Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/5VXgi9qkYLUhHVDL-HFC8UbzrFg.roa
File:                     5VXgi9qkYLUhHVDL-HFC8UbzrFg.roa (raw, json)
Hash identifier:          6a7d70Et2lb/AnUm1qkKl0+Y/Azv/K7KcYLEaz5flws=
Subject key identifier:   E5:55:E0:8B:DA:A4:60:B5:21:1D:50:CB:F8:71:42:F1:46:F3:AC:58
Certificate issuer:       /CN=6311a69c8172044854931f100a59bd089cb8881a
Certificate serial:       0185731606787EFE645008A528CD5580AE68
Authority key identifier: 63:11:A6:9C:81:72:04:48:54:93:1F:10:0A:59:BD:08:9C:B8:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YxGmnIFyBEhUkx8QClm9CJy4iBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/5VXgi9qkYLUhHVDL-HFC8UbzrFg.roa
Signing time:             Mon 02 Jan 2023 15:25:01 +0000
ROA not before:           Mon 02 Jan 2023 15:25:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     137
IP address blocks:        141.108.0.0/16 maxlen: 16
                          192.84.127.0/24 maxlen: 24
                          192.84.128.0/20 maxlen: 20
                          192.135.8.0/21 maxlen: 21
                          192.135.16.0/20 maxlen: 20
                          192.84.144.0/21 maxlen: 21
                          192.84.152.0/22 maxlen: 22
                          192.135.32.0/23 maxlen: 23
                          192.135.36.0/24 maxlen: 24
                          192.135.37.0/24 maxlen: 24
                          192.135.34.0/24 maxlen: 24
                          192.84.156.0/24 maxlen: 24
                          192.135.35.0/24 maxlen: 24
                          131.154.0.0/16 maxlen: 16

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:32:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:16:06:78:7e:fe:64:50:08:a5:28:cd:55:80:ae:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6311a69c8172044854931f100a59bd089cb8881a
        Validity
            Not Before: Jan  2 15:25:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e555e08bdaa460b5211d50cbf87142f146f3ac58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:dd:f9:09:88:c5:d0:be:9c:3b:ab:d1:28:e8:
                    78:1b:fb:3e:e0:3a:77:e2:4d:71:f4:4d:46:b5:59:
                    67:b6:2e:7d:35:7c:bd:a0:8c:5f:bd:4e:1e:1d:89:
                    1d:88:66:20:de:b4:d2:18:19:94:ff:58:ee:0f:99:
                    e4:64:7f:6b:01:d1:e6:61:51:20:49:fa:8b:90:85:
                    2a:b7:01:f2:d0:79:53:98:87:13:5d:3c:dd:16:9f:
                    05:9b:d4:8e:6c:1b:ec:38:04:ee:ad:38:69:f2:74:
                    8a:0a:ce:6f:b5:c5:18:4a:66:af:84:cc:25:49:46:
                    f7:33:96:b4:e4:2a:e8:12:e9:14:62:76:c5:02:53:
                    8c:2b:65:e3:44:28:3a:64:08:58:1b:21:93:fa:fd:
                    51:a6:ec:a3:09:ea:c5:2a:4b:9c:03:51:c4:85:bc:
                    95:0b:db:a6:52:e5:d6:8b:ba:1e:90:6e:e4:8c:bf:
                    42:99:09:57:63:f2:3e:d7:d5:0f:65:98:bb:7d:f0:
                    dd:17:11:ef:2a:98:6d:44:6f:28:6a:bc:b0:a2:dc:
                    f8:d3:74:78:6b:0d:05:87:10:7b:87:78:81:09:35:
                    72:52:ac:30:a1:24:46:25:59:6d:09:c8:d0:e0:a3:
                    95:92:17:75:ed:ae:32:8c:76:06:39:61:8f:66:01:
                    f0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:55:E0:8B:DA:A4:60:B5:21:1D:50:CB:F8:71:42:F1:46:F3:AC:58
            X509v3 Authority Key Identifier:
                keyid:63:11:A6:9C:81:72:04:48:54:93:1F:10:0A:59:BD:08:9C:B8:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YxGmnIFyBEhUkx8QClm9CJy4iBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/5VXgi9qkYLUhHVDL-HFC8UbzrFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/YxGmnIFyBEhUkx8QClm9CJy4iBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.154.0.0/16
                  141.108.0.0/16
                  192.84.127.0-192.84.156.255
                  192.135.8.0-192.135.37.255

    Signature Algorithm: sha256WithRSAEncryption
         85:cb:c3:35:b7:06:41:7f:32:65:5e:5e:4b:59:0e:ea:24:b7:
         15:5f:24:71:18:8e:ce:cc:be:0f:85:b8:96:c6:3a:75:da:6b:
         2c:98:39:3e:30:1e:ed:a9:5d:46:46:3c:48:88:de:db:8f:b5:
         47:39:89:64:a7:b1:38:07:c4:d8:fa:2b:f1:db:a3:b7:a8:a5:
         5b:2d:49:d2:2d:0c:02:c9:04:4b:7c:55:42:ec:5e:be:4c:c4:
         f4:82:43:7f:82:13:77:2c:96:a0:fc:82:6b:60:88:5a:d2:91:
         72:9f:54:9f:ef:2e:81:68:bd:9a:fe:1e:18:27:37:64:18:0f:
         f1:4a:d9:36:1a:67:4e:90:85:74:17:70:b5:b5:48:4b:86:21:
         c9:2e:ad:51:fc:e9:9c:9e:3b:82:d3:6b:6f:08:bf:40:6d:c7:
         67:8d:9e:27:3b:95:8c:05:df:48:37:06:05:d2:11:e2:ca:f6:
         39:46:17:53:1e:3c:c3:e7:c6:a3:c6:7e:c8:72:77:d9:48:28:
         e2:ad:ed:83:f6:9e:75:82:7b:78:e1:b9:d1:7f:bd:09:b9:df:
         91:bd:51:72:3e:01:e7:30:a2:89:8f:ba:f5:de:70:53:3f:ac:
         2e:a2:84:92:1a:61:19:0f:a8:b9:a3:35:f3:b4:b9:70:a7:a6:
         18:db:31:24
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYVzFgZ4fv5kUAilKM1VgK5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMTFhNjljODE3MjA0NDg1NDkzMWYxMDBhNTliZDA4OWNi
ODg4MWEwHhcNMjMwMTAyMTUyNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTU1ZTA4YmRhYTQ2MGI1MjExZDUwY2JmODcxNDJmMTQ2ZjNhYzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAht35CYjF0L6cO6vRKOh4G/s+4Dp3
4k1x9E1GtVlnti59NXy9oIxfvU4eHYkdiGYg3rTSGBmU/1juD5nkZH9rAdHmYVEg
SfqLkIUqtwHy0HlTmIcTXTzdFp8Fm9SObBvsOATurThp8nSKCs5vtcUYSmavhMwl
SUb3M5a05CroEukUYnbFAlOMK2XjRCg6ZAhYGyGT+v1RpuyjCerFKkucA1HEhbyV
C9umUuXWi7oekG7kjL9CmQlXY/I+19UPZZi7ffDdFxHvKphtRG8oarywotz403R4
aw0FhxB7h3iBCTVyUqwwoSRGJVltCcjQ4KOVkhd17a4yjHYGOWGPZgHwGQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFOVV4IvapGC1IR1Qy/hxQvFG86xYMB8GA1UdIwQY
MBaAFGMRppyBcgRIVJMfEApZvQicuIgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXhHbW5JRnlCRWhVa3g4UUNsbTlDSnk0aUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9jNGFiZmUtYThlNi00YTE0LThiNWMt
ZDBlMGYyMTM5MzZjLzEvNVZYZ2k5cWtZTFVoSFZETC1IRkM4VWJ6ckZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9jNGFiZmUtYThlNi00YTE0LThiNWMtZDBlMGYyMTM5MzZj
LzEvWXhHbW5JRnlCRWhVa3g4UUNsbTlDSnk0aUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwMAg5oDAwCN
bDAMAwQAwFR/AwQAwFScMAwDBAPAhwgDBAHAhyQwDQYJKoZIhvcNAQELBQADggEB
AIXLwzW3BkF/MmVeXktZDuoktxVfJHEYjs7Mvg+FuJbGOnXaayyYOT4wHu2pXUZG
PEiI3tuPtUc5iWSnsTgHxNj6K/Hbo7eopVstSdItDALJBEt8VULsXr5MxPSCQ3+C
E3cslqD8gmtgiFrSkXKfVJ/vLoFovZr+HhgnN2QYD/FK2TYaZ06QhXQXcLW1SEuG
IckurVH86ZyeO4LTa28Iv0Btx2eNnic7lYwF30g3BgXSEeLK9jlGF1MePMPnxqPG
fshyd9lIKOKt7YP2nnWCe3jhudF/vQm535G9UXI+AecwoomPuvXecFM/rC6ihJIa
YRkPqLmjNfO0uXCnphjbMSQ=
-----END CERTIFICATE-----