Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YHhREw4KPTmmMv_c4SyUs7x1pTg.roa
File:                     YHhREw4KPTmmMv_c4SyUs7x1pTg.roa (raw, json)
Hash identifier:          YxvI0Cvd2eJdGZLHz7smSgGEnH1Cq0Eb/f/1JFd87qE=
Subject key identifier:   60:78:51:13:0E:0A:3D:39:A6:32:FF:DC:E1:2C:94:B3:BC:75:A5:38
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018DEB9552C482113B99A673D8DB3345C693
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YHhREw4KPTmmMv_c4SyUs7x1pTg.roa
Signing time:             Tue 27 Feb 2024 17:20:48 +0000
ROA not before:           Tue 27 Feb 2024 17:20:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30938
IP address blocks:        5.39.248.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          5.178.97.0/24 maxlen: 24
                          5.178.99.0/24 maxlen: 24
                          5.178.104.0/24 maxlen: 24
                          5.178.108.0/24 maxlen: 24
                          31.192.240.0/21 maxlen: 21
                          31.192.246.0/24 maxlen: 24
                          45.12.216.0/24 maxlen: 24
                          45.12.217.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Fri 01 Mar 2024 23:15:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:eb:95:52:c4:82:11:3b:99:a6:73:d8:db:33:45:c6:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Feb 27 17:20:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=607851130e0a3d39a632ffdce12c94b3bc75a538
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:16:9a:7d:82:6b:85:ea:17:a6:8a:15:c2:21:
                    8c:e8:29:72:f0:02:66:71:ad:30:38:23:6c:43:25:
                    42:6e:33:54:29:95:ad:a5:89:46:e4:dd:5f:ab:7f:
                    5c:cc:dd:23:35:59:86:4a:68:e1:c9:18:af:87:da:
                    b8:b4:31:81:4c:cc:47:7d:0c:0f:6e:4f:e1:de:75:
                    e7:35:e7:59:ec:ea:4e:67:99:32:e8:53:58:71:c8:
                    fa:84:5d:41:5e:1d:e6:5a:37:93:90:38:20:8d:64:
                    9d:b8:f2:72:48:3f:54:93:b4:66:93:5e:8f:20:3c:
                    4b:61:bf:be:29:c9:f4:af:45:82:d9:61:15:29:f7:
                    a8:60:4b:1b:e5:43:6b:5c:7a:66:65:5a:9a:08:a1:
                    36:0a:79:2d:a2:9e:50:99:99:95:95:8c:73:97:89:
                    1c:24:f5:82:87:ba:60:ca:66:95:e7:e5:fb:38:23:
                    eb:bb:80:93:9a:62:e4:5a:a5:61:26:9f:3c:c6:b3:
                    38:5b:62:64:e9:7c:37:f2:0a:b0:57:97:05:ae:29:
                    89:d6:3a:e8:b8:67:6b:a4:93:8d:19:02:7f:09:24:
                    ce:74:f7:f3:07:7d:99:ef:1b:8c:52:59:fc:7c:ae:
                    90:81:2b:88:9c:91:14:68:2a:7e:44:71:bb:d7:ae:
                    e8:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:78:51:13:0E:0A:3D:39:A6:32:FF:DC:E1:2C:94:B3:BC:75:A5:38
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YHhREw4KPTmmMv_c4SyUs7x1pTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/24
                  5.39.250.0/24
                  5.39.252.0/24
                  5.39.254.0/24
                  5.178.96.0/23
                  5.178.99.0/24
                  5.178.104.0/24
                  5.178.108.0/24
                  31.192.240.0/21
                  45.12.216.0/22
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:e6:f6:66:86:c7:68:cf:3d:26:ec:57:b8:f0:e8:ec:04:63:
         f4:56:c9:3a:22:ba:50:d2:5e:97:44:d5:fa:10:5e:54:77:b8:
         89:bb:f7:16:5f:7c:a1:02:af:f2:fe:50:36:86:99:9b:55:8e:
         f0:30:dc:cb:e3:9d:ca:bc:ba:4d:58:1e:75:7d:be:a4:d6:eb:
         00:1d:bf:d2:68:89:ea:66:e2:98:4d:a6:9c:cf:13:76:33:2e:
         4e:bd:e5:7e:09:cb:9a:be:c7:17:dd:f8:50:29:49:7a:46:90:
         0b:b5:01:b9:7b:a6:82:26:99:3f:96:e3:71:8a:84:16:5a:da:
         ec:52:8a:09:ca:64:09:37:a7:8a:59:7a:4e:40:75:c2:58:e5:
         a7:70:68:dd:47:0f:ca:fb:1f:c7:ca:f9:95:0e:4c:a0:3d:5e:
         e1:b9:db:67:e3:11:8d:90:3d:63:34:f4:16:ac:33:45:67:17:
         35:f4:eb:8a:b8:da:ba:e6:1c:4c:a6:ce:08:f0:8e:4e:0f:ef:
         23:8e:36:dc:7d:d0:13:bc:01:4a:03:03:7a:a2:c9:62:14:f6:
         dc:ed:72:07:ff:b4:7d:93:d5:81:34:63:30:80:0c:11:93:bd:
         ba:0a:a2:7a:b3:fe:68:8f:12:7c:6d:1f:ba:a6:74:5d:e1:e4:
         08:13:21:01
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAY3rlVLEghE7maZz2NszRcaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMjI3MTcyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDc4NTExMzBlMGEzZDM5YTYzMmZmZGNlMTJjOTRiM2JjNzVhNTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBaafYJrheoXpooVwiGM6Cly8AJm
ca0wOCNsQyVCbjNUKZWtpYlG5N1fq39czN0jNVmGSmjhyRivh9q4tDGBTMxHfQwP
bk/h3nXnNedZ7OpOZ5ky6FNYccj6hF1BXh3mWjeTkDggjWSduPJySD9Uk7Rmk16P
IDxLYb++Kcn0r0WC2WEVKfeoYEsb5UNrXHpmZVqaCKE2Cnktop5QmZmVlYxzl4kc
JPWCh7pgymaV5+X7OCPru4CTmmLkWqVhJp88xrM4W2Jk6Xw38gqwV5cFrimJ1jro
uGdrpJONGQJ/CSTOdPfzB32Z7xuMUln8fK6QgSuInJEUaCp+RHG7167oGQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFGB4URMOCj05pjL/3OEslLO8daU4MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvWUhoUkV3NEtQVG1tTXZfYzRTeVVzN3gxcFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQABSf4AwQA
BSf6AwQABSf8AwQABSf+AwQBBbJgAwQABbJjAwQABbJoAwQABbJsAwQDH8DwAwQC
LQzYAwQCuQUkMA0GCSqGSIb3DQEBCwUAA4IBAQAG5vZmhsdozz0m7Fe48OjsBGP0
Vsk6IrpQ0l6XRNX6EF5Ud7iJu/cWX3yhAq/y/lA2hpmbVY7wMNzL453KvLpNWB51
fb6k1usAHb/SaInqZuKYTaaczxN2My5OveV+CcuavscX3fhQKUl6RpALtQG5e6aC
Jpk/luNxioQWWtrsUooJymQJN6eKWXpOQHXCWOWncGjdRw/K+x/HyvmVDkygPV7h
udtn4xGNkD1jNPQWrDNFZxc19OuKuNq65hxMps4I8I5OD+8jjjbcfdATvAFKAwN6
osliFPbc7XIH/7R9k9WBNGMwgAwRk726CqJ6s/5ojxJ8bR+6pnRd4eQIEyEB
-----END CERTIFICATE-----