Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/I5q2Nk_eTJWXW4em0c74AX5H-uM.roa
File:                     I5q2Nk_eTJWXW4em0c74AX5H-uM.roa (raw, json)
Hash identifier:          x/B/flHqZvHW3iSKNyYJTlv6lkyDz/RmZKgBXZvj67M=
Subject key identifier:   23:9A:B6:36:4F:DE:4C:95:97:5B:87:A6:D1:CE:F8:01:7E:47:FA:E3
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       018CC5012B2738CCEACD1D90B04689B60CCB
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/I5q2Nk_eTJWXW4em0c74AX5H-uM.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        5.253.184.0/23 maxlen: 23
                          185.114.204.0/24 maxlen: 24
                          5.253.187.0/24 maxlen: 24
                          193.135.220.0/22 maxlen: 22
                          88.214.0.0/24 maxlen: 24
                          88.214.1.0/24 maxlen: 24
                          88.214.2.0/24 maxlen: 24
                          88.214.3.0/24 maxlen: 24
                          88.218.196.0/22 maxlen: 22
                          185.219.160.0/24 maxlen: 24
                          185.219.161.0/24 maxlen: 24
                          185.219.163.0/24 maxlen: 24
                          45.81.161.0/24 maxlen: 24
                          45.81.162.0/24 maxlen: 24
                          45.81.163.0/24 maxlen: 24
                          45.130.33.0/24 maxlen: 24
                          45.130.34.0/23 maxlen: 23
                          193.111.184.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 08 Feb 2024 22:08:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2b:27:38:cc:ea:cd:1d:90:b0:46:89:b6:0c:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=239ab6364fde4c95975b87a6d1cef8017e47fae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c4:1d:95:b9:14:6e:54:3d:2f:b5:f4:ba:59:
                    6b:3a:3d:60:aa:1e:b7:86:f6:80:1a:79:df:a3:b2:
                    f6:f6:c4:18:bb:53:c3:f4:cb:56:e7:ec:29:ca:3d:
                    9d:b0:33:34:aa:20:38:25:e8:07:99:b6:6b:da:4e:
                    9f:d2:64:22:20:59:d0:fc:dd:a2:ee:e5:cb:4c:c2:
                    a5:df:56:a0:ec:90:16:18:af:b9:82:ca:91:37:71:
                    e0:b0:2b:ed:76:5a:a9:c0:24:56:27:57:e8:74:4c:
                    bc:2c:b7:e8:18:d0:ce:d9:36:12:38:5f:6d:df:3d:
                    91:d9:ee:6b:69:79:bb:57:d1:c8:34:4b:57:2e:14:
                    d8:11:a5:e9:1c:26:98:70:58:cd:cb:27:5c:a5:17:
                    27:1c:4a:8c:86:cb:8c:aa:e3:a5:f0:66:81:c8:12:
                    35:60:f9:79:03:c7:91:bf:2d:09:02:91:ab:99:f7:
                    bc:95:e4:b0:9c:8b:c3:83:46:8c:1a:41:b2:20:c9:
                    a4:bb:fd:3d:81:b6:38:6b:01:57:a7:4e:fe:c5:40:
                    fb:ef:21:1a:b3:c7:e3:b5:ec:ff:26:7e:27:c8:f6:
                    b7:c6:92:fa:bf:1c:4b:89:29:87:e2:33:7b:a8:70:
                    7b:c3:88:de:27:e1:69:0a:91:50:65:6d:b6:51:ac:
                    3e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:9A:B6:36:4F:DE:4C:95:97:5B:87:A6:D1:CE:F8:01:7E:47:FA:E3
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/I5q2Nk_eTJWXW4em0c74AX5H-uM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.184.0/23
                  5.253.187.0/24
                  45.81.161.0-45.81.163.255
                  45.130.33.0-45.130.35.255
                  88.214.0.0/22
                  88.218.196.0/22
                  185.114.204.0/24
                  185.219.160.0/23
                  185.219.163.0/24
                  193.111.184.0/22
                  193.135.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:b2:b0:52:9d:bd:77:af:94:e2:b3:d2:cf:26:f4:1e:c9:30:
         4e:b2:8c:f3:4a:b9:45:b7:02:02:0e:51:7c:93:04:a1:ce:7f:
         f0:38:b5:57:08:73:54:04:23:d8:21:8d:ec:a6:bd:56:92:f4:
         4c:4b:c3:6c:8f:e8:27:e6:21:57:83:1f:ff:0e:0d:1f:ac:23:
         5e:99:a8:a0:5b:1e:de:f9:6d:5a:ff:b9:fe:80:55:75:14:e1:
         78:38:b5:99:05:cc:65:b3:63:b8:b2:8b:04:9a:01:70:38:de:
         13:6f:f9:03:86:87:53:36:76:94:14:df:28:63:86:06:33:14:
         96:d7:89:eb:b7:f2:97:6a:d2:d7:e7:36:41:23:53:27:4f:94:
         5a:bf:47:a8:6f:be:dd:ba:35:49:ca:29:8c:5e:8f:99:b1:73:
         f5:dc:ef:cd:2d:b8:3d:ca:42:62:fe:66:7f:e0:3f:18:44:bf:
         1a:7b:ac:70:3a:a3:5e:2f:91:cd:33:25:73:2f:42:77:91:b3:
         38:09:e8:47:28:95:cf:62:e1:69:3e:0a:15:dd:fa:f8:49:e2:
         df:4b:b2:c9:4e:8e:2c:bc:fb:6a:9d:8c:89:a4:8e:71:65:1e:
         b1:cb:a2:ed:f6:ba:f3:28:38:ed:41:4e:b6:8d:8f:2a:a5:83:
         11:11:65:15
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYzFASsnOMzqzR2QsEaJtgzLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzlhYjYzNjRmZGU0Yzk1OTc1Yjg3YTZkMWNlZjgwMTdlNDdmYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8QdlbkUblQ9L7X0ullrOj1gqh63
hvaAGnnfo7L29sQYu1PD9MtW5+wpyj2dsDM0qiA4JegHmbZr2k6f0mQiIFnQ/N2i
7uXLTMKl31ag7JAWGK+5gsqRN3HgsCvtdlqpwCRWJ1fodEy8LLfoGNDO2TYSOF9t
3z2R2e5raXm7V9HINEtXLhTYEaXpHCaYcFjNyydcpRcnHEqMhsuMquOl8GaByBI1
YPl5A8eRvy0JApGrmfe8leSwnIvDg0aMGkGyIMmku/09gbY4awFXp07+xUD77yEa
s8fjtez/Jn4nyPa3xpL6vxxLiSmH4jN7qHB7w4jeJ+FpCpFQZW22Uaw+TwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFCOatjZP3kyVl1uHptHO+AF+R/rjMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvSTVxMk5rX2VUSldYVzRlbTBjNzRBWDVILXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQBBf24AwQA
Bf27MAwDBAAtUaEDBAItUaAwDAMEAC2CIQMEAi2CIAMEAljWAAMEAljaxAMEALly
zAMEAbnboAMEALnbowMEAsFvuAMEAsGH3DANBgkqhkiG9w0BAQsFAAOCAQEAAbKw
Up29d6+U4rPSzyb0HskwTrKM80q5RbcCAg5RfJMEoc5/8Di1VwhzVAQj2CGN7Ka9
VpL0TEvDbI/oJ+YhV4Mf/w4NH6wjXpmooFse3vltWv+5/oBVdRTheDi1mQXMZbNj
uLKLBJoBcDjeE2/5A4aHUzZ2lBTfKGOGBjMUlteJ67fyl2rS1+c2QSNTJ0+UWr9H
qG++3bo1ScopjF6PmbFz9dzvzS24PcpCYv5mf+A/GES/GnuscDqjXi+RzTMlcy9C
d5GzOAnoRyiVz2LhaT4KFd36+Eni30uyyU6OLLz7ap2MiaSOcWUescui7fa68yg4
7UFOto2PKqWDERFlFQ==
-----END CERTIFICATE-----