Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/0LW7zGMb1o4fQFS76To6TXeEcDo.roa
File:                     0LW7zGMb1o4fQFS76To6TXeEcDo.roa (raw, json)
Hash identifier:          0C28BGG8xNOzqIFCPo57dW84FifsnDMJPdqtudpNFSo=
Subject key identifier:   D0:B5:BB:CC:63:1B:D6:8E:1F:40:54:BB:E9:3A:3A:4D:77:84:70:3A
Certificate issuer:       /CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
Certificate serial:       018AB4633CEFDA779F607353066A0E7D1FC2
Authority key identifier: E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/0LW7zGMb1o4fQFS76To6TXeEcDo.roa
Signing time:             Wed 20 Sep 2023 20:58:37 +0000
ROA not before:           Wed 20 Sep 2023 20:58:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        151.186.192.0/24 maxlen: 24
                          151.186.192.0/20 maxlen: 24
                          151.186.194.0/24 maxlen: 24
                          151.186.193.0/24 maxlen: 24
                          151.186.197.0/24 maxlen: 24
                          151.186.196.0/24 maxlen: 24
                          151.186.195.0/24 maxlen: 24
                          151.186.199.0/24 maxlen: 24
                          151.186.198.0/24 maxlen: 24
                          151.186.204.0/24 maxlen: 24
                          151.186.203.0/24 maxlen: 24
                          151.186.202.0/24 maxlen: 24
                          151.186.206.0/24 maxlen: 24
                          151.186.205.0/24 maxlen: 24
                          151.186.201.0/24 maxlen: 24
                          151.186.200.0/24 maxlen: 24
                          151.186.207.0/24 maxlen: 24
                          151.186.172.0/22 maxlen: 24
                          2a04:e4c4:5::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 20 Sep 2023 22:23:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b4:63:3c:ef:da:77:9f:60:73:53:06:6a:0e:7d:1f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
        Validity
            Not Before: Sep 20 20:58:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d0b5bbcc631bd68e1f4054bbe93a3a4d7784703a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4b:97:bf:19:9b:7b:03:3e:79:31:3f:9a:0a:
                    45:0d:6e:95:b8:6d:36:a6:b1:1b:ef:95:eb:c4:08:
                    78:dd:3c:43:2e:85:74:af:ac:1f:9c:13:57:96:bb:
                    d4:05:9b:2c:30:ad:32:e5:28:c9:23:4a:68:40:a0:
                    91:52:a8:84:f1:da:a1:88:ea:e4:cc:58:8b:cc:7f:
                    12:d0:51:29:9a:06:8c:f2:5c:e2:c0:ab:1c:7f:6a:
                    57:84:94:cc:d4:49:e9:ee:bf:ba:63:39:b7:c2:7f:
                    0c:d6:f8:9b:4d:ac:b2:d1:ec:69:a6:b4:e3:6d:4c:
                    d1:0a:ec:d6:37:49:7f:4d:38:a0:21:d1:e4:b8:b5:
                    9e:94:c7:3c:c8:8d:fc:df:81:14:af:d4:82:b9:69:
                    5a:17:c4:f9:a0:45:da:24:7c:64:ba:06:95:40:f0:
                    da:d6:79:9b:42:49:e7:41:0c:3f:69:12:93:14:fa:
                    28:17:3e:03:79:32:ad:6e:0e:84:dc:3f:2d:4b:9e:
                    a0:c8:fe:50:b3:54:26:7f:93:a0:c9:10:de:26:a9:
                    c6:68:ef:73:4b:9b:dd:b6:9b:85:1f:4d:07:97:82:
                    ad:26:ed:f2:7d:17:de:7e:41:73:cb:c3:4b:87:6c:
                    09:29:92:1e:34:bd:16:26:40:65:c7:b5:3a:ba:87:
                    33:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:B5:BB:CC:63:1B:D6:8E:1F:40:54:BB:E9:3A:3A:4D:77:84:70:3A
            X509v3 Authority Key Identifier:
                keyid:E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/0LW7zGMb1o4fQFS76To6TXeEcDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.186.172.0/22
                  151.186.192.0/20
                IPv6:
                  2a04:e4c4:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:c6:2f:f1:63:bd:88:79:31:cc:d3:9b:a2:15:f5:12:4b:69:
         4f:81:23:dd:79:ab:78:d0:dd:e5:de:98:a3:09:fd:4f:d7:52:
         f6:b3:25:91:49:98:c1:62:22:e3:b8:be:3b:95:6d:72:f9:1b:
         1c:90:9a:4f:38:46:69:63:20:60:83:8f:f1:00:a5:f3:94:e3:
         5e:bc:f0:b3:d3:d6:4b:1a:2d:0b:61:81:b3:93:31:fa:fc:05:
         21:4d:68:d4:f7:68:1d:0a:b1:55:b3:32:9c:9a:d1:da:df:c7:
         21:12:a8:f7:31:cc:5a:41:a2:16:3f:b4:37:e1:6c:80:65:0f:
         34:ec:3d:c0:ca:71:b2:30:68:65:76:6b:17:6f:91:8b:c8:db:
         95:ec:14:16:57:84:14:a2:23:42:28:1d:26:5d:4d:5c:ab:bb:
         36:dd:82:85:da:6b:4e:a0:e6:18:ff:e6:8b:1a:6b:2a:ef:5b:
         aa:a5:ee:c3:5a:26:e2:78:bb:4c:ab:ba:7c:ba:33:fc:8b:63:
         2a:f6:91:68:4e:2e:47:eb:45:bb:2e:55:00:c7:01:35:5a:3c:
         d9:0b:25:4d:f7:c3:a9:51:13:3e:99:fd:df:a7:56:6a:4d:cc:
         b4:d2:96:1d:df:e2:74:05:69:3d:e6:f5:d9:19:2f:de:7a:93:
         48:81:a9:7c
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYq0Yzzv2nefYHNTBmoOfR/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTMzZGNhZjJiMWViZjVkYWRlNWEzM2FhMWIyZmI5OWQy
Njg5YmEwHhcNMjMwOTIwMjA1ODM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGI1YmJjYzYzMWJkNjhlMWY0MDU0YmJlOTNhM2E0ZDc3ODQ3MDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEuXvxmbewM+eTE/mgpFDW6VuG02
prEb75XrxAh43TxDLoV0r6wfnBNXlrvUBZssMK0y5SjJI0poQKCRUqiE8dqhiOrk
zFiLzH8S0FEpmgaM8lziwKscf2pXhJTM1Enp7r+6Yzm3wn8M1vibTayy0expprTj
bUzRCuzWN0l/TTigIdHkuLWelMc8yI3834EUr9SCuWlaF8T5oEXaJHxkugaVQPDa
1nmbQknnQQw/aRKTFPooFz4DeTKtbg6E3D8tS56gyP5Qs1Qmf5OgyRDeJqnGaO9z
S5vdtpuFH00Hl4KtJu3yfRfefkFzy8NLh2wJKZIeNL0WJkBlx7U6uocz9wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFNC1u8xjG9aOH0BUu+k6Ok13hHA6MB8GA1UdIwQY
MBaAFOcTPcrysev12t5aM6obL7mdJom6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUt
MTljZTQ2YTQyZmE0LzEvMExXN3pHTWIxbzRmUUZTNzZUbzZUWGVFY0RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUtMTljZTQ2YTQyZmE0
LzEvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCl7qsAwQE
l7rAMA8EAgACMAkDBwAqBOTEAAUwDQYJKoZIhvcNAQELBQADggEBAATGL/FjvYh5
MczTm6IV9RJLaU+BI915q3jQ3eXemKMJ/U/XUvazJZFJmMFiIuO4vjuVbXL5GxyQ
mk84RmljIGCDj/EApfOU41688LPT1ksaLQthgbOTMfr8BSFNaNT3aB0KsVWzMpya
0drfxyESqPcxzFpBohY/tDfhbIBlDzTsPcDKcbIwaGV2axdvkYvI25XsFBZXhBSi
I0IoHSZdTVyruzbdgoXaa06g5hj/5osaayrvW6ql7sNaJuJ4u0yruny6M/yLYyr2
kWhOLkfrRbsuVQDHATVaPNkLJU33w6lREz6Z/d+nVmpNzLTSlh3f4nQFaT3m9dkZ
L956k0iBqXw=
-----END CERTIFICATE-----