Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/d4mXa6ZArW3GWEUOK8saeLHZ3gs.roa
File:                     d4mXa6ZArW3GWEUOK8saeLHZ3gs.roa (raw, json)
Hash identifier:          eaQQDOMtOuRvj6xGiFcOwqzsTy7CGqX+mVAnfvh93oQ=
Subject key identifier:   77:89:97:6B:A6:40:AD:6D:C6:58:45:0E:2B:CB:1A:78:B1:D9:DE:0B
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018DD2177354FF1D4D275DE7491AA4A02CCA
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/d4mXa6ZArW3GWEUOK8saeLHZ3gs.roa
Signing time:             Thu 22 Feb 2024 18:32:48 +0000
ROA not before:           Thu 22 Feb 2024 18:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30938
IP address blocks:        5.39.248.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.251.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          5.178.97.0/24 maxlen: 24
                          5.178.99.0/24 maxlen: 24
                          5.178.104.0/24 maxlen: 24
                          31.192.240.0/21 maxlen: 21
                          45.12.216.0/24 maxlen: 24
                          45.12.217.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Fri 23 Feb 2024 10:53:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d2:17:73:54:ff:1d:4d:27:5d:e7:49:1a:a4:a0:2c:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Feb 22 18:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7789976ba640ad6dc658450e2bcb1a78b1d9de0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ef:dc:7a:ce:e7:50:dd:0a:11:bc:84:fc:f8:
                    a5:c1:15:c3:1b:31:70:f8:65:f9:95:03:6a:95:0a:
                    65:49:e3:a7:7b:40:97:63:08:0e:ec:21:a6:f7:dc:
                    53:d9:e8:2f:56:88:c8:79:9a:77:20:e3:c2:2e:96:
                    31:9a:84:e8:e8:8b:c3:2a:7e:4a:b8:4a:77:d9:91:
                    39:80:ce:08:ac:46:e0:94:f3:7e:aa:71:d7:ff:f4:
                    8b:97:b0:5c:1b:f5:4d:b5:35:df:56:11:ee:fa:1d:
                    ef:74:1d:48:eb:30:45:d9:73:be:00:ec:e3:ce:e7:
                    da:b6:91:6b:cb:55:31:5e:6f:af:b3:88:d2:54:7b:
                    c1:e4:a9:95:b7:1a:46:59:e8:43:55:a6:e2:90:ab:
                    f9:af:d2:d2:a3:1c:8f:6d:2d:b6:a7:8e:2d:28:83:
                    27:91:7c:e3:bf:56:98:29:a0:6b:8a:9e:64:49:6c:
                    86:c6:08:99:44:ca:fb:af:81:c3:d1:ee:4f:e2:cc:
                    ec:b6:55:13:75:bd:d6:ce:43:57:6f:14:78:89:80:
                    ff:d8:f5:9e:4c:83:55:75:23:55:eb:2d:65:b1:61:
                    70:76:11:f7:9e:8e:d8:1a:2f:b6:b1:08:74:a7:3f:
                    e5:b2:3d:92:69:8c:b5:4f:6c:78:d9:26:ec:b1:0f:
                    99:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:89:97:6B:A6:40:AD:6D:C6:58:45:0E:2B:CB:1A:78:B1:D9:DE:0B
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/d4mXa6ZArW3GWEUOK8saeLHZ3gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/24
                  5.39.250.0-5.39.252.255
                  5.39.254.0/24
                  5.178.96.0/23
                  5.178.99.0/24
                  5.178.104.0/24
                  31.192.240.0/21
                  45.12.216.0/22
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e5:85:bf:63:48:e8:49:35:5c:6a:93:bd:df:4f:eb:5e:e8:12:
         48:49:1b:19:a4:e6:38:65:a7:07:a9:e6:58:50:b7:40:bb:ed:
         9a:62:dd:11:73:3d:dc:d2:e1:8f:bd:ad:98:8d:47:84:d4:7f:
         c0:1d:79:12:9c:c6:56:1e:b4:7c:e3:7f:6e:b7:90:c3:ce:2a:
         b6:bd:00:ca:54:3c:b4:99:f0:fa:65:3f:51:47:76:0a:6e:18:
         2e:e6:23:d2:af:db:96:83:2b:7c:62:57:62:cb:f6:29:84:c1:
         c2:83:ce:64:62:0d:45:7a:0b:02:9e:b6:48:f6:34:83:8b:61:
         c0:e2:82:c2:ef:53:2f:bc:3e:54:ee:8a:ad:10:ab:59:e3:09:
         ed:40:0f:2b:0e:98:bf:7e:ad:fe:e9:8d:dc:a4:00:6f:d1:1a:
         5d:74:db:f2:69:51:30:89:66:b2:90:a7:e9:ca:9d:42:b9:7c:
         89:df:17:b9:ee:27:b3:22:5b:ba:40:a6:59:75:95:f4:93:3d:
         d3:be:48:64:32:ae:ca:29:2b:d3:c1:de:bf:09:43:53:63:f1:
         5e:3e:1d:ae:e2:db:83:40:85:af:eb:d4:ca:ae:39:a7:3e:15:
         ff:03:9f:e9:f0:c5:ea:18:cf:93:9e:5d:9e:19:09:ee:29:c7:
         a6:48:10:ee
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY3SF3NU/x1NJ13nSRqkoCzKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMjIyMTgzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Nzg5OTc2YmE2NDBhZDZkYzY1ODQ1MGUyYmNiMWE3OGIxZDlkZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+/ces7nUN0KEbyE/PilwRXDGzFw
+GX5lQNqlQplSeOne0CXYwgO7CGm99xT2egvVojIeZp3IOPCLpYxmoTo6IvDKn5K
uEp32ZE5gM4IrEbglPN+qnHX//SLl7BcG/VNtTXfVhHu+h3vdB1I6zBF2XO+AOzj
zufatpFry1UxXm+vs4jSVHvB5KmVtxpGWehDVabikKv5r9LSoxyPbS22p44tKIMn
kXzjv1aYKaBrip5kSWyGxgiZRMr7r4HD0e5P4szstlUTdb3WzkNXbxR4iYD/2PWe
TINVdSNV6y1lsWFwdhH3no7YGi+2sQh0pz/lsj2SaYy1T2x42SbssQ+ZuQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFHeJl2umQK1txlhFDivLGnix2d4LMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvZDRtWGE2WkFyVzNHV0VVT0s4c2FlTEhaM2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABSf4MAwD
BAEFJ/oDBAAFJ/wDBAAFJ/4DBAEFsmADBAAFsmMDBAAFsmgDBAMfwPADBAItDNgD
BAK5BSQwDQYJKoZIhvcNAQELBQADggEBAOWFv2NI6Ek1XGqTvd9P617oEkhJGxmk
5jhlpwep5lhQt0C77Zpi3RFzPdzS4Y+9rZiNR4TUf8AdeRKcxlYetHzjf263kMPO
Kra9AMpUPLSZ8PplP1FHdgpuGC7mI9Kv25aDK3xiV2LL9imEwcKDzmRiDUV6CwKe
tkj2NIOLYcDigsLvUy+8PlTuiq0Qq1njCe1ADysOmL9+rf7pjdykAG/RGl102/Jp
UTCJZrKQp+nKnUK5fInfF7nuJ7MiW7pApll1lfSTPdO+SGQyrsopK9PB3r8JQ1Nj
8V4+Ha7i24NAha/r1MquOac+Ff8Dn+nwxeoYz5OeXZ4ZCe4px6ZIEO4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:33 2024 by rpki-client on console-fra.rpki-client.org