Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/XbuQ6nkv2o5i5D35OVSWUiIq76E.roa
File:                     XbuQ6nkv2o5i5D35OVSWUiIq76E.roa (raw, json)
Hash identifier:          LhbReW+JxU947K6sIWMEs1wF6o9SpPNmMZMOzsszrpQ=
Subject key identifier:   5D:BB:90:EA:79:2F:DA:8E:62:E4:3D:F9:39:54:96:52:22:2A:EF:A1
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       018EA07D3950ECB7C321B88171C7F6FE2796
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/XbuQ6nkv2o5i5D35OVSWUiIq76E.roa
Signing time:             Tue 02 Apr 2024 20:25:44 +0000
ROA not before:           Tue 02 Apr 2024 20:25:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5503
IP address blocks:        62.171.192.0/18 maxlen: 24
                          185.192.228.0/22 maxlen: 24
                          194.154.0.0/19 maxlen: 24
                          194.238.32.0/19 maxlen: 24
                          194.238.64.0/19 maxlen: 24
                          213.18.192.0/18 maxlen: 24
                          217.177.0.0/18 maxlen: 24
                          217.177.64.0/19 maxlen: 24
                          217.179.0.0/16 maxlen: 24
                          217.179.0.0/17 maxlen: 24
                          217.179.192.0/18 maxlen: 24
                          217.180.0.0/17 maxlen: 24
                          217.180.0.0/18 maxlen: 24
                          217.181.0.0/17 maxlen: 24
                          217.181.0.0/18 maxlen: 24
                          217.181.64.0/19 maxlen: 24
                          2a02:fb0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Thu 04 Apr 2024 14:10:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a0:7d:39:50:ec:b7:c3:21:b8:81:71:c7:f6:fe:27:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Apr  2 20:25:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dbb90ea792fda8e62e43df939549652222aefa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ef:19:54:eb:4d:ae:f6:a2:20:71:4d:a4:8b:
                    47:0e:88:bb:bb:b7:06:9f:db:f5:4b:41:4a:7d:67:
                    bb:5e:1b:95:f3:ba:ed:61:a2:af:26:bf:28:04:b0:
                    d6:2d:4d:eb:62:6f:e8:f2:96:e5:5a:56:f0:7d:b8:
                    53:e3:25:23:6b:40:38:8b:77:08:1e:57:5f:cc:66:
                    84:76:76:40:33:e8:dc:d8:53:3a:65:c8:ef:6e:63:
                    d9:b1:13:cf:0f:04:8f:5c:d5:26:9b:95:1e:4e:e4:
                    7e:38:2c:d0:6e:0e:73:d2:cb:a6:69:c3:da:26:0c:
                    62:22:f1:ff:d4:d7:0c:14:76:c5:6b:01:c3:29:90:
                    6b:b0:38:95:49:97:1e:94:9a:1b:07:80:fa:49:f3:
                    90:ac:75:7f:ce:de:45:a4:56:53:4c:2b:70:6e:fc:
                    47:1e:f3:6b:03:b0:f7:dd:13:85:ff:5a:63:61:17:
                    8a:e4:5b:13:19:8d:b1:56:3a:33:97:ef:61:71:fe:
                    74:cc:c8:5c:3b:74:a9:1e:32:ae:af:e5:37:bc:c4:
                    80:a9:2d:9d:98:26:b8:fe:c2:d2:bb:42:80:2c:27:
                    2e:06:9a:cd:d3:71:4a:00:c7:a5:fb:8f:81:51:fe:
                    76:cb:12:e1:1a:42:b4:86:9f:af:c3:a6:b3:64:22:
                    6d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:BB:90:EA:79:2F:DA:8E:62:E4:3D:F9:39:54:96:52:22:2A:EF:A1
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/XbuQ6nkv2o5i5D35OVSWUiIq76E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.192.0/18
                  185.192.228.0/22
                  194.154.0.0/19
                  194.238.32.0-194.238.95.255
                  213.18.192.0/18
                  217.177.0.0-217.177.95.255
                  217.179.0.0-217.180.127.255
                  217.181.0.0/17
                IPv6:
                  2a02:fb0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:87:e8:a3:6b:c3:30:76:a5:c2:3d:03:eb:65:15:8e:18:bd:
         12:c9:72:a6:e1:a6:5c:8d:3a:7e:9d:2c:86:fa:4a:32:6c:f6:
         d7:37:a0:41:58:04:4a:82:fe:dd:d5:7b:ba:63:af:ce:67:99:
         0d:45:88:dc:c0:ff:db:24:ab:de:40:31:a5:9c:5e:5d:99:2c:
         b5:9d:15:c0:93:34:92:8d:28:35:d3:ea:29:30:3f:f1:ad:c8:
         30:c3:33:c7:53:3c:56:22:e3:26:47:1e:49:21:59:28:98:ed:
         ed:84:30:ef:13:31:af:c7:f2:38:a6:3c:e2:b2:27:c0:8c:a7:
         3e:45:52:04:15:f9:ad:30:b5:ab:61:93:00:9f:cf:bc:27:f5:
         e1:d5:de:37:ce:d5:be:20:61:2f:46:24:db:b4:33:c4:35:68:
         22:be:2b:a4:f4:7a:8a:75:a2:fd:2c:5f:39:07:0a:34:ce:f1:
         13:cc:e1:16:d8:dc:90:c2:e2:df:de:cf:12:ce:6b:26:17:b8:
         1e:9e:05:9a:81:d8:5d:ae:9e:a4:f2:d4:fa:c7:b2:2a:50:bf:
         10:34:10:6f:95:fe:73:fe:7f:2a:ac:35:78:fe:6b:aa:71:da:
         e0:e6:26:52:69:f5:32:8a:52:71:d6:79:62:5b:1f:59:25:24:
         c0:1f:c0:42
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAY6gfTlQ7LfDIbiBccf2/ieWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQwNDAyMjAyNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGJiOTBlYTc5MmZkYThlNjJlNDNkZjkzOTU0OTY1MjIyMmFlZmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO8ZVOtNrvaiIHFNpItHDoi7u7cG
n9v1S0FKfWe7XhuV87rtYaKvJr8oBLDWLU3rYm/o8pblWlbwfbhT4yUja0A4i3cI
HldfzGaEdnZAM+jc2FM6ZcjvbmPZsRPPDwSPXNUmm5UeTuR+OCzQbg5z0sumacPa
JgxiIvH/1NcMFHbFawHDKZBrsDiVSZcelJobB4D6SfOQrHV/zt5FpFZTTCtwbvxH
HvNrA7D33ROF/1pjYReK5FsTGY2xVjozl+9hcf50zMhcO3SpHjKur+U3vMSAqS2d
mCa4/sLSu0KALCcuBprN03FKAMel+4+BUf52yxLhGkK0hp+vw6azZCJtQwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFF27kOp5L9qOYuQ9+TlUllIiKu+hMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvWGJ1UTZua3YybzVpNUQzNU9WU1dVaUlxNzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwQGPqvAAwQC
ucDkAwQFwpoAMAwDBAXC7iADBAXC7kADBAbVEsAwCwMDANmxAwQF2bFAMAsDAwDZ
swMEB9m0AAMEB9m1ADANBAIAAjAHAwUAKgIPsDANBgkqhkiG9w0BAQsFAAOCAQEA
oYfoo2vDMHalwj0D62UVjhi9EslypuGmXI06fp0shvpKMmz21zegQVgESoL+3dV7
umOvzmeZDUWI3MD/2ySr3kAxpZxeXZkstZ0VwJM0ko0oNdPqKTA/8a3IMMMzx1M8
ViLjJkceSSFZKJjt7YQw7xMxr8fyOKY84rInwIynPkVSBBX5rTC1q2GTAJ/PvCf1
4dXeN87VviBhL0Yk27QzxDVoIr4rpPR6inWi/SxfOQcKNM7xE8zhFtjckMLi397P
Es5rJhe4Hp4FmoHYXa6epPLU+seyKlC/EDQQb5X+c/5/Kqw1eP5rqnHa4OYmUmn1
MopScdZ5YlsfWSUkwB/AQg==
-----END CERTIFICATE-----