Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/5Yhv-DqeA_eOpWVwkdTNH4Q3iXU.roa
File:                     5Yhv-DqeA_eOpWVwkdTNH4Q3iXU.roa (raw, json)
Hash identifier:          A7/1qc0BmmwW2JguQTGpYGUZKCo8LjWyYWBLToBsVk4=
Subject key identifier:   E5:88:6F:F8:3A:9E:03:F7:8E:A5:65:70:91:D4:CD:1F:84:37:89:75
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0187316CD6C877CAC3E65D26D523729AFD8C
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/5Yhv-DqeA_eOpWVwkdTNH4Q3iXU.roa
Signing time:             Thu 30 Mar 2023 07:30:29 +0000
ROA not before:           Thu 30 Mar 2023 07:30:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30938
IP address blocks:        45.12.216.0/24 maxlen: 24
                          45.12.217.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
                          5.39.248.0/24 maxlen: 24
                          5.39.251.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.253.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22
                          31.192.240.0/21 maxlen: 21
                          5.178.98.0/24 maxlen: 24
                          5.144.176.0/21 maxlen: 21
                          5.178.99.0/24 maxlen: 24
                          5.144.182.0/24 maxlen: 24
                          5.178.101.0/24 maxlen: 24
                          5.178.105.0/24 maxlen: 24
                          5.178.104.0/21 maxlen: 21
                          5.178.111.0/24 maxlen: 24
                          5.178.110.0/24 maxlen: 24
                          5.178.108.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.39.255.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 30 Mar 2023 08:15:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:31:6c:d6:c8:77:ca:c3:e6:5d:26:d5:23:72:9a:fd:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Mar 30 07:30:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e5886ff83a9e03f78ea5657091d4cd1f84378975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:da:cb:84:81:b2:db:41:8e:bd:02:ff:a2:06:
                    76:2c:7b:44:da:cf:01:59:da:ca:09:39:ed:df:44:
                    54:6e:d3:02:7a:cf:27:b5:71:51:be:23:fa:16:7d:
                    33:80:ea:3b:55:1c:1b:7a:bb:0e:9d:bd:58:01:f6:
                    eb:0e:94:09:b8:2a:db:63:b1:29:26:71:4e:ab:8d:
                    50:0d:92:54:1c:ad:c3:e9:cb:06:b7:f3:18:6b:28:
                    87:08:ce:e0:84:d0:89:0a:52:fd:8d:03:f1:56:72:
                    26:4b:3d:8e:39:72:fb:81:70:49:56:fb:3b:11:d3:
                    b6:e9:b6:03:26:fc:a4:d7:35:5f:df:42:9e:c9:5f:
                    c9:c2:c5:06:e2:fb:eb:b9:a6:6b:3c:c8:49:c0:82:
                    64:f3:0a:ff:4e:aa:5e:52:e0:e9:02:98:d1:d5:78:
                    7f:4f:2a:92:03:71:54:d7:04:a0:71:17:7a:49:67:
                    ce:ba:74:b5:4e:da:7f:d5:62:5e:e8:3d:48:ac:c1:
                    a2:5b:68:52:a2:1e:ce:4d:60:dd:96:01:f0:02:b2:
                    85:b4:10:fc:44:b9:9f:5d:7f:5b:36:90:9e:e1:a2:
                    20:0a:c0:ee:56:b1:f7:12:4d:e7:43:20:c4:18:fd:
                    fc:0a:6e:3e:fb:ee:ce:25:2e:a6:85:b4:89:ed:cc:
                    17:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:88:6F:F8:3A:9E:03:F7:8E:A5:65:70:91:D4:CD:1F:84:37:89:75
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/5Yhv-DqeA_eOpWVwkdTNH4Q3iXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/24
                  5.39.250.0-5.39.255.255
                  5.144.176.0/21
                  5.178.98.0/23
                  5.178.101.0/24
                  5.178.104.0/21
                  31.192.240.0/21
                  45.12.216.0/22
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:72:e9:3c:d7:14:7e:f0:40:0d:a4:88:2f:6d:58:75:ca:53:
         19:74:96:ee:bb:7d:36:ec:a5:84:cc:e8:bf:36:55:c5:d7:4c:
         0e:0f:09:17:c3:96:e4:4c:ec:11:f5:42:ce:ca:ef:62:90:a4:
         2a:b6:d2:73:9a:1b:2e:12:e1:d2:af:c1:82:be:2d:a7:bc:d7:
         66:77:21:0a:4a:b2:11:7e:85:01:44:c3:3c:38:f4:25:9f:ff:
         d2:18:dc:e6:52:15:1d:5e:e8:78:f9:bd:31:d8:c5:9d:71:ab:
         72:e3:97:75:d7:9a:55:09:4b:bb:36:07:81:75:0c:cf:1e:94:
         2d:e2:8a:1b:fc:6c:0b:bb:23:81:43:2e:c0:18:1e:9e:dd:bd:
         08:49:e4:b0:1f:dc:50:ed:86:d2:c7:52:f1:b0:12:fe:59:fc:
         7d:61:29:5e:9a:15:3c:ce:86:cc:9c:a6:80:e3:a2:24:92:c0:
         4b:72:2c:87:c4:10:b8:99:4f:bf:96:ca:5c:77:e4:38:42:26:
         32:ad:26:7e:53:99:2d:1c:69:44:d8:9d:f1:e5:6a:b8:70:6f:
         55:56:af:31:59:73:8e:b5:9c:88:e1:39:52:d0:83:d8:a4:fa:
         43:73:57:81:64:02:3d:9e:ec:40:b7:da:f8:88:51:36:20:ff:
         be:3c:bf:8f
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYcxbNbId8rD5l0m1SNymv2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjMwMzMwMDczMDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTg4NmZmODNhOWUwM2Y3OGVhNTY1NzA5MWQ0Y2QxZjg0Mzc4OTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5trLhIGy20GOvQL/ogZ2LHtE2s8B
WdrKCTnt30RUbtMCes8ntXFRviP6Fn0zgOo7VRwbersOnb1YAfbrDpQJuCrbY7Ep
JnFOq41QDZJUHK3D6csGt/MYayiHCM7ghNCJClL9jQPxVnImSz2OOXL7gXBJVvs7
EdO26bYDJvyk1zVf30KeyV/JwsUG4vvruaZrPMhJwIJk8wr/TqpeUuDpApjR1Xh/
TyqSA3FU1wSgcRd6SWfOunS1Ttp/1WJe6D1IrMGiW2hSoh7OTWDdlgHwArKFtBD8
RLmfXX9bNpCe4aIgCsDuVrH3Ek3nQyDEGP38Cm4+++7OJS6mhbSJ7cwXdQIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFOWIb/g6ngP3jqVlcJHUzR+EN4l1MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvNVlodi1EcWVBX2VPcFdWd2tkVE5INFEzaVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTBDBAIAATA9AwQABSf4MAsD
BAEFJ/oDAwMFIAMEAwWQsAMEAQWyYgMEAAWyZQMEAwWyaAMEAx/A8AMEAi0M2AME
ArkFJDANBgkqhkiG9w0BAQsFAAOCAQEAeHLpPNcUfvBADaSIL21YdcpTGXSW7rt9
NuylhMzovzZVxddMDg8JF8OW5EzsEfVCzsrvYpCkKrbSc5obLhLh0q/Bgr4tp7zX
ZnchCkqyEX6FAUTDPDj0JZ//0hjc5lIVHV7oePm9MdjFnXGrcuOXddeaVQlLuzYH
gXUMzx6ULeKKG/xsC7sjgUMuwBgent29CEnksB/cUO2G0sdS8bAS/ln8fWEpXpoV
PM6GzJymgOOiJJLAS3Ish8QQuJlPv5bKXHfkOEImMq0mflOZLRxpRNid8eVquHBv
VVavMVlzjrWciOE5UtCD2KT6Q3NXgWQCPZ7sQLfa+IhRNiD/vjy/jw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:14 2024 by rpki-client on console-ams.rpki-client.org