Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/jH7GwyPLYHKAtOscqdLby1Sv84Y.roa
File:                     jH7GwyPLYHKAtOscqdLby1Sv84Y.roa (raw, json)
Hash identifier:          TgX3F7JupgFi6PlhXQzfMfJhEBJN2Adj5jc+np/ivOU=
Subject key identifier:   8C:7E:C6:C3:23:CB:60:72:80:B4:EB:1C:A9:D2:DB:CB:54:AF:F3:86
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0186116BA5F5E02B6F8688D4E55260DD5AC7
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/jH7GwyPLYHKAtOscqdLby1Sv84Y.roa
Signing time:             Thu 02 Feb 2023 09:18:32 +0000
ROA not before:           Thu 02 Feb 2023 09:18:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204843
IP address blocks:        5.105.136.0/24 maxlen: 24
                          5.105.96.0/24 maxlen: 24
                          5.105.30.0/24 maxlen: 24
                          5.105.31.0/24 maxlen: 24
                          5.105.38.0/24 maxlen: 24
                          5.105.32.0/24 maxlen: 24
                          5.105.247.0/24 maxlen: 24
                          5.105.39.0/24 maxlen: 24
                          5.105.63.0/24 maxlen: 24
                          5.105.184.0/24 maxlen: 24
                          5.105.200.0/24 maxlen: 24
                          5.105.215.0/24 maxlen: 24
                          5.105.226.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 02 Feb 2023 20:36:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:11:6b:a5:f5:e0:2b:6f:86:88:d4:e5:52:60:dd:5a:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Feb  2 09:18:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8c7ec6c323cb607280b4eb1ca9d2dbcb54aff386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b7:2b:9a:a7:d6:0b:31:64:56:1e:8e:e1:5d:
                    82:b8:67:f4:9a:14:e0:fe:fb:27:06:c1:7a:39:75:
                    c7:13:13:ea:48:4a:f1:9b:3a:74:bb:68:e7:f3:f6:
                    d8:65:41:fa:35:b3:4c:b4:44:b7:18:89:86:5a:d5:
                    72:e3:88:90:b7:7b:83:15:b5:f3:1c:81:20:aa:b3:
                    5a:65:1a:77:08:81:cc:5c:0b:17:1e:52:0d:e5:5a:
                    c4:7c:db:45:77:de:42:16:44:78:4a:79:c7:03:58:
                    b9:da:2e:3c:99:24:c9:03:dc:1b:6e:f0:8d:11:5b:
                    3b:94:3e:7d:b7:10:15:ea:1d:ed:05:46:d2:99:3b:
                    da:dc:f0:ff:9f:ca:48:75:7e:29:01:4d:d4:86:24:
                    6b:ae:02:49:62:27:c2:ac:03:b2:99:76:4a:6a:ff:
                    45:fa:3b:0b:19:bc:44:c9:73:e4:04:bc:a2:79:e6:
                    83:40:6a:6f:29:3e:1d:3e:f2:33:31:7c:16:f7:94:
                    6d:0b:e6:47:95:b4:d6:37:a8:f1:a7:49:0c:c8:0b:
                    93:5c:28:a5:76:b4:69:a9:c1:a0:95:e8:45:fe:ea:
                    ec:a4:fe:fa:51:d2:6a:c7:85:67:91:cc:3d:a4:44:
                    41:e4:b0:c7:0a:0c:cb:0d:57:df:73:2f:2f:ab:74:
                    26:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:7E:C6:C3:23:CB:60:72:80:B4:EB:1C:A9:D2:DB:CB:54:AF:F3:86
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/jH7GwyPLYHKAtOscqdLby1Sv84Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.30.0-5.105.32.255
                  5.105.38.0/23
                  5.105.63.0/24
                  5.105.96.0/24
                  5.105.136.0/24
                  5.105.184.0/24
                  5.105.200.0/24
                  5.105.215.0/24
                  5.105.226.0/24
                  5.105.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:1b:37:42:b7:79:96:97:43:62:4c:34:52:cf:52:7b:fa:8b:
         a9:c0:aa:a5:e1:53:10:d3:5d:ec:f0:18:4c:31:8c:a5:f3:2a:
         84:81:4b:5a:f0:68:14:86:3f:73:89:31:bb:52:da:96:54:c8:
         d3:d5:83:34:e6:95:89:b1:c8:f6:2f:c5:f7:22:25:1a:2f:3c:
         36:fb:d1:ca:19:0d:18:b4:e2:18:4d:de:d6:8f:70:d8:88:35:
         07:45:87:b4:33:52:13:1d:f0:3f:3f:49:c7:63:10:ab:96:70:
         e5:30:3a:7b:30:00:6d:11:11:54:0b:5e:84:6b:d0:1b:02:77:
         9b:79:71:a4:d4:90:aa:0f:1d:1c:e6:ee:ea:63:f9:5b:17:c1:
         b8:a4:68:a9:82:d2:07:0b:04:1f:14:01:ae:29:ab:b8:c7:09:
         55:1e:d8:06:d6:76:37:c5:b2:7f:98:da:66:de:8c:45:20:4f:
         42:fd:51:65:ec:a4:ba:d1:e4:e4:99:74:a0:6c:30:d8:bd:e4:
         a2:31:9e:92:0f:ae:1d:98:c3:ef:e8:a3:fa:ac:04:6b:f8:e2:
         41:67:f9:24:88:7c:08:85:59:26:c5:3a:0f:b1:ee:d1:f7:3b:
         75:e5:3b:16:3e:0c:26:74:80:ee:22:c8:ea:0d:35:f8:f0:2c:
         15:3b:b0:3c
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYYRa6X14CtvhojU5VJg3VrHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwMjAyMDkxODMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzdlYzZjMzIzY2I2MDcyODBiNGViMWNhOWQyZGJjYjU0YWZmMzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7crmqfWCzFkVh6O4V2CuGf0mhTg
/vsnBsF6OXXHExPqSErxmzp0u2jn8/bYZUH6NbNMtES3GImGWtVy44iQt3uDFbXz
HIEgqrNaZRp3CIHMXAsXHlIN5VrEfNtFd95CFkR4SnnHA1i52i48mSTJA9wbbvCN
EVs7lD59txAV6h3tBUbSmTva3PD/n8pIdX4pAU3UhiRrrgJJYifCrAOymXZKav9F
+jsLGbxEyXPkBLyieeaDQGpvKT4dPvIzMXwW95RtC+ZHlbTWN6jxp0kMyAuTXCil
drRpqcGglehF/urspP76UdJqx4Vnkcw9pERB5LDHCgzLDVffcy8vq3QmGwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFIx+xsMjy2BygLTrHKnS28tUr/OGMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvakg3R3d5UExZSEtBdE9zY3FkTGJ5MVN2ODRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEMAwDBAEFaR4D
BAAFaSADBAEFaSYDBAAFaT8DBAAFaWADBAAFaYgDBAAFabgDBAAFacgDBAAFadcD
BAAFaeIDBAAFafcwDQYJKoZIhvcNAQELBQADggEBAM0bN0K3eZaXQ2JMNFLPUnv6
i6nAqqXhUxDTXezwGEwxjKXzKoSBS1rwaBSGP3OJMbtS2pZUyNPVgzTmlYmxyPYv
xfciJRovPDb70coZDRi04hhN3taPcNiINQdFh7QzUhMd8D8/ScdjEKuWcOUwOnsw
AG0REVQLXoRr0BsCd5t5caTUkKoPHRzm7upj+VsXwbikaKmC0gcLBB8UAa4pq7jH
CVUe2AbWdjfFsn+Y2mbejEUgT0L9UWXspLrR5OSZdKBsMNi95KIxnpIPrh2Yw+/o
o/qsBGv44kFn+SSIfAiFWSbFOg+x7tH3O3XlOxY+DCZ0gO4iyOoNNfjwLBU7sDw=
-----END CERTIFICATE-----