Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/5I6Cu5GBNLoHcM5v28nm3uBhiKA.roa
File:                     5I6Cu5GBNLoHcM5v28nm3uBhiKA.roa (raw, json)
Hash identifier:          M3QhZc2b3eJEdfVKBmXT/KMqjih443EttzASfJsTDDg=
Subject key identifier:   E4:8E:82:BB:91:81:34:BA:07:70:CE:6F:DB:C9:E6:DE:E0:61:88:A0
Certificate issuer:       /CN=c74ca0855178a0cdd71914bcf223aa31af6369a4
Certificate serial:       0189DADAC99723CB866CBFBA2DEF6B78D726
Authority key identifier: C7:4C:A0:85:51:78:A0:CD:D7:19:14:BC:F2:23:AA:31:AF:63:69:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0yghVF4oM3XGRS88iOqMa9jaaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/5I6Cu5GBNLoHcM5v28nm3uBhiKA.roa
Signing time:             Wed 09 Aug 2023 15:11:58 +0000
ROA not before:           Wed 09 Aug 2023 15:11:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59790
IP address blocks:        194.135.200.0/21 maxlen: 21
                          5.183.208.0/24 maxlen: 24
                          94.176.100.0/22 maxlen: 22
                          193.32.11.0/24 maxlen: 24
                          195.216.136.0/22 maxlen: 22
                          185.67.120.0/24 maxlen: 24
                          185.107.24.0/22 maxlen: 22
                          93.92.116.0/22 maxlen: 22
                          193.124.144.0/21 maxlen: 21
                          5.154.233.0/24 maxlen: 24
                          185.224.116.0/22 maxlen: 22
                          185.125.36.0/22 maxlen: 22
                          193.124.76.0/22 maxlen: 22
                          185.35.232.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:35:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:da:da:c9:97:23:cb:86:6c:bf:ba:2d:ef:6b:78:d7:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74ca0855178a0cdd71914bcf223aa31af6369a4
        Validity
            Not Before: Aug  9 15:11:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e48e82bb918134ba0770ce6fdbc9e6dee06188a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8b:a6:5f:47:68:b2:72:13:7e:8e:cb:8d:41:
                    e1:56:e0:fc:8b:49:bd:54:c7:48:bf:0c:cb:61:b6:
                    ad:19:b7:47:c8:9b:c2:da:b6:77:56:75:91:2b:58:
                    16:7d:f2:23:53:89:87:9b:5c:e8:ac:c8:60:d0:2c:
                    1e:0c:e0:88:a9:a2:e4:d5:67:54:d1:92:60:1c:91:
                    24:b3:df:15:01:81:bc:83:5a:83:22:b3:e2:a7:b4:
                    2c:9f:3c:0b:bd:5f:ee:be:d5:2d:65:64:39:41:22:
                    4e:66:a8:ad:a3:fd:d4:ad:98:04:10:db:56:5e:47:
                    c8:3e:27:0c:5f:d3:d6:77:31:4a:c6:e9:68:f5:ed:
                    45:02:bc:e7:64:74:ff:38:ec:d2:18:e8:b6:d1:0d:
                    0c:07:de:0a:06:e9:ed:0e:28:a2:51:c8:44:25:1f:
                    66:6d:65:40:4f:32:77:8a:b6:de:b7:d5:b2:2c:e3:
                    99:64:f2:3a:68:c7:fe:00:4a:ab:21:c7:ed:c1:bd:
                    19:d4:43:c2:1c:2e:f5:d9:54:a7:f1:83:78:23:2d:
                    c7:65:91:59:8e:ed:e5:62:0e:36:f8:8e:d3:43:aa:
                    23:51:f9:1d:98:ca:19:ab:7f:98:a8:e9:7a:c9:cf:
                    de:0f:8a:de:b9:a5:97:ee:bf:79:d3:4c:30:58:45:
                    61:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:8E:82:BB:91:81:34:BA:07:70:CE:6F:DB:C9:E6:DE:E0:61:88:A0
            X509v3 Authority Key Identifier:
                keyid:C7:4C:A0:85:51:78:A0:CD:D7:19:14:BC:F2:23:AA:31:AF:63:69:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0yghVF4oM3XGRS88iOqMa9jaaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/5I6Cu5GBNLoHcM5v28nm3uBhiKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f220a0-df81-42fb-b714-dedd35293230/1/x0yghVF4oM3XGRS88iOqMa9jaaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.233.0/24
                  5.183.208.0/24
                  93.92.116.0/22
                  94.176.100.0/22
                  185.35.232.0/22
                  185.67.120.0/24
                  185.107.24.0/22
                  185.125.36.0/22
                  185.224.116.0/22
                  193.32.11.0/24
                  193.124.76.0/22
                  193.124.144.0/21
                  194.135.200.0/21
                  195.216.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:56:8f:56:cf:01:1d:15:05:d7:84:d1:f1:f6:4f:40:99:2a:
         15:2a:26:fb:e4:0f:d1:1a:a1:f7:fa:e8:f5:1c:c2:5b:7b:59:
         32:89:7a:4f:2a:e0:37:bb:cb:f7:c4:b3:db:8f:4b:bb:2c:9a:
         06:2f:ff:03:8e:7b:51:c5:74:9b:f6:ef:4a:e1:dd:d2:e9:e6:
         16:d6:ec:6e:f2:80:51:3f:bf:46:ec:96:0c:68:1b:75:3c:f0:
         ff:de:ae:84:f9:31:95:5e:32:29:d6:5e:94:1e:5c:9c:b9:02:
         4c:e4:a0:f5:e2:ab:c6:c4:7c:6a:9d:20:b0:1a:1d:98:2a:e4:
         6e:ca:8e:ca:67:44:e9:50:ad:92:01:0a:eb:00:ef:c0:1c:8e:
         f5:26:43:0b:34:b1:16:3f:a0:f6:2f:26:78:1b:1d:c6:c4:8d:
         bf:42:e0:85:53:af:7e:1e:02:c8:e1:c1:7f:0c:7b:f3:30:97:
         34:ef:64:4d:bf:f1:c9:98:98:84:61:ef:7c:5b:b7:e0:9c:91:
         3e:13:1d:f3:a6:d0:ad:56:e6:e5:1c:b2:17:b3:a4:9c:4a:fa:
         21:0d:ff:5a:75:07:b8:1e:9f:02:79:95:5c:c6:52:ef:e4:2a:
         9a:01:87:f3:e2:fa:b0:20:4a:73:d4:b5:12:1e:1e:88:a4:c6:
         12:54:b8:f8
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYna2smXI8uGbL+6Le9reNcmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGNhMDg1NTE3OGEwY2RkNzE5MTRiY2YyMjNhYTMxYWY2
MzY5YTQwHhcNMjMwODA5MTUxMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDhlODJiYjkxODEzNGJhMDc3MGNlNmZkYmM5ZTZkZWUwNjE4OGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYumX0dosnITfo7LjUHhVuD8i0m9
VMdIvwzLYbatGbdHyJvC2rZ3VnWRK1gWffIjU4mHm1zorMhg0CweDOCIqaLk1WdU
0ZJgHJEks98VAYG8g1qDIrPip7QsnzwLvV/uvtUtZWQ5QSJOZqito/3UrZgEENtW
XkfIPicMX9PWdzFKxulo9e1FArznZHT/OOzSGOi20Q0MB94KBuntDiiiUchEJR9m
bWVATzJ3irbet9WyLOOZZPI6aMf+AEqrIcftwb0Z1EPCHC712VSn8YN4Iy3HZZFZ
ju3lYg42+I7TQ6ojUfkdmMoZq3+YqOl6yc/eD4reuaWX7r9500wwWEVhlwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFOSOgruRgTS6B3DOb9vJ5t7gYYigMB8GA1UdIwQY
MBaAFMdMoIVReKDN1xkUvPIjqjGvY2mkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB5Z2hWRjRvTTNYR1JTODhpT3FNYTlqYWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mMjIwYTAtZGY4MS00MmZiLWI3MTQt
ZGVkZDM1MjkzMjMwLzEvNUk2Q3U1R0JOTG9IY001djI4bm0zdUJoaUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mMjIwYTAtZGY4MS00MmZiLWI3MTQtZGVkZDM1MjkzMjMw
LzEveDB5Z2hWRjRvTTNYR1JTODhpT3FNYTlqYWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQABZrpAwQA
BbfQAwQCXVx0AwQCXrBkAwQCuSPoAwQAuUN4AwQCuWsYAwQCuX0kAwQCueB0AwQA
wSALAwQCwXxMAwQDwXyQAwQDwofIAwQCw9iIMA0GCSqGSIb3DQEBCwUAA4IBAQCO
Vo9WzwEdFQXXhNHx9k9AmSoVKib75A/RGqH3+uj1HMJbe1kyiXpPKuA3u8v3xLPb
j0u7LJoGL/8DjntRxXSb9u9K4d3S6eYW1uxu8oBRP79G7JYMaBt1PPD/3q6E+TGV
XjIp1l6UHlycuQJM5KD14qvGxHxqnSCwGh2YKuRuyo7KZ0TpUK2SAQrrAO/AHI71
JkMLNLEWP6D2LyZ4Gx3GxI2/QuCFU69+HgLI4cF/DHvzMJc072RNv/HJmJiEYe98
W7fgnJE+Ex3zptCtVublHLIXs6ScSvohDf9adQe4Hp8CeZVcxlLv5CqaAYfz4vqw
IEpz1LUSHh6IpMYSVLj4
-----END CERTIFICATE-----