Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/N4a-e0F9Q7vUauN0YRg1xA3AJMs.roa
File:                     N4a-e0F9Q7vUauN0YRg1xA3AJMs.roa (raw, json)
Hash identifier:          eJFmrbFyMCg5AAumRlSZVGKr5Rd/xAmKTKHXqZoMWVo=
Subject key identifier:   37:86:BE:7B:41:7D:43:BB:D4:6A:E3:74:61:18:35:C4:0D:C0:24:CB
Certificate issuer:       /CN=02bbd4f865a12d79a09a034486ce61ba023882c7
Certificate serial:       018C90DE03A3CF6B03D98A4EA4E745ABABF4
Authority key identifier: 02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/N4a-e0F9Q7vUauN0YRg1xA3AJMs.roa
Signing time:             Fri 22 Dec 2023 09:31:58 +0000
ROA not before:           Fri 22 Dec 2023 09:31:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51020
IP address blocks:        5.62.136.0/24 maxlen: 24
                          5.62.142.0/24 maxlen: 24
                          5.62.128.0/24 maxlen: 24
                          5.62.129.0/24 maxlen: 24
                          185.69.4.0/23 maxlen: 23
                          185.69.4.0/24 maxlen: 24
                          185.69.5.0/24 maxlen: 24
                          185.69.6.0/24 maxlen: 24
                          37.77.51.0/24 maxlen: 24
                          37.77.49.0/24 maxlen: 24
                          37.77.50.0/24 maxlen: 24
                          37.77.48.0/24 maxlen: 24
                          37.77.54.0/24 maxlen: 24
                          37.77.55.0/24 maxlen: 24
                          37.77.52.0/24 maxlen: 24
                          37.77.53.0/24 maxlen: 24
                          31.7.84.0/24 maxlen: 24
                          31.7.86.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 24 Dec 2023 12:46:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:90:de:03:a3:cf:6b:03:d9:8a:4e:a4:e7:45:ab:ab:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02bbd4f865a12d79a09a034486ce61ba023882c7
        Validity
            Not Before: Dec 22 09:31:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3786be7b417d43bbd46ae374611835c40dc024cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d3:04:86:da:32:fb:83:94:f6:37:c3:b9:08:
                    f6:d5:83:02:bb:21:7f:6c:99:07:21:64:d2:29:8c:
                    80:49:2a:be:d2:97:9f:99:15:13:61:35:89:c1:b9:
                    03:6f:95:20:6f:ec:f6:3a:95:ca:a7:a6:ac:8d:fc:
                    fe:e2:fd:dc:d1:e4:9c:36:15:aa:ba:0b:84:63:e0:
                    b4:51:09:28:3f:87:e6:35:0e:c9:cc:1a:4e:b2:41:
                    28:7a:dd:6b:a7:58:80:e9:8b:89:d9:b2:d2:a6:5a:
                    85:38:42:bb:06:51:ce:13:78:16:08:d5:04:b7:ac:
                    0e:71:d8:87:b8:c2:0f:ac:89:b6:bc:ee:7f:c8:47:
                    42:54:42:91:a7:dd:9c:98:50:f9:87:72:c4:85:b7:
                    5b:d5:00:24:90:a1:de:90:2b:d0:4d:9c:39:06:f2:
                    08:d8:97:b2:b1:c0:b7:fb:ef:88:0e:49:44:00:a6:
                    24:fb:0b:f9:c9:88:80:80:54:6f:b3:7b:0b:57:c3:
                    73:9e:e4:75:23:4c:0f:63:6c:e2:d4:d6:a6:e0:aa:
                    88:ae:2d:ce:84:f4:4d:99:84:a2:85:79:f2:34:ab:
                    8a:da:47:eb:19:25:3d:da:51:2d:d3:e6:cf:41:81:
                    b6:f0:25:23:9c:b2:6d:7c:6b:a9:91:ba:cc:36:b2:
                    27:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:86:BE:7B:41:7D:43:BB:D4:6A:E3:74:61:18:35:C4:0D:C0:24:CB
            X509v3 Authority Key Identifier:
                keyid:02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/N4a-e0F9Q7vUauN0YRg1xA3AJMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/ArvU-GWhLXmgmgNEhs5hugI4gsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.128.0/23
                  5.62.136.0/24
                  5.62.142.0/24
                  31.7.84.0/24
                  31.7.86.0/24
                  37.77.48.0/21
                  185.69.4.0-185.69.6.255

    Signature Algorithm: sha256WithRSAEncryption
         c9:13:18:d1:29:f4:62:13:21:cc:0c:1b:f7:4a:15:fc:ac:24:
         58:e1:0b:b0:9e:26:49:c6:d3:39:95:c0:e0:68:4f:c1:96:8c:
         5e:0c:73:16:60:ce:62:7e:4e:fe:21:2b:97:29:aa:5d:ea:13:
         14:db:f9:00:a0:97:1d:f2:6a:fb:84:4f:ac:cc:bb:d7:d7:ae:
         88:ea:ee:5c:5e:27:87:8c:db:be:a3:5c:99:ae:68:93:f4:c4:
         3e:73:9e:c8:00:6e:b2:2f:89:f4:19:fd:cd:b9:10:42:23:98:
         37:db:c0:cf:9b:7c:6d:d5:85:c7:67:da:8b:51:88:2d:4b:35:
         97:31:4d:0b:77:a0:37:c1:86:38:49:c9:72:f1:df:7e:75:28:
         ce:ac:b7:9f:c5:35:d2:29:5d:40:14:38:8b:53:97:dc:9c:c7:
         c2:3f:d2:ab:d1:6e:38:43:7d:c7:85:a3:5f:24:22:02:65:72:
         14:b9:3d:a5:58:19:e0:5d:6a:c3:28:1f:f6:85:34:26:e7:a2:
         c2:6f:9a:04:3f:b0:07:86:95:50:2e:58:bd:7a:c2:60:37:ba:
         60:f1:33:db:a0:e1:4b:b5:5b:2e:71:14:7d:15:dd:bb:a9:f1:
         cb:82:8b:8c:e8:e7:b8:8f:16:88:05:66:43:4c:c7:e4:33:cb:
         2b:65:6a:01
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYyQ3gOjz2sD2YpOpOdFq6v0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYmJkNGY4NjVhMTJkNzlhMDlhMDM0NDg2Y2U2MWJhMDIz
ODgyYzcwHhcNMjMxMjIyMDkzMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzg2YmU3YjQxN2Q0M2JiZDQ2YWUzNzQ2MTE4MzVjNDBkYzAyNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNMEhtoy+4OU9jfDuQj21YMCuyF/
bJkHIWTSKYyASSq+0pefmRUTYTWJwbkDb5Ugb+z2OpXKp6asjfz+4v3c0eScNhWq
uguEY+C0UQkoP4fmNQ7JzBpOskEoet1rp1iA6YuJ2bLSplqFOEK7BlHOE3gWCNUE
t6wOcdiHuMIPrIm2vO5/yEdCVEKRp92cmFD5h3LEhbdb1QAkkKHekCvQTZw5BvII
2JeyscC3+++IDklEAKYk+wv5yYiAgFRvs3sLV8NznuR1I0wPY2zi1Nam4KqIri3O
hPRNmYSihXnyNKuK2kfrGSU92lEt0+bPQYG28CUjnLJtfGupkbrMNrInkQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFDeGvntBfUO71GrjdGEYNcQNwCTLMB8GA1UdIwQY
MBaAFAK71PhloS15oJoDRIbOYboCOILHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUt
MGE5ODA0OGNkZjcyLzEvTjRhLWUwRjlRN3ZVYXVOMFlSZzF4QTNBSk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUtMGE5ODA0OGNkZjcy
LzEvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBBT6AAwQA
BT6IAwQABT6OAwQAHwdUAwQAHwdWAwQDJU0wMAwDBAK5RQQDBAC5RQYwDQYJKoZI
hvcNAQELBQADggEBAMkTGNEp9GITIcwMG/dKFfysJFjhC7CeJknG0zmVwOBoT8GW
jF4McxZgzmJ+Tv4hK5cpql3qExTb+QCglx3yavuET6zMu9fXrojq7lxeJ4eM276j
XJmuaJP0xD5znsgAbrIvifQZ/c25EEIjmDfbwM+bfG3Vhcdn2otRiC1LNZcxTQt3
oDfBhjhJyXLx3351KM6st5/FNdIpXUAUOItTl9ycx8I/0qvRbjhDfceFo18kIgJl
chS5PaVYGeBdasMoH/aFNCbnosJvmgQ/sAeGlVAuWL16wmA3umDxM9ug4Uu1Wy5x
FH0V3bup8cuCi4zo57iPFogFZkNMx+QzyytlagE=
-----END CERTIFICATE-----