Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/w5PoF8sWN52BekFnF36nnLWqPj8.roa
File:                     w5PoF8sWN52BekFnF36nnLWqPj8.roa (raw, json)
Hash identifier:          js8T3RK7gU1rrERj0WwqMsORLxusplmyn25Nn2oD9Lo=
Subject key identifier:   C3:93:E8:17:CB:16:37:9D:81:7A:41:67:17:7E:A7:9C:B5:AA:3E:3F
Certificate issuer:       /CN=149d1f67a41ca2e405017cbe48bafff1733e3869
Certificate serial:       0189FCF787A64B4F05B92AA093594E1742A5
Authority key identifier: 14:9D:1F:67:A4:1C:A2:E4:05:01:7C:BE:48:BA:FF:F1:73:3E:38:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/w5PoF8sWN52BekFnF36nnLWqPj8.roa
Signing time:             Wed 16 Aug 2023 06:10:27 +0000
ROA not before:           Wed 16 Aug 2023 06:10:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207728
IP address blocks:        46.28.234.0/24 maxlen: 24
                          185.162.11.0/24 maxlen: 24
                          185.162.9.0/24 maxlen: 24
                          185.162.8.0/24 maxlen: 24
                          87.236.177.0/24 maxlen: 24
                          31.210.172.0/24 maxlen: 24
                          31.210.170.0/23 maxlen: 24
                          104.192.42.0/24 maxlen: 24
                          31.210.173.0/24 maxlen: 24
                          93.88.75.0/24 maxlen: 24
                          93.88.74.0/24 maxlen: 24
                          31.10.5.0/24 maxlen: 24
                          194.146.127.0/24 maxlen: 24
                          185.204.52.0/24 maxlen: 24
                          2a12:9cc0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:fc:f7:87:a6:4b:4f:05:b9:2a:a0:93:59:4e:17:42:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=149d1f67a41ca2e405017cbe48bafff1733e3869
        Validity
            Not Before: Aug 16 06:10:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c393e817cb16379d817a4167177ea79cb5aa3e3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:01:4a:df:ba:24:60:8f:f1:61:f3:ca:ac:57:
                    ec:1c:7d:47:7d:5b:be:f9:0d:cc:ae:ae:b9:5d:28:
                    7e:d4:04:eb:1e:35:61:1f:5c:a7:f4:f5:70:5f:28:
                    9f:8e:59:ba:62:74:0a:32:b8:ed:1a:af:75:23:fe:
                    68:52:f1:91:2c:7f:f4:a6:22:10:47:66:66:9e:ce:
                    14:b7:36:78:4d:da:28:a3:64:96:3a:6e:af:d5:fa:
                    f5:5e:1b:b7:99:d6:cd:d8:95:f0:7a:39:12:27:7d:
                    7f:59:10:96:f0:0b:51:05:89:52:18:e2:e7:46:0b:
                    8a:99:71:6e:a1:ea:f9:c3:bc:2e:c7:0e:1e:f4:2e:
                    ac:c1:3c:87:16:5e:79:e9:44:00:27:5e:d9:e6:78:
                    8a:92:c8:dd:67:a4:5c:cd:f3:07:6e:bf:50:5e:99:
                    6e:db:54:22:83:82:42:f8:9e:dd:94:58:a7:b9:97:
                    38:48:65:3d:5a:12:6f:af:fa:52:5f:dc:89:b4:47:
                    55:69:36:38:5b:d2:d6:98:30:a6:a9:f2:97:88:0e:
                    f4:ba:9e:aa:18:65:91:34:a6:19:52:fa:79:36:be:
                    39:1c:d8:66:09:cc:02:e6:78:92:66:1a:19:46:b4:
                    a7:c8:9c:9a:e7:50:f2:1a:92:fb:c5:1a:cb:29:45:
                    85:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:93:E8:17:CB:16:37:9D:81:7A:41:67:17:7E:A7:9C:B5:AA:3E:3F
            X509v3 Authority Key Identifier:
                keyid:14:9D:1F:67:A4:1C:A2:E4:05:01:7C:BE:48:BA:FF:F1:73:3E:38:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/w5PoF8sWN52BekFnF36nnLWqPj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.10.5.0/24
                  31.210.170.0-31.210.173.255
                  46.28.234.0/24
                  87.236.177.0/24
                  93.88.74.0/23
                  104.192.42.0/24
                  185.162.8.0/23
                  185.162.11.0/24
                  185.204.52.0/24
                  194.146.127.0/24
                IPv6:
                  2a12:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:f3:9a:46:79:75:7a:08:66:b3:4b:cb:bd:69:e8:b4:e1:b6:
         b2:43:48:0b:6d:69:ad:5d:83:6c:ac:c1:5e:a6:f6:9b:c6:24:
         17:3f:13:e0:af:de:2f:0d:27:af:84:9a:6d:74:65:4a:a4:5f:
         75:05:cd:eb:4a:6e:cc:e0:59:31:8f:f4:6f:6a:7f:cb:dd:8b:
         81:c8:4c:14:c2:c9:28:67:c4:1c:09:0d:b2:2d:06:23:c4:0a:
         75:fb:91:98:f9:3f:17:72:dd:93:b1:c6:d1:b0:6e:c3:5d:f1:
         22:b4:ac:f3:98:66:39:fb:53:e8:d5:f6:4a:c3:ac:da:de:fa:
         ba:c3:a6:8a:e8:59:68:b2:24:0d:d7:d5:91:5b:05:5f:25:88:
         7d:5c:60:af:6b:0a:c0:78:1a:b3:96:b2:6f:09:36:e4:72:db:
         bd:81:a8:df:fb:92:d1:2c:27:fc:b2:f0:c5:0b:f2:fd:fd:18:
         49:0e:7e:4e:15:43:5f:f3:50:ed:7d:3e:3a:d7:c3:f3:e8:4b:
         12:be:d4:dc:59:14:4d:93:29:95:99:64:e1:d9:65:43:98:0d:
         eb:ca:4b:26:71:93:2c:86:79:9e:9d:5c:e6:a8:5c:fe:05:8e:
         01:99:d3:43:66:b4:8e:c3:ac:d6:ab:f5:8c:91:5b:8b:ea:c5:
         f7:a0:a4:c2
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYn894emS08FuSqgk1lOF0KlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0OWQxZjY3YTQxY2EyZTQwNTAxN2NiZTQ4YmFmZmYxNzMz
ZTM4NjkwHhcNMjMwODE2MDYxMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzkzZTgxN2NiMTYzNzlkODE3YTQxNjcxNzdlYTc5Y2I1YWEzZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQFK37okYI/xYfPKrFfsHH1HfVu+
+Q3Mrq65XSh+1ATrHjVhH1yn9PVwXyifjlm6YnQKMrjtGq91I/5oUvGRLH/0piIQ
R2Zmns4UtzZ4Tdooo2SWOm6v1fr1Xhu3mdbN2JXwejkSJ31/WRCW8AtRBYlSGOLn
RguKmXFuoer5w7wuxw4e9C6swTyHFl556UQAJ17Z5niKksjdZ6RczfMHbr9QXplu
21Qig4JC+J7dlFinuZc4SGU9WhJvr/pSX9yJtEdVaTY4W9LWmDCmqfKXiA70up6q
GGWRNKYZUvp5Nr45HNhmCcwC5niSZhoZRrSnyJya51DyGpL7xRrLKUWF4wIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFMOT6BfLFjedgXpBZxd+p5y1qj4/MB8GA1UdIwQY
MBaAFBSdH2ekHKLkBQF8vki6//FzPjhpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkowZlo2UWNvdVFGQVh5LVNMcl84WE0tT0drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iNTA5MGEtZWM1OC00NmRiLTlkZDkt
NTQ4NTY4MmEwNWY1LzEvdzVQb0Y4c1dONTJCZWtGbkYzNm5uTFdxUGo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iNTA5MGEtZWM1OC00NmRiLTlkZDktNTQ4NTY4MmEwNWY1
LzEvRkowZlo2UWNvdVFGQVh5LVNMcl84WE0tT0drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQAHwoFMAwD
BAEf0qoDBAEf0qwDBAAuHOoDBABX7LEDBAFdWEoDBABowCoDBAG5oggDBAC5ogsD
BAC5zDQDBADCkn8wDQQCAAIwBwMFAyoSnMAwDQYJKoZIhvcNAQELBQADggEBAAfz
mkZ5dXoIZrNLy71p6LThtrJDSAttaa1dg2yswV6m9pvGJBc/E+Cv3i8NJ6+Emm10
ZUqkX3UFzetKbszgWTGP9G9qf8vdi4HITBTCyShnxBwJDbItBiPECnX7kZj5Pxdy
3ZOxxtGwbsNd8SK0rPOYZjn7U+jV9krDrNre+rrDporoWWiyJA3X1ZFbBV8liH1c
YK9rCsB4GrOWsm8JNuRy272BqN/7ktEsJ/yy8MUL8v39GEkOfk4VQ1/zUO19PjrX
w/PoSxK+1NxZFE2TKZWZZOHZZUOYDevKSyZxkyyGeZ6dXOaoXP4FjgGZ00NmtI7D
rNar9YyRW4vqxfegpMI=
-----END CERTIFICATE-----