Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/j0-5Yslf57UUEyns6seLA5KlcN4.roa
File:                     j0-5Yslf57UUEyns6seLA5KlcN4.roa (raw, json)
Hash identifier:          rEVzjQdQuajGpBb5BfhHKx4I2z/eIGrcWDm78zUqGzk=
Subject key identifier:   8F:4F:B9:62:C9:5F:E7:B5:14:13:29:EC:EA:C7:8B:03:92:A5:70:DE
Certificate issuer:       /CN=9812e491aaa655b6324dbcc0cff00a8d63191076
Certificate serial:       018CC348FFF0C1F9BCBC86A9586C09FBF140
Authority key identifier: 98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/j0-5Yslf57UUEyns6seLA5KlcN4.roa
Signing time:             Mon 01 Jan 2024 04:29:50 +0000
ROA not before:           Mon 01 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8362
IP address blocks:        5.158.240.0/20 maxlen: 20
                          79.141.192.0/24 maxlen: 24
                          79.141.197.0/24 maxlen: 24
                          79.141.193.0/24 maxlen: 24
                          79.141.206.0/23 maxlen: 23
                          195.146.224.0/20 maxlen: 20
                          37.220.48.0/20 maxlen: 20
                          46.162.128.0/18 maxlen: 18
                          195.146.240.0/20 maxlen: 20
                          185.9.96.0/22 maxlen: 22
                          62.64.32.0/19 maxlen: 19
                          2a01:8e80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 15 Jan 2024 10:17:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ff:f0:c1:f9:bc:bc:86:a9:58:6c:09:fb:f1:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9812e491aaa655b6324dbcc0cff00a8d63191076
        Validity
            Not Before: Jan  1 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f4fb962c95fe7b5141329eceac78b0392a570de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b2:bd:55:46:ad:c8:fe:9e:72:06:29:9e:1a:
                    7b:44:3d:3b:11:f5:ed:e5:df:13:4c:cb:55:53:e0:
                    b8:92:70:94:80:9d:fb:e4:48:88:7d:52:2a:a4:b9:
                    f3:e9:c7:69:cd:e9:3a:0d:11:97:01:00:1f:91:20:
                    9d:c6:9f:06:1e:d0:36:75:18:44:31:82:1d:51:5b:
                    b5:7a:14:15:d1:b5:78:eb:bd:bc:33:3d:a3:d5:c7:
                    12:7b:8d:9e:84:bf:3e:b9:74:b3:9d:29:57:02:ac:
                    1c:6b:ea:c2:c4:59:9a:a8:69:e2:39:86:5e:b2:94:
                    c6:b8:91:b2:ac:92:fb:2c:6f:e7:ec:98:c6:e8:da:
                    27:28:6f:b8:37:92:e3:14:cd:0b:52:47:20:da:d1:
                    bb:cf:4b:6b:99:cc:72:6a:03:3e:e2:2f:45:76:be:
                    80:6d:c9:e3:db:24:52:8c:bb:42:13:42:6b:b5:65:
                    3c:8c:6a:e1:84:b3:7b:0b:d7:1e:70:61:b0:0a:9f:
                    06:16:f4:d2:f6:b7:c0:33:5c:e3:d3:17:12:82:d3:
                    dd:69:47:14:2e:d3:07:e6:25:52:33:95:9c:a3:3d:
                    42:36:94:76:84:21:5c:4c:99:7a:86:42:c0:35:d8:
                    b4:68:5b:2a:3c:b1:1a:5a:d2:f5:8f:55:47:d9:45:
                    83:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:4F:B9:62:C9:5F:E7:B5:14:13:29:EC:EA:C7:8B:03:92:A5:70:DE
            X509v3 Authority Key Identifier:
                keyid:98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/j0-5Yslf57UUEyns6seLA5KlcN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.240.0/20
                  37.220.48.0/20
                  46.162.128.0/18
                  62.64.32.0/19
                  79.141.192.0/23
                  79.141.197.0/24
                  79.141.206.0/23
                  185.9.96.0/22
                  195.146.224.0/19
                IPv6:
                  2a01:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:b3:b7:4f:d1:60:7f:d8:50:6b:10:9d:bf:50:a8:89:f7:ae:
         cf:d3:3d:92:04:9c:ff:98:fa:dd:eb:47:4e:21:d7:82:b8:99:
         0f:5a:c0:7a:ff:54:e3:d3:c7:3f:3a:30:01:82:fd:95:c0:6b:
         3c:52:dc:1e:5f:f6:a1:18:4c:19:db:48:bc:99:ba:5a:cd:0c:
         9a:0e:bd:51:8a:c6:36:86:4b:7a:5e:de:40:8b:e6:55:f5:d2:
         80:2f:ff:88:87:cc:52:b7:25:b0:7f:77:d9:d8:1a:49:fd:eb:
         f0:07:9e:d4:16:95:13:f8:30:6a:15:45:4a:c8:93:7a:a3:42:
         93:45:0a:82:97:ed:d2:8b:51:ef:8b:a6:7e:0e:69:db:e5:7f:
         45:b1:bd:ed:22:3d:80:18:ac:2a:97:97:36:d5:5e:1d:e6:74:
         a3:68:31:0e:71:54:f7:0e:67:48:20:17:45:c1:a2:c2:34:aa:
         16:bc:80:58:6b:a4:19:1f:46:4f:cc:3e:34:10:ba:48:bd:ea:
         f9:b6:47:11:09:a1:eb:3a:01:87:16:ca:3f:d3:d7:ad:4d:4c:
         c1:31:c2:2f:6a:9c:77:79:b5:60:5c:b2:84:e0:c2:e9:21:df:
         46:cb:55:a4:52:a8:5b:1d:9f:89:9a:df:cb:6e:87:69:a6:67:
         63:a1:35:63
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYzDSP/wwfm8vIapWGwJ+/FAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTJlNDkxYWFhNjU1YjYzMjRkYmNjMGNmZjAwYThkNjMx
OTEwNzYwHhcNMjQwMTAxMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjRmYjk2MmM5NWZlN2I1MTQxMzI5ZWNlYWM3OGIwMzkyYTU3MGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LK9VUatyP6ecgYpnhp7RD07EfXt
5d8TTMtVU+C4knCUgJ375EiIfVIqpLnz6cdpzek6DRGXAQAfkSCdxp8GHtA2dRhE
MYIdUVu1ehQV0bV46728Mz2j1ccSe42ehL8+uXSznSlXAqwca+rCxFmaqGniOYZe
spTGuJGyrJL7LG/n7JjG6NonKG+4N5LjFM0LUkcg2tG7z0trmcxyagM+4i9Fdr6A
bcnj2yRSjLtCE0JrtWU8jGrhhLN7C9cecGGwCp8GFvTS9rfAM1zj0xcSgtPdaUcU
LtMH5iVSM5Wcoz1CNpR2hCFcTJl6hkLANdi0aFsqPLEaWtL1j1VH2UWDaQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFI9PuWLJX+e1FBMp7OrHiwOSpXDeMB8GA1UdIwQY
MBaAFJgS5JGqplW2Mk28wM/wCo1jGRB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUt
ZGZmZTE3ZjNkYjU0LzEvajAtNVlzbGY1N1VVRXluczZzZUxBNUtsY040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUtZGZmZTE3ZjNkYjU0
LzEvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQEBZ7wAwQE
JdwwAwQGLqKAAwQFPkAgAwQBT43AAwQAT43FAwQBT43OAwQCuQlgAwQFw5LgMA0E
AgACMAcDBQMqAY6AMA0GCSqGSIb3DQEBCwUAA4IBAQBCs7dP0WB/2FBrEJ2/UKiJ
967P0z2SBJz/mPrd60dOIdeCuJkPWsB6/1Tj08c/OjABgv2VwGs8UtweX/ahGEwZ
20i8mbpazQyaDr1RisY2hkt6Xt5Ai+ZV9dKAL/+Ih8xStyWwf3fZ2BpJ/evwB57U
FpUT+DBqFUVKyJN6o0KTRQqCl+3Si1Hvi6Z+Dmnb5X9Fsb3tIj2AGKwql5c21V4d
5nSjaDEOcVT3DmdIIBdFwaLCNKoWvIBYa6QZH0ZPzD40ELpIver5tkcRCaHrOgGH
Fso/09etTUzBMcIvapx3ebVgXLKE4MLpId9Gy1WkUqhbHZ+Jmt/LbodppmdjoTVj
-----END CERTIFICATE-----