Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5oTf4_43JENK44txn68SmM5iZk.roa
File:                     T5oTf4_43JENK44txn68SmM5iZk.roa (raw, json)
Hash identifier:          0T5crogg1YuOn/qF9frsfrXT5DkM82pA2kJHPUIc67A=
Subject key identifier:   4F:9A:13:7F:8F:F8:DC:91:0D:2B:8E:2D:C6:7E:BC:4A:63:39:89:99
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018CF485D5C522F8B2F00BDE69E4FEF5800B
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5oTf4_43JENK44txn68SmM5iZk.roa
Signing time:             Wed 10 Jan 2024 17:57:40 +0000
ROA not before:           Wed 10 Jan 2024 17:57:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        85.8.160.0/22 maxlen: 22
                          217.18.208.0/22 maxlen: 22
                          5.133.100.0/22 maxlen: 22
                          31.40.204.0/22 maxlen: 22
                          212.107.4.0/22 maxlen: 22
                          83.171.244.0/22 maxlen: 22
                          212.87.196.0/22 maxlen: 22
                          37.221.76.0/22 maxlen: 22
                          193.32.184.0/22 maxlen: 22
                          92.249.60.0/22 maxlen: 22
                          188.119.68.0/22 maxlen: 22
                          176.53.156.0/22 maxlen: 22
                          194.93.60.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 01 Feb 2024 23:33:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f4:85:d5:c5:22:f8:b2:f0:0b:de:69:e4:fe:f5:80:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan 10 17:57:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f9a137f8ff8dc910d2b8e2dc67ebc4a63398999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:44:a2:13:65:61:cc:57:b4:b1:92:fc:70:da:
                    77:5c:fd:eb:66:bf:2a:b4:6f:16:fb:d3:fe:73:88:
                    c5:c3:87:ab:3c:6e:84:38:7f:19:06:5a:fb:da:60:
                    ca:af:74:3f:45:93:65:f0:43:00:e3:39:46:c8:cd:
                    62:b8:44:a1:e4:61:ed:18:78:21:7e:f6:06:b4:c7:
                    66:c8:fb:5c:6b:38:38:c8:ab:c0:14:4e:91:c5:6b:
                    74:b8:f2:4d:50:50:78:14:5e:23:9b:c7:07:8d:5a:
                    df:b1:21:85:db:c8:6d:83:a3:05:52:a9:a4:95:b2:
                    f3:8b:ec:00:3f:03:fc:68:a5:9b:61:d8:e8:0d:e4:
                    1a:b5:a1:a7:ed:24:fc:56:b5:24:89:55:0b:3f:85:
                    66:82:aa:b5:45:bd:58:f4:c7:e8:2b:10:e2:02:23:
                    01:57:e9:7b:ca:da:1b:2f:0a:68:db:ff:72:78:07:
                    ac:2a:6e:f9:f4:fa:bf:04:a7:80:7a:6a:3a:ed:24:
                    d2:6a:19:45:4d:e2:83:25:73:ab:c4:7e:8b:1a:e1:
                    13:8c:a5:e7:06:04:65:09:a5:79:ac:e8:78:89:8e:
                    53:f5:42:7b:0f:a3:91:cd:94:84:75:39:b6:a0:bf:
                    ca:08:fa:99:2c:ca:b4:77:f8:c6:11:06:35:39:21:
                    d6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:9A:13:7F:8F:F8:DC:91:0D:2B:8E:2D:C6:7E:BC:4A:63:39:89:99
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5oTf4_43JENK44txn68SmM5iZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.100.0/22
                  31.40.204.0/22
                  37.221.76.0/22
                  83.171.244.0/22
                  85.8.160.0/22
                  92.249.60.0/22
                  176.53.156.0/22
                  188.119.68.0/22
                  193.32.184.0/22
                  194.93.60.0/22
                  212.87.196.0/22
                  212.107.4.0/22
                  217.18.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:c3:37:84:8f:c6:75:a4:bd:e0:76:1d:ab:23:d3:99:be:4f:
         2f:30:2f:d4:66:c9:fc:e7:3f:4a:55:ca:f9:1d:fb:cc:c5:e9:
         9f:b0:b1:28:ea:53:a9:ab:07:f8:77:f1:33:67:f2:38:ba:59:
         3e:c6:68:97:5b:31:12:1a:77:d0:3b:a1:7c:29:0d:18:1b:4d:
         58:b7:41:92:19:5d:0c:a1:c7:36:d8:8d:6e:8b:f1:03:b6:43:
         62:5a:3c:4f:73:e5:0f:33:38:a0:5f:2e:80:24:81:46:31:c8:
         7c:05:ea:8b:33:3d:e1:bd:40:db:a8:98:06:10:9c:3e:be:9c:
         35:aa:1e:1f:a5:fe:f0:47:8d:0d:a3:d8:5c:dc:e4:1f:02:50:
         41:2e:6b:33:d9:fb:03:01:d7:d3:d3:19:a9:ce:06:37:59:6d:
         f3:ec:21:2e:ac:78:56:27:df:da:63:ba:e2:28:be:14:69:31:
         3e:72:41:91:5a:18:a5:74:5f:78:20:14:5d:ae:97:95:8a:ae:
         8c:db:74:3a:0e:70:51:a7:9a:ea:d6:73:5f:f2:a7:05:4e:db:
         60:43:f5:5b:0d:83:c8:ad:13:4b:09:7f:8f:af:dc:25:de:b2:
         59:a0:33:d6:73:6f:b8:b6:81:10:83:66:16:34:0f:04:d4:a1:
         d0:09:06:7d
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYz0hdXFIviy8AveaeT+9YALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwMTEwMTc1NzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjlhMTM3ZjhmZjhkYzkxMGQyYjhlMmRjNjdlYmM0YTYzMzk4OTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUSiE2VhzFe0sZL8cNp3XP3rZr8q
tG8W+9P+c4jFw4erPG6EOH8ZBlr72mDKr3Q/RZNl8EMA4zlGyM1iuESh5GHtGHgh
fvYGtMdmyPtcazg4yKvAFE6RxWt0uPJNUFB4FF4jm8cHjVrfsSGF28htg6MFUqmk
lbLzi+wAPwP8aKWbYdjoDeQataGn7ST8VrUkiVULP4Vmgqq1Rb1Y9MfoKxDiAiMB
V+l7ytobLwpo2/9yeAesKm759Pq/BKeAemo67STSahlFTeKDJXOrxH6LGuETjKXn
BgRlCaV5rOh4iY5T9UJ7D6ORzZSEdTm2oL/KCPqZLMq0d/jGEQY1OSHW3wIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFE+aE3+P+NyRDSuOLcZ+vEpjOYmZMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvVDVvVGY0XzQzSkVOSzQ0dHhuNjhTbU01aVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQCBYVkAwQC
HyjMAwQCJd1MAwQCU6v0AwQCVQigAwQCXPk8AwQCsDWcAwQCvHdEAwQCwSC4AwQC
wl08AwQC1FfEAwQC1GsEAwQC2RLQMA0GCSqGSIb3DQEBCwUAA4IBAQAWwzeEj8Z1
pL3gdh2rI9OZvk8vMC/UZsn85z9KVcr5HfvMxemfsLEo6lOpqwf4d/EzZ/I4ulk+
xmiXWzESGnfQO6F8KQ0YG01Yt0GSGV0Mocc22I1ui/EDtkNiWjxPc+UPMzigXy6A
JIFGMch8BeqLMz3hvUDbqJgGEJw+vpw1qh4fpf7wR40No9hc3OQfAlBBLmsz2fsD
AdfT0xmpzgY3WW3z7CEurHhWJ9/aY7riKL4UaTE+ckGRWhildF94IBRdrpeViq6M
23Q6DnBRp5rq1nNf8qcFTttgQ/VbDYPIrRNLCX+Pr9wl3rJZoDPWc2+4toEQg2YW
NA8E1KHQCQZ9
-----END CERTIFICATE-----