Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/VhgHk2mmatoxKHylusb0ko07Tps.roa
File:                     VhgHk2mmatoxKHylusb0ko07Tps.roa (raw, json)
Hash identifier:          Pc9T51j8BpGdOB23guKZwbFcqLGJfDkQmq+HFJ9CuX8=
Subject key identifier:   56:18:07:93:69:A6:6A:DA:31:28:7C:A5:BA:C6:F4:92:8D:3B:4E:9B
Certificate issuer:       /CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
Certificate serial:       018DD54BC2425A701997CBF3AEF1115F2CA0
Authority key identifier: 58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/VhgHk2mmatoxKHylusb0ko07Tps.roa
Signing time:             Fri 23 Feb 2024 09:28:48 +0000
ROA not before:           Fri 23 Feb 2024 09:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29180
IP address blocks:        82.132.128.0/22 maxlen: 24
                          82.132.132.0/22 maxlen: 24
                          82.132.136.0/23 maxlen: 24
                          82.132.140.0/23 maxlen: 24
                          82.132.142.0/23 maxlen: 24
                          82.132.144.0/21 maxlen: 24
                          82.132.152.0/21 maxlen: 24
                          82.132.178.0/23 maxlen: 24
                          82.132.188.0/23 maxlen: 24
                          82.132.190.0/23 maxlen: 24
                          82.132.192.0/23 maxlen: 24
                          82.132.194.0/23 maxlen: 24
                          82.132.196.0/23 maxlen: 24
                          82.132.200.0/23 maxlen: 24
                          82.132.202.0/23 maxlen: 24
                          82.132.204.0/23 maxlen: 24
                          82.132.206.0/23 maxlen: 24
                          82.132.208.0/23 maxlen: 24
                          185.238.16.0/23 maxlen: 24
                          185.238.18.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Fri 23 Feb 2024 13:49:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:4b:c2:42:5a:70:19:97:cb:f3:ae:f1:11:5f:2c:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
        Validity
            Not Before: Feb 23 09:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5618079369a66ada31287ca5bac6f4928d3b4e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8a:91:97:fa:5d:d5:60:8e:76:b4:56:a3:5b:
                    35:c7:bd:b1:f2:54:e0:f3:ec:1e:b0:61:8c:63:b9:
                    58:3e:7a:21:61:c6:69:33:cb:36:99:75:16:70:60:
                    1f:49:b5:be:32:ab:f7:15:0b:84:09:f0:12:34:ed:
                    4c:df:ee:57:f1:ec:e6:3f:34:04:c2:f7:da:dd:9c:
                    c6:19:57:f7:f7:ed:90:f7:08:03:e5:25:53:73:76:
                    d4:11:10:50:52:74:b0:3b:fb:9e:d2:d5:a8:85:c4:
                    e7:c5:87:a9:cb:56:19:3f:93:e0:6a:9b:c4:b7:ad:
                    e7:83:bf:ca:33:c4:66:96:b5:f7:22:da:0b:db:23:
                    2d:6f:a6:15:4e:80:fb:0e:c6:b1:89:9a:95:f4:e8:
                    7c:f9:59:44:6e:91:6c:24:a9:22:b0:b0:00:11:96:
                    64:bf:03:ef:a0:46:f7:bd:8b:4f:d4:5b:db:bb:6f:
                    82:ee:9a:6e:4f:57:62:5e:82:9d:71:ad:d0:79:02:
                    f5:cc:17:05:b6:37:78:48:b8:eb:a7:40:f5:fc:9b:
                    30:40:51:a0:2f:f6:5b:63:7f:0c:f0:48:dc:80:f3:
                    b5:69:b0:8a:6c:09:e6:b4:4d:f1:f7:0e:43:6f:15:
                    18:8e:ec:a5:15:58:45:75:f6:b8:98:31:9e:41:3b:
                    31:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:18:07:93:69:A6:6A:DA:31:28:7C:A5:BA:C6:F4:92:8D:3B:4E:9B
            X509v3 Authority Key Identifier:
                keyid:58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/VhgHk2mmatoxKHylusb0ko07Tps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.132.128.0-82.132.137.255
                  82.132.140.0-82.132.159.255
                  82.132.178.0/23
                  82.132.188.0-82.132.197.255
                  82.132.200.0-82.132.209.255
                  185.238.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:1c:55:20:87:c9:54:de:a5:42:a5:8c:00:fb:32:8c:3a:35:
         4c:6a:3c:58:0f:8d:39:ad:0d:78:e2:ab:47:9e:2c:20:08:29:
         fe:62:78:ba:c3:35:b0:f4:35:82:d6:39:13:85:8f:72:f8:b8:
         e1:f0:5b:e9:ea:99:f3:70:5e:26:e4:cf:2f:c0:3b:c7:ad:48:
         84:d1:48:d5:3b:49:78:d4:c5:64:9b:a8:7e:ec:41:c1:fe:5f:
         f4:3c:b3:02:35:fa:05:93:3a:14:09:d3:5c:0b:e3:a4:ff:89:
         ff:65:97:45:27:46:8b:7e:be:76:32:ef:4e:c8:4e:39:76:1e:
         ea:93:4a:a7:06:8d:79:42:f4:48:e3:8a:7c:82:81:67:b0:1a:
         01:02:59:36:66:95:df:e2:eb:e5:d1:64:36:87:17:b7:98:13:
         74:95:e6:18:9e:e1:a3:f7:a7:08:6e:22:9b:e7:1a:73:23:32:
         ca:a5:42:9d:1c:4f:87:6d:37:57:ba:01:76:7c:83:1d:a7:fc:
         28:21:1c:0b:55:46:71:e1:aa:fa:86:e7:ce:d2:c9:70:8c:94:
         38:c1:3a:de:ac:f5:bf:1d:17:86:0a:15:da:c2:36:76:26:88:
         d1:77:e3:b9:d9:a3:02:aa:af:8e:57:7c:0d:3d:e7:8a:ec:c5:
         41:1c:0e:cb
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY3VS8JCWnAZl8vzrvERXyygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjI5ZTdiOGEwZGRiOWMzNmM2ZTBlM2Y0OTU3NzgxN2Iw
ZWEzYTYwHhcNMjQwMjIzMDkyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjE4MDc5MzY5YTY2YWRhMzEyODdjYTViYWM2ZjQ5MjhkM2I0ZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoqRl/pd1WCOdrRWo1s1x72x8lTg
8+wesGGMY7lYPnohYcZpM8s2mXUWcGAfSbW+Mqv3FQuECfASNO1M3+5X8ezmPzQE
wvfa3ZzGGVf39+2Q9wgD5SVTc3bUERBQUnSwO/ue0tWohcTnxYepy1YZP5PgapvE
t63ng7/KM8RmlrX3ItoL2yMtb6YVToD7DsaxiZqV9Oh8+VlEbpFsJKkisLAAEZZk
vwPvoEb3vYtP1Fvbu2+C7ppuT1diXoKdca3QeQL1zBcFtjd4SLjrp0D1/JswQFGg
L/ZbY38M8EjcgPO1abCKbAnmtE3x9w5DbxUYjuylFVhFdfa4mDGeQTsxEwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFFYYB5NppmraMSh8pbrG9JKNO06bMB8GA1UdIwQY
MBaAFFiynnuKDducNsbg4/SVd4F7DqOmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUt
ZWU3M2ZlMjFlZDIzLzEvVmhnSGsybW1hdG94S0h5bHVzYjBrbzA3VHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUtZWU3M2ZlMjFlZDIz
LzEvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEMAwDBAdShIAD
BAFShIgwDAMEAlKEjAMEBVKEgAMEAVKEsjAMAwQCUoS8AwQBUoTEMAwDBANShMgD
BAFShNADBAK57hAwDQYJKoZIhvcNAQELBQADggEBAKkcVSCHyVTepUKljAD7Mow6
NUxqPFgPjTmtDXjiq0eeLCAIKf5ieLrDNbD0NYLWOROFj3L4uOHwW+nqmfNwXibk
zy/AO8etSITRSNU7SXjUxWSbqH7sQcH+X/Q8swI1+gWTOhQJ01wL46T/if9ll0Un
Rot+vnYy707ITjl2HuqTSqcGjXlC9EjjinyCgWewGgECWTZmld/i6+XRZDaHF7eY
E3SV5hie4aP3pwhuIpvnGnMjMsqlQp0cT4dtN1e6AXZ8gx2n/CghHAtVRnHhqvqG
587SyXCMlDjBOt6s9b8dF4YKFdrCNnYmiNF347nZowKqr45XfA0954rsxUEcDss=
-----END CERTIFICATE-----