Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/xcHdiyU09JpS-EWOXGY_mRtgA7o.roa
File:                     xcHdiyU09JpS-EWOXGY_mRtgA7o.roa (raw, json)
Hash identifier:          SkVMzP1venCmDV/tnZ73RCzg6cqfuG6z/opfFlECWkQ=
Subject key identifier:   C5:C1:DD:8B:25:34:F4:9A:52:F8:45:8E:5C:66:3F:99:1B:60:03:BA
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018C29FC7A699FB8CDB9F9C750DA3DE95F62
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/xcHdiyU09JpS-EWOXGY_mRtgA7o.roa
Signing time:             Sat 02 Dec 2023 10:04:21 +0000
ROA not before:           Sat 02 Dec 2023 10:04:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30938
IP address blocks:        45.12.216.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          5.39.248.0/24 maxlen: 24
                          5.39.251.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.253.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22
                          31.192.240.0/21 maxlen: 21
                          5.178.98.0/24 maxlen: 24
                          5.178.97.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          5.178.99.0/24 maxlen: 24
                          5.178.100.0/24 maxlen: 24
                          5.178.105.0/24 maxlen: 24
                          5.178.104.0/24 maxlen: 24
                          5.178.106.0/24 maxlen: 24
                          5.178.109.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.39.255.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 10 Dec 2023 09:47:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:29:fc:7a:69:9f:b8:cd:b9:f9:c7:50:da:3d:e9:5f:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Dec  2 10:04:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c5c1dd8b2534f49a52f8458e5c663f991b6003ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:fc:28:51:d7:3e:ca:66:c8:5e:88:37:f5:92:
                    be:9d:aa:97:89:28:fd:80:93:f1:6b:ea:32:fd:67:
                    2c:47:03:a1:f1:15:cd:ad:a2:bc:7c:9d:99:e1:a2:
                    c1:10:68:1f:01:59:77:69:c4:e2:42:18:a3:0a:97:
                    54:2e:4c:38:35:55:f7:17:87:8d:3a:88:b5:87:a8:
                    5f:97:05:d3:34:be:a0:66:b8:3f:86:c0:0c:54:9f:
                    8d:19:f3:a2:2c:0f:e5:89:84:46:54:63:5d:c7:ef:
                    52:ec:3a:04:ae:ff:53:ae:cd:ee:2f:8d:8c:83:da:
                    e5:c2:a1:e3:bc:02:e5:70:85:72:76:55:ea:86:ff:
                    0b:19:d7:53:0a:23:a0:a6:67:1d:54:a8:24:80:94:
                    31:c6:9b:40:a9:11:8e:31:96:9f:52:46:27:f0:b1:
                    15:d9:f6:c6:c4:e3:c8:36:18:94:98:70:63:63:36:
                    60:bd:08:aa:bf:0a:26:2f:03:3e:c2:72:d7:8c:a5:
                    25:dc:69:02:1a:5e:5a:31:09:8d:ce:c4:db:95:e5:
                    8b:31:b6:2a:7c:36:13:b4:ba:8c:cf:9f:7a:68:d2:
                    2a:8d:87:b9:9c:59:b7:de:ca:ec:3d:ef:6f:0e:ea:
                    05:9e:bb:c6:4b:de:3f:87:d2:82:a6:5a:43:86:5d:
                    00:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:C1:DD:8B:25:34:F4:9A:52:F8:45:8E:5C:66:3F:99:1B:60:03:BA
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/xcHdiyU09JpS-EWOXGY_mRtgA7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/24
                  5.39.250.0-5.39.255.255
                  5.178.96.0-5.178.100.255
                  5.178.104.0-5.178.106.255
                  5.178.109.0/24
                  31.192.240.0/21
                  45.12.216.0/24
                  45.12.219.0/24
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:72:fd:f0:82:6c:72:be:72:23:79:d8:0b:86:16:b4:c8:ba:
         41:15:2b:31:ee:0f:dd:dd:94:40:e1:95:ff:ec:f8:6e:a6:5d:
         4c:a7:df:8a:31:a0:89:3d:0f:41:86:8c:43:1b:ee:e5:48:94:
         96:38:94:20:19:18:a7:ef:88:cf:60:b9:e6:ac:b7:b7:e1:fe:
         00:59:b7:4e:7e:ef:1d:62:b9:bb:e9:0a:f9:26:db:cd:5f:8d:
         4e:50:7e:94:0f:ab:a5:dd:90:83:b8:4b:05:0e:fa:9d:3a:03:
         d1:2f:12:4a:3a:fb:42:19:68:fe:92:c8:38:f1:8f:9e:30:df:
         6a:1f:de:35:5b:19:83:fd:d5:c9:0e:25:93:6c:92:0f:cf:fc:
         1e:cd:c3:cd:85:c8:2b:6c:4e:de:4d:60:e3:8e:bc:d9:d9:23:
         b1:e5:21:50:41:26:b3:dd:d9:8d:f6:77:9b:82:5a:73:14:d6:
         ab:37:c9:50:c7:c5:93:b2:3f:46:64:4b:0b:8b:61:44:e3:50:
         5d:fa:48:0d:40:2c:2e:d8:6f:97:5f:d5:56:4c:fb:32:6e:1b:
         a4:ff:7b:55:8d:bc:62:49:01:2f:fa:10:50:5a:2c:2f:b0:f0:
         13:dc:0c:c6:d3:7c:3c:af:90:7c:d5:4a:a5:a8:33:55:d8:01:
         e7:93:22:bf
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYwp/Hppn7jNufnHUNo96V9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjMxMjAyMTAwNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWMxZGQ4YjI1MzRmNDlhNTJmODQ1OGU1YzY2M2Y5OTFiNjAwM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PwoUdc+ymbIXog39ZK+naqXiSj9
gJPxa+oy/WcsRwOh8RXNraK8fJ2Z4aLBEGgfAVl3acTiQhijCpdULkw4NVX3F4eN
Ooi1h6hflwXTNL6gZrg/hsAMVJ+NGfOiLA/liYRGVGNdx+9S7DoErv9Trs3uL42M
g9rlwqHjvALlcIVydlXqhv8LGddTCiOgpmcdVKgkgJQxxptAqRGOMZafUkYn8LEV
2fbGxOPINhiUmHBjYzZgvQiqvwomLwM+wnLXjKUl3GkCGl5aMQmNzsTbleWLMbYq
fDYTtLqMz596aNIqjYe5nFm33srsPe9vDuoFnrvGS94/h9KCplpDhl0A+wIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFMXB3YslNPSaUvhFjlxmP5kbYAO6MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEveGNIZGl5VTA5SnBTLUVXT1hHWV9tUnRnQTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAATBNAwQABSf4MAsD
BAEFJ/oDAwMFIDAMAwQFBbJgAwQABbJkMAwDBAMFsmgDBAAFsmoDBAAFsm0DBAMf
wPADBAAtDNgDBAAtDNsDBAK5BSQwDQYJKoZIhvcNAQELBQADggEBAJNy/fCCbHK+
ciN52AuGFrTIukEVKzHuD93dlEDhlf/s+G6mXUyn34oxoIk9D0GGjEMb7uVIlJY4
lCAZGKfviM9gueast7fh/gBZt05+7x1iubvpCvkm281fjU5QfpQPq6XdkIO4SwUO
+p06A9EvEko6+0IZaP6SyDjxj54w32of3jVbGYP91ckOJZNskg/P/B7Nw82FyCts
Tt5NYOOOvNnZI7HlIVBBJrPd2Y32d5uCWnMU1qs3yVDHxZOyP0ZkSwuLYUTjUF36
SA1ALC7Yb5df1VZM+zJuG6T/e1WNvGJJAS/6EFBaLC+w8BPcDMbTfDyvkHzVSqWo
M1XYAeeTIr8=
-----END CERTIFICATE-----