Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/F2Mx0gWoNiCQ8kEoSrzLz-_1Ji0.roa
File:                     F2Mx0gWoNiCQ8kEoSrzLz-_1Ji0.roa (raw, json)
Hash identifier:          jjb2cQmFz2mBftMAwt/Ig+DA0VkDKxaFhw8RhlhcxqE=
Subject key identifier:   17:63:31:D2:05:A8:36:20:90:F2:41:28:4A:BC:CB:CF:EF:F5:26:2D
Certificate issuer:       /CN=02bbd4f865a12d79a09a034486ce61ba023882c7
Certificate serial:       018CCA2848D4F2CAF8D3D10E1FC18EF25A96
Authority key identifier: 02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/F2Mx0gWoNiCQ8kEoSrzLz-_1Ji0.roa
Signing time:             Tue 02 Jan 2024 12:31:26 +0000
ROA not before:           Tue 02 Jan 2024 12:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51020
IP address blocks:        5.62.136.0/24 maxlen: 24
                          5.62.142.0/24 maxlen: 24
                          5.62.128.0/24 maxlen: 24
                          5.62.129.0/24 maxlen: 24
                          185.69.4.0/23 maxlen: 23
                          185.69.4.0/24 maxlen: 24
                          185.69.5.0/24 maxlen: 24
                          185.69.6.0/24 maxlen: 24
                          37.77.51.0/24 maxlen: 24
                          37.77.49.0/24 maxlen: 24
                          37.77.50.0/24 maxlen: 24
                          37.77.48.0/24 maxlen: 24
                          37.77.54.0/24 maxlen: 24
                          37.77.55.0/24 maxlen: 24
                          31.7.80.0/24 maxlen: 24
                          37.77.52.0/24 maxlen: 24
                          37.77.53.0/24 maxlen: 24
                          31.7.84.0/24 maxlen: 24
                          31.7.81.0/24 maxlen: 24
                          31.7.86.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 20 Jan 2024 11:20:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:48:d4:f2:ca:f8:d3:d1:0e:1f:c1:8e:f2:5a:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02bbd4f865a12d79a09a034486ce61ba023882c7
        Validity
            Not Before: Jan  2 12:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=176331d205a8362090f241284abccbcfeff5262d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7b:88:c6:24:d6:07:7b:94:f6:f7:59:7f:c0:
                    8b:fb:68:c7:53:18:1a:c9:a0:d2:5e:3e:a2:8b:0f:
                    7a:e4:a4:2a:a1:61:37:7e:da:ad:89:77:1f:3b:db:
                    d7:9d:83:ed:e3:5c:05:df:f3:49:d2:2b:88:a2:09:
                    ee:33:d3:13:e4:41:92:f5:f2:f4:35:a6:61:58:d4:
                    e6:a1:1c:bb:2a:c3:21:36:bb:12:bb:d9:71:27:bf:
                    90:fb:34:3a:08:b9:b6:9c:a7:3a:4b:30:e5:38:1c:
                    3d:58:03:29:ae:7c:dd:8c:bd:20:12:b2:e7:5c:b8:
                    39:66:30:97:df:45:0c:83:9e:a3:86:58:16:0f:c7:
                    c9:76:c9:d4:6c:fc:fd:15:a8:0e:1e:38:f2:e8:14:
                    81:ca:c3:a6:37:97:18:c9:ad:b4:00:13:67:b1:45:
                    ab:14:2e:50:4d:6d:ee:b2:a7:0f:db:7b:e7:a0:79:
                    9b:51:30:dd:e6:15:46:b6:66:fa:9a:63:c6:3d:9f:
                    1c:dd:f5:2f:6d:2d:87:f2:67:c8:aa:bd:91:49:c3:
                    af:a5:b7:f2:f3:f1:27:bf:b9:d1:0e:b4:8f:1e:f6:
                    76:4a:c3:86:5a:00:b0:06:e4:d8:8a:7d:c8:2b:7d:
                    f0:f3:3e:8d:93:5e:bd:6f:75:93:86:3b:21:25:e7:
                    90:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:63:31:D2:05:A8:36:20:90:F2:41:28:4A:BC:CB:CF:EF:F5:26:2D
            X509v3 Authority Key Identifier:
                keyid:02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/F2Mx0gWoNiCQ8kEoSrzLz-_1Ji0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/ArvU-GWhLXmgmgNEhs5hugI4gsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.128.0/23
                  5.62.136.0/24
                  5.62.142.0/24
                  31.7.80.0/23
                  31.7.84.0/24
                  31.7.86.0/24
                  37.77.48.0/21
                  185.69.4.0-185.69.6.255

    Signature Algorithm: sha256WithRSAEncryption
         25:86:59:8b:c5:d0:7f:04:e0:a7:a5:e8:c8:b9:e6:b1:41:ea:
         3b:a7:54:28:c0:fe:48:03:7e:8f:c3:09:89:0b:cc:7a:9b:73:
         dd:b5:93:fc:88:1c:60:54:f6:21:9f:09:50:7b:52:f0:19:6a:
         9d:6f:9c:6a:45:f4:8e:25:25:e1:d9:f5:a8:04:65:61:46:58:
         1a:92:f6:fa:1b:47:0a:18:ba:d3:10:e9:c4:d6:33:69:28:08:
         e5:b7:0e:e6:32:87:3a:10:af:c1:dd:2c:c0:94:3d:e7:51:66:
         c8:f0:93:85:3c:bd:5d:14:78:19:4a:6a:c9:c4:ca:6a:82:e0:
         4f:e2:e9:b9:e8:b8:74:cb:e6:75:63:5d:27:8b:b3:7a:0b:da:
         f6:64:e0:50:51:08:de:17:e3:75:f6:73:42:39:7f:d4:52:98:
         b0:8f:83:cd:96:65:69:16:15:42:3c:72:b4:da:f4:53:ab:87:
         e8:6a:5e:c9:ab:59:58:91:1b:c7:4d:be:2d:3a:86:53:73:53:
         b4:69:b5:8d:41:8d:ac:dd:f4:54:20:35:ac:88:2f:28:79:bb:
         a4:98:fb:64:08:c5:d7:09:1a:a0:4c:4d:e7:06:0c:64:d7:9b:
         4c:fe:28:df:6d:26:8d:e7:6f:f0:7a:c1:4d:31:70:90:5c:ba:
         e6:d6:5d:c8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzKKEjU8sr409EOH8GO8lqWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYmJkNGY4NjVhMTJkNzlhMDlhMDM0NDg2Y2U2MWJhMDIz
ODgyYzcwHhcNMjQwMTAyMTIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzYzMzFkMjA1YTgzNjIwOTBmMjQxMjg0YWJjY2JjZmVmZjUyNjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonuIxiTWB3uU9vdZf8CL+2jHUxga
yaDSXj6iiw965KQqoWE3ftqtiXcfO9vXnYPt41wF3/NJ0iuIognuM9MT5EGS9fL0
NaZhWNTmoRy7KsMhNrsSu9lxJ7+Q+zQ6CLm2nKc6SzDlOBw9WAMprnzdjL0gErLn
XLg5ZjCX30UMg56jhlgWD8fJdsnUbPz9FagOHjjy6BSBysOmN5cYya20ABNnsUWr
FC5QTW3usqcP23vnoHmbUTDd5hVGtmb6mmPGPZ8c3fUvbS2H8mfIqr2RScOvpbfy
8/Env7nRDrSPHvZ2SsOGWgCwBuTYin3IK33w8z6Nk169b3WThjshJeeQjQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFBdjMdIFqDYgkPJBKEq8y8/v9SYtMB8GA1UdIwQY
MBaAFAK71PhloS15oJoDRIbOYboCOILHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUt
MGE5ODA0OGNkZjcyLzEvRjJNeDBnV29OaUNROGtFb1Nyekx6LV8xSmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUtMGE5ODA0OGNkZjcy
LzEvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBBT6AAwQA
BT6IAwQABT6OAwQBHwdQAwQAHwdUAwQAHwdWAwQDJU0wMAwDBAK5RQQDBAC5RQYw
DQYJKoZIhvcNAQELBQADggEBACWGWYvF0H8E4Kel6Mi55rFB6junVCjA/kgDfo/D
CYkLzHqbc921k/yIHGBU9iGfCVB7UvAZap1vnGpF9I4lJeHZ9agEZWFGWBqS9vob
RwoYutMQ6cTWM2koCOW3DuYyhzoQr8HdLMCUPedRZsjwk4U8vV0UeBlKasnEymqC
4E/i6bnouHTL5nVjXSeLs3oL2vZk4FBRCN4X43X2c0I5f9RSmLCPg82WZWkWFUI8
crTa9FOrh+hqXsmrWViRG8dNvi06hlNzU7RptY1Bjazd9FQgNayILyh5u6SY+2QI
xdcJGqBMTecGDGTXm0z+KN9tJo3nb/B6wU0xcJBcuubWXcg=
-----END CERTIFICATE-----