Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/UpXo_4qpPeBnRKgxTBekL3mRNUM.roa
File:                     UpXo_4qpPeBnRKgxTBekL3mRNUM.roa (raw, json)
Hash identifier:          4JAsR9rIk2sWqZ/1BKdYnCTOUFqpFmVIEBkJPY3wOTM=
Subject key identifier:   52:95:E8:FF:8A:A9:3D:E0:67:44:A8:31:4C:17:A4:2F:79:91:35:43
Certificate issuer:       /CN=9812e491aaa655b6324dbcc0cff00a8d63191076
Certificate serial:       018DC0A884EBC3652C7F840D0BC983932CE8
Authority key identifier: 98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/UpXo_4qpPeBnRKgxTBekL3mRNUM.roa
Signing time:             Mon 19 Feb 2024 09:18:05 +0000
ROA not before:           Mon 19 Feb 2024 09:18:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8362
IP address blocks:        5.158.240.0/20 maxlen: 20
                          37.220.48.0/20 maxlen: 20
                          46.162.128.0/18 maxlen: 18
                          62.64.32.0/19 maxlen: 19
                          79.141.192.0/24 maxlen: 24
                          79.141.193.0/24 maxlen: 24
                          79.141.194.0/24 maxlen: 24
                          79.141.195.0/24 maxlen: 24
                          79.141.197.0/24 maxlen: 24
                          79.141.206.0/23 maxlen: 23
                          195.146.224.0/20 maxlen: 20
                          195.146.240.0/20 maxlen: 20
                          2a01:8e80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 15 Mar 2024 14:34:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c0:a8:84:eb:c3:65:2c:7f:84:0d:0b:c9:83:93:2c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9812e491aaa655b6324dbcc0cff00a8d63191076
        Validity
            Not Before: Feb 19 09:18:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5295e8ff8aa93de06744a8314c17a42f79913543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7d:75:cf:dc:71:e6:0d:82:29:32:44:0e:9d:
                    31:6d:13:5d:d6:8f:d0:24:89:d1:29:5c:be:82:4e:
                    5b:ee:76:17:2b:8b:16:58:90:b3:f5:eb:a0:bf:51:
                    98:97:37:53:cb:c7:c8:cf:61:78:d7:b9:55:02:33:
                    27:d1:61:15:67:bf:b5:44:81:a2:e6:66:ba:83:6e:
                    e5:bc:94:6b:0d:d6:01:da:0f:da:23:18:4d:ff:a7:
                    20:8d:73:64:c5:fd:42:72:42:2d:68:5f:71:b1:55:
                    4a:20:c2:ce:a6:63:b7:5f:33:66:c6:a9:15:1c:8f:
                    04:47:ac:ea:6c:7e:70:86:39:c9:15:db:dd:0b:fb:
                    1b:68:20:89:ea:6b:19:6f:91:7f:f7:54:9e:bb:0d:
                    93:ad:52:80:82:dc:38:18:1d:61:25:06:61:a5:23:
                    90:48:6a:94:ec:18:42:19:86:7b:3c:12:ec:e0:1f:
                    e0:a7:8c:aa:3b:d4:d0:c7:9d:2c:08:02:4b:9a:dd:
                    12:9b:c7:f4:9e:17:07:88:5e:6b:6e:ef:59:fc:48:
                    84:de:c0:aa:8a:55:3e:b4:e5:bc:a2:54:e6:0d:6f:
                    12:16:ff:d6:a1:4a:9a:05:12:91:99:57:5e:ea:a5:
                    2a:99:8e:c7:4b:5f:a4:44:e3:1a:16:dc:b1:93:e7:
                    84:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:95:E8:FF:8A:A9:3D:E0:67:44:A8:31:4C:17:A4:2F:79:91:35:43
            X509v3 Authority Key Identifier:
                keyid:98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/UpXo_4qpPeBnRKgxTBekL3mRNUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.240.0/20
                  37.220.48.0/20
                  46.162.128.0/18
                  62.64.32.0/19
                  79.141.192.0/22
                  79.141.197.0/24
                  79.141.206.0/23
                  195.146.224.0/19
                IPv6:
                  2a01:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:00:6a:5d:57:f4:51:e9:71:c4:70:99:c2:8d:ab:e1:dc:dd:
         8e:64:dd:d2:20:38:55:12:3e:ff:fd:96:13:69:bd:0e:7e:e1:
         10:db:1c:ab:e4:f0:3e:ac:97:5d:05:4a:92:ce:90:69:bb:25:
         45:2e:17:9a:1d:27:97:cf:b8:c1:bb:1c:d1:f9:89:18:69:1d:
         a0:54:7b:ca:d7:8b:48:63:e9:1c:5c:11:db:7d:e7:6f:1e:00:
         44:17:d2:ee:06:dc:f1:d1:ae:f8:73:4b:55:a0:28:fd:3f:04:
         8e:fd:d4:f2:a0:d7:25:b5:5f:ed:5d:ca:e1:5e:41:cb:3e:82:
         c6:e6:7c:d0:32:fb:f6:10:4d:dd:91:89:90:53:1b:2c:b8:1f:
         17:8d:de:9e:6e:b6:53:0e:43:3a:9c:c4:1c:58:fa:64:cf:c6:
         7c:14:d2:a5:07:7a:6a:9a:98:77:aa:33:62:f7:14:9e:cf:9d:
         26:09:dc:3e:49:31:d5:ba:8f:c7:b8:28:5e:5a:95:9c:80:6d:
         ab:2c:b0:43:c3:56:99:f9:0e:1c:2a:87:eb:6b:fb:39:09:0b:
         88:ec:74:0a:d9:92:bf:4c:89:14:fc:e6:9e:c2:e9:84:41:fb:
         5f:93:c6:6b:c0:49:bd:51:7b:72:53:ce:89:65:31:6e:cb:45:
         dc:1a:cf:70
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAY3AqITrw2Usf4QNC8mDkyzoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTJlNDkxYWFhNjU1YjYzMjRkYmNjMGNmZjAwYThkNjMx
OTEwNzYwHhcNMjQwMjE5MDkxODA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjk1ZThmZjhhYTkzZGUwNjc0NGE4MzE0YzE3YTQyZjc5OTEzNTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl311z9xx5g2CKTJEDp0xbRNd1o/Q
JInRKVy+gk5b7nYXK4sWWJCz9eugv1GYlzdTy8fIz2F417lVAjMn0WEVZ7+1RIGi
5ma6g27lvJRrDdYB2g/aIxhN/6cgjXNkxf1CckItaF9xsVVKIMLOpmO3XzNmxqkV
HI8ER6zqbH5whjnJFdvdC/sbaCCJ6msZb5F/91Seuw2TrVKAgtw4GB1hJQZhpSOQ
SGqU7BhCGYZ7PBLs4B/gp4yqO9TQx50sCAJLmt0Sm8f0nhcHiF5rbu9Z/EiE3sCq
ilU+tOW8olTmDW8SFv/WoUqaBRKRmVde6qUqmY7HS1+kROMaFtyxk+eEeQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFFKV6P+KqT3gZ0SoMUwXpC95kTVDMB8GA1UdIwQY
MBaAFJgS5JGqplW2Mk28wM/wCo1jGRB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUt
ZGZmZTE3ZjNkYjU0LzEvVXBYb180cXBQZUJuUktneFRCZWtMM21STlVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUtZGZmZTE3ZjNkYjU0
LzEvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQEBZ7wAwQE
JdwwAwQGLqKAAwQFPkAgAwQCT43AAwQAT43FAwQBT43OAwQFw5LgMA0EAgACMAcD
BQMqAY6AMA0GCSqGSIb3DQEBCwUAA4IBAQBrAGpdV/RR6XHEcJnCjavh3N2OZN3S
IDhVEj7//ZYTab0OfuEQ2xyr5PA+rJddBUqSzpBpuyVFLheaHSeXz7jBuxzR+YkY
aR2gVHvK14tIY+kcXBHbfedvHgBEF9LuBtzx0a74c0tVoCj9PwSO/dTyoNcltV/t
XcrhXkHLPoLG5nzQMvv2EE3dkYmQUxssuB8Xjd6ebrZTDkM6nMQcWPpkz8Z8FNKl
B3pqmph3qjNi9xSez50mCdw+STHVuo/HuCheWpWcgG2rLLBDw1aZ+Q4cKofra/s5
CQuI7HQK2ZK/TIkU/OaewumEQftfk8ZrwEm9UXtyU86JZTFuy0XcGs9w
-----END CERTIFICATE-----