Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/CvQwz61c7r1KSa6LuWNOWSgoDWM.roa
File:                     CvQwz61c7r1KSa6LuWNOWSgoDWM.roa (raw, json)
Hash identifier:          P5du2NbKCSjjat/1KhhF7sbO2iVzNDmBcWb03lVu3+M=
Subject key identifier:   0A:F4:30:CF:AD:5C:EE:BD:4A:49:AE:8B:B9:63:4E:59:28:28:0D:63
Certificate issuer:       /CN=02bbd4f865a12d79a09a034486ce61ba023882c7
Certificate serial:       018D269D2E33B108DC5D97B13878425B0F5F
Authority key identifier: 02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/CvQwz61c7r1KSa6LuWNOWSgoDWM.roa
Signing time:             Sat 20 Jan 2024 11:24:11 +0000
ROA not before:           Sat 20 Jan 2024 11:24:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51020
IP address blocks:        5.62.128.0/24 maxlen: 24
                          5.62.129.0/24 maxlen: 24
                          5.62.136.0/24 maxlen: 24
                          31.7.80.0/24 maxlen: 24
                          31.7.81.0/24 maxlen: 24
                          31.7.84.0/24 maxlen: 24
                          31.7.86.0/24 maxlen: 24
                          37.77.48.0/24 maxlen: 24
                          37.77.49.0/24 maxlen: 24
                          37.77.50.0/24 maxlen: 24
                          37.77.51.0/24 maxlen: 24
                          37.77.52.0/24 maxlen: 24
                          37.77.53.0/24 maxlen: 24
                          37.77.54.0/24 maxlen: 24
                          37.77.55.0/24 maxlen: 24
                          185.69.4.0/23 maxlen: 23
                          185.69.4.0/24 maxlen: 24
                          185.69.5.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 26 Mar 2024 08:58:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:26:9d:2e:33:b1:08:dc:5d:97:b1:38:78:42:5b:0f:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02bbd4f865a12d79a09a034486ce61ba023882c7
        Validity
            Not Before: Jan 20 11:24:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0af430cfad5ceebd4a49ae8bb9634e5928280d63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:67:bb:43:2c:6f:7a:8a:e1:d7:1e:05:f9:dc:
                    7d:ec:8c:ce:09:69:9a:e6:83:cb:f2:a0:bb:be:80:
                    50:c0:12:63:ca:d3:15:2d:8f:8c:4e:7d:ad:5e:cf:
                    07:d9:45:1e:9e:08:f5:6a:91:e9:4e:0c:aa:c0:3d:
                    ae:5b:00:78:05:ce:fb:1e:b4:d5:0c:db:90:3f:4c:
                    de:a5:67:45:36:9e:d7:59:94:58:ec:df:9f:e1:99:
                    d9:59:e9:2f:43:ec:fc:b1:f2:ed:1d:69:44:68:db:
                    8f:ac:95:82:81:6f:0d:9b:db:61:45:d9:cb:27:a0:
                    18:c7:e4:4d:7a:03:e2:78:ef:b4:2f:a6:a4:79:5e:
                    46:f8:fb:05:cb:46:26:03:d9:1f:dc:43:55:ae:67:
                    5f:43:89:f6:5c:47:86:88:de:23:35:a8:5b:c8:82:
                    11:db:7d:70:a6:30:27:6f:71:36:6f:ab:79:77:c2:
                    e9:8a:f3:17:e6:31:ce:e6:ac:29:10:66:f9:ac:47:
                    14:29:84:6f:d9:d5:f1:8e:72:5b:fa:ac:08:f0:1b:
                    a3:ca:c0:17:6c:1c:29:aa:85:00:e8:6a:84:42:6b:
                    3d:15:88:92:47:38:c0:97:74:e6:97:81:3d:d0:22:
                    9b:0b:b3:23:c4:88:e9:08:c9:cf:48:32:e0:d2:58:
                    45:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:F4:30:CF:AD:5C:EE:BD:4A:49:AE:8B:B9:63:4E:59:28:28:0D:63
            X509v3 Authority Key Identifier:
                keyid:02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/CvQwz61c7r1KSa6LuWNOWSgoDWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/ArvU-GWhLXmgmgNEhs5hugI4gsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.128.0/23
                  5.62.136.0/24
                  31.7.80.0/23
                  31.7.84.0/24
                  31.7.86.0/24
                  37.77.48.0/21
                  185.69.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:ce:5a:6d:2f:3f:8c:f1:00:4a:0d:ad:f3:22:88:dc:81:9d:
         e0:f3:3b:c8:5d:19:4e:bc:4d:bc:38:13:1d:d3:bf:f6:63:79:
         78:4c:80:76:ba:3d:a2:06:6c:71:9b:82:0c:87:8b:50:82:d3:
         3c:09:c7:fd:cc:7f:27:5a:11:d4:35:66:e0:aa:0f:b8:1a:71:
         ec:6e:10:b5:93:f6:63:9b:b7:91:20:30:5a:c6:83:2f:39:f3:
         95:c4:40:c4:ef:0f:c7:84:92:c6:1d:bb:29:3d:78:ac:cb:3a:
         90:e6:b5:80:ec:91:17:96:0e:59:f0:ab:4d:65:07:f3:72:1a:
         e1:cc:2f:52:81:22:c3:5b:0f:5b:62:48:f3:da:09:fd:74:6e:
         46:e5:5f:3c:67:e2:a2:3a:05:12:16:91:63:74:1b:fd:5d:84:
         eb:6c:fc:a0:d9:af:7b:60:82:f9:7d:50:08:5c:de:b2:a6:96:
         b4:b1:dd:41:86:20:8a:0a:b7:37:1b:f5:b1:01:be:6d:96:3a:
         ee:9e:e4:72:1a:1c:23:4c:64:97:d5:2e:9a:50:79:d8:12:94:
         c7:6b:00:e8:d3:cc:78:73:0b:a6:46:42:1d:ce:2e:03:5d:86:
         d3:7e:31:cf:e7:64:23:2d:9b:69:c7:97:cc:d3:85:f5:a3:87:
         35:5f:57:c5
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY0mnS4zsQjcXZexOHhCWw9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYmJkNGY4NjVhMTJkNzlhMDlhMDM0NDg2Y2U2MWJhMDIz
ODgyYzcwHhcNMjQwMTIwMTEyNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWY0MzBjZmFkNWNlZWJkNGE0OWFlOGJiOTYzNGU1OTI4MjgwZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWe7Qyxveorh1x4F+dx97IzOCWma
5oPL8qC7voBQwBJjytMVLY+MTn2tXs8H2UUengj1apHpTgyqwD2uWwB4Bc77HrTV
DNuQP0zepWdFNp7XWZRY7N+f4ZnZWekvQ+z8sfLtHWlEaNuPrJWCgW8Nm9thRdnL
J6AYx+RNegPieO+0L6akeV5G+PsFy0YmA9kf3ENVrmdfQ4n2XEeGiN4jNahbyIIR
231wpjAnb3E2b6t5d8LpivMX5jHO5qwpEGb5rEcUKYRv2dXxjnJb+qwI8BujysAX
bBwpqoUA6GqEQms9FYiSRzjAl3Tml4E90CKbC7MjxIjpCMnPSDLg0lhFlQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFAr0MM+tXO69Skmui7ljTlkoKA1jMB8GA1UdIwQY
MBaAFAK71PhloS15oJoDRIbOYboCOILHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUt
MGE5ODA0OGNkZjcyLzEvQ3ZRd3o2MWM3cjFLU2E2THVXTk9XU2dvRFdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUtMGE5ODA0OGNkZjcy
LzEvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBBT6AAwQA
BT6IAwQBHwdQAwQAHwdUAwQAHwdWAwQDJU0wAwQBuUUEMA0GCSqGSIb3DQEBCwUA
A4IBAQAQzlptLz+M8QBKDa3zIojcgZ3g8zvIXRlOvE28OBMd07/2Y3l4TIB2uj2i
Bmxxm4IMh4tQgtM8Ccf9zH8nWhHUNWbgqg+4GnHsbhC1k/Zjm7eRIDBaxoMvOfOV
xEDE7w/HhJLGHbspPXisyzqQ5rWA7JEXlg5Z8KtNZQfzchrhzC9SgSLDWw9bYkjz
2gn9dG5G5V88Z+KiOgUSFpFjdBv9XYTrbPyg2a97YIL5fVAIXN6yppa0sd1BhiCK
Crc3G/WxAb5tljrunuRyGhwjTGSX1S6aUHnYEpTHawDo08x4cwumRkIdzi4DXYbT
fjHP52QjLZtpx5fM04X1o4c1X1fF
-----END CERTIFICATE-----