKq73qp53lUOxjtDM7o=
Subject key identifier:   0A:46:CF:FA:BA:5F:5C:61:0E:C4:C5:26:6F:35:99:AC:17:C2:DD:B6
Certificate issuer:       /CN=0cb5d3e8ddcf524c20c32387ed3103d4cbf2a56a
Certificate serial:       018A029970C07159EE70E1FA7499E9E9AE8A
Authority key identifier: 0C:B5:D3:E8:DD:CF:52:4C:20:C3:23:87:ED:31:03:D4:CB:F2:A5:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DLXT6N3PUkwgwyOH7TED1MvypWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/906768-cdeb-40d2-b2a2-63cd3c861d8e/1/CkbP-rpfXGEOxMUmbzWZrBfC3bY.roa
Signing time:             Thu 17 Aug 2023 08:25:24 +0000
ROA not before:           Thu 17 Aug 2023 08:25:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3308
IP address blocks:        213.150.32.0/19 maxlen: 19
                          194.19.192.0/19 maxlen: 19
                          217.74.128.0/19 maxlen: 19
                          213.173.224.0/19 maxlen: 19
                          212.97.192.0/18 maxlen: 18
                          85.235.224.0/19 maxlen: 19
                          194.19.128.0/18 maxlen: 18
                          62.198.0.0/15 maxlen: 15
                          194.255.0.0/16 maxlen: 16
                          62.44.128.0/18 maxlen: 18
                          185.223.12.0/22 maxlen: 22
                          195.184.96.0/19 maxlen: 19
                          89.233.0.0/18 maxlen: 18
                          89.233.0.0/24 maxlen: 24
                          2a01:3a0::/32 maxlen: 32
                          2a01:3a0::/48 maxlen: 48
                          2a01:3a0::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:02:99:70:c0:71:59:ee:70:e1:fa:74:99:e9:e9:ae:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cb5d3e8ddcf524c20c32387ed3103d4cbf2a56a
        Validity
            Not Before: Aug 17 08:25:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a46cffaba5f5c610ec4c5266f3599ac17c2ddb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6d:25:84:5e:d7:ba:a6:b1:4b:58:97:31:ac:
                    94:59:df:87:8f:4f:90:14:59:ba:5e:d6:1a:69:27:
                    27:e0:df:56:4b:f6:38:55:0f:23:2f:16:90:02:13:
                    61:36:85:69:ab:f7:f4:d5:69:05:37:7b:e8:3d:af:
                    f2:ba:08:c0:ae:14:1c:5d:b1:db:34:a8:66:af:f2:
                    05:12:c9:57:5a:47:c0:94:cd:8e:78:ef:4b:63:55:
                    97:30:c8:28:4d:55:cb:6b:9c:b9:fc:91:d1:a7:e6:
                    0d:f8:ae:55:a3:00:6b:a9:ed:82:22:22:6c:8a:0e:
                    48:37:cd:fd:56:99:d0:04:e7:cd:3e:e7:b8:d9:2b:
                    aa:83:f1:9c:7b:9e:35:18:ee:9b:d4:6f:40:8f:ae:
                    6c:59:fa:e0:ae:e9:3a:40:3d:b4:d8:11:23:55:f1:
                    07:c3:2b:da:84:92:e6:e1:0b:b6:65:0f:8e:6c:57:
                    a7:3d:d3:2d:03:ae:22:68:cd:9b:fe:9a:d2:2b:8d:
                    d7:83:d3:a1:fa:b8:09:f3:69:e3:6c:a9:90:df:6b:
                    fe:31:cc:b2:82:9c:f8:20:ca:18:21:61:d5:46:f5:
                    c0:f5:d2:07:9b:f5:eb:f5:4a:47:58:77:b4:1b:d2:
                    63:85:d7:8f:46:88:55:e7:c7:0c:fb:5c:c9:be:e6:
                    b2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:46:CF:FA:BA:5F:5C:61:0E:C4:C5:26:6F:35:99:AC:17:C2:DD:B6
            X509v3 Authority Key Identifier:
                keyid:0C:B5:D3:E8:DD:CF:52:4C:20:C3:23:87:ED:31:03:D4:CB:F2:A5:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DLXT6N3PUkwgwyOH7TED1MvypWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/906768-cdeb-40d2-b2a2-63cd3c861d8e/1/CkbP-rpfXGEOxMUmbzWZrBfC3bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/906768-cdeb-40d2-b2a2-63cd3c861d8e/1/DLXT6N3PUkwgwyOH7TED1MvypWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.44.128.0/18
                  62.198.0.0/15
                  85.235.224.0/19
                  89.233.0.0/18
                  185.223.12.0/22
                  194.19.128.0-194.19.223.255
                  194.255.0.0/16
                  195.184.96.0/19
                  212.97.192.0/18
                  213.150.32.0/19
                  213.173.224.0/19
                  217.74.128.0/19
                IPv6:
                  2a01:3a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:13:e5:ad:31:7a:81:da:3e:c3:43:37:fe:c4:01:e6:e3:fa:
         98:07:6f:9f:dd:1a:6b:1c:ae:60:38:69:ea:77:e9:41:db:71:
         80:ab:f8:f1:df:5c:a9:73:c4:e4:95:79:e6:c5:24:44:a8:ca:
         01:37:5a:77:42:3b:19:8a:71:b8:3c:70:38:43:61:db:fc:43:
         91:48:f1:2e:8f:b5:03:2c:63:d3:c1:01:0b:b0:99:9b:70:00:
         67:b3:22:b4:fb:00:d0:c6:f5:25:a2:00:83:41:55:79:c3:37:
         5c:0c:0c:52:a1:b5:0b:2e:b2:55:0a:68:c8:40:79:f6:b8:89:
         de:ef:97:35:5d:b2:8a:67:af:91:6f:5f:8d:cd:40:af:ec:aa:
         85:05:80:a0:bd:a2:c1:8c:e6:de:44:07:1e:fe:af:94:34:c4:
         3e:31:c6:bf:bc:bb:21:06:16:17:8d:7f:f0:b8:c0:33:0a:cd:
         85:86:a4:03:84:26:5a:96:23:ae:b4:5d:c1:d9:a9:6b:0e:2e:
         8f:89:79:25:73:ce:f1:35:ff:46:2a:10:1e:da:b5:9a:ef:ef:
         2f:73:c9:69:ed:7a:73:a1:ee:d6:c3:68:14:cb:89:2d:39:d1:
         73:fe:a5:16:66:a9:df:d5:e9:da:0e:06:32:e0:48:4f:69:af:
         5d:ea:85:38
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYoCmXDAcVnucOH6dJnp6a6KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYjVkM2U4ZGRjZjUyNGMyMGMzMjM4N2VkMzEwM2Q0Y2Jm
MmE1NmEwHhcNMjMwODE3MDgyNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQ2Y2ZmYWJhNWY1YzYxMGVjNGM1MjY2ZjM1OTlhYzE3YzJkZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr20lhF7XuqaxS1iXMayUWd+Hj0+Q
FFm6XtYaaScn4N9WS/Y4VQ8jLxaQAhNhNoVpq/f01WkFN3voPa/yugjArhQcXbHb
NKhmr/IFEslXWkfAlM2OeO9LY1WXMMgoTVXLa5y5/JHRp+YN+K5VowBrqe2CIiJs
ig5IN839VpnQBOfNPue42Suqg/Gce541GO6b1G9Aj65sWfrgruk6QD202BEjVfEH
wyvahJLm4Qu2ZQ+ObFenPdMtA64iaM2b/prSK43Xg9Oh+rgJ82njbKmQ32v+Mcyy
gpz4IMoYIWHVRvXA9dIHm/Xr9UpHWHe0G9JjhdePRohV58cM+1zJvuayuwIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFApGz/q6X1xhDsTFJm81mawXwt22MB8GA1UdIwQY
MBaAFAy10+jdz1JMIMMjh+0xA9TL8qVqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRExYVDZOM1BVa3dnd3lPSDdURUQxTXZ5cFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS85MDY3NjgtY2RlYi00MGQyLWIyYTIt
NjNjZDNjODYxZDhlLzEvQ2tiUC1ycGZYR0VPeE1VbWJ6V1pyQmZDM2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS85MDY3NjgtY2RlYi00MGQyLWIyYTItNjNjZDNjODYxZDhl
LzEvRExYVDZOM1BVa3dnd3lPSDdURUQxTXZ5cFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBUBAIAATBOAwQGPiyAAwMB
PsYDBAVV6+ADBAZZ6QADBAK53wwwDAMEB8ITgAMEBcITwAMDAML/AwQFw7hgAwQG
1GHAAwQF1ZYgAwQF1a3gAwQF2UqAMA0EAgACMAcDBQMqAQOgMA0GCSqGSIb3DQEB
CwUAA4IBAQA0E+WtMXqB2j7DQzf+xAHm4/qYB2+f3RprHK5gOGnqd+lB23GAq/jx
31ypc8TklXnmxSREqMoBN1p3QjsZinG4PHA4Q2Hb/EORSPEuj7UDLGPTwQELsJmb
cABnsyK0+wDQxvUlogCDQVV5wzdcDAxSobULLrJVCmjIQHn2uIne75c1XbKKZ6+R
b1+NzUCv7KqFBYCgvaLBjObeRAce/q+UNMQ+Mca/vLshBhYXjX/wuMAzCs2FhqQD
hCZaliOutF3B2alrDi6PiXklc87xNf9GKhAe2rWa7+8vc8lp7Xpzoe7Ww2gUy4kt
OdFz/qUWZqnf1enaDgYy4EhPaa9d6oU4
-----END CERTIFICATE-----