Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1l2OyZBsee7H1oLLYouc7lR3Ms8.roa
File:                     1l2OyZBsee7H1oLLYouc7lR3Ms8.roa (raw, json)
Hash identifier:          DyB9nz2CS6eDFgBZn+sbSlD+qRKsAfQ47M/4dbkhtcU=
Subject key identifier:   D6:5D:8E:C9:90:6C:79:EE:C7:D6:82:CB:62:8B:9C:EE:54:77:32:CF
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018DE630B595FB48F12B796783259010B3EA
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1l2OyZBsee7H1oLLYouc7lR3Ms8.roa
Signing time:             Mon 26 Feb 2024 16:12:48 +0000
ROA not before:           Mon 26 Feb 2024 16:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30938
IP address blocks:        5.39.248.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.251.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          5.178.97.0/24 maxlen: 24
                          5.178.99.0/24 maxlen: 24
                          5.178.104.0/24 maxlen: 24
                          5.178.108.0/24 maxlen: 24
                          31.192.240.0/21 maxlen: 21
                          31.192.246.0/24 maxlen: 24
                          45.12.216.0/24 maxlen: 24
                          45.12.217.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Tue 27 Feb 2024 17:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e6:30:b5:95:fb:48:f1:2b:79:67:83:25:90:10:b3:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Feb 26 16:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d65d8ec9906c79eec7d682cb628b9cee547732cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:b0:c0:69:c6:21:68:a8:c6:2e:e8:6c:80:b4:
                    3d:ed:6d:c5:19:a1:ef:23:62:64:40:65:ba:7a:0d:
                    3c:fb:a2:c5:c1:85:99:8e:77:a8:10:bd:9c:8d:63:
                    9a:10:4d:a7:94:5a:b2:d2:d5:87:f7:1a:89:35:c9:
                    3b:72:04:1a:7f:72:3e:40:53:e9:36:9f:45:74:9f:
                    03:26:c5:3d:93:53:cb:bb:d0:29:cd:09:cf:23:49:
                    85:a9:d4:99:83:01:a5:ab:7e:53:5e:7e:52:ac:91:
                    30:80:64:c6:d6:28:7e:8b:a7:cc:2d:6f:17:91:d4:
                    10:48:5b:8c:f4:da:a6:17:37:a1:f2:c9:76:00:b0:
                    d4:2b:92:94:f8:79:88:b4:40:28:6d:29:3b:43:73:
                    12:24:9f:c4:3d:2b:b0:e7:7d:3b:48:27:e4:ed:0b:
                    99:7e:04:e8:25:df:03:f6:d8:fa:9c:3a:37:c1:5a:
                    30:9f:42:6e:c6:a9:c7:98:bd:d1:bf:7e:2a:d3:3e:
                    93:af:5e:15:6c:63:d3:39:8f:31:1e:6e:d6:7d:fa:
                    a1:b9:3a:03:ac:d5:90:91:e1:80:c5:17:b9:8c:04:
                    45:56:a9:2e:7b:59:4a:c4:2e:fb:0e:20:b2:e0:aa:
                    a4:d2:d1:11:06:ed:b5:6c:95:65:65:e9:1d:0b:c4:
                    3b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:5D:8E:C9:90:6C:79:EE:C7:D6:82:CB:62:8B:9C:EE:54:77:32:CF
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1l2OyZBsee7H1oLLYouc7lR3Ms8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/24
                  5.39.250.0-5.39.252.255
                  5.39.254.0/24
                  5.178.96.0/23
                  5.178.99.0/24
                  5.178.104.0/24
                  5.178.108.0/24
                  31.192.240.0/21
                  45.12.216.0/22
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ba:3e:39:60:84:7c:95:c2:76:02:fe:e9:52:4e:0b:5a:03:47:
         e6:b4:62:56:5d:88:09:c7:75:19:dc:0b:64:44:48:6e:7a:b3:
         d3:71:45:51:eb:14:a0:2e:2d:85:93:d7:5f:37:6e:91:9c:d2:
         a4:64:a2:6c:d8:96:3e:c1:77:a3:4b:89:9d:10:12:ff:87:05:
         3a:01:a4:cb:36:3a:5f:db:2b:e0:8f:04:c4:fb:93:13:b1:3b:
         8b:e1:20:5c:f4:fd:89:3e:5f:96:ed:2f:36:92:fc:f7:7c:3e:
         e7:81:37:56:4b:46:4e:ad:fe:da:06:d1:f4:0d:d3:48:aa:65:
         e0:39:d9:d5:47:b5:30:6f:cf:2e:f9:4b:3c:40:af:96:f2:ac:
         79:5f:79:f9:93:5a:3b:6c:96:98:cd:fd:b7:4b:6d:05:e1:13:
         c6:fa:12:bf:cb:7f:f6:52:b6:11:a5:09:95:69:40:d6:c0:a6:
         04:32:1c:3c:8e:48:8c:a7:8f:88:31:40:59:d2:99:7e:fd:86:
         a4:35:48:a2:21:f8:98:b3:57:0b:94:b2:c5:20:4d:62:bc:db:
         41:fb:0d:c6:59:4f:89:54:a0:4b:a9:10:ec:8a:e4:19:7e:9d:
         41:dc:e0:8e:65:9f:db:ae:af:41:16:22:c3:f2:0f:07:2f:0d:
         81:91:f6:60
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY3mMLWV+0jxK3lngyWQELPqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMjI2MTYxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjVkOGVjOTkwNmM3OWVlYzdkNjgyY2I2MjhiOWNlZTU0NzczMmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjbDAacYhaKjGLuhsgLQ97W3FGaHv
I2JkQGW6eg08+6LFwYWZjneoEL2cjWOaEE2nlFqy0tWH9xqJNck7cgQaf3I+QFPp
Np9FdJ8DJsU9k1PLu9ApzQnPI0mFqdSZgwGlq35TXn5SrJEwgGTG1ih+i6fMLW8X
kdQQSFuM9NqmFzeh8sl2ALDUK5KU+HmItEAobSk7Q3MSJJ/EPSuw5307SCfk7QuZ
fgToJd8D9tj6nDo3wVown0JuxqnHmL3Rv34q0z6Tr14VbGPTOY8xHm7WffqhuToD
rNWQkeGAxRe5jARFVqkue1lKxC77DiCy4Kqk0tERBu21bJVlZekdC8Q78QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFNZdjsmQbHnux9aCy2KLnO5UdzLPMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvMWwyT3laQnNlZTdIMW9MTFlvdWM3bFIzTXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQABSf4MAwD
BAEFJ/oDBAAFJ/wDBAAFJ/4DBAEFsmADBAAFsmMDBAAFsmgDBAAFsmwDBAMfwPAD
BAItDNgDBAK5BSQwDQYJKoZIhvcNAQELBQADggEBALo+OWCEfJXCdgL+6VJOC1oD
R+a0YlZdiAnHdRncC2RESG56s9NxRVHrFKAuLYWT1183bpGc0qRkomzYlj7Bd6NL
iZ0QEv+HBToBpMs2Ol/bK+CPBMT7kxOxO4vhIFz0/Yk+X5btLzaS/Pd8PueBN1ZL
Rk6t/toG0fQN00iqZeA52dVHtTBvzy75SzxAr5byrHlfefmTWjtslpjN/bdLbQXh
E8b6Er/Lf/ZSthGlCZVpQNbApgQyHDyOSIynj4gxQFnSmX79hqQ1SKIh+JizVwuU
ssUgTWK820H7DcZZT4lUoEupEOyK5Bl+nUHc4I5ln9uur0EWIsPyDwcvDYGR9mA=
-----END CERTIFICATE-----