Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/yJoaiC9KTbOwhb6oHoqFdPUFnEk.roa
File:                     yJoaiC9KTbOwhb6oHoqFdPUFnEk.roa (raw, json)
Hash identifier:          F6IwFvC2hNNUGG3rDWkqpErr6ByugauG/p7ytZQGxDo=
Subject key identifier:   C8:9A:1A:88:2F:4A:4D:B3:B0:85:BE:A8:1E:8A:85:74:F5:05:9C:49
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019132AD02D4153A46F760AB242A22F0365F
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/yJoaiC9KTbOwhb6oHoqFdPUFnEk.roa
Signing time:             Thu 08 Aug 2024 15:48:04 +0000
ROA not before:           Thu 08 Aug 2024 15:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44050
IP address blocks:        5.101.89.0/24 maxlen: 24
                          45.156.212.0/22 maxlen: 22
                          45.159.200.0/22 maxlen: 22
                          46.161.16.0/22 maxlen: 22
                          95.215.0.0/22 maxlen: 24
                          188.143.128.0/17 maxlen: 24
                          195.2.240.0/23 maxlen: 24
                          2a00:1d78::/32 maxlen: 48
                          2a00:1d78:666::/64 maxlen: 64
                          2a0c:8700::/29 maxlen: 29
                          2a0d:8fc0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 04 Nov 2024 22:33:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:ad:02:d4:15:3a:46:f7:60:ab:24:2a:22:f0:36:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Aug  8 15:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c89a1a882f4a4db3b085bea81e8a8574f5059c49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ff:72:4d:52:ff:e8:72:b9:31:4b:76:b5:bd:
                    88:2a:26:77:f2:ce:36:4e:82:38:43:69:88:f5:48:
                    5b:5a:c2:1c:69:ba:24:8b:87:36:0a:36:f0:e5:ea:
                    4b:ee:86:eb:d2:33:6c:5d:79:ac:fd:bb:1c:bf:80:
                    a7:5d:96:9f:55:f3:ff:1d:bf:e0:e1:7d:72:f2:05:
                    7b:77:b6:8f:29:0c:5d:60:84:fb:b7:22:73:6f:93:
                    10:da:72:e9:03:97:39:e0:b7:44:35:0d:6f:24:fc:
                    26:26:e2:27:b0:22:d2:dd:2e:6e:32:fd:24:b1:ab:
                    be:68:3d:b2:a8:ce:b9:4e:8b:6f:a0:1c:e4:fd:1d:
                    52:8e:bc:56:67:5a:37:5e:bf:bd:c6:5d:79:b1:17:
                    d3:e8:ca:8c:ae:43:86:be:4a:c6:de:df:ad:55:05:
                    e6:16:26:ec:c6:e2:00:0b:fd:64:75:9c:04:94:84:
                    18:e4:dc:01:ab:5b:95:49:ae:7b:56:d3:b8:e4:40:
                    e1:7f:0c:86:e1:4f:03:a7:03:61:1c:63:8a:db:9c:
                    8e:c0:16:bd:f6:39:d5:4b:7f:56:a6:73:07:7d:f1:
                    5b:5a:f9:28:ab:3a:7c:21:52:95:e8:46:03:75:50:
                    2a:bc:41:df:e2:ef:cd:cc:47:8e:5d:b4:d3:49:a0:
                    9f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:9A:1A:88:2F:4A:4D:B3:B0:85:BE:A8:1E:8A:85:74:F5:05:9C:49
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/yJoaiC9KTbOwhb6oHoqFdPUFnEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.89.0/24
                  45.156.212.0/22
                  45.159.200.0/22
                  46.161.16.0/22
                  95.215.0.0/22
                  188.143.128.0/17
                  195.2.240.0/23
                IPv6:
                  2a00:1d78::/32
                  2a0c:8700::/29
                  2a0d:8fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:03:e2:e3:a8:1c:ca:ea:b3:ab:22:ef:92:83:38:80:ab:11:
         55:6b:75:26:19:3c:01:1c:2e:34:3b:f9:96:e5:85:50:f0:c8:
         1c:9d:06:7a:58:87:f3:7d:03:58:77:51:b8:b2:3d:5e:70:ef:
         41:95:67:77:60:a8:0d:59:5a:59:f0:8f:9f:52:95:04:1d:61:
         49:fe:57:2d:ae:17:27:4e:70:35:cb:c6:09:4a:df:03:fe:b3:
         f5:7a:53:2d:79:2e:ea:18:43:a6:e5:be:a3:2e:18:dd:86:c3:
         fb:bc:98:74:b1:cb:5f:d1:23:0e:59:ae:a7:ff:ac:4a:db:1b:
         a1:a3:c7:6d:b3:a7:26:4c:fe:de:9a:42:fb:bb:31:0b:3c:66:
         c2:96:96:33:25:a1:5b:e4:6e:7a:97:59:c2:dc:c3:7a:eb:30:
         b3:e0:df:57:96:38:c8:a1:b6:87:ef:7d:0a:a0:c1:e8:fd:4d:
         a4:2a:dd:16:c1:d7:f6:6a:0d:dc:e6:a5:2e:95:1e:21:94:e7:
         8b:7f:7f:73:7f:a1:86:38:ed:0f:1d:c9:13:90:e3:7d:d6:15:
         56:bc:93:da:70:54:a1:93:20:fb:d9:a2:a7:3d:cc:43:b3:62:
         7c:86:74:90:2f:76:35:ff:23:e0:27:03:76:74:49:43:5f:a5:
         dc:4c:e5:62
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZEyrQLUFTpG92CrJCoi8DZfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwODA4MTU0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODlhMWE4ODJmNGE0ZGIzYjA4NWJlYTgxZThhODU3NGY1MDU5YzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/9yTVL/6HK5MUt2tb2IKiZ38s42
ToI4Q2mI9UhbWsIcaboki4c2Cjbw5epL7obr0jNsXXms/bscv4CnXZafVfP/Hb/g
4X1y8gV7d7aPKQxdYIT7tyJzb5MQ2nLpA5c54LdENQ1vJPwmJuInsCLS3S5uMv0k
sau+aD2yqM65TotvoBzk/R1SjrxWZ1o3Xr+9xl15sRfT6MqMrkOGvkrG3t+tVQXm
FibsxuIAC/1kdZwElIQY5NwBq1uVSa57VtO45EDhfwyG4U8DpwNhHGOK25yOwBa9
9jnVS39WpnMHffFbWvkoqzp8IVKV6EYDdVAqvEHf4u/NzEeOXbTTSaCfHQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFMiaGogvSk2zsIW+qB6KhXT1BZxJMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEveUpvYWlDOUtUYk93aGI2b0hvcUZkUFVGbkVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAwBAIAATAqAwQABWVZAwQC
LZzUAwQCLZ/IAwQCLqEQAwQCX9cAAwQHvI+AAwQBwwLwMBsEAgACMBUDBQAqAB14
AwUDKgyHAAMFAyoNj8AwDQYJKoZIhvcNAQELBQADggEBAHYD4uOoHMrqs6si75KD
OICrEVVrdSYZPAEcLjQ7+ZblhVDwyBydBnpYh/N9A1h3UbiyPV5w70GVZ3dgqA1Z
Wlnwj59SlQQdYUn+Vy2uFydOcDXLxglK3wP+s/V6Uy15LuoYQ6blvqMuGN2Gw/u8
mHSxy1/RIw5Zrqf/rErbG6Gjx22zpyZM/t6aQvu7MQs8ZsKWljMloVvkbnqXWcLc
w3rrMLPg31eWOMihtofvfQqgwej9TaQq3RbB1/ZqDdzmpS6VHiGU54t/f3N/oYY4
7Q8dyROQ433WFVa8k9pwVKGTIPvZoqc9zEOzYnyGdJAvdjX/I+AnA3Z0SUNfpdxM
5WI=
-----END CERTIFICATE-----