Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ThlzO_MHzXF3BZLWr9S2X-rdUjg.roa
File:                     ThlzO_MHzXF3BZLWr9S2X-rdUjg.roa (raw, json)
Hash identifier:          MbgaEEE2NVVrSIcFaSEChifcxbnUPpzcJ9UxkTVxizs=
Subject key identifier:   4E:19:73:3B:F3:07:CD:71:77:05:92:D6:AF:D4:B6:5F:EA:DD:52:38
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018E88DD409932AC885AADC9CB8A0A6BA800
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ThlzO_MHzXF3BZLWr9S2X-rdUjg.roa
Signing time:             Fri 29 Mar 2024 06:19:45 +0000
ROA not before:           Fri 29 Mar 2024 06:19:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38136
IP address blocks:        5.34.216.0/21 maxlen: 24
                          5.226.48.0/22 maxlen: 24
                          45.137.180.0/22 maxlen: 24
                          178.236.36.0/22 maxlen: 24
                          185.36.192.0/22 maxlen: 24
                          185.220.236.0/22 maxlen: 24
                          185.248.184.0/22 maxlen: 24
                          188.253.4.0/22 maxlen: 24
                          188.253.112.0/21 maxlen: 24
                          188.253.120.0/21 maxlen: 21
                          212.87.192.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 08 Apr 2024 14:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:88:dd:40:99:32:ac:88:5a:ad:c9:cb:8a:0a:6b:a8:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Mar 29 06:19:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e19733bf307cd71770592d6afd4b65feadd5238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:07:08:f4:6b:c6:b5:83:a0:96:b0:85:e1:c5:
                    ab:67:f3:09:4b:8a:4d:6b:c8:ad:ec:48:a9:23:5d:
                    02:14:0e:e0:e7:5f:2b:5a:c6:dc:52:9b:36:0e:66:
                    a0:20:28:db:34:68:1b:4b:60:47:41:6b:9b:f3:29:
                    69:10:0b:30:f0:4e:a8:0b:64:cc:0f:24:3f:72:d5:
                    88:68:9a:2a:3d:9e:1c:63:eb:01:a1:b1:69:fa:10:
                    4b:d1:d6:7f:69:85:3d:ea:28:99:37:6a:8d:26:63:
                    6d:5b:80:63:cd:fb:76:9e:f9:69:82:3d:14:25:c3:
                    0c:f3:90:62:3d:cc:c1:b9:1b:cf:01:89:dd:dc:70:
                    f5:33:6b:0a:4b:7b:a6:96:b1:58:30:19:c4:85:59:
                    cc:9c:58:0e:27:fd:7e:e6:8a:e6:73:2d:73:19:a5:
                    0b:56:ce:87:5a:81:3d:ee:f6:53:5b:95:43:cf:da:
                    fe:c1:e0:30:a9:27:d3:c6:b9:29:a4:08:7e:41:c7:
                    69:02:93:a4:fb:56:f1:70:de:a7:b2:5f:1d:f0:3d:
                    2a:27:45:31:93:93:6a:29:71:68:1a:7c:6c:80:02:
                    53:86:e4:0c:bc:93:4f:62:55:72:51:b7:56:b3:4d:
                    7d:41:63:b3:a5:0d:99:c4:4f:8c:79:99:fc:51:c1:
                    e6:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:19:73:3B:F3:07:CD:71:77:05:92:D6:AF:D4:B6:5F:EA:DD:52:38
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ThlzO_MHzXF3BZLWr9S2X-rdUjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.216.0/21
                  5.226.48.0/22
                  45.137.180.0/22
                  178.236.36.0/22
                  185.36.192.0/22
                  185.220.236.0/22
                  185.248.184.0/22
                  188.253.4.0/22
                  188.253.112.0/20
                  212.87.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:7b:1f:1a:ce:87:47:cf:03:cf:cb:0a:bf:3e:f5:4f:8a:88:
         1a:d1:35:10:42:c3:bc:fa:e3:5e:37:f3:2d:4a:12:ad:c4:ba:
         14:12:fa:88:85:29:75:2f:0a:17:57:dc:5c:3d:4e:13:f4:60:
         1e:23:2f:ed:08:f4:9e:15:5d:ba:26:a3:a2:56:ae:35:66:a5:
         51:76:76:0d:3f:08:57:3e:53:61:44:a9:2b:72:37:d9:06:ec:
         31:b3:66:07:b9:d3:f5:66:ff:2c:7e:c3:67:ac:0e:6e:7f:6d:
         e7:f8:aa:cf:45:7c:80:26:03:a3:18:6d:c8:c1:5a:83:bf:24:
         56:db:fb:07:1e:ff:a5:fb:ac:cc:13:eb:6b:3a:ba:da:7a:20:
         49:88:13:e0:ef:83:b5:3f:73:3f:09:5a:d8:ee:44:91:e6:6f:
         5b:b9:e7:1c:bf:43:af:32:4c:51:b0:f5:d1:ff:92:82:c4:f2:
         72:99:1c:20:d9:6a:cb:5e:b1:50:fa:84:3f:ae:a1:d0:d4:8e:
         2d:74:a0:d0:b2:02:f5:92:13:98:14:c1:ae:80:1a:a2:72:67:
         9b:cd:b3:ba:1f:22:dd:97:74:ef:8a:f6:30:b1:b3:36:88:8e:
         a4:51:ff:df:ea:0c:bd:d0:6d:d4:93:29:b3:fb:58:7b:d6:d6:
         f0:2e:82:8d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY6I3UCZMqyIWq3Jy4oKa6gAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMzI5MDYxOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTE5NzMzYmYzMDdjZDcxNzcwNTkyZDZhZmQ0YjY1ZmVhZGQ1MjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwcI9GvGtYOglrCF4cWrZ/MJS4pN
a8it7EipI10CFA7g518rWsbcUps2DmagICjbNGgbS2BHQWub8ylpEAsw8E6oC2TM
DyQ/ctWIaJoqPZ4cY+sBobFp+hBL0dZ/aYU96iiZN2qNJmNtW4Bjzft2nvlpgj0U
JcMM85BiPczBuRvPAYnd3HD1M2sKS3umlrFYMBnEhVnMnFgOJ/1+5ormcy1zGaUL
Vs6HWoE97vZTW5VDz9r+weAwqSfTxrkppAh+QcdpApOk+1bxcN6nsl8d8D0qJ0Ux
k5NqKXFoGnxsgAJThuQMvJNPYlVyUbdWs019QWOzpQ2ZxE+MeZn8UcHmpwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFE4ZczvzB81xdwWS1q/Utl/q3VI4MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvVGhsek9fTUh6WEYzQlpMV3I5UzJYLXJkVWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQDBSLYAwQC
BeIwAwQCLYm0AwQCsuwkAwQCuSTAAwQCudzsAwQCufi4AwQCvP0EAwQEvP1wAwQC
1FfAMA0GCSqGSIb3DQEBCwUAA4IBAQCCex8azodHzwPPywq/PvVPioga0TUQQsO8
+uNeN/MtShKtxLoUEvqIhSl1LwoXV9xcPU4T9GAeIy/tCPSeFV26JqOiVq41ZqVR
dnYNPwhXPlNhRKkrcjfZBuwxs2YHudP1Zv8sfsNnrA5uf23n+KrPRXyAJgOjGG3I
wVqDvyRW2/sHHv+l+6zME+trOrraeiBJiBPg74O1P3M/CVrY7kSR5m9bueccv0Ov
MkxRsPXR/5KCxPJymRwg2WrLXrFQ+oQ/rqHQ1I4tdKDQsgL1khOYFMGugBqicmeb
zbO6HyLdl3TvivYwsbM2iI6kUf/f6gy90G3Ukymz+1h71tbwLoKN
-----END CERTIFICATE-----