Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/2X5jEaHKAW4yIXWsaXSLmcZGfqo.roa
File:                     2X5jEaHKAW4yIXWsaXSLmcZGfqo.roa (raw, json)
Hash identifier:          7YytHD0ujx8WCCF0VVvlI3T2qlhKk4AzfG8B4m0PLXY=
Subject key identifier:   D9:7E:63:11:A1:CA:01:6E:32:21:75:AC:69:74:8B:99:C6:46:7E:AA
Certificate issuer:       /CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
Certificate serial:       018779D121432E3906A715CEF10336DD3AD0
Authority key identifier: E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/2X5jEaHKAW4yIXWsaXSLmcZGfqo.roa
Signing time:             Thu 13 Apr 2023 08:52:41 +0000
ROA not before:           Thu 13 Apr 2023 08:52:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39835
IP address blocks:        81.20.112.0/20 maxlen: 20
                          5.34.224.0/21 maxlen: 21
                          188.74.32.0/22 maxlen: 22
                          188.74.32.0/20 maxlen: 24
                          188.74.36.0/24 maxlen: 24
                          188.74.37.0/24 maxlen: 24
                          188.74.38.0/24 maxlen: 24
                          188.74.44.0/22 maxlen: 22
                          185.75.150.0/24 maxlen: 24
                          185.75.148.0/24 maxlen: 24
                          185.75.149.0/24 maxlen: 24
                          2a03:4b20::/29 maxlen: 40
                          2a03:6880::/32 maxlen: 32
                          2a03:4b20:f000::/36 maxlen: 36
                          2a03:4b20::/32 maxlen: 32
                          2a03:4b21::/32 maxlen: 32
                          2a03:4b22::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 29 Sep 2023 09:28:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:79:d1:21:43:2e:39:06:a7:15:ce:f1:03:36:dd:3a:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e39f1a6e84c0277efcb56d942b0eb5e456471129
        Validity
            Not Before: Apr 13 08:52:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d97e6311a1ca016e322175ac69748b99c6467eaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:3f:ca:c6:20:34:6a:ff:1d:fb:86:97:40:72:
                    ff:57:2b:29:78:c1:51:58:97:d1:23:52:0e:5f:48:
                    7d:e9:3a:14:32:1c:7c:13:4a:84:ba:a3:28:2b:59:
                    71:e7:7b:9c:89:04:f7:65:01:10:1c:3c:96:c4:6f:
                    1c:8e:56:23:9e:70:c7:f9:49:56:10:99:03:19:31:
                    9e:2a:76:25:33:0a:f3:39:44:5e:9d:c7:01:91:f1:
                    31:0b:24:e3:f6:eb:ae:8c:18:c5:02:b7:d0:a1:33:
                    90:ab:c0:ae:15:2a:28:f8:5c:50:6c:b2:9b:99:cc:
                    da:de:3c:a3:3a:87:c7:af:99:c2:4f:7f:c3:53:28:
                    22:a8:1a:24:a1:2a:b4:82:72:42:f1:44:44:b6:c9:
                    2e:69:bf:5b:ac:f4:97:09:3b:7c:cf:3c:09:14:6a:
                    ee:18:eb:9f:00:e7:53:82:76:3a:a1:62:a2:6b:90:
                    2c:17:ac:36:69:b2:50:62:dd:79:e7:17:a0:ee:49:
                    75:7b:28:e1:e8:f4:c0:15:f1:8d:bf:cf:16:65:36:
                    e3:1f:53:e9:ab:c6:48:78:a4:6f:90:6f:bc:8d:ba:
                    01:61:0d:0d:77:b3:5f:0d:6a:e7:62:89:a9:92:a8:
                    50:86:09:35:27:d6:6d:1b:99:8c:dc:9f:8e:dd:31:
                    7c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:7E:63:11:A1:CA:01:6E:32:21:75:AC:69:74:8B:99:C6:46:7E:AA
            X509v3 Authority Key Identifier:
                keyid:E3:9F:1A:6E:84:C0:27:7E:FC:B5:6D:94:2B:0E:B5:E4:56:47:11:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/458aboTAJ378tW2UKw615FZHESk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/2X5jEaHKAW4yIXWsaXSLmcZGfqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/160a77-756d-441a-86c3-0e5392757f82/1/458aboTAJ378tW2UKw615FZHESk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.224.0/21
                  81.20.112.0/20
                  185.75.148.0-185.75.150.255
                  188.74.32.0/20
                IPv6:
                  2a03:4b20::/29
                  2a03:6880::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:dc:a4:25:40:2e:4d:88:c4:49:c3:d2:d5:65:b8:8b:4e:6c:
         d2:0f:c8:4b:10:4e:de:47:32:94:e6:f5:2e:39:51:60:83:37:
         7b:11:c6:50:99:0e:55:5c:d1:d0:d4:25:5e:82:e3:ec:6e:2a:
         0b:65:87:92:19:c2:9c:1d:58:35:0e:6e:70:8c:49:f4:9e:7f:
         a9:71:66:d3:fb:99:24:56:cc:b3:d1:e0:f1:7f:d0:0d:c3:2b:
         f9:a5:57:5f:49:d3:37:28:e1:28:ad:cb:9a:41:5b:d8:88:d2:
         91:25:6e:2b:28:ce:bd:65:fd:ae:20:a5:03:2b:e1:96:f5:02:
         14:a8:56:bc:50:f8:da:db:63:4c:b0:c5:77:ea:66:cc:f6:08:
         6d:24:53:78:61:e0:60:e7:d9:0e:33:75:7e:7a:bd:7e:32:01:
         6f:a3:6d:8e:70:8c:b6:e0:7b:58:10:30:89:e8:b8:76:e8:be:
         02:5d:1e:38:98:17:a3:7b:fc:47:dd:09:d6:e3:5a:a2:2a:31:
         e0:8c:12:bd:f0:89:3f:b8:35:d0:c1:a6:4d:c2:e5:2e:d3:a2:
         ea:bd:e3:74:9c:da:f1:b4:ff:86:e8:23:20:12:d9:e4:c1:f0:
         72:33:d4:4e:95:b0:e4:f4:e4:3a:49:cf:d1:79:1e:ca:e7:c3:
         40:04:9e:39
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYd50SFDLjkGpxXO8QM23TrQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOWYxYTZlODRjMDI3N2VmY2I1NmQ5NDJiMGViNWU0NTY0
NzExMjkwHhcNMjMwNDEzMDg1MjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTdlNjMxMWExY2EwMTZlMzIyMTc1YWM2OTc0OGI5OWM2NDY3ZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhD/KxiA0av8d+4aXQHL/VyspeMFR
WJfRI1IOX0h96ToUMhx8E0qEuqMoK1lx53uciQT3ZQEQHDyWxG8cjlYjnnDH+UlW
EJkDGTGeKnYlMwrzOURenccBkfExCyTj9uuujBjFArfQoTOQq8CuFSoo+FxQbLKb
mcza3jyjOofHr5nCT3/DUygiqBokoSq0gnJC8UREtskuab9brPSXCTt8zzwJFGru
GOufAOdTgnY6oWKia5AsF6w2abJQYt155xeg7kl1eyjh6PTAFfGNv88WZTbjH1Pp
q8ZIeKRvkG+8jboBYQ0Nd7NfDWrnYompkqhQhgk1J9ZtG5mM3J+O3TF8MwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNl+YxGhygFuMiF1rGl0i5nGRn6qMB8GA1UdIwQY
MBaAFOOfGm6EwCd+/LVtlCsOteRWRxEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMt
MGU1MzkyNzU3ZjgyLzEvMlg1akVhSEtBVzR5SVhXc2FYU0xtY1pHZnFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8xNjBhNzctNzU2ZC00NDFhLTg2YzMtMGU1MzkyNzU3Zjgy
LzEvNDU4YWJvVEFKMzc4dFcyVUt3NjE1RlpIRVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAmBAIAATAgAwQDBSLgAwQE
URRwMAwDBAK5S5QDBAC5S5YDBAS8SiAwFAQCAAIwDgMFAyoDSyADBQAqA2iAMA0G
CSqGSIb3DQEBCwUAA4IBAQAX3KQlQC5NiMRJw9LVZbiLTmzSD8hLEE7eRzKU5vUu
OVFggzd7EcZQmQ5VXNHQ1CVeguPsbioLZYeSGcKcHVg1Dm5wjEn0nn+pcWbT+5kk
Vsyz0eDxf9ANwyv5pVdfSdM3KOEorcuaQVvYiNKRJW4rKM69Zf2uIKUDK+GW9QIU
qFa8UPja22NMsMV36mbM9ghtJFN4YeBg59kOM3V+er1+MgFvo22OcIy24HtYEDCJ
6Lh26L4CXR44mBeje/xH3QnW41qiKjHgjBK98Ik/uDXQwaZNwuUu06LqveN0nNrx
tP+G6CMgEtnkwfByM9ROlbDk9OQ6Sc/ReR7K58NABJ45
-----END CERTIFICATE-----