Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/uf131WJvVbqedfzabddxjlcPawg.roa
File:                     uf131WJvVbqedfzabddxjlcPawg.roa (raw, json)
Hash identifier:          P7eLNInBuzrHHQfQedKyNEOCecR24Vnyd3bdY1bx6pY=
Subject key identifier:   B9:FD:77:D5:62:6F:55:BA:9E:75:FC:DA:6D:D7:71:8E:57:0F:6B:08
Certificate issuer:       /CN=39027738f978feda24a9d87b0cb8bb9aa7af540d
Certificate serial:       0190A60C2D9189DB7583B804F4109CA58629
Authority key identifier: 39:02:77:38:F9:78:FE:DA:24:A9:D8:7B:0C:B8:BB:9A:A7:AF:54:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQJ3OPl4_tokqdh7DLi7mqevVA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/uf131WJvVbqedfzabddxjlcPawg.roa
Signing time:             Fri 12 Jul 2024 08:25:34 +0000
ROA not before:           Fri 12 Jul 2024 08:25:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202207
IP address blocks:        5.56.160.0/21 maxlen: 21
                          5.56.160.0/24 maxlen: 24
                          5.56.161.0/24 maxlen: 24
                          5.56.162.0/24 maxlen: 24
                          5.56.163.0/24 maxlen: 24
                          5.56.164.0/24 maxlen: 24
                          5.56.165.0/24 maxlen: 24
                          5.56.166.0/24 maxlen: 24
                          5.56.167.0/24 maxlen: 24
                          5.181.44.0/22 maxlen: 22
                          5.181.44.0/24 maxlen: 24
                          5.181.45.0/24 maxlen: 24
                          5.181.46.0/24 maxlen: 24
                          5.181.47.0/24 maxlen: 24
                          185.5.124.0/22 maxlen: 22
                          185.5.124.0/24 maxlen: 24
                          185.5.125.0/24 maxlen: 24
                          185.5.126.0/24 maxlen: 24
                          185.5.127.0/24 maxlen: 24
                          2a03:1c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 18 Jul 2024 08:38:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a6:0c:2d:91:89:db:75:83:b8:04:f4:10:9c:a5:86:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39027738f978feda24a9d87b0cb8bb9aa7af540d
        Validity
            Not Before: Jul 12 08:25:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9fd77d5626f55ba9e75fcda6dd7718e570f6b08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:bd:5a:6f:c6:82:ab:12:1c:cc:af:7c:8a:6b:
                    b4:0d:71:1f:50:8d:42:1f:e6:d6:79:c0:00:81:c8:
                    d1:87:c4:89:9f:d1:f7:f9:6c:2c:70:b3:73:d1:0a:
                    9a:bd:45:27:9d:9e:ee:34:bb:cb:4e:94:b1:8c:27:
                    ef:2d:28:66:39:b1:91:6b:df:c7:8d:9f:36:40:73:
                    fe:06:d1:42:e1:d6:be:6e:0e:59:e1:bd:f4:c0:93:
                    1f:79:be:48:5d:60:46:26:e3:b2:6e:be:35:f9:f3:
                    f0:7e:a9:46:13:81:a2:a2:5b:78:98:4e:04:b5:6a:
                    59:a0:b0:91:b4:15:2a:6a:3f:9d:6b:92:d2:15:92:
                    62:33:0d:67:57:8f:c3:34:b7:5c:82:44:ae:0c:b6:
                    56:57:83:9f:00:8f:a6:b7:15:38:10:8d:3f:0c:99:
                    10:94:2f:9d:c4:15:ed:01:82:e4:86:02:c3:d4:ca:
                    f6:36:18:d0:63:0c:af:f3:da:70:43:f9:c6:7a:cf:
                    9a:ec:91:d2:78:7d:ba:03:2f:19:32:c3:88:88:c3:
                    f5:ef:e8:2d:ef:0e:92:5c:77:58:0d:bd:fb:07:12:
                    06:fa:fb:0a:a3:32:44:54:7c:9f:be:69:c6:f6:81:
                    00:ec:e2:0e:dc:81:00:95:30:a6:ce:76:db:30:af:
                    36:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FD:77:D5:62:6F:55:BA:9E:75:FC:DA:6D:D7:71:8E:57:0F:6B:08
            X509v3 Authority Key Identifier:
                keyid:39:02:77:38:F9:78:FE:DA:24:A9:D8:7B:0C:B8:BB:9A:A7:AF:54:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQJ3OPl4_tokqdh7DLi7mqevVA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/uf131WJvVbqedfzabddxjlcPawg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/OQJ3OPl4_tokqdh7DLi7mqevVA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.160.0/21
                  5.181.44.0/22
                  185.5.124.0/22
                IPv6:
                  2a03:1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:7a:d9:2a:02:70:ea:82:32:40:5e:a0:4d:fa:4c:57:52:b0:
         b1:5b:15:1b:da:b6:d0:c4:c1:4f:24:9d:eb:61:4d:4a:9b:85:
         b2:bd:8f:cf:c2:5c:78:b1:fc:7f:df:3c:ee:5c:59:4b:89:d1:
         32:e3:cc:74:18:89:09:f0:6e:78:d1:38:8a:89:96:47:a2:92:
         ea:48:8f:dc:48:75:a3:2a:15:4e:0b:7a:39:e6:d8:65:af:f2:
         a3:e7:aa:96:ab:5f:26:46:76:61:78:9d:da:f2:46:2a:53:fc:
         61:43:29:df:6a:c4:32:cf:74:01:90:95:5b:9b:ab:5f:9c:72:
         f5:3e:7b:dd:f4:59:33:d5:1a:1e:a9:7f:44:f4:e6:25:91:a3:
         99:62:c0:76:64:54:96:9c:a9:e8:87:1f:fd:20:cb:65:f4:61:
         28:a4:bf:13:53:97:c4:2a:6e:f1:3b:ae:ba:d4:0f:9d:81:1b:
         e8:8d:57:80:68:5c:7e:85:3c:e3:7a:bf:67:78:2c:7b:d9:62:
         7a:3e:5c:46:3e:eb:2b:26:38:23:b4:56:0a:a9:74:5e:81:bd:
         7d:f8:9a:67:c5:24:76:b3:d9:8c:39:71:7c:a5:62:92:12:60:
         dd:3b:1e:34:a3:ae:97:99:c4:ee:03:5c:9a:59:b2:0c:b7:c7:
         ca:8b:4b:b1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZCmDC2Ridt1g7gE9BCcpYYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MDI3NzM4Zjk3OGZlZGEyNGE5ZDg3YjBjYjhiYjlhYTdh
ZjU0MGQwHhcNMjQwNzEyMDgyNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZkNzdkNTYyNmY1NWJhOWU3NWZjZGE2ZGQ3NzE4ZTU3MGY2YjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuL1ab8aCqxIczK98imu0DXEfUI1C
H+bWecAAgcjRh8SJn9H3+WwscLNz0QqavUUnnZ7uNLvLTpSxjCfvLShmObGRa9/H
jZ82QHP+BtFC4da+bg5Z4b30wJMfeb5IXWBGJuOybr41+fPwfqlGE4Giolt4mE4E
tWpZoLCRtBUqaj+da5LSFZJiMw1nV4/DNLdcgkSuDLZWV4OfAI+mtxU4EI0/DJkQ
lC+dxBXtAYLkhgLD1Mr2NhjQYwyv89pwQ/nGes+a7JHSeH26Ay8ZMsOIiMP17+gt
7w6SXHdYDb37BxIG+vsKozJEVHyfvmnG9oEA7OIO3IEAlTCmznbbMK82vwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLn9d9Vib1W6nnX82m3XcY5XD2sIMB8GA1UdIwQY
MBaAFDkCdzj5eP7aJKnYewy4u5qnr1QNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1FKM09QbDRfdG9rcWRoN0RMaTdtcWV2VkEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iOTExN2MtNTFjNS00YWY4LWJiZWYt
ZjVkOGFiN2MxNWYwLzEvdWYxMzFXSnZWYnFlZGZ6YWJkZHhqbGNQYXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iOTExN2MtNTFjNS00YWY4LWJiZWYtZjVkOGFiN2MxNWYw
LzEvT1FKM09QbDRfdG9rcWRoN0RMaTdtcWV2VkEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBTigAwQC
BbUsAwQCuQV8MA0EAgACMAcDBQAqAwHAMA0GCSqGSIb3DQEBCwUAA4IBAQCNetkq
AnDqgjJAXqBN+kxXUrCxWxUb2rbQxMFPJJ3rYU1Km4WyvY/Pwlx4sfx/3zzuXFlL
idEy48x0GIkJ8G540TiKiZZHopLqSI/cSHWjKhVOC3o55thlr/Kj56qWq18mRnZh
eJ3a8kYqU/xhQynfasQyz3QBkJVbm6tfnHL1Pnvd9Fkz1RoeqX9E9OYlkaOZYsB2
ZFSWnKnohx/9IMtl9GEopL8TU5fEKm7xO6661A+dgRvojVeAaFx+hTzjer9neCx7
2WJ6PlxGPusrJjgjtFYKqXRegb19+JpnxSR2s9mMOXF8pWKSEmDdOx40o66XmcTu
A1yaWbIMt8fKi0ux
-----END CERTIFICATE-----