Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/HUtjKU7DdgA9yeKQOV9X1xaj1q4.roa
File:                     HUtjKU7DdgA9yeKQOV9X1xaj1q4.roa (raw, json)
Hash identifier:          5Y3++SJK6lTgSM/GjwBCyf4EwxQaPCR5w/SQRJ+7U74=
Subject key identifier:   1D:4B:63:29:4E:C3:76:00:3D:C9:E2:90:39:5F:57:D7:16:A3:D6:AE
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       0186B1F099D46B2F1E24A0F159ADA0CBA4D8
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/HUtjKU7DdgA9yeKQOV9X1xaj1q4.roa
Signing time:             Sun 05 Mar 2023 13:23:00 +0000
ROA not before:           Sun 05 Mar 2023 13:23:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204650
IP address blocks:        5.160.77.0/24 maxlen: 24
                          46.209.57.0/24 maxlen: 24
                          46.209.56.0/23 maxlen: 24
                          46.209.214.0/24 maxlen: 24
                          77.237.66.0/23 maxlen: 24
                          46.209.134.0/24 maxlen: 24
                          46.209.134.0/23 maxlen: 23
                          46.209.133.0/24 maxlen: 24
                          5.160.208.0/23 maxlen: 23
                          5.160.111.0/24 maxlen: 24
                          5.160.110.0/24 maxlen: 24
                          5.160.110.0/23 maxlen: 23
                          5.160.131.0/24 maxlen: 24
                          5.160.130.0/24 maxlen: 24
                          46.209.108.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 29 May 2023 10:48:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b1:f0:99:d4:6b:2f:1e:24:a0:f1:59:ad:a0:cb:a4:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Mar  5 13:23:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d4b63294ec376003dc9e290395f57d716a3d6ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:99:2b:73:3c:b4:77:d6:78:ca:57:58:e1:e4:
                    ed:16:c9:5a:ff:17:bd:c5:2a:24:ed:f0:ad:ce:17:
                    a2:30:27:df:e8:7d:7c:25:0d:c6:69:6e:80:06:36:
                    18:e3:76:ff:22:eb:75:fa:f0:e6:af:e7:25:97:b6:
                    68:28:4f:8b:3d:6a:ed:54:ea:5f:26:63:58:38:33:
                    64:bf:2e:15:e6:7b:95:08:14:09:60:76:a6:43:71:
                    40:80:0f:8f:5e:00:8f:b1:5f:45:7d:03:54:df:1b:
                    b3:69:0c:1d:30:3e:1d:dd:65:81:f6:45:d7:99:7c:
                    f5:61:c3:15:25:33:1c:a5:4d:36:85:37:8a:73:cc:
                    75:fc:6a:a4:c9:fa:21:ea:2b:f6:23:4f:7b:ea:3a:
                    32:83:b3:ed:21:75:74:c9:4a:d2:46:3f:c3:22:ef:
                    ef:bb:47:00:31:39:ea:ad:28:6c:10:d4:d9:4a:77:
                    5c:90:c1:bb:d6:93:24:00:a7:d8:65:e7:e6:dc:94:
                    a8:56:ca:9f:c7:aa:01:95:55:26:f1:fa:49:54:1e:
                    41:37:c8:73:80:22:9c:e0:3b:74:94:54:ac:a6:86:
                    e3:36:1a:2a:2e:fa:6f:d2:3c:7b:c7:ee:a9:f5:e9:
                    99:b3:62:04:bc:2c:3c:6e:82:39:d7:89:9a:47:4b:
                    d7:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:4B:63:29:4E:C3:76:00:3D:C9:E2:90:39:5F:57:D7:16:A3:D6:AE
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/HUtjKU7DdgA9yeKQOV9X1xaj1q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.77.0/24
                  5.160.110.0/23
                  5.160.130.0/23
                  5.160.208.0/23
                  46.209.56.0/23
                  46.209.108.0/22
                  46.209.133.0-46.209.135.255
                  46.209.214.0/24
                  77.237.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:6d:68:a8:bc:dd:60:13:38:a1:f5:bb:a4:1b:83:f5:8d:cd:
         e8:4f:6b:ff:90:af:24:af:ff:45:ed:79:90:ac:22:1c:3b:37:
         b2:38:d7:97:a1:2c:3e:56:b1:71:12:b6:cf:c5:a7:cc:ba:a6:
         d8:87:26:2e:6e:72:35:8c:d8:65:1f:5f:5c:e0:da:1a:5e:4e:
         4f:18:31:1a:ea:c8:cc:db:3e:56:fd:82:cb:e7:06:70:a5:a9:
         ff:cc:e4:49:cc:42:5e:f5:73:4c:16:a1:88:ca:98:f7:f3:6e:
         f3:be:b8:f1:00:8f:87:37:9a:c1:46:d6:57:ae:94:6d:2c:b6:
         f6:08:22:82:81:a4:18:d4:ca:f4:ef:95:0b:3c:b6:8c:c4:c6:
         de:92:10:7f:f6:e4:b6:c4:7d:b2:0d:2d:dc:0b:24:b1:19:bf:
         99:62:69:f5:09:7e:bd:72:72:3a:5f:21:ef:3d:99:a7:4e:0f:
         29:fe:c5:a0:18:57:13:d8:e3:c7:4e:af:67:43:e1:ab:c2:53:
         2f:be:03:1c:95:9c:da:90:3c:e0:37:7c:b2:51:e1:5f:d0:5c:
         74:25:27:53:e5:14:7d:f5:59:54:83:f7:43:f6:e0:9b:01:12:
         88:d7:f8:ae:c6:93:88:1c:03:cf:51:4b:d1:8b:0a:22:31:ca:
         93:08:3e:a0
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYax8JnUay8eJKDxWa2gy6TYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjMwMzA1MTMyMzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDRiNjMyOTRlYzM3NjAwM2RjOWUyOTAzOTVmNTdkNzE2YTNkNmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZkrczy0d9Z4yldY4eTtFsla/xe9
xSok7fCtzheiMCff6H18JQ3GaW6ABjYY43b/Iut1+vDmr+cll7ZoKE+LPWrtVOpf
JmNYODNkvy4V5nuVCBQJYHamQ3FAgA+PXgCPsV9FfQNU3xuzaQwdMD4d3WWB9kXX
mXz1YcMVJTMcpU02hTeKc8x1/Gqkyfoh6iv2I0976joyg7PtIXV0yUrSRj/DIu/v
u0cAMTnqrShsENTZSndckMG71pMkAKfYZefm3JSoVsqfx6oBlVUm8fpJVB5BN8hz
gCKc4Dt0lFSspobjNhoqLvpv0jx7x+6p9emZs2IEvCw8boI514maR0vX5wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFB1LYylOw3YAPcnikDlfV9cWo9auMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvSFV0aktVN0RkZ0E5eWVLUU9WOVgxeGFqMXE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABaBNAwQB
BaBuAwQBBaCCAwQBBaDQAwQBLtE4AwQCLtFsMAwDBAAu0YUDBAMu0YADBAAu0dYD
BAFN7UIwDQYJKoZIhvcNAQELBQADggEBAHJtaKi83WATOKH1u6Qbg/WNzehPa/+Q
rySv/0XteZCsIhw7N7I415ehLD5WsXESts/Fp8y6ptiHJi5ucjWM2GUfX1zg2hpe
Tk8YMRrqyMzbPlb9gsvnBnClqf/M5EnMQl71c0wWoYjKmPfzbvO+uPEAj4c3msFG
1leulG0stvYIIoKBpBjUyvTvlQs8tozExt6SEH/25LbEfbINLdwLJLEZv5liafUJ
fr1ycjpfIe89madODyn+xaAYVxPY48dOr2dD4avCUy++AxyVnNqQPOA3fLJR4V/Q
XHQlJ1PlFH31WVSD90P24JsBEojX+K7Gk4gcA89RS9GLCiIxypMIPqA=
-----END CERTIFICATE-----