Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/SJ5pHm8otVf1bIc3L0HBEg4OYr4.roa
File:                     SJ5pHm8otVf1bIc3L0HBEg4OYr4.roa (raw, json)
Hash identifier:          w6yngF0znrHqnJFxjdjORx16rKWOIt3hWV8WMSqL2gY=
Subject key identifier:   48:9E:69:1E:6F:28:B5:57:F5:6C:87:37:2F:41:C1:12:0E:0E:62:BE
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       0190299C682F56583004685C6FD6DC2849C1
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/SJ5pHm8otVf1bIc3L0HBEg4OYr4.roa
Signing time:             Tue 18 Jun 2024 04:30:34 +0000
ROA not before:           Tue 18 Jun 2024 04:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60077
IP address blocks:        78.110.112.0/21 maxlen: 32
                          78.110.112.0/22 maxlen: 32
                          78.110.116.0/22 maxlen: 32
                          85.198.8.0/21 maxlen: 32
                          85.198.8.0/22 maxlen: 32
                          85.198.12.0/22 maxlen: 32
                          85.198.16.0/21 maxlen: 32
                          85.198.16.0/22 maxlen: 32
                          85.198.16.0/23 maxlen: 32
                          85.198.18.0/23 maxlen: 32
                          85.198.20.0/22 maxlen: 32
                          193.151.128.0/19 maxlen: 32
                          193.151.128.0/20 maxlen: 32
                          193.151.144.0/20 maxlen: 32
                          193.151.144.0/21 maxlen: 32
                          193.151.152.0/22 maxlen: 32
                          193.151.156.0/23 maxlen: 32
                          193.151.156.0/24 maxlen: 32
                          193.151.157.0/24 maxlen: 32
                          193.151.158.0/24 maxlen: 32
                          193.151.159.0/24 maxlen: 32
                          2a05:1a30::/34 maxlen: 128

Validation:               Failed, certificate revoked on Wed 18 Sep 2024 05:48:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:29:9c:68:2f:56:58:30:04:68:5c:6f:d6:dc:28:49:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jun 18 04:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=489e691e6f28b557f56c87372f41c1120e0e62be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:51:5f:01:e5:19:9e:f1:01:1f:7c:31:75:3c:
                    16:4c:9c:f2:04:69:5e:a2:97:9c:e4:d0:40:de:78:
                    9a:fa:80:51:ad:73:cb:5d:17:f3:33:56:d9:bd:d9:
                    c6:82:05:c2:65:d3:5c:7f:d0:d6:ba:b7:c5:b8:68:
                    98:1b:b2:64:4d:d2:2f:bf:16:68:38:dd:f9:87:98:
                    8c:00:72:2f:a7:80:66:4b:6f:3d:f8:1e:2a:67:81:
                    a5:30:75:cf:de:fa:60:ad:cc:b6:2e:b2:fb:ce:93:
                    bc:81:cf:44:0e:f2:85:26:36:32:fc:8e:46:95:5a:
                    e7:bc:a3:fd:d2:ed:43:e7:a6:4f:4b:74:dc:18:d7:
                    da:2a:13:37:b2:1a:62:4a:52:55:64:a7:b9:b5:07:
                    d1:b1:cf:6c:49:d3:d8:74:52:4e:b0:10:46:ea:32:
                    6f:6c:5b:7f:cf:ac:e1:e1:21:89:29:80:65:7b:5a:
                    08:5d:00:2e:20:3c:18:db:f4:09:0a:60:2c:f7:e7:
                    31:ec:45:a7:a4:a6:de:89:2e:04:b5:5a:94:ac:19:
                    52:cf:3f:34:37:f0:d1:52:45:6e:ed:ce:52:95:3e:
                    b9:a6:72:32:fc:bb:fa:c7:60:d5:96:c2:7e:e6:67:
                    ec:bf:05:49:7f:f2:cb:e7:01:53:4a:1d:7d:ca:64:
                    79:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:9E:69:1E:6F:28:B5:57:F5:6C:87:37:2F:41:C1:12:0E:0E:62:BE
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/SJ5pHm8otVf1bIc3L0HBEg4OYr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.110.112.0/21
                  85.198.8.0-85.198.23.255
                  193.151.128.0/19
                IPv6:
                  2a05:1a30::/34

    Signature Algorithm: sha256WithRSAEncryption
         7a:dd:db:28:31:fb:b6:c6:86:c0:8b:5d:98:d7:4b:77:f8:99:
         cf:6f:37:db:4a:e2:97:72:88:90:fe:4f:be:f0:37:48:9e:3a:
         9c:55:3c:17:90:ce:04:af:5c:ba:7b:a9:1e:5b:42:5d:ee:2f:
         18:d9:87:5f:04:40:5d:66:22:14:93:d7:28:4d:09:2a:dd:c0:
         ce:0f:54:42:6a:df:98:0e:1e:6b:52:11:90:43:02:33:31:be:
         50:1f:79:a8:55:7a:39:bb:a1:d3:54:b8:cf:d1:0e:b5:bc:99:
         8d:a0:96:9f:c3:1b:7a:86:79:2c:79:36:37:53:fb:21:ea:3b:
         28:79:f4:b1:92:11:66:f5:df:33:30:47:4a:7b:d0:fa:99:7e:
         0f:40:b0:97:10:24:9e:98:48:48:a9:fb:8a:2a:c4:6b:10:2c:
         43:67:2f:a4:e9:cb:3d:c0:bc:d0:44:2b:d7:ec:02:2f:28:ad:
         c1:f1:de:bc:9b:73:6a:35:b7:3e:43:d8:90:a4:8c:55:b9:70:
         d0:33:14:1f:97:24:05:c0:47:dc:19:43:1b:2d:6a:bc:07:a7:
         fc:de:cf:36:db:d1:84:f2:c2:77:99:05:c2:b8:d0:ff:fc:7c:
         db:8d:0f:34:36:36:52:5e:8e:17:93:e6:27:cb:b6:75:72:cd:
         39:f7:16:d4
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZApnGgvVlgwBGhcb9bcKEnBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwNjE4MDQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODllNjkxZTZmMjhiNTU3ZjU2Yzg3MzcyZjQxYzExMjBlMGU2MmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFFfAeUZnvEBH3wxdTwWTJzyBGle
opec5NBA3nia+oBRrXPLXRfzM1bZvdnGggXCZdNcf9DWurfFuGiYG7JkTdIvvxZo
ON35h5iMAHIvp4BmS289+B4qZ4GlMHXP3vpgrcy2LrL7zpO8gc9EDvKFJjYy/I5G
lVrnvKP90u1D56ZPS3TcGNfaKhM3shpiSlJVZKe5tQfRsc9sSdPYdFJOsBBG6jJv
bFt/z6zh4SGJKYBle1oIXQAuIDwY2/QJCmAs9+cx7EWnpKbeiS4EtVqUrBlSzz80
N/DRUkVu7c5SlT65pnIy/Lv6x2DVlsJ+5mfsvwVJf/LL5wFTSh19ymR5zQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEieaR5vKLVX9WyHNy9BwRIODmK+MB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvU0o1cEhtOG90VmYxYkljM0wwSEJFZzRPWXI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAgBAIAATAaAwQDTm5wMAwD
BANVxggDBANVxhADBAXBl4AwDgQCAAIwCAMGBioFGjAAMA0GCSqGSIb3DQEBCwUA
A4IBAQB63dsoMfu2xobAi12Y10t3+JnPbzfbSuKXcoiQ/k++8DdInjqcVTwXkM4E
r1y6e6keW0Jd7i8Y2YdfBEBdZiIUk9coTQkq3cDOD1RCat+YDh5rUhGQQwIzMb5Q
H3moVXo5u6HTVLjP0Q61vJmNoJafwxt6hnkseTY3U/sh6jsoefSxkhFm9d8zMEdK
e9D6mX4PQLCXECSemEhIqfuKKsRrECxDZy+k6cs9wLzQRCvX7AIvKK3B8d68m3Nq
Nbc+Q9iQpIxVuXDQMxQflyQFwEfcGUMbLWq8B6f83s8229GE8sJ3mQXCuND//Hzb
jQ80NjZSXo4Xk+Yny7Z1cs059xbU
-----END CERTIFICATE-----