Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5vgi04gmsV53U2jdKYS1AEm2EAE.roa
File:                     5vgi04gmsV53U2jdKYS1AEm2EAE.roa (raw, json)
Hash identifier:          0Mv73qANAt7K2JTVf9HV1HzeiHdEjH8DbjOg9De71x8=
Subject key identifier:   E6:F8:22:D3:88:26:B1:5E:77:53:68:DD:29:84:B5:00:49:B6:10:01
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F04C7B91E6E392DB11D748EE3C268C3DA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5vgi04gmsV53U2jdKYS1AEm2EAE.roa
Signing time:             Mon 22 Apr 2024 07:49:08 +0000
ROA not before:           Mon 22 Apr 2024 07:49:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.114.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.153.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 13 May 2024 20:35:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:04:c7:b9:1e:6e:39:2d:b1:1d:74:8e:e3:c2:68:c3:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 22 07:49:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6f822d38826b15e775368dd2984b50049b61001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b6:c4:d7:e3:bc:89:f9:7c:fe:cf:cc:7b:b1:
                    51:24:a0:a9:78:d0:0d:1f:c7:a8:7a:25:f4:3a:02:
                    ed:4b:d7:06:17:16:3f:cb:3d:27:04:20:2e:4e:b3:
                    3b:45:76:c9:b0:74:7a:04:30:22:07:c4:f7:02:6b:
                    7d:09:52:02:c2:c3:c0:cb:ca:d8:21:83:05:58:9a:
                    cb:72:19:f8:75:43:35:b2:ea:cc:2d:7a:84:3d:16:
                    37:76:c0:31:ed:e7:e5:30:6e:fc:90:a5:0f:0a:1b:
                    bd:fe:ab:a0:f8:f8:50:e7:4a:be:bc:56:cd:8a:32:
                    97:f9:fc:b6:1e:6b:b5:36:e1:c9:87:86:f5:36:a1:
                    e7:54:ba:1c:73:c0:a0:b2:69:b5:e6:23:97:70:b9:
                    19:24:93:d4:fa:41:4b:73:f3:5e:c8:96:4a:8f:cb:
                    cc:4c:5e:55:0a:6f:7a:af:53:df:0f:a1:10:e3:5d:
                    51:6a:f1:39:a9:86:28:ef:7f:c9:37:e3:22:37:da:
                    c1:a7:cf:f6:2c:c7:d5:53:88:3c:63:ee:8a:b2:99:
                    1e:55:a8:03:ab:83:34:1e:18:21:09:ef:ee:a5:23:
                    3e:c2:6d:c0:7c:c8:19:8a:09:6d:35:22:13:55:c6:
                    78:7d:82:07:35:5a:be:22:1b:30:a6:72:ff:3f:ef:
                    60:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:F8:22:D3:88:26:B1:5E:77:53:68:DD:29:84:B5:00:49:B6:10:01
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5vgi04gmsV53U2jdKYS1AEm2EAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.107.0/24
                  89.213.112.0-89.213.114.255
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.227.0/24
                  213.130.137.0/24
                  213.130.152.0-213.130.154.255

    Signature Algorithm: sha256WithRSAEncryption
         96:1d:60:c6:b9:34:b9:e6:f1:fd:2d:1f:e9:16:01:9d:76:22:
         c7:6b:a8:43:0f:82:19:da:8d:bb:81:04:ef:4e:fa:d4:07:e4:
         d8:f4:7a:33:a2:04:e2:a9:8e:b5:0c:23:4e:a5:73:91:1d:12:
         c3:9f:e3:59:1d:db:b0:84:61:b4:ba:4f:9c:85:d6:a0:2e:6f:
         8e:bd:e2:30:87:23:19:a9:17:02:93:b1:1b:6e:f9:55:8a:2d:
         1a:26:d6:24:fd:37:10:6c:ad:6c:b1:d9:04:cb:2a:8e:33:25:
         be:18:f5:d6:8a:ba:7b:42:cd:b2:c2:55:1b:06:56:f3:a0:66:
         c4:18:3a:80:59:98:09:7e:20:16:5c:df:be:66:86:59:da:ab:
         ff:8b:6f:3a:89:70:a9:bf:a7:29:4a:f6:f1:f2:d3:2b:f1:8c:
         41:d2:a5:76:de:2b:cc:05:3f:10:e4:53:62:ff:f0:04:0e:23:
         0c:6b:8a:f7:5b:b2:87:0f:6b:4f:ec:a5:38:35:77:4e:ee:b3:
         f0:da:44:bd:9f:a6:1f:48:d3:31:85:c7:d6:08:a6:99:06:ba:
         be:e6:b1:d0:2a:15:40:61:e6:e8:97:16:cf:c8:c8:1c:8a:01:
         34:b6:2b:cd:dc:d2:9d:72:be:5a:bf:2d:87:30:12:96:ec:ea:
         a7:f7:98:b7
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAY8Ex7kebjktsR10juPCaMPaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDIyMDc0OTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmY4MjJkMzg4MjZiMTVlNzc1MzY4ZGQyOTg0YjUwMDQ5YjYxMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibbE1+O8ifl8/s/Me7FRJKCpeNAN
H8eoeiX0OgLtS9cGFxY/yz0nBCAuTrM7RXbJsHR6BDAiB8T3Amt9CVICwsPAy8rY
IYMFWJrLchn4dUM1surMLXqEPRY3dsAx7eflMG78kKUPChu9/qug+PhQ50q+vFbN
ijKX+fy2Hmu1NuHJh4b1NqHnVLocc8Cgsmm15iOXcLkZJJPU+kFLc/NeyJZKj8vM
TF5VCm96r1PfD6EQ411RavE5qYYo73/JN+MiN9rBp8/2LMfVU4g8Y+6KspkeVagD
q4M0HhghCe/upSM+wm3AfMgZigltNSITVcZ4fYIHNVq+IhswpnL/P+9g1wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFOb4ItOIJrFed1No3SmEtQBJthABMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNXZnaTA0Z21zVjUzVTJqZEtZUzFBRW0yRUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQAWdVrMAwD
BARZ1XADBABZ1XIDBABZ1XQDBABZ1XkDBABZ1Z0DBABZ1eMDBADVgokwDAMEA9WC
mAMEANWCmjANBgkqhkiG9w0BAQsFAAOCAQEAlh1gxrk0uebx/S0f6RYBnXYix2uo
Qw+CGdqNu4EE70761Afk2PR6M6IE4qmOtQwjTqVzkR0Sw5/jWR3bsIRhtLpPnIXW
oC5vjr3iMIcjGakXApOxG275VYotGibWJP03EGytbLHZBMsqjjMlvhj11oq6e0LN
ssJVGwZW86BmxBg6gFmYCX4gFlzfvmaGWdqr/4tvOolwqb+nKUr28fLTK/GMQdKl
dt4rzAU/EORTYv/wBA4jDGuK91uyhw9rT+ylODV3Tu6z8NpEvZ+mH0jTMYXH1gim
mQa6vuax0CoVQGHm6JcWz8jIHIoBNLYrzdzSnXK+Wr8thzASluzqp/eYtw==
-----END CERTIFICATE-----