Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/RiqU9-zrgkaEgdZ7sIA7GUJvxLg.roa
File:                     RiqU9-zrgkaEgdZ7sIA7GUJvxLg.roa (raw, json)
Hash identifier:          MbMnNonEcKaSFsW1zQB6V/R4mzHS7KqLTq6fQZSUlio=
Subject key identifier:   46:2A:94:F7:EC:EB:82:46:84:81:D6:7B:B0:80:3B:19:42:6F:C4:B8
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018DD599954EC1279D4974402008A0214978
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/RiqU9-zrgkaEgdZ7sIA7GUJvxLg.roa
Signing time:             Fri 23 Feb 2024 10:53:48 +0000
ROA not before:           Fri 23 Feb 2024 10:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30938
IP address blocks:        5.39.248.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.251.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          5.178.97.0/24 maxlen: 24
                          5.178.99.0/24 maxlen: 24
                          5.178.104.0/24 maxlen: 24
                          5.178.108.0/24 maxlen: 24
                          31.192.240.0/21 maxlen: 21
                          45.12.216.0/24 maxlen: 24
                          45.12.217.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 26 Feb 2024 16:12:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:99:95:4e:c1:27:9d:49:74:40:20:08:a0:21:49:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Feb 23 10:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=462a94f7eceb82468481d67bb0803b19426fc4b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8d:a7:12:08:43:1b:41:90:fb:a2:ed:1a:53:
                    38:1c:8c:70:28:54:5c:a9:3a:bf:0d:32:a5:db:f7:
                    36:c3:67:1e:9a:26:50:96:bc:b3:8e:c3:76:e4:fd:
                    0e:4f:15:46:67:73:5e:36:63:66:9d:1a:a4:75:5e:
                    f3:f2:ac:c1:f4:86:4f:9d:92:0c:6b:a6:db:27:17:
                    63:d3:c8:de:4e:7f:a3:ca:43:d1:b5:f7:fc:1a:d2:
                    0c:63:01:56:f2:49:fe:6c:7e:48:7c:75:b9:30:ca:
                    37:17:a4:72:51:7c:f8:20:00:b1:6d:e9:c2:a9:f0:
                    e1:68:6f:ac:d7:57:6e:75:d8:4b:01:18:df:87:58:
                    c3:73:d4:6a:0a:6e:07:c4:b8:4d:cc:d7:f2:2c:8d:
                    6c:2e:75:eb:c1:1b:54:0c:30:90:f2:39:a4:15:1b:
                    f1:30:19:a7:4f:ee:e0:37:9b:f0:8d:6f:67:e4:02:
                    35:ad:69:1c:72:2e:f3:c7:2c:be:c9:db:2f:9c:1b:
                    74:02:3f:80:09:e2:a1:37:9c:b0:81:47:7a:46:29:
                    63:d5:d1:0b:79:d0:90:21:cc:82:43:48:dc:28:2c:
                    71:83:54:47:1e:95:83:b1:ac:a3:a1:b9:39:af:b9:
                    1a:83:c2:96:85:32:57:dd:23:71:47:d4:96:56:2b:
                    02:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:2A:94:F7:EC:EB:82:46:84:81:D6:7B:B0:80:3B:19:42:6F:C4:B8
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/RiqU9-zrgkaEgdZ7sIA7GUJvxLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/24
                  5.39.250.0-5.39.252.255
                  5.39.254.0/24
                  5.178.96.0/23
                  5.178.99.0/24
                  5.178.104.0/24
                  5.178.108.0/24
                  31.192.240.0/21
                  45.12.216.0/22
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:02:63:b3:69:c6:02:e5:52:4f:f8:25:7c:e8:5e:c6:a9:40:
         71:3f:15:2b:3a:dd:e3:ff:c8:57:71:d4:36:81:3a:39:81:87:
         17:2e:f2:94:56:52:ed:ea:8f:d4:2c:c3:4f:aa:24:59:4a:e6:
         4b:46:54:b6:cb:b8:42:39:c9:03:32:8f:b5:62:fd:9d:1c:ba:
         c1:40:db:88:62:e4:e7:31:31:30:04:f5:fc:c0:ee:0f:5d:5b:
         77:b5:8f:57:45:75:3e:73:72:aa:89:50:22:61:c3:22:8f:74:
         b9:2e:ca:48:f8:f3:bc:2d:3e:cb:56:96:0b:c2:92:4e:a0:4f:
         f9:5d:64:62:5d:1a:c5:d7:87:f8:d4:ad:6d:70:87:e2:f4:18:
         3f:d6:92:1f:e0:ea:2a:60:66:e0:d0:f3:09:dd:ff:21:b9:71:
         6c:ea:92:17:0b:f0:83:93:35:fe:8a:59:99:62:c9:54:86:a4:
         22:24:c5:18:ba:c2:d5:9a:fa:9c:f9:eb:95:a8:41:c7:c5:14:
         fd:d4:ee:c3:73:f8:40:f8:6e:dc:38:7c:5c:78:a9:b7:4e:a9:
         84:12:d2:0d:ae:6d:19:be:e1:ed:60:89:0a:e1:79:c8:cc:66:
         e5:74:09:5a:cb:1f:dd:04:fe:81:6d:24:5a:9b:6f:38:c4:50:
         b9:6e:ef:8e
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY3VmZVOwSedSXRAIAigIUl4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMjIzMTA1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjJhOTRmN2VjZWI4MjQ2ODQ4MWQ2N2JiMDgwM2IxOTQyNmZjNGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi42nEghDG0GQ+6LtGlM4HIxwKFRc
qTq/DTKl2/c2w2cemiZQlryzjsN25P0OTxVGZ3NeNmNmnRqkdV7z8qzB9IZPnZIM
a6bbJxdj08jeTn+jykPRtff8GtIMYwFW8kn+bH5IfHW5MMo3F6RyUXz4IACxbenC
qfDhaG+s11duddhLARjfh1jDc9RqCm4HxLhNzNfyLI1sLnXrwRtUDDCQ8jmkFRvx
MBmnT+7gN5vwjW9n5AI1rWkcci7zxyy+ydsvnBt0Aj+ACeKhN5ywgUd6Rilj1dEL
edCQIcyCQ0jcKCxxg1RHHpWDsayjobk5r7kag8KWhTJX3SNxR9SWVisCVQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFEYqlPfs64JGhIHWe7CAOxlCb8S4MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvUmlxVTktenJna2FFZ2RaN3NJQTdHVUp2eExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQABSf4MAwD
BAEFJ/oDBAAFJ/wDBAAFJ/4DBAEFsmADBAAFsmMDBAAFsmgDBAAFsmwDBAMfwPAD
BAItDNgDBAK5BSQwDQYJKoZIhvcNAQELBQADggEBAAgCY7NpxgLlUk/4JXzoXsap
QHE/FSs63eP/yFdx1DaBOjmBhxcu8pRWUu3qj9Qsw0+qJFlK5ktGVLbLuEI5yQMy
j7Vi/Z0cusFA24hi5OcxMTAE9fzA7g9dW3e1j1dFdT5zcqqJUCJhwyKPdLkuykj4
87wtPstWlgvCkk6gT/ldZGJdGsXXh/jUrW1wh+L0GD/Wkh/g6ipgZuDQ8wnd/yG5
cWzqkhcL8IOTNf6KWZliyVSGpCIkxRi6wtWa+pz565WoQcfFFP3U7sNz+ED4btw4
fFx4qbdOqYQS0g2ubRm+4e1giQrhecjMZuV0CVrLH90E/oFtJFqbbzjEULlu744=
-----END CERTIFICATE-----