Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/001406-2e1f-4aeb-90a7-7528350d4c13/1/5YOc5KLdVWOEu3_bFZJiXHu6s40.roa
File:                     5YOc5KLdVWOEu3_bFZJiXHu6s40.roa (raw, json)
Hash identifier:          3N0pGP8anPDEg7tWhlInBHhv+VoZgfq+ktsBnFUhSyY=
Subject key identifier:   E5:83:9C:E4:A2:DD:55:63:84:BB:7F:DB:15:92:62:5C:7B:BA:B3:8D
Certificate issuer:       /CN=85af5310805ec7561a1a22f9c890c9731fb6debf
Certificate serial:       0185715E5BC068269DF8FDA0DB2C1D049EB2
Authority key identifier: 85:AF:53:10:80:5E:C7:56:1A:1A:22:F9:C8:90:C9:73:1F:B6:DE:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ha9TEIBex1YaGiL5yJDJcx-23r8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/001406-2e1f-4aeb-90a7-7528350d4c13/1/5YOc5KLdVWOEu3_bFZJiXHu6s40.roa
Signing time:             Mon 02 Jan 2023 07:24:47 +0000
ROA not before:           Mon 02 Jan 2023 07:24:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20875
IP address blocks:        212.39.96.0/19 maxlen: 24
                          185.38.144.0/22 maxlen: 24
                          159.20.16.0/21 maxlen: 24
                          95.156.128.0/18 maxlen: 24
                          5.133.128.0/19 maxlen: 24
                          37.8.128.0/20 maxlen: 24
                          46.35.128.0/19 maxlen: 24
                          92.240.32.0/19 maxlen: 24
                          62.113.0.0/19 maxlen: 24
                          85.94.128.0/19 maxlen: 24
                          2a02:28b8::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:31:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:5e:5b:c0:68:26:9d:f8:fd:a0:db:2c:1d:04:9e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85af5310805ec7561a1a22f9c890c9731fb6debf
        Validity
            Not Before: Jan  2 07:24:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e5839ce4a2dd556384bb7fdb1592625c7bbab38d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:20:10:ce:eb:6b:e1:84:35:92:4e:dc:96:b9:
                    d7:79:d9:8a:2e:8d:ca:42:67:a6:79:0c:6d:e1:4a:
                    38:01:13:de:f0:e6:c2:57:b6:98:c6:a5:fa:e4:ca:
                    79:12:a4:ac:4b:0d:b9:4c:19:dd:7d:e9:32:a1:b5:
                    29:62:47:f4:b2:68:5a:23:53:be:e0:fc:84:55:86:
                    10:8d:2a:ed:27:82:05:41:c6:ec:40:05:77:f1:be:
                    1e:3b:cd:fb:06:dd:23:9e:f1:c0:63:9d:07:6e:14:
                    ac:f0:14:48:19:29:25:16:43:9d:6c:72:e0:b6:d2:
                    6d:9c:a4:ac:dc:47:6c:03:7d:91:3f:f2:3f:b1:db:
                    5d:2a:76:7d:76:a4:56:73:22:13:3f:57:42:8c:a1:
                    54:e3:23:2c:a2:6c:c4:bb:58:d7:1b:4f:df:8a:5e:
                    71:6d:1f:b1:52:e3:70:f5:10:77:1f:c2:eb:87:ba:
                    82:e5:02:11:f0:d8:da:5e:14:ca:2e:f5:c7:10:1c:
                    cd:3a:0e:2e:aa:f6:f1:b6:4d:07:e5:a5:f4:6e:71:
                    b9:54:f0:c5:0c:b3:1b:72:04:0c:b7:5a:12:6b:b8:
                    2f:70:d1:ad:8d:8e:f2:c7:c2:a6:66:0b:80:0a:98:
                    f0:76:d2:85:d7:4a:50:af:5d:d5:ac:8b:ae:de:29:
                    80:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:83:9C:E4:A2:DD:55:63:84:BB:7F:DB:15:92:62:5C:7B:BA:B3:8D
            X509v3 Authority Key Identifier:
                keyid:85:AF:53:10:80:5E:C7:56:1A:1A:22:F9:C8:90:C9:73:1F:B6:DE:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ha9TEIBex1YaGiL5yJDJcx-23r8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/001406-2e1f-4aeb-90a7-7528350d4c13/1/5YOc5KLdVWOEu3_bFZJiXHu6s40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/001406-2e1f-4aeb-90a7-7528350d4c13/1/ha9TEIBex1YaGiL5yJDJcx-23r8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.128.0/19
                  37.8.128.0/20
                  46.35.128.0/19
                  62.113.0.0/19
                  85.94.128.0/19
                  92.240.32.0/19
                  95.156.128.0/18
                  159.20.16.0/21
                  185.38.144.0/22
                  212.39.96.0/19
                IPv6:
                  2a02:28b8::/29

    Signature Algorithm: sha256WithRSAEncryption
         a7:07:f5:6e:f2:38:09:e5:d6:06:3c:e8:67:13:4a:5a:77:91:
         88:c2:ec:6c:39:c8:94:7b:7a:82:91:8f:d8:64:5a:fe:6c:8f:
         4e:0d:9c:06:9f:d0:2e:c5:69:72:46:d5:a4:60:3c:ee:8b:d4:
         e4:c2:57:70:66:8b:86:2c:fb:81:8f:05:70:1e:4b:44:d8:01:
         67:2f:36:30:e1:00:86:b2:81:91:df:cd:49:27:40:1b:f8:a5:
         d7:0d:4f:bd:4a:28:7d:31:6b:b0:fd:a8:b3:67:45:ad:04:e8:
         2a:b2:9a:38:e8:aa:36:ce:55:62:c3:ea:98:3a:5c:3f:77:d5:
         25:81:61:29:e7:f0:e1:c9:40:26:79:e8:7e:b8:ea:75:d0:d3:
         92:3f:7d:e2:13:aa:6b:67:1e:05:80:bc:81:94:62:a3:ba:ad:
         f0:31:e6:a6:bc:a6:51:64:74:50:1f:99:5f:0a:95:02:da:9c:
         62:94:12:30:52:29:c0:61:89:3e:55:14:52:d3:9a:be:a6:4d:
         7d:9b:23:fd:eb:a9:59:fd:d7:db:ea:48:39:3e:a0:af:de:96:
         dd:d8:c6:bd:ae:e8:65:89:57:ac:1d:a4:5f:c7:ec:6e:b6:1a:
         4d:a8:1d:a0:a9:8a:39:d6:f1:f3:d1:32:4d:76:0d:38:a5:fc:
         b4:1d:68:ed
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYVxXlvAaCad+P2g2ywdBJ6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YWY1MzEwODA1ZWM3NTYxYTFhMjJmOWM4OTBjOTczMWZi
NmRlYmYwHhcNMjMwMTAyMDcyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTgzOWNlNGEyZGQ1NTYzODRiYjdmZGIxNTkyNjI1YzdiYmFiMzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCAQzutr4YQ1kk7clrnXedmKLo3K
QmemeQxt4Uo4ARPe8ObCV7aYxqX65Mp5EqSsSw25TBndfekyobUpYkf0smhaI1O+
4PyEVYYQjSrtJ4IFQcbsQAV38b4eO837Bt0jnvHAY50HbhSs8BRIGSklFkOdbHLg
ttJtnKSs3EdsA32RP/I/sdtdKnZ9dqRWcyITP1dCjKFU4yMsomzEu1jXG0/fil5x
bR+xUuNw9RB3H8Lrh7qC5QIR8NjaXhTKLvXHEBzNOg4uqvbxtk0H5aX0bnG5VPDF
DLMbcgQMt1oSa7gvcNGtjY7yx8KmZguACpjwdtKF10pQr13VrIuu3imAHQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFOWDnOSi3VVjhLt/2xWSYlx7urONMB8GA1UdIwQY
MBaAFIWvUxCAXsdWGhoi+ciQyXMftt6/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGE5VEVJQmV4MVlhR2lMNXlKREpjeC0yM3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8wMDE0MDYtMmUxZi00YWViLTkwYTct
NzUyODM1MGQ0YzEzLzEvNVlPYzVLTGRWV09FdTNfYkZaSmlYSHU2czQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8wMDE0MDYtMmUxZi00YWViLTkwYTctNzUyODM1MGQ0YzEz
LzEvaGE5VEVJQmV4MVlhR2lMNXlKREpjeC0yM3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQFBYWAAwQE
JQiAAwQFLiOAAwQFPnEAAwQFVV6AAwQFXPAgAwQGX5yAAwQDnxQQAwQCuSaQAwQF
1CdgMA0EAgACMAcDBQMqAii4MA0GCSqGSIb3DQEBCwUAA4IBAQCnB/Vu8jgJ5dYG
POhnE0pad5GIwuxsOciUe3qCkY/YZFr+bI9ODZwGn9AuxWlyRtWkYDzui9Tkwldw
ZouGLPuBjwVwHktE2AFnLzYw4QCGsoGR381JJ0Ab+KXXDU+9Sih9MWuw/aizZ0Wt
BOgqspo46Ko2zlViw+qYOlw/d9UlgWEp5/DhyUAmeeh+uOp10NOSP33iE6prZx4F
gLyBlGKjuq3wMeamvKZRZHRQH5lfCpUC2pxilBIwUinAYYk+VRRS05q+pk19myP9
66lZ/dfb6kg5PqCv3pbd2Ma9ruhliVesHaRfx+xuthpNqB2gqYo51vHz0TJNdg04
pfy0HWjt
-----END CERTIFICATE-----