Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/jUBQqmT-owKfzPoqba47YstcHHo.roa
File:                     jUBQqmT-owKfzPoqba47YstcHHo.roa (raw, json)
Hash identifier:          kgzLhu+kqKxpsKHFmZicewpaORB5wHzju/OURsFTcBI=
Subject key identifier:   8D:40:50:AA:64:FE:A3:02:9F:CC:FA:2A:6D:AE:3B:62:CB:5C:1C:7A
Certificate issuer:       /CN=02bbd4f865a12d79a09a034486ce61ba023882c7
Certificate serial:       018E79FBBE07F48ECC308E3235CC87A669CC
Authority key identifier: 02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/jUBQqmT-owKfzPoqba47YstcHHo.roa
Signing time:             Tue 26 Mar 2024 08:58:45 +0000
ROA not before:           Tue 26 Mar 2024 08:58:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51020
IP address blocks:        5.62.128.0/24 maxlen: 24
                          5.62.129.0/24 maxlen: 24
                          5.62.136.0/24 maxlen: 24
                          5.62.137.0/24 maxlen: 24
                          31.7.80.0/24 maxlen: 24
                          31.7.81.0/24 maxlen: 24
                          31.7.84.0/24 maxlen: 24
                          31.7.86.0/24 maxlen: 24
                          37.77.48.0/24 maxlen: 24
                          37.77.49.0/24 maxlen: 24
                          37.77.50.0/24 maxlen: 24
                          37.77.51.0/24 maxlen: 24
                          37.77.52.0/24 maxlen: 24
                          37.77.53.0/24 maxlen: 24
                          37.77.54.0/24 maxlen: 24
                          37.77.55.0/24 maxlen: 24
                          185.69.4.0/23 maxlen: 23
                          185.69.4.0/24 maxlen: 24
                          185.69.5.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 15 Jun 2024 23:36:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:fb:be:07:f4:8e:cc:30:8e:32:35:cc:87:a6:69:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02bbd4f865a12d79a09a034486ce61ba023882c7
        Validity
            Not Before: Mar 26 08:58:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d4050aa64fea3029fccfa2a6dae3b62cb5c1c7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:10:74:3f:61:f4:76:24:95:33:5c:15:81:87:
                    70:60:d5:b9:ac:08:f0:0c:f6:25:b8:64:7f:de:79:
                    17:2d:dd:57:e9:0a:29:95:27:fd:08:14:a0:4d:66:
                    e5:a7:12:9c:8b:ec:d2:63:c3:80:4d:ae:55:92:8f:
                    0c:df:2a:22:8c:39:5a:3d:60:61:66:3e:d6:cc:c0:
                    cf:7c:24:1b:d6:4d:97:8b:c0:13:d6:c4:7b:3e:08:
                    98:3f:b8:d0:95:f8:ad:3c:c1:0b:b2:77:f3:66:d2:
                    64:57:e7:f4:25:71:98:3a:d5:a9:0d:8e:68:82:7f:
                    40:80:37:7e:9a:fd:fc:87:27:f5:4c:10:56:37:e4:
                    0c:7e:73:b4:fc:3a:c3:c4:86:92:70:99:b3:39:0b:
                    05:c0:c9:6f:d4:98:75:73:ec:fb:f3:bb:04:f7:fe:
                    be:9f:5f:c0:e1:41:88:f3:df:11:ad:c7:fa:72:e1:
                    35:fd:d9:3a:11:d1:e0:de:6c:5d:00:e9:cb:c3:8e:
                    ae:fc:a1:21:78:ae:e3:e4:87:27:46:29:49:e9:a0:
                    2e:a1:ae:a0:39:96:74:46:f6:42:5f:95:f0:10:ee:
                    42:31:d9:f0:b5:bd:54:5a:06:92:9f:34:4a:e4:4a:
                    0e:38:28:e4:3d:bc:61:5c:b6:e6:62:5b:93:3a:f3:
                    50:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:40:50:AA:64:FE:A3:02:9F:CC:FA:2A:6D:AE:3B:62:CB:5C:1C:7A
            X509v3 Authority Key Identifier:
                keyid:02:BB:D4:F8:65:A1:2D:79:A0:9A:03:44:86:CE:61:BA:02:38:82:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArvU-GWhLXmgmgNEhs5hugI4gsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/jUBQqmT-owKfzPoqba47YstcHHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/cb83b2-33b5-4560-8935-0a98048cdf72/1/ArvU-GWhLXmgmgNEhs5hugI4gsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.128.0/23
                  5.62.136.0/23
                  31.7.80.0/23
                  31.7.84.0/24
                  31.7.86.0/24
                  37.77.48.0/21
                  185.69.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:91:b1:fb:6e:25:41:fa:27:de:ad:b5:11:bc:90:ec:1d:f6:
         05:91:e4:c7:7a:18:f4:3a:d2:66:45:43:63:4f:97:e3:0d:4d:
         18:05:3c:11:67:95:af:88:84:d6:b7:23:05:73:a5:7f:95:87:
         f0:4c:f5:7f:62:12:02:0f:6e:de:36:fe:fa:01:c5:b2:48:68:
         53:cd:22:0a:e2:b8:ba:ad:22:3d:80:08:0a:bf:a7:54:64:c9:
         5f:55:25:a0:65:c8:a3:c1:98:c3:65:cc:4e:b1:24:ef:7f:9f:
         37:15:58:e3:46:a1:be:e0:ec:56:af:66:98:19:e2:3b:ec:bd:
         90:3d:78:b4:0b:4a:b5:57:23:2c:e4:f8:ef:ea:41:5b:68:50:
         21:d7:b8:be:52:21:1e:02:ed:34:1f:0e:c2:db:f8:d1:0d:07:
         06:8b:55:65:85:e5:69:8a:7b:50:18:6f:f7:19:4c:3f:42:54:
         93:e5:8c:02:ab:bd:13:7e:44:e3:d2:63:31:6d:e4:b6:0d:76:
         80:49:96:f6:7b:cc:ae:48:af:c1:ac:fb:2f:9d:09:bf:29:d6:
         d6:33:30:11:50:12:fd:28:98:01:9b:79:d7:6e:bc:f7:03:d0:
         cb:d6:f3:54:71:f5:ec:8e:67:2a:cf:73:f6:d6:39:db:89:63:
         f8:e4:a7:57
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY55+74H9I7MMI4yNcyHpmnMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYmJkNGY4NjVhMTJkNzlhMDlhMDM0NDg2Y2U2MWJhMDIz
ODgyYzcwHhcNMjQwMzI2MDg1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDQwNTBhYTY0ZmVhMzAyOWZjY2ZhMmE2ZGFlM2I2MmNiNWMxYzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBB0P2H0diSVM1wVgYdwYNW5rAjw
DPYluGR/3nkXLd1X6QoplSf9CBSgTWblpxKci+zSY8OATa5Vko8M3yoijDlaPWBh
Zj7WzMDPfCQb1k2Xi8AT1sR7PgiYP7jQlfitPMELsnfzZtJkV+f0JXGYOtWpDY5o
gn9AgDd+mv38hyf1TBBWN+QMfnO0/DrDxIaScJmzOQsFwMlv1Jh1c+z787sE9/6+
n1/A4UGI898Rrcf6cuE1/dk6EdHg3mxdAOnLw46u/KEheK7j5IcnRilJ6aAuoa6g
OZZ0RvZCX5XwEO5CMdnwtb1UWgaSnzRK5EoOOCjkPbxhXLbmYluTOvNQKQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFI1AUKpk/qMCn8z6Km2uO2LLXBx6MB8GA1UdIwQY
MBaAFAK71PhloS15oJoDRIbOYboCOILHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUt
MGE5ODA0OGNkZjcyLzEvalVCUXFtVC1vd0tmelBvcWJhNDdZc3RjSEhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jYjgzYjItMzNiNS00NTYwLTg5MzUtMGE5ODA0OGNkZjcy
LzEvQXJ2VS1HV2hMWG1nbWdORWhzNWh1Z0k0Z3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBBT6AAwQB
BT6IAwQBHwdQAwQAHwdUAwQAHwdWAwQDJU0wAwQBuUUEMA0GCSqGSIb3DQEBCwUA
A4IBAQBLkbH7biVB+iferbURvJDsHfYFkeTHehj0OtJmRUNjT5fjDU0YBTwRZ5Wv
iITWtyMFc6V/lYfwTPV/YhICD27eNv76AcWySGhTzSIK4ri6rSI9gAgKv6dUZMlf
VSWgZcijwZjDZcxOsSTvf583FVjjRqG+4OxWr2aYGeI77L2QPXi0C0q1VyMs5Pjv
6kFbaFAh17i+UiEeAu00Hw7C2/jRDQcGi1VlheVpintQGG/3GUw/QlST5YwCq70T
fkTj0mMxbeS2DXaASZb2e8yuSK/BrPsvnQm/KdbWMzARUBL9KJgBm3nXbrz3A9DL
1vNUcfXsjmcqz3P21jnbiWP45KdX