Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5-JS_jkX6cUREJthUjLLYHOE2zc.roa
File:                     5-JS_jkX6cUREJthUjLLYHOE2zc.roa (raw, json)
Hash identifier:          Ko22vOOKv7sKn/9cozvQIRyPZt/t/D7EAItlJzTcgdQ=
Subject key identifier:   E7:E2:52:FE:39:17:E9:C5:11:10:9B:61:52:32:CB:60:73:84:DB:37
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D54B317CD5D6D0F13A69418635BFE40BE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5-JS_jkX6cUREJthUjLLYHOE2zc.roa
Signing time:             Mon 29 Jan 2024 10:10:39 +0000
ROA not before:           Mon 29 Jan 2024 10:10:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        81.168.119.0/24 maxlen: 24
                          82.153.136.0/22 maxlen: 22
                          82.153.220.0/24 maxlen: 24
                          89.213.41.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24
                          89.213.140.0/24 maxlen: 24
                          89.213.148.0/22 maxlen: 24
                          89.213.152.0/22 maxlen: 24
                          89.213.156.0/22 maxlen: 24
                          89.213.165.0/24 maxlen: 24
                          89.213.172.0/22 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24
                          185.49.126.0/23 maxlen: 24
                          213.152.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 29 Jan 2024 15:03:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:54:b3:17:cd:5d:6d:0f:13:a6:94:18:63:5b:fe:40:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 29 10:10:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7e252fe3917e9c511109b615232cb607384db37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6d:62:92:c6:0d:4a:a2:cc:d8:b2:c3:03:bf:
                    e8:c9:2b:e2:a2:66:a8:bc:cb:c9:ae:47:9b:21:0c:
                    5d:c3:94:6d:13:0f:0f:1d:35:d2:59:0a:b4:41:b7:
                    49:0b:49:17:d4:a3:77:f5:ff:7d:a7:b6:87:d1:07:
                    4c:a4:07:c6:5c:86:cb:7b:3a:3d:92:24:40:a3:2e:
                    60:80:b2:ff:e2:44:af:25:a5:80:00:23:af:7e:a4:
                    06:4a:97:2c:b8:3f:95:4a:b4:45:97:86:ca:ca:b3:
                    18:cd:f1:3b:d6:fb:33:ab:2a:e5:01:89:59:b1:e7:
                    07:b5:0d:a9:5a:bd:10:b1:fd:d1:7f:68:05:f0:4b:
                    1f:cb:c9:8f:4f:3e:f4:90:3a:4a:01:86:ec:1e:95:
                    39:e1:84:9f:cf:d3:aa:1c:82:32:91:c8:d9:a1:81:
                    6a:bd:f4:c5:2a:3a:da:95:18:9b:59:fe:15:fc:8c:
                    99:ee:18:2e:5e:b6:37:c9:79:cb:1d:99:09:7c:9e:
                    7b:a2:d5:52:17:7c:d1:13:d2:71:75:11:e4:67:c1:
                    56:5e:45:6c:11:1d:4a:32:bf:9e:14:84:e8:19:20:
                    ad:f5:19:8f:2e:5d:04:27:e9:2d:a5:34:7a:05:4e:
                    86:3f:20:16:b5:e8:19:ca:9a:78:04:dd:1c:74:f7:
                    9b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E2:52:FE:39:17:E9:C5:11:10:9B:61:52:32:CB:60:73:84:DB:37
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5-JS_jkX6cUREJthUjLLYHOE2zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.119.0/24
                  82.153.136.0/22
                  82.153.220.0/24
                  89.213.41.0/24
                  89.213.131.0/24
                  89.213.140.0/24
                  89.213.148.0-89.213.159.255
                  89.213.165.0/24
                  89.213.172.0/22
                  89.213.180.0/24
                  185.49.126.0/23
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:92:de:dc:36:6b:3b:4a:d7:b2:6a:64:67:43:cf:0c:e9:99:
         21:e3:32:b7:23:c3:9d:2f:47:b3:14:71:9d:4e:ee:f6:b8:3c:
         cc:4d:9b:f2:1c:f4:78:0e:a4:86:0f:2e:5b:4a:90:6f:52:e4:
         cb:aa:42:35:e7:e7:59:51:ea:10:8d:13:e4:92:96:21:89:94:
         dc:2a:46:61:0d:0d:bd:55:11:5b:6d:9d:83:47:5c:18:19:df:
         86:24:88:fc:7f:2a:9e:d6:4e:c8:63:73:1c:0f:7d:61:9a:60:
         f8:51:70:39:e4:1d:b6:91:ab:15:b9:91:4b:e5:86:20:0e:ee:
         18:d7:8c:57:31:32:b5:c9:4f:73:ff:70:f4:b4:1c:3c:c5:e2:
         ec:65:76:70:22:33:4f:b7:87:1d:4a:c4:01:49:cd:dc:8f:87:
         9f:4d:59:5a:b8:6d:68:3c:12:73:37:da:ec:3e:ed:3c:dd:5a:
         bd:51:2d:b0:34:8c:ae:39:59:17:92:4c:34:34:4b:14:16:70:
         65:86:bd:23:a8:a6:64:e2:93:f3:17:7e:b0:13:25:9a:af:10:
         78:22:5c:59:4c:57:1e:67:64:76:ae:4d:84:1b:b4:0b:99:41:
         12:b7:6f:62:51:b2:03:5c:9b:e3:ea:1a:ab:cb:9d:e9:33:a3:
         0d:dc:24:1c
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAY1UsxfNXW0PE6aUGGNb/kC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTI5MTAxMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2UyNTJmZTM5MTdlOWM1MTExMDliNjE1MjMyY2I2MDczODRkYjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoW1iksYNSqLM2LLDA7/oySviomao
vMvJrkebIQxdw5RtEw8PHTXSWQq0QbdJC0kX1KN39f99p7aH0QdMpAfGXIbLezo9
kiRAoy5ggLL/4kSvJaWAACOvfqQGSpcsuD+VSrRFl4bKyrMYzfE71vszqyrlAYlZ
secHtQ2pWr0Qsf3Rf2gF8Esfy8mPTz70kDpKAYbsHpU54YSfz9OqHIIykcjZoYFq
vfTFKjralRibWf4V/IyZ7hguXrY3yXnLHZkJfJ57otVSF3zRE9JxdRHkZ8FWXkVs
ER1KMr+eFIToGSCt9RmPLl0EJ+ktpTR6BU6GPyAWtegZypp4BN0cdPebfwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFOfiUv45F+nFERCbYVIyy2BzhNs3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNS1KU19qa1g2Y1VSRUp0aFVqTExZSE9FMnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAUah3AwQC
UpmIAwQAUpncAwQAWdUpAwQAWdWDAwQAWdWMMAwDBAJZ1ZQDBAVZ1YADBABZ1aUD
BAJZ1awDBABZ1bQDBAG5MX4DBADVmCowDQYJKoZIhvcNAQELBQADggEBACCS3tw2
aztK17JqZGdDzwzpmSHjMrcjw50vR7MUcZ1O7va4PMxNm/Ic9HgOpIYPLltKkG9S
5MuqQjXn51lR6hCNE+SSliGJlNwqRmENDb1VEVttnYNHXBgZ34YkiPx/Kp7WTshj
cxwPfWGaYPhRcDnkHbaRqxW5kUvlhiAO7hjXjFcxMrXJT3P/cPS0HDzF4uxldnAi
M0+3hx1KxAFJzdyPh59NWVq4bWg8EnM32uw+7TzdWr1RLbA0jK45WReSTDQ0SxQW
cGWGvSOopmTik/MXfrATJZqvEHgiXFlMVx5nZHauTYQbtAuZQRK3b2JRsgNcm+Pq
GqvLnekzow3cJBw=
-----END CERTIFICATE-----