Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/op2VuavtGFLYVjRgO5eMwwpBPNY.roa
File:                     op2VuavtGFLYVjRgO5eMwwpBPNY.roa (raw, json)
Hash identifier:          qAVBaflAxEzFcqwwAcoXvAowRMyua/xPzacp181oDj4=
Subject key identifier:   A2:9D:95:B9:AB:ED:18:52:D8:56:34:60:3B:97:8C:C3:0A:41:3C:D6
Certificate issuer:       /CN=e61c07c951488f04cb3b0fd338af84d77e46bf52
Certificate serial:       0185723A3F99CBDB4719F31DA21362001203
Authority key identifier: E6:1C:07:C9:51:48:8F:04:CB:3B:0F:D3:38:AF:84:D7:7E:46:BF:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hwHyVFIjwTLOw_TOK-E135Gv1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/op2VuavtGFLYVjRgO5eMwwpBPNY.roa
Signing time:             Mon 02 Jan 2023 11:24:58 +0000
ROA not before:           Mon 02 Jan 2023 11:24:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39603
IP address blocks:        94.254.144.0/20 maxlen: 20
                          5.173.192.0/19 maxlen: 19
                          94.254.160.0/19 maxlen: 19
                          5.173.0.0/17 maxlen: 17
                          5.173.128.0/18 maxlen: 18
                          46.112.0.0/16 maxlen: 16
                          109.243.128.0/17 maxlen: 17
                          89.108.192.0/18 maxlen: 18
                          89.108.200.0/21 maxlen: 21
                          94.254.128.0/17 maxlen: 17
                          46.113.0.0/16 maxlen: 16
                          94.254.128.0/20 maxlen: 20
                          89.108.208.0/21 maxlen: 21
                          94.254.192.0/19 maxlen: 19
                          109.243.0.0/16 maxlen: 16
                          94.254.224.0/20 maxlen: 20
                          31.174.0.0/15 maxlen: 15
                          164.126.0.0/15 maxlen: 15
                          2a00:1981::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:3a:3f:99:cb:db:47:19:f3:1d:a2:13:62:00:12:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e61c07c951488f04cb3b0fd338af84d77e46bf52
        Validity
            Not Before: Jan  2 11:24:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a29d95b9abed1852d85634603b978cc30a413cd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f5:24:42:39:15:b8:c3:63:28:17:5d:29:7e:
                    78:77:13:88:30:bd:ef:59:72:07:d4:e1:14:97:5c:
                    7f:fc:53:a6:d2:86:cd:15:98:c0:b8:62:9e:c3:18:
                    7e:f9:6a:8a:7c:63:6e:98:3e:2b:da:4f:44:80:6c:
                    59:f3:42:65:f0:3f:5c:f1:9f:63:1d:b5:ac:41:57:
                    de:3f:34:72:89:88:f9:2f:ed:6b:ba:97:ba:49:44:
                    42:f4:e8:50:81:b4:26:bd:58:e7:4c:33:03:10:b1:
                    42:df:fc:d8:df:62:9a:67:f1:8c:83:a8:68:ba:a9:
                    db:8b:1d:02:b5:89:88:c5:80:11:e3:b1:90:82:a8:
                    43:b7:d6:9f:f1:ac:21:84:91:8f:10:9c:39:fa:97:
                    28:17:d3:d4:85:05:4f:4d:c5:cc:8f:11:80:fc:5a:
                    a2:62:3e:d3:8e:a1:80:e7:27:ab:38:bf:b8:47:ab:
                    ef:35:f0:c4:87:73:7c:76:a6:c9:e7:1a:74:50:6e:
                    94:70:e2:85:9d:14:ff:f1:2a:56:af:05:ea:93:2b:
                    69:ba:65:9b:5c:c1:1b:1c:de:a4:c1:79:5c:d1:a4:
                    17:26:8b:78:76:e4:f4:c0:80:64:03:ef:0e:02:86:
                    14:1f:2e:da:71:ba:bc:f4:88:8b:a7:22:b4:8d:69:
                    ea:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:9D:95:B9:AB:ED:18:52:D8:56:34:60:3B:97:8C:C3:0A:41:3C:D6
            X509v3 Authority Key Identifier:
                keyid:E6:1C:07:C9:51:48:8F:04:CB:3B:0F:D3:38:AF:84:D7:7E:46:BF:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hwHyVFIjwTLOw_TOK-E135Gv1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/op2VuavtGFLYVjRgO5eMwwpBPNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/2dba5c-9a90-4052-a1eb-6a8477cb6c2a/1/5hwHyVFIjwTLOw_TOK-E135Gv1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.173.0.0-5.173.223.255
                  31.174.0.0/15
                  46.112.0.0/15
                  89.108.192.0/18
                  94.254.128.0/17
                  109.243.0.0/16
                  164.126.0.0/15
                IPv6:
                  2a00:1981::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:5d:b7:0d:84:e9:12:a1:be:a1:be:4c:7f:07:b1:b4:21:4d:
         46:b5:47:f8:6e:88:7e:3d:6d:3a:58:6f:a6:93:78:0d:e6:5d:
         b2:21:24:97:c2:49:0a:1e:ff:bc:00:85:4b:e5:ab:56:b1:33:
         73:b1:db:98:9f:03:4c:83:af:9d:0e:ff:9a:5f:c6:f1:ea:8a:
         5c:d9:d4:6d:cc:b1:ce:cf:83:62:9a:19:70:7f:01:63:00:56:
         72:b3:da:d5:12:8f:a8:89:9b:c2:a7:e0:a7:da:5e:2a:f3:96:
         b0:0b:23:81:cd:0d:67:a6:7c:22:bf:0e:3f:4c:b6:c0:25:72:
         57:ce:c9:24:85:06:fd:b6:24:e6:8a:a0:1c:3e:d1:05:62:9d:
         ac:93:43:dd:2b:21:d3:63:77:cc:32:87:cf:d1:52:9f:55:66:
         04:62:32:ec:85:d6:5b:a1:cf:a8:50:90:3b:2f:b5:ab:cd:0e:
         15:2f:25:5b:73:6e:21:ce:e5:74:09:71:38:7d:18:bc:0c:f2:
         8c:3d:8b:67:f7:9e:af:b8:1c:20:d9:09:d6:ae:6c:ee:aa:9d:
         bb:05:34:b0:07:9f:ed:22:5d:b1:17:c3:71:92:e0:27:62:28:
         a6:65:af:5e:8a:45:85:b7:ac:f5:af:1c:c8:5c:38:3e:f4:5d:
         b9:bd:ed:15
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVyOj+Zy9tHGfMdohNiABIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MWMwN2M5NTE0ODhmMDRjYjNiMGZkMzM4YWY4NGQ3N2U0
NmJmNTIwHhcNMjMwMTAyMTEyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjlkOTViOWFiZWQxODUyZDg1NjM0NjAzYjk3OGNjMzBhNDEzY2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfUkQjkVuMNjKBddKX54dxOIML3v
WXIH1OEUl1x//FOm0obNFZjAuGKewxh++WqKfGNumD4r2k9EgGxZ80Jl8D9c8Z9j
HbWsQVfePzRyiYj5L+1rupe6SURC9OhQgbQmvVjnTDMDELFC3/zY32KaZ/GMg6ho
uqnbix0CtYmIxYAR47GQgqhDt9af8awhhJGPEJw5+pcoF9PUhQVPTcXMjxGA/Fqi
Yj7TjqGA5yerOL+4R6vvNfDEh3N8dqbJ5xp0UG6UcOKFnRT/8SpWrwXqkytpumWb
XMEbHN6kwXlc0aQXJot4duT0wIBkA+8OAoYUHy7acbq89IiLpyK0jWnqAwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFKKdlbmr7RhS2FY0YDuXjMMKQTzWMB8GA1UdIwQY
MBaAFOYcB8lRSI8EyzsP0zivhNd+Rr9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWh3SHlWRklqd1RMT3dfVE9LLUUxMzVHdjFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8yZGJhNWMtOWE5MC00MDUyLWExZWIt
NmE4NDc3Y2I2YzJhLzEvb3AyVnVhdnRHRkxZVmpSZ081ZU13d3BCUE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8yZGJhNWMtOWE5MC00MDUyLWExZWItNmE4NDc3Y2I2YzJh
LzEvNWh3SHlWRklqd1RMT3dfVE9LLUUxMzVHdjFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAzBAIAATAtMAsDAwAFrQME
BQWtwAMDAR+uAwMBLnADBAZZbMADBAde/oADAwBt8wMDAaR+MA0EAgACMAcDBQAq
ABmBMA0GCSqGSIb3DQEBCwUAA4IBAQCRXbcNhOkSob6hvkx/B7G0IU1GtUf4boh+
PW06WG+mk3gN5l2yISSXwkkKHv+8AIVL5atWsTNzsduYnwNMg6+dDv+aX8bx6opc
2dRtzLHOz4NimhlwfwFjAFZys9rVEo+oiZvCp+Cn2l4q85awCyOBzQ1npnwivw4/
TLbAJXJXzskkhQb9tiTmiqAcPtEFYp2sk0PdKyHTY3fMMofP0VKfVWYEYjLshdZb
oc+oUJA7L7WrzQ4VLyVbc24hzuV0CXE4fRi8DPKMPYtn956vuBwg2QnWrmzuqp27
BTSwB5/tIl2xF8NxkuAnYiimZa9eikWFt6z1rxzIXDg+9F25ve0V
-----END CERTIFICATE-----