Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/tU0mGi8W6ag2kG9eXm9mybpOolo.roa
File:                     tU0mGi8W6ag2kG9eXm9mybpOolo.roa (raw, json)
Hash identifier:          kr7AUpnitbdFQiSzBtbRwzgDWMbUPBL3Flo0PZ4t65g=
Subject key identifier:   B5:4D:26:1A:2F:16:E9:A8:36:90:6F:5E:5E:6F:66:C9:BA:4E:A2:5A
Certificate issuer:       /CN=9e55320077696944b1613c2e8c9c606a1e06eb79
Certificate serial:       018849AA6AB49F0852BC36E1F78374395A5B
Authority key identifier: 9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/tU0mGi8W6ag2kG9eXm9mybpOolo.roa
Signing time:             Tue 23 May 2023 17:31:25 +0000
ROA not before:           Tue 23 May 2023 17:31:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206119
IP address blocks:        5.182.245.0/24 maxlen: 24
                          5.182.244.0/24 maxlen: 24
                          5.182.246.0/24 maxlen: 24
                          185.195.255.0/24 maxlen: 24
                          185.195.254.0/24 maxlen: 24
                          185.233.246.0/24 maxlen: 24
                          185.233.247.0/24 maxlen: 24
                          89.200.217.0/24 maxlen: 24
                          89.200.216.0/24 maxlen: 24
                          185.107.132.0/24 maxlen: 24
                          185.93.53.0/24 maxlen: 24
                          185.93.52.0/24 maxlen: 24
                          185.93.54.0/24 maxlen: 24
                          185.93.55.0/24 maxlen: 24
                          185.195.253.0/24 maxlen: 24
                          2a0a:61c0::/29 maxlen: 29
                          2a05:f740::/29 maxlen: 29
                          2a0c:f700::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 08 Jun 2023 10:15:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:49:aa:6a:b4:9f:08:52:bc:36:e1:f7:83:74:39:5a:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e55320077696944b1613c2e8c9c606a1e06eb79
        Validity
            Not Before: May 23 17:31:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b54d261a2f16e9a836906f5e5e6f66c9ba4ea25a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:17:cb:95:3d:cb:88:08:85:1d:8c:cd:85:f5:
                    a3:e6:85:11:c8:b0:be:46:56:94:c0:33:90:98:cd:
                    2c:21:86:69:ce:ff:74:af:7b:9e:d8:9a:7c:eb:0d:
                    d3:56:81:3e:02:cb:b0:e4:74:c1:d5:c1:96:a5:34:
                    c9:ac:5e:ae:49:07:f0:5d:cb:21:c5:db:ca:f1:74:
                    69:ca:ae:ce:e9:f9:95:23:a0:b0:be:4e:38:a7:80:
                    00:2a:ed:d3:54:98:92:7d:58:c3:f7:6e:20:41:f7:
                    b6:ec:be:75:ff:d6:7e:84:b6:a6:9c:ed:3a:fc:4d:
                    fd:88:b5:b5:66:fd:93:0a:13:54:34:5d:75:de:cf:
                    ef:00:79:d5:2f:38:f4:84:9e:a5:d0:11:d2:70:da:
                    ee:8b:72:0f:f4:2e:77:ea:24:f8:c4:cf:80:7f:ca:
                    5d:5c:7b:b6:f8:8b:8c:8a:61:1e:1e:72:24:e2:4c:
                    ce:ed:fc:28:3c:9a:0f:bb:75:b8:47:dd:3d:76:05:
                    0e:d6:9d:09:1c:1a:9f:f5:74:d5:75:43:c2:b8:53:
                    8d:3d:5f:9d:bf:f8:b5:89:2e:2b:28:1f:99:3a:a8:
                    d5:5c:9d:ab:b0:c5:ae:ff:f4:0d:58:4f:3c:96:0a:
                    f4:bb:fb:fc:c7:a3:52:37:d3:4c:55:98:c7:f4:28:
                    d7:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:4D:26:1A:2F:16:E9:A8:36:90:6F:5E:5E:6F:66:C9:BA:4E:A2:5A
            X509v3 Authority Key Identifier:
                keyid:9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/tU0mGi8W6ag2kG9eXm9mybpOolo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.244.0-5.182.246.255
                  89.200.216.0/23
                  185.93.52.0/22
                  185.107.132.0/24
                  185.195.253.0-185.195.255.255
                  185.233.246.0/23
                IPv6:
                  2a05:f740::/29
                  2a0a:61c0::/29
                  2a0c:f700::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:ea:d5:aa:7d:b7:e4:43:b0:d8:6d:76:02:09:16:b4:43:ca:
         ba:6f:eb:ac:ae:42:2d:d7:c2:d3:a4:d4:69:bf:3a:72:a4:54:
         2c:15:63:f6:52:7f:34:e9:17:21:0e:9c:40:e7:c3:19:12:40:
         cc:4a:53:f4:7e:a7:85:6d:ec:5d:d4:f5:dd:de:eb:ac:c6:d3:
         8a:f1:99:bc:7a:bd:e3:84:5f:45:66:65:71:28:54:67:81:9b:
         59:bb:8a:b7:22:4a:91:56:e9:93:ca:ad:5c:a6:a4:e2:00:77:
         17:66:10:56:7a:07:47:5f:de:75:a3:d7:d9:6f:67:c7:91:a1:
         75:33:48:c8:bc:d4:4e:68:ee:9a:29:74:26:eb:42:1a:64:b7:
         ba:b1:cf:41:c0:24:45:cf:3c:44:ac:26:92:c6:d9:9d:4f:68:
         ed:d9:45:e2:60:5c:e5:2e:b4:09:fb:ec:ce:11:ac:4f:75:a2:
         19:13:65:38:3f:74:57:ce:3b:6b:7e:c1:9f:82:86:e5:e3:d3:
         75:f1:bd:44:cd:fb:29:39:c4:08:ed:ab:d5:e1:e5:c2:45:bf:
         9c:0d:96:90:23:93:6e:99:db:b0:19:1f:06:52:1d:58:da:2a:
         ef:8b:53:e7:16:d3:92:23:71:5e:a6:93:f7:c0:41:f5:62:dd:
         e4:9c:3f:f6
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYhJqmq0nwhSvDbh94N0OVpbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTUzMjAwNzc2OTY5NDRiMTYxM2MyZThjOWM2MDZhMWUw
NmViNzkwHhcNMjMwNTIzMTczMTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTRkMjYxYTJmMTZlOWE4MzY5MDZmNWU1ZTZmNjZjOWJhNGVhMjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hfLlT3LiAiFHYzNhfWj5oURyLC+
RlaUwDOQmM0sIYZpzv90r3ue2Jp86w3TVoE+Asuw5HTB1cGWpTTJrF6uSQfwXcsh
xdvK8XRpyq7O6fmVI6Cwvk44p4AAKu3TVJiSfVjD924gQfe27L51/9Z+hLamnO06
/E39iLW1Zv2TChNUNF113s/vAHnVLzj0hJ6l0BHScNrui3IP9C536iT4xM+Af8pd
XHu2+IuMimEeHnIk4kzO7fwoPJoPu3W4R909dgUO1p0JHBqf9XTVdUPCuFONPV+d
v/i1iS4rKB+ZOqjVXJ2rsMWu//QNWE88lgr0u/v8x6NSN9NMVZjH9CjXbwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFLVNJhovFumoNpBvXl5vZsm6TqJaMB8GA1UdIwQY
MBaAFJ5VMgB3aWlEsWE8LoycYGoeBut5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYt
MWUwZThiOTA5ZTM0LzEvdFUwbUdpOFc2YWcya0c5ZVhtOW15YnBPb2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYtMWUwZThiOTA5ZTM0
LzEvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDA5BAIAATAzMAwDBAIFtvQD
BAAFtvYDBAFZyNgDBAK5XTQDBAC5a4QwCwMEALnD/QMDArnAAwQBuen2MBsEAgAC
MBUDBQMqBfdAAwUDKgphwAMFAyoM9wAwDQYJKoZIhvcNAQELBQADggEBAAnq1ap9
t+RDsNhtdgIJFrRDyrpv66yuQi3XwtOk1Gm/OnKkVCwVY/ZSfzTpFyEOnEDnwxkS
QMxKU/R+p4Vt7F3U9d3e66zG04rxmbx6veOEX0VmZXEoVGeBm1m7irciSpFW6ZPK
rVympOIAdxdmEFZ6B0df3nWj19lvZ8eRoXUzSMi81E5o7popdCbrQhpkt7qxz0HA
JEXPPESsJpLG2Z1PaO3ZReJgXOUutAn77M4RrE91ohkTZTg/dFfOO2t+wZ+ChuXj
03XxvUTN+yk5xAjtq9Xh5cJFv5wNlpAjk26Z27AZHwZSHVjaKu+LU+cW05IjcV6m
k/fAQfVi3eScP/Y=
-----END CERTIFICATE-----