Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/bm3Tj2Sgbh-otwIHfjhMAon-PwY.roa
File:                     bm3Tj2Sgbh-otwIHfjhMAon-PwY.roa (raw, json)
Hash identifier:          Tf28t2D59Ez6W97qRU7E3DjDF2ECIx7e9lWgtdZdC04=
Subject key identifier:   6E:6D:D3:8F:64:A0:6E:1F:A8:B7:02:07:7E:38:4C:02:89:FE:3F:06
Certificate issuer:       /CN=5fbe65ae23f207fa695255f55a907ac1608be094
Certificate serial:       018CC26D43B07FB1A0945B5AE06BB462F62A
Authority key identifier: 5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/bm3Tj2Sgbh-otwIHfjhMAon-PwY.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211183
IP address blocks:        79.133.183.0/24 maxlen: 24
                          79.133.182.0/24 maxlen: 24
                          79.133.181.0/24 maxlen: 24
                          91.200.84.0/24 maxlen: 24
                          37.140.241.0/24 maxlen: 24
                          185.240.103.0/24 maxlen: 24
                          185.244.51.0/24 maxlen: 24
                          193.187.96.0/24 maxlen: 24
                          185.250.44.0/24 maxlen: 24
                          185.250.47.0/24 maxlen: 24
                          185.250.46.0/24 maxlen: 24
                          5.253.62.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 08 Feb 2024 07:45:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:43:b0:7f:b1:a0:94:5b:5a:e0:6b:b4:62:f6:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fbe65ae23f207fa695255f55a907ac1608be094
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e6dd38f64a06e1fa8b702077e384c0289fe3f06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:47:de:30:2a:cf:d5:18:d5:4d:92:03:22:25:
                    91:ad:13:70:8e:37:7c:43:35:2d:0e:25:16:dd:75:
                    b6:59:0f:b2:c1:f0:e1:e2:fb:78:85:da:6c:a3:18:
                    b0:83:81:29:e5:0c:93:b0:23:39:24:50:60:59:11:
                    f8:0e:38:67:e0:7d:56:c9:0e:a3:25:04:16:71:9a:
                    c5:7c:f8:8b:43:a1:2b:fa:c2:bd:26:3c:60:a7:4c:
                    ad:78:23:7d:05:3c:1f:63:01:c3:91:c6:d9:1c:1c:
                    d1:a3:1b:f4:cd:49:42:24:e4:70:2f:2e:da:b1:3f:
                    ca:d1:2f:48:6d:32:b7:51:09:fa:58:3d:a0:81:90:
                    61:b9:2f:b7:28:5b:72:87:31:f4:73:af:41:fc:44:
                    19:71:8b:f2:40:dd:cc:01:2c:0c:2e:6d:69:3a:e9:
                    23:48:96:52:c8:bb:5b:dc:38:5c:c8:16:1f:8f:59:
                    cd:90:0e:7c:6d:9f:bd:03:64:7c:c0:ec:58:cd:51:
                    40:12:44:c4:f7:05:82:5a:44:f9:c5:bf:04:14:30:
                    2d:7b:82:6f:36:ec:e1:b0:4e:90:cb:e2:ed:6e:94:
                    d6:92:e3:cc:e7:35:36:eb:4b:3c:15:b5:54:8c:29:
                    af:cb:dd:e6:bd:e9:5c:87:a3:88:e2:c3:ae:3d:e0:
                    fd:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:6D:D3:8F:64:A0:6E:1F:A8:B7:02:07:7E:38:4C:02:89:FE:3F:06
            X509v3 Authority Key Identifier:
                keyid:5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/bm3Tj2Sgbh-otwIHfjhMAon-PwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.62.0/24
                  37.140.241.0/24
                  79.133.181.0-79.133.183.255
                  91.200.84.0/24
                  185.240.103.0/24
                  185.244.51.0/24
                  185.250.44.0/24
                  185.250.46.0/23
                  193.187.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:43:4e:59:68:09:6a:d8:fc:22:99:95:7c:7d:04:03:b7:18:
         cc:e4:a2:97:aa:c5:d0:02:0b:1e:77:48:41:37:72:3b:46:00:
         f6:80:3e:2c:2d:f8:e6:27:53:8b:50:f4:d2:c5:94:20:14:57:
         ff:75:57:49:90:19:bf:64:ca:27:dd:ae:47:7e:76:3a:fc:3c:
         bd:8f:f2:c5:ce:be:82:77:36:9c:28:42:5b:d1:fa:f9:d4:44:
         f2:92:cc:77:03:b8:08:dc:20:f8:97:fb:e1:80:bf:f6:3d:7f:
         8a:d2:cc:64:5c:10:2a:a3:d4:65:c9:cd:83:8e:99:77:6f:4b:
         48:92:33:9d:54:84:23:d5:f4:4e:9e:63:12:f5:85:a5:80:12:
         44:05:63:8a:ba:55:b8:7e:03:b8:c9:6a:c7:2a:97:1a:7a:97:
         b6:71:48:1d:77:d7:16:b0:30:90:ee:3f:f2:ba:03:c5:df:e3:
         54:08:7d:b4:c9:ee:43:9c:ff:b6:05:b4:74:02:a6:6f:a3:9b:
         10:4d:e7:e5:2f:bf:7e:b3:e6:85:b7:59:5a:d2:84:7b:06:43:
         ba:77:46:86:b7:fe:49:41:a0:74:f0:9c:fa:ea:41:76:86:b3:
         d6:01:ac:e1:f4:bc:9c:ab:63:ef:d9:3d:d4:8a:c1:78:2c:fc:
         4f:f2:ed:38
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYzCbUOwf7GglFta4Gu0YvYqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmU2NWFlMjNmMjA3ZmE2OTUyNTVmNTVhOTA3YWMxNjA4
YmUwOTQwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTZkZDM4ZjY0YTA2ZTFmYThiNzAyMDc3ZTM4NGMwMjg5ZmUzZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkfeMCrP1RjVTZIDIiWRrRNwjjd8
QzUtDiUW3XW2WQ+ywfDh4vt4hdpsoxiwg4Ep5QyTsCM5JFBgWRH4Djhn4H1WyQ6j
JQQWcZrFfPiLQ6Er+sK9Jjxgp0yteCN9BTwfYwHDkcbZHBzRoxv0zUlCJORwLy7a
sT/K0S9IbTK3UQn6WD2ggZBhuS+3KFtyhzH0c69B/EQZcYvyQN3MASwMLm1pOukj
SJZSyLtb3DhcyBYfj1nNkA58bZ+9A2R8wOxYzVFAEkTE9wWCWkT5xb8EFDAte4Jv
NuzhsE6Qy+LtbpTWkuPM5zU260s8FbVUjCmvy93mvelch6OI4sOuPeD9cQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFG5t049koG4fqLcCB344TAKJ/j8GMB8GA1UdIwQY
MBaAFF++Za4j8gf6aVJV9VqQesFgi+CUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUt
NDkyYWIzNzI2ODlkLzEvYm0zVGoyU2diaC1vdHdJSGZqaE1Bb24tUHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUtNDkyYWIzNzI2ODlk
LzEvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABf0+AwQA
JYzxMAwDBABPhbUDBANPhbADBABbyFQDBAC58GcDBAC59DMDBAC5+iwDBAG5+i4D
BADBu2AwDQYJKoZIhvcNAQELBQADggEBAFhDTlloCWrY/CKZlXx9BAO3GMzkopeq
xdACCx53SEE3cjtGAPaAPiwt+OYnU4tQ9NLFlCAUV/91V0mQGb9kyifdrkd+djr8
PL2P8sXOvoJ3NpwoQlvR+vnURPKSzHcDuAjcIPiX++GAv/Y9f4rSzGRcECqj1GXJ
zYOOmXdvS0iSM51UhCPV9E6eYxL1haWAEkQFY4q6Vbh+A7jJascqlxp6l7ZxSB13
1xawMJDuP/K6A8Xf41QIfbTJ7kOc/7YFtHQCpm+jmxBN5+Uvv36z5oW3WVrShHsG
Q7p3Roa3/klBoHTwnPrqQXaGs9YBrOH0vJyrY+/ZPdSKwXgs/E/y7Tg=
-----END CERTIFICATE-----