Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/jnq3w0UHC6M-yXbqx_Z02pv9Ceo.roa
File:                     jnq3w0UHC6M-yXbqx_Z02pv9Ceo.roa (raw, json)
Hash identifier:          IZI9gNPcFNy8P6z7XRotjWSRWflYrWWZx4zwL3/E5fE=
Subject key identifier:   8E:7A:B7:C3:45:07:0B:A3:3E:C9:76:EA:C7:F6:74:DA:9B:FD:09:EA
Certificate issuer:       /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial:       018828B40032E9D965E44A241139F296F005
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/jnq3w0UHC6M-yXbqx_Z02pv9Ceo.roa
Signing time:             Wed 17 May 2023 07:54:25 +0000
ROA not before:           Wed 17 May 2023 07:54:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5524
IP address blocks:        185.89.152.0/22 maxlen: 24
                          91.189.208.0/22 maxlen: 24
                          185.65.52.0/22 maxlen: 24
                          94.142.208.0/21 maxlen: 24
                          31.3.8.0/21 maxlen: 24
                          46.226.56.0/21 maxlen: 24
                          85.10.172.0/22 maxlen: 24
                          2a03:4f00::/32 maxlen: 32
                          2a03:5700::/32 maxlen: 32
                          2a00:c080::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:32:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:28:b4:00:32:e9:d9:65:e4:4a:24:11:39:f2:96:f0:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
        Validity
            Not Before: May 17 07:54:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e7ab7c345070ba33ec976eac7f674da9bfd09ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4a:05:03:0b:59:c0:d9:25:3a:61:ab:37:95:
                    b5:d9:72:67:52:27:44:a8:4d:ee:10:dd:8e:6a:21:
                    7f:f4:24:e8:03:17:df:2c:3a:c2:a9:86:b8:1f:3a:
                    c3:ae:5e:c0:ad:8c:e5:d6:c1:f0:24:07:8c:f5:1c:
                    e1:c1:b5:55:3c:e1:7e:47:ea:70:50:4f:88:83:ff:
                    46:c3:d5:22:3e:92:0f:bf:4f:82:9e:b3:5e:1c:57:
                    e1:18:d9:2f:6d:fb:cf:24:ca:84:8f:73:2c:7c:39:
                    c5:4f:6e:b5:e1:86:0e:e6:e1:2c:2f:29:71:24:c7:
                    15:4e:0f:21:a4:22:39:7f:ee:a1:44:b1:2b:25:ef:
                    c9:21:62:9c:55:20:63:71:6c:23:6c:65:6e:c0:d9:
                    93:d4:0d:6d:80:f4:2e:22:d1:ea:ac:39:4b:8f:a5:
                    7d:5a:f8:00:77:9b:77:42:4b:8e:de:97:fb:f7:5f:
                    6f:f4:a0:a0:b2:13:2e:1b:d1:b5:cf:43:76:67:33:
                    47:3c:13:e4:87:1f:92:79:25:eb:1f:20:73:3e:e2:
                    d4:58:84:cb:09:1d:46:bc:04:ae:01:02:b2:13:08:
                    ac:8d:69:1e:dc:6f:7b:a8:82:40:f9:fa:3a:cb:1a:
                    1b:14:e9:f6:74:12:ff:6e:87:ca:3e:7c:bc:ce:4f:
                    bb:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:7A:B7:C3:45:07:0B:A3:3E:C9:76:EA:C7:F6:74:DA:9B:FD:09:EA
            X509v3 Authority Key Identifier:
                keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/jnq3w0UHC6M-yXbqx_Z02pv9Ceo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.8.0/21
                  46.226.56.0/21
                  85.10.172.0/22
                  91.189.208.0/22
                  94.142.208.0/21
                  185.65.52.0/22
                  185.89.152.0/22
                IPv6:
                  2a00:c080::/32
                  2a03:4f00::/32
                  2a03:5700::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:a2:fb:80:e6:67:17:6e:88:66:03:cf:8e:e5:a1:75:1c:44:
         cc:93:01:3b:6f:6a:08:31:a4:31:a1:a3:40:f0:be:0e:4a:fa:
         ec:18:1a:75:6d:c6:23:9c:2a:98:e0:57:08:eb:8d:9a:2b:64:
         9e:17:31:d5:65:74:a7:a0:ed:d8:85:7c:b8:21:03:ee:ab:6e:
         73:93:31:61:21:f9:dc:f6:a2:b4:ea:fd:dd:00:07:17:2c:f3:
         53:11:a9:53:95:8f:a5:bc:a4:17:c7:23:cd:cd:b8:09:e1:1b:
         a6:f2:10:7b:35:07:21:84:88:f5:67:ef:9f:ce:17:97:53:d1:
         0c:49:ee:a2:19:42:38:1f:c8:ed:af:37:1a:56:cf:b8:47:ca:
         67:9e:c3:37:7b:e6:b0:39:c8:e1:83:50:a0:0d:a9:f9:f0:60:
         58:76:42:b7:af:5d:c3:bb:22:35:3d:ce:1a:5d:88:96:65:ca:
         f4:11:33:5b:31:c2:8f:9a:b6:0c:9f:dd:c2:1a:02:a3:d6:4c:
         6c:d0:48:02:59:02:af:a2:0c:c2:ee:af:37:ec:47:61:f6:c0:
         df:1c:9f:8e:4f:78:01:e4:04:40:e7:5f:82:9c:d7:94:6d:43:
         ed:fd:4b:a0:47:c2:d8:d9:1c:b8:cc:e6:9a:22:10:3d:7b:d3:
         94:49:8f:12
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYgotAAy6dll5EokETnylvAFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjMwNTE3MDc1NDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTdhYjdjMzQ1MDcwYmEzM2VjOTc2ZWFjN2Y2NzRkYTliZmQwOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEoFAwtZwNklOmGrN5W12XJnUidE
qE3uEN2OaiF/9CToAxffLDrCqYa4HzrDrl7ArYzl1sHwJAeM9RzhwbVVPOF+R+pw
UE+Ig/9Gw9UiPpIPv0+CnrNeHFfhGNkvbfvPJMqEj3MsfDnFT2614YYO5uEsLylx
JMcVTg8hpCI5f+6hRLErJe/JIWKcVSBjcWwjbGVuwNmT1A1tgPQuItHqrDlLj6V9
WvgAd5t3QkuO3pf7919v9KCgshMuG9G1z0N2ZzNHPBPkhx+SeSXrHyBzPuLUWITL
CR1GvASuAQKyEwisjWke3G97qIJA+fo6yxobFOn2dBL/bofKPny8zk+7NwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFI56t8NFBwujPsl26sf2dNqb/QnqMB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvam5xM3cwVUhDNk0teVhicXhfWjAycHY5Q2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAwBAIAATAqAwQDHwMIAwQD
LuI4AwQCVQqsAwQCW73QAwQDXo7QAwQCuUE0AwQCuVmYMBsEAgACMBUDBQAqAMCA
AwUAKgNPAAMFACoDVwAwDQYJKoZIhvcNAQELBQADggEBAIai+4DmZxduiGYDz47l
oXUcRMyTATtvaggxpDGho0Dwvg5K+uwYGnVtxiOcKpjgVwjrjZorZJ4XMdVldKeg
7diFfLghA+6rbnOTMWEh+dz2orTq/d0ABxcs81MRqVOVj6W8pBfHI83NuAnhG6by
EHs1ByGEiPVn75/OF5dT0QxJ7qIZQjgfyO2vNxpWz7hHymeewzd75rA5yOGDUKAN
qfnwYFh2QrevXcO7IjU9zhpdiJZlyvQRM1sxwo+atgyf3cIaAqPWTGzQSAJZAq+i
DMLurzfsR2H2wN8cn45PeAHkBEDnX4Kc15RtQ+39S6BHwtjZHLjM5poiED1705RJ
jxI=
-----END CERTIFICATE-----