Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/646Gpj6iOd4SaXxsAULigDU2EPo.roa
File:                     646Gpj6iOd4SaXxsAULigDU2EPo.roa (raw, json)
Hash identifier:          jQ5utYNHf0GpDFefEv3sRDBFeAIUPac4VD+l87QjyRw=
Subject key identifier:   EB:8E:86:A6:3E:A2:39:DE:12:69:7C:6C:01:42:E2:80:35:36:10:FA
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018A6A4A97A8D67DDE0E9B35A355B03F3C1F
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/646Gpj6iOd4SaXxsAULigDU2EPo.roa
Signing time:             Wed 06 Sep 2023 11:39:47 +0000
ROA not before:           Wed 06 Sep 2023 11:39:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25369
IP address blocks:        5.105.130.0/24 maxlen: 24
                          5.105.79.0/24 maxlen: 24
                          5.105.91.0/24 maxlen: 24
                          5.105.90.0/24 maxlen: 24
                          5.105.92.0/24 maxlen: 24
                          5.105.93.0/24 maxlen: 24
                          5.105.108.0/24 maxlen: 24
                          5.105.38.0/24 maxlen: 24
                          217.67.64.0/22 maxlen: 22
                          5.105.39.0/24 maxlen: 24
                          5.105.195.0/24 maxlen: 24
                          5.105.204.0/24 maxlen: 24
                          5.105.223.0/24 maxlen: 24
                          5.105.222.0/24 maxlen: 24
                          5.105.224.0/24 maxlen: 24
                          5.105.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 11 Sep 2023 19:25:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:6a:4a:97:a8:d6:7d:de:0e:9b:35:a3:55:b0:3f:3c:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Sep  6 11:39:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eb8e86a63ea239de12697c6c0142e280353610fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:26:2b:80:c0:19:da:73:d2:1b:01:5f:12:fd:
                    b2:65:5a:c7:20:c7:0c:b3:e0:ae:14:6c:04:ea:bd:
                    e9:08:15:c3:1e:7b:f3:e0:db:a8:c7:7b:c7:f0:d6:
                    7c:fe:87:dc:57:38:3a:c5:f1:88:61:88:30:7c:22:
                    ed:59:a2:75:33:35:b8:51:97:c5:bd:49:48:70:e2:
                    03:bf:3e:76:9f:d3:f4:97:92:92:20:5f:be:5e:38:
                    bf:3c:dd:fd:95:b9:fc:85:b7:68:a2:22:82:b6:76:
                    20:34:46:b8:80:32:83:09:94:ad:5f:0a:ad:88:9e:
                    bd:88:71:56:eb:fd:fe:eb:dc:ba:10:00:ca:40:08:
                    b8:13:57:3f:1b:59:64:b5:dc:e6:55:af:cb:fb:bf:
                    86:58:7f:29:8a:16:22:2d:1c:d6:66:a2:c0:e4:7b:
                    23:4e:5c:e0:ac:16:bf:54:92:f9:42:cf:51:a3:fc:
                    50:6d:bf:7e:0a:e9:0e:d4:1c:32:a8:5a:0d:ed:18:
                    04:57:74:e9:bc:f6:c5:27:85:e1:40:02:bb:ac:4a:
                    91:f7:87:de:89:8e:99:bc:19:b9:fb:d6:bd:07:cc:
                    33:f2:0e:34:f2:04:98:21:06:85:1f:a3:d4:c5:7c:
                    43:99:68:10:5d:ea:d5:12:c5:04:98:3a:5a:74:93:
                    64:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:8E:86:A6:3E:A2:39:DE:12:69:7C:6C:01:42:E2:80:35:36:10:FA
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/646Gpj6iOd4SaXxsAULigDU2EPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.38.0/23
                  5.105.79.0/24
                  5.105.90.0-5.105.93.255
                  5.105.108.0/24
                  5.105.130.0/24
                  5.105.195.0/24
                  5.105.204.0/24
                  5.105.222.0-5.105.225.255
                  217.67.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:5e:ab:d0:05:65:10:de:33:d8:13:b1:e8:f7:e3:d0:75:9f:
         99:29:bb:cf:91:49:a3:c2:30:64:41:a5:2d:15:cd:60:0e:91:
         c5:0c:86:6b:71:e1:f9:af:c2:93:97:ac:31:79:64:54:3f:17:
         2c:5a:94:88:c1:21:77:85:2d:ed:a1:9c:7a:12:e1:f1:9a:36:
         da:3e:87:77:53:43:bf:4e:5d:14:f4:52:f1:33:0e:9a:1e:93:
         07:87:83:50:3c:14:66:cc:87:80:78:a2:ed:a1:61:5d:6c:3b:
         33:e9:4e:f7:51:62:54:d0:7a:6e:d9:bd:a6:3a:b7:a7:69:e4:
         fd:11:a8:e8:63:e8:f8:5e:d3:a3:fd:5b:5a:97:c1:2e:df:af:
         1f:7a:5e:16:72:8a:a6:60:ff:fb:88:da:eb:de:69:7b:ba:d8:
         f0:b1:de:71:8f:58:f4:ae:1b:60:9a:30:ed:17:b4:e2:0f:7b:
         27:a8:49:f7:ef:53:72:d2:88:54:80:b4:ca:0c:cd:e8:50:f8:
         a0:c3:9e:21:14:1d:f0:ff:24:59:34:2b:80:fe:50:e2:6a:c0:
         49:a0:84:fa:a3:3b:77:4a:3f:78:24:30:f4:67:25:9b:46:55:
         cf:b9:7b:f0:59:df:3c:c2:58:22:dd:78:ac:90:44:ce:bd:a4:
         96:36:e1:9c
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYpqSpeo1n3eDps1o1WwPzwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwOTA2MTEzOTQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjhlODZhNjNlYTIzOWRlMTI2OTdjNmMwMTQyZTI4MDM1MzYxMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiYrgMAZ2nPSGwFfEv2yZVrHIMcM
s+CuFGwE6r3pCBXDHnvz4Nuox3vH8NZ8/ofcVzg6xfGIYYgwfCLtWaJ1MzW4UZfF
vUlIcOIDvz52n9P0l5KSIF++Xji/PN39lbn8hbdooiKCtnYgNEa4gDKDCZStXwqt
iJ69iHFW6/3+69y6EADKQAi4E1c/G1lktdzmVa/L+7+GWH8pihYiLRzWZqLA5Hsj
TlzgrBa/VJL5Qs9Ro/xQbb9+CukO1BwyqFoN7RgEV3TpvPbFJ4XhQAK7rEqR94fe
iY6ZvBm5+9a9B8wz8g408gSYIQaFH6PUxXxDmWgQXerVEsUEmDpadJNkMwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFOuOhqY+ojneEml8bAFC4oA1NhD6MB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvNjQ2R3BqNmlPZDRTYVh4c0FVTGlnRFUyRVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQBBWkmAwQA
BWlPMAwDBAEFaVoDBAEFaVwDBAAFaWwDBAAFaYIDBAAFacMDBAAFacwwDAMEAQVp
3gMEAQVp4AMEAtlDQDANBgkqhkiG9w0BAQsFAAOCAQEAWV6r0AVlEN4z2BOx6Pfj
0HWfmSm7z5FJo8IwZEGlLRXNYA6RxQyGa3Hh+a/Ck5esMXlkVD8XLFqUiMEhd4Ut
7aGcehLh8Zo22j6Hd1NDv05dFPRS8TMOmh6TB4eDUDwUZsyHgHii7aFhXWw7M+lO
91FiVNB6btm9pjq3p2nk/RGo6GPo+F7To/1bWpfBLt+vH3peFnKKpmD/+4ja695p
e7rY8LHecY9Y9K4bYJow7Re04g97J6hJ9+9TctKIVIC0ygzN6FD4oMOeIRQd8P8k
WTQrgP5Q4mrASaCE+qM7d0o/eCQw9Gclm0ZVz7l78FnfPMJYIt14rJBEzr2kljbh
nA==
-----END CERTIFICATE-----