Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/4FB9qGzp8obFxJlcekiY9uUKcpQ.roa
File:                     4FB9qGzp8obFxJlcekiY9uUKcpQ.roa (raw, json)
Hash identifier:          j7pW1024LUJQZ3p65GSfS4BV5v2hhID+/nr+Jszpqqk=
Subject key identifier:   E0:50:7D:A8:6C:E9:F2:86:C5:C4:99:5C:7A:48:98:F6:E5:0A:72:94
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018DC642264E3ABBDC378FCC952EC484B569
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/4FB9qGzp8obFxJlcekiY9uUKcpQ.roa
Signing time:             Tue 20 Feb 2024 11:24:00 +0000
ROA not before:           Tue 20 Feb 2024 11:24:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30938
IP address blocks:        5.39.248.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.251.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          5.178.97.0/24 maxlen: 24
                          5.178.99.0/24 maxlen: 24
                          5.178.104.0/24 maxlen: 24
                          31.192.240.0/21 maxlen: 21
                          31.192.246.0/24 maxlen: 24
                          45.12.216.0/24 maxlen: 24
                          45.12.217.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 22 Feb 2024 18:32:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:42:26:4e:3a:bb:dc:37:8f:cc:95:2e:c4:84:b5:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Feb 20 11:24:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0507da86ce9f286c5c4995c7a4898f6e50a7294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:33:33:5b:c1:5b:3c:75:c1:d2:22:1d:b7:60:
                    c6:3f:e3:da:d3:b8:8b:7f:d5:87:a0:fb:c8:07:4a:
                    bb:7e:ad:09:bf:32:97:82:53:b1:86:91:e6:78:a4:
                    db:9e:bb:ed:81:d4:4b:4b:0d:99:17:ef:ad:31:23:
                    7a:56:33:53:b0:7e:62:a0:25:29:45:a5:3f:6f:29:
                    40:0e:7b:85:f3:96:74:69:96:f8:a5:e0:ee:a9:79:
                    15:e2:51:f0:de:c4:48:fc:2b:4c:82:95:92:3e:e8:
                    83:8a:55:20:99:9d:c3:4c:e2:13:2a:4e:5f:b3:83:
                    4d:f0:9d:5c:18:1f:13:41:ab:4c:28:e3:e8:dc:5c:
                    67:88:9b:f1:f1:73:ea:13:a5:72:51:e1:94:43:96:
                    98:c4:6c:fc:88:49:a8:31:26:14:4c:8c:09:36:84:
                    c1:5c:5c:0f:30:36:d6:8d:10:24:bf:c4:21:64:94:
                    ba:7d:95:70:e2:10:de:e2:1c:73:ec:13:c7:7a:17:
                    46:87:84:04:32:98:87:09:49:ea:fb:8f:c5:86:20:
                    d3:c5:b7:31:20:ae:17:a5:a7:de:70:bb:66:6f:d4:
                    9d:dd:0f:ef:cc:36:d6:e5:d0:e0:9f:c5:5e:0d:d6:
                    29:80:44:52:cc:6e:9d:ba:93:cc:91:b1:9d:03:3f:
                    5c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:50:7D:A8:6C:E9:F2:86:C5:C4:99:5C:7A:48:98:F6:E5:0A:72:94
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/4FB9qGzp8obFxJlcekiY9uUKcpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/24
                  5.39.250.0-5.39.252.255
                  5.39.254.0/24
                  5.178.96.0/23
                  5.178.99.0/24
                  5.178.104.0/24
                  31.192.240.0/21
                  45.12.216.0/22
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b4:e0:cf:32:96:ae:36:d2:93:51:37:3d:d8:e6:7f:21:27:f6:
         6a:12:46:24:f0:ff:0f:e2:6e:6f:17:78:6f:06:7c:53:ec:72:
         a5:00:11:ca:80:74:2c:7e:4e:7d:42:02:45:aa:2a:dd:9f:e2:
         93:77:f8:3e:1f:54:f1:b0:43:83:35:c4:fc:1c:e6:2f:f3:c5:
         7b:0a:9b:0c:15:29:bf:38:67:3f:4e:42:45:aa:9a:a3:7f:80:
         34:ce:a3:90:99:2e:dd:b2:4f:a5:2c:17:bc:64:5e:9b:48:9a:
         78:57:69:a0:7d:1b:6c:fd:8d:a0:10:a0:a9:e0:c8:1a:c6:f7:
         a9:c3:43:3b:fe:9d:6b:38:8c:55:9b:61:47:20:6c:26:65:63:
         7f:04:78:ed:c5:6a:42:2e:34:ad:db:38:00:96:6a:6b:39:a5:
         4a:a6:ad:d8:51:e7:58:80:eb:93:b0:28:df:f7:09:e0:9b:ea:
         08:2c:a6:b2:2a:3d:fc:75:49:0f:16:74:60:3e:bc:a1:4a:dd:
         2f:b5:f5:21:e0:64:46:89:d2:cc:d4:34:bf:94:57:22:58:ef:
         25:4c:11:91:ca:38:cf:f9:fc:d0:29:d9:5d:9b:e0:dd:fc:da:
         99:9d:43:bd:d7:90:66:af:b6:3f:c8:6b:b1:c5:0f:07:ce:94:
         59:48:88:45
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY3GQiZOOrvcN4/MlS7EhLVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMjIwMTEyNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDUwN2RhODZjZTlmMjg2YzVjNDk5NWM3YTQ4OThmNmU1MGE3Mjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujMzW8FbPHXB0iIdt2DGP+Pa07iL
f9WHoPvIB0q7fq0JvzKXglOxhpHmeKTbnrvtgdRLSw2ZF++tMSN6VjNTsH5ioCUp
RaU/bylADnuF85Z0aZb4peDuqXkV4lHw3sRI/CtMgpWSPuiDilUgmZ3DTOITKk5f
s4NN8J1cGB8TQatMKOPo3FxniJvx8XPqE6VyUeGUQ5aYxGz8iEmoMSYUTIwJNoTB
XFwPMDbWjRAkv8QhZJS6fZVw4hDe4hxz7BPHehdGh4QEMpiHCUnq+4/FhiDTxbcx
IK4XpafecLtmb9Sd3Q/vzDbW5dDgn8VeDdYpgERSzG6dupPMkbGdAz9cmwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFOBQfahs6fKGxcSZXHpImPblCnKUMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvNEZCOXFHenA4b2JGeEpsY2VraVk5dVVLY3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABSf4MAwD
BAEFJ/oDBAAFJ/wDBAAFJ/4DBAEFsmADBAAFsmMDBAAFsmgDBAMfwPADBAItDNgD
BAK5BSQwDQYJKoZIhvcNAQELBQADggEBALTgzzKWrjbSk1E3PdjmfyEn9moSRiTw
/w/ibm8XeG8GfFPscqUAEcqAdCx+Tn1CAkWqKt2f4pN3+D4fVPGwQ4M1xPwc5i/z
xXsKmwwVKb84Zz9OQkWqmqN/gDTOo5CZLt2yT6UsF7xkXptImnhXaaB9G2z9jaAQ
oKngyBrG96nDQzv+nWs4jFWbYUcgbCZlY38EeO3FakIuNK3bOACWams5pUqmrdhR
51iA65OwKN/3CeCb6ggsprIqPfx1SQ8WdGA+vKFK3S+19SHgZEaJ0szUNL+UVyJY
7yVMEZHKOM/5/NAp2V2b4N382pmdQ73XkGavtj/Ia7HFDwfOlFlIiEU=
-----END CERTIFICATE-----