Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/5ZAhrXb6k-2QHQgoxjFTXKIlTb4.roa
File:                     5ZAhrXb6k-2QHQgoxjFTXKIlTb4.roa (raw, json)
Hash identifier:          BF+gr4/AQjn+5iGX/3jf4MVD0TqBYw5GqXFjC/sPGC0=
Subject key identifier:   E5:90:21:AD:76:FA:93:ED:90:1D:08:28:C6:31:53:5C:A2:25:4D:BE
Certificate issuer:       /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial:       018CC9BB292326B738F1E3F5D4700930BAC4
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/5ZAhrXb6k-2QHQgoxjFTXKIlTb4.roa
Signing time:             Tue 02 Jan 2024 10:32:15 +0000
ROA not before:           Tue 02 Jan 2024 10:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21155
IP address blocks:        91.216.162.0/24 maxlen: 24
                          81.4.112.0/22 maxlen: 22
                          81.4.116.0/22 maxlen: 22
                          81.4.64.0/19 maxlen: 19
                          185.95.68.0/22 maxlen: 22
                          81.4.96.0/22 maxlen: 22
                          193.93.172.0/22 maxlen: 22
                          91.142.240.0/20 maxlen: 20
                          85.158.252.0/23 maxlen: 23
                          85.158.248.0/21 maxlen: 21
                          85.158.248.0/22 maxlen: 22
                          80.84.224.0/19 maxlen: 19
                          193.242.119.0/24 maxlen: 24
                          83.96.128.0/17 maxlen: 17
                          91.205.32.0/22 maxlen: 22
                          2001:828::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 26 Jan 2024 12:35:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:29:23:26:b7:38:f1:e3:f5:d4:70:09:30:ba:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
        Validity
            Not Before: Jan  2 10:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e59021ad76fa93ed901d0828c631535ca2254dbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:74:71:a2:35:bc:6d:df:17:1f:96:d7:13:01:
                    56:a4:de:73:f2:ce:8e:80:5c:7a:82:52:e4:33:3e:
                    24:0a:3b:b5:b3:06:3b:6e:88:c9:f7:a4:d4:c5:68:
                    a7:7e:3d:08:1c:51:d0:20:01:a9:33:08:ef:3f:1c:
                    36:da:10:78:50:07:e3:1d:23:be:c2:5a:1a:fa:ff:
                    d7:c3:d1:fd:2f:81:c6:b4:12:a3:10:51:ae:92:d9:
                    42:cc:bb:6f:75:ca:9a:f5:5b:87:25:49:49:f0:c3:
                    11:47:7b:52:c9:54:41:ce:21:12:10:72:54:0b:93:
                    d2:3c:e3:62:7e:66:4d:f7:30:a5:bb:5d:6f:b7:75:
                    58:2f:49:33:8d:03:f3:30:42:2e:34:2d:8b:d1:fd:
                    21:48:dc:9c:13:6e:b8:33:c1:9f:5a:c9:dc:f5:cf:
                    fa:b8:f2:69:10:31:2a:2e:a7:b1:ab:06:38:b4:b7:
                    29:c7:f1:fc:e4:9d:ba:02:5c:0b:7d:c8:27:5d:36:
                    63:58:b2:ed:c5:e2:15:5f:19:ab:56:a7:8a:eb:66:
                    87:1a:62:b0:b1:4b:53:55:37:58:6f:a7:ec:6c:58:
                    db:d9:fa:a8:5c:c4:81:85:ff:f7:20:d9:2e:fe:4d:
                    fe:14:54:d2:4b:e8:56:b1:99:e3:88:b5:93:c4:a0:
                    da:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:90:21:AD:76:FA:93:ED:90:1D:08:28:C6:31:53:5C:A2:25:4D:BE
            X509v3 Authority Key Identifier:
                keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/5ZAhrXb6k-2QHQgoxjFTXKIlTb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.84.224.0/19
                  81.4.64.0-81.4.99.255
                  81.4.112.0/21
                  83.96.128.0/17
                  85.158.248.0/21
                  91.142.240.0/20
                  91.205.32.0/22
                  91.216.162.0/24
                  185.95.68.0/22
                  193.93.172.0/22
                  193.242.119.0/24
                IPv6:
                  2001:828::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:91:99:ba:d5:c3:6e:f6:1b:c1:1e:9f:8f:50:cb:eb:53:aa:
         92:42:87:55:f7:1f:f0:8c:5b:a3:4a:9e:5b:a9:8b:ee:8d:50:
         7c:f9:8c:f6:ae:42:0f:77:8a:55:89:c4:33:46:42:39:17:49:
         a0:08:cb:76:5a:d9:f3:9f:a3:fe:60:c4:21:1b:7a:91:31:3c:
         04:46:79:6c:86:eb:83:07:00:ec:32:f7:e4:2d:49:07:2b:ba:
         8b:cc:6f:06:ac:63:af:cd:8a:92:60:9c:d3:88:63:0c:06:25:
         31:95:72:9b:72:75:7a:40:f7:5f:5e:d9:3c:13:2a:65:14:a1:
         31:ee:a3:a0:b5:bd:a6:68:2a:03:3c:c8:30:db:12:c7:fb:41:
         ac:39:9e:42:58:0d:41:64:58:64:fb:b3:bd:2d:8a:ad:60:14:
         75:2a:d2:26:1a:36:fb:31:f1:91:be:66:27:84:b3:ca:34:0e:
         2c:5d:c9:7d:37:39:30:f0:65:f7:f4:2d:6f:3c:b8:57:2f:13:
         4c:a0:c6:f1:fa:40:38:80:20:17:34:ad:c4:ef:be:01:6a:c1:
         58:da:02:0d:18:a9:0e:57:2e:62:7a:a6:c5:f0:60:e7:09:36:
         6e:50:70:c8:87:b8:ff:3e:86:32:16:4d:66:ca:e7:f8:e6:eb:
         ea:43:f6:58
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYzJuykjJrc48eP11HAJMLrEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjQwMTAyMTAzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTkwMjFhZDc2ZmE5M2VkOTAxZDA4MjhjNjMxNTM1Y2EyMjU0ZGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnRxojW8bd8XH5bXEwFWpN5z8s6O
gFx6glLkMz4kCju1swY7bojJ96TUxWinfj0IHFHQIAGpMwjvPxw22hB4UAfjHSO+
wloa+v/Xw9H9L4HGtBKjEFGuktlCzLtvdcqa9VuHJUlJ8MMRR3tSyVRBziESEHJU
C5PSPONifmZN9zClu11vt3VYL0kzjQPzMEIuNC2L0f0hSNycE264M8GfWsnc9c/6
uPJpEDEqLqexqwY4tLcpx/H85J26AlwLfcgnXTZjWLLtxeIVXxmrVqeK62aHGmKw
sUtTVTdYb6fsbFjb2fqoXMSBhf/3INku/k3+FFTSS+hWsZnjiLWTxKDacQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFOWQIa12+pPtkB0IKMYxU1yiJU2+MB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvNVpBaHJYYjZrLTJRSFFnb3hqRlRYS0lsVGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQFUFTgMAwD
BAZRBEADBAJRBGADBANRBHADBAdTYIADBANVnvgDBARbjvADBAJbzSADBABb2KID
BAK5X0QDBALBXawDBADB8ncwDQQCAAIwBwMFACABCCgwDQYJKoZIhvcNAQELBQAD
ggEBAC6RmbrVw272G8Een49Qy+tTqpJCh1X3H/CMW6NKnlupi+6NUHz5jPauQg93
ilWJxDNGQjkXSaAIy3Za2fOfo/5gxCEbepExPARGeWyG64MHAOwy9+QtSQcruovM
bwasY6/NipJgnNOIYwwGJTGVcptydXpA919e2TwTKmUUoTHuo6C1vaZoKgM8yDDb
Esf7Qaw5nkJYDUFkWGT7s70tiq1gFHUq0iYaNvsx8ZG+ZieEs8o0DixdyX03OTDw
Zff0LW88uFcvE0ygxvH6QDiAIBc0rcTvvgFqwVjaAg0YqQ5XLmJ6psXwYOcJNm5Q
cMiHuP8+hjIWTWbK5/jm6+pD9lg=
-----END CERTIFICATE-----