Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/kW2_eDcUmT2aoGhYWKWm5xWNOi8.roa
File:                     kW2_eDcUmT2aoGhYWKWm5xWNOi8.roa (raw, json)
Hash identifier:          YWX+J4CmPAS8bH5KkWaAHCSzsLIp6HLEler6Kb05MOE=
Subject key identifier:   91:6D:BF:78:37:14:99:3D:9A:A0:68:58:58:A5:A6:E7:15:8D:3A:2F
Certificate issuer:       /CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Certificate serial:       018CC5008E183F475082A7A3CA2ADDAFCAC2
Authority key identifier: 0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/kW2_eDcUmT2aoGhYWKWm5xWNOi8.roa
Signing time:             Mon 01 Jan 2024 12:29:57 +0000
ROA not before:           Mon 01 Jan 2024 12:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33852
IP address blocks:        83.139.39.0/24 maxlen: 24
                          83.139.0.0/24 maxlen: 24
                          83.139.1.0/24 maxlen: 24
                          83.139.2.0/24 maxlen: 24
                          83.139.11.0/24 maxlen: 24
                          83.139.9.0/24 maxlen: 24
                          83.139.10.0/24 maxlen: 24
                          83.139.8.0/24 maxlen: 24
                          83.139.8.0/21 maxlen: 21
                          83.139.5.0/24 maxlen: 24
                          83.139.6.0/23 maxlen: 23
                          83.139.14.0/24 maxlen: 24
                          83.139.15.0/24 maxlen: 24
                          83.139.12.0/24 maxlen: 24
                          83.139.13.0/24 maxlen: 24
                          83.139.17.0/24 maxlen: 24
                          83.139.16.0/24 maxlen: 24
                          83.139.18.0/24 maxlen: 24
                          83.139.32.0/21 maxlen: 21
                          83.139.35.0/24 maxlen: 24
                          83.139.33.0/24 maxlen: 24
                          2a01:4000::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 23 Feb 2024 09:04:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:8e:18:3f:47:50:82:a7:a3:ca:2a:dd:af:ca:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
        Validity
            Not Before: Jan  1 12:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=916dbf783714993d9aa0685858a5a6e7158d3a2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f6:31:97:7a:58:a3:50:c2:7c:2f:08:6b:c5:
                    67:ca:74:8e:36:19:e0:73:d2:6c:96:49:88:d7:35:
                    84:71:5b:e0:b6:f8:32:87:db:41:22:77:28:3d:1c:
                    05:c6:46:53:15:79:16:7e:01:8b:35:e2:5e:42:be:
                    2b:cb:82:ca:2a:5e:41:b9:6d:b4:2e:7e:ae:29:90:
                    9d:09:be:8f:ff:a0:de:56:a3:7b:7b:29:1b:2f:cd:
                    98:05:54:5e:a2:f1:cc:19:97:d7:d3:cd:27:8d:61:
                    d8:d4:73:00:17:ff:f8:91:6e:06:23:c3:da:34:92:
                    78:86:16:b3:94:ad:7e:1e:2b:6c:c5:ef:42:59:c0:
                    09:76:2d:e9:b7:f7:2c:8b:fa:b5:bd:3f:c5:c1:0e:
                    b3:7c:1b:ec:7d:be:11:58:fe:4d:5f:40:74:87:d0:
                    4a:e3:de:7c:05:a3:d7:11:fc:53:54:ec:46:5d:f5:
                    35:9c:fb:11:15:ad:b3:86:46:0e:12:dd:d5:3f:e8:
                    0b:d1:8e:f2:ee:77:4d:a9:38:30:a8:09:2e:8a:ee:
                    e5:8e:47:8e:17:76:d3:5e:cd:c8:b8:6a:3b:d0:93:
                    32:b3:3b:67:c3:e2:59:18:14:26:44:96:a3:a8:32:
                    0c:be:93:3b:5f:f9:a5:00:83:46:3a:a9:5f:c4:53:
                    e7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:6D:BF:78:37:14:99:3D:9A:A0:68:58:58:A5:A6:E7:15:8D:3A:2F
            X509v3 Authority Key Identifier:
                keyid:0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/kW2_eDcUmT2aoGhYWKWm5xWNOi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.139.0.0-83.139.2.255
                  83.139.5.0-83.139.18.255
                  83.139.32.0/21
                IPv6:
                  2a01:4000::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:3f:ae:b4:6f:d1:11:10:d4:c2:7a:55:dd:a0:fe:d0:20:bc:
         18:fd:ff:18:65:68:f4:42:f6:5f:fb:e1:13:c4:b0:7f:45:8c:
         1f:89:24:26:5f:40:0e:3b:e0:50:ae:6a:ab:92:78:22:93:95:
         40:86:0d:6f:cf:71:d8:95:30:de:86:19:fe:4f:11:b3:c3:4a:
         c4:fb:ec:0b:be:36:4e:65:18:52:31:2a:76:07:f5:7e:c0:c3:
         58:a8:b2:ff:76:f2:0d:a4:49:bc:7f:2e:e1:c6:52:65:ff:04:
         64:02:47:6a:d6:ce:5b:8a:e3:92:4d:48:69:78:34:c0:11:2d:
         34:42:dc:24:26:d4:ae:b6:e2:db:2f:ad:2b:92:16:cb:c0:ea:
         d6:fb:d1:de:86:fa:5d:23:d7:68:a6:f1:ce:0f:2e:41:9d:9a:
         4e:30:b7:69:1e:58:56:20:44:f2:80:b1:b1:22:85:9f:38:9f:
         cb:58:f8:33:5f:8e:24:e5:5b:14:66:8a:e6:7d:59:8a:48:cc:
         38:73:52:1a:17:4b:b2:9c:d4:03:f5:d5:db:fc:15:49:01:9b:
         37:56:0a:f8:4d:17:91:46:38:ca:35:4d:cb:61:3d:31:41:a6:
         aa:82:89:0e:b4:c1:14:71:49:27:70:98:35:71:06:14:cb:2f:
         fa:1e:cb:f3
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzFAI4YP0dQgqejyirdr8rCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNzVmYjRmNTJhODI5ZDEzNmUyOWE5YTAyNWM2MzZkMTlh
ZTMyOGUwHhcNMjQwMTAxMTIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTZkYmY3ODM3MTQ5OTNkOWFhMDY4NTg1OGE1YTZlNzE1OGQzYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvYxl3pYo1DCfC8Ia8VnynSONhng
c9JslkmI1zWEcVvgtvgyh9tBIncoPRwFxkZTFXkWfgGLNeJeQr4ry4LKKl5BuW20
Ln6uKZCdCb6P/6DeVqN7eykbL82YBVReovHMGZfX080njWHY1HMAF//4kW4GI8Pa
NJJ4hhazlK1+Hitsxe9CWcAJdi3pt/csi/q1vT/FwQ6zfBvsfb4RWP5NX0B0h9BK
4958BaPXEfxTVOxGXfU1nPsRFa2zhkYOEt3VP+gL0Y7y7ndNqTgwqAkuiu7ljkeO
F3bTXs3IuGo70JMysztnw+JZGBQmRJajqDIMvpM7X/mlAINGOqlfxFPn/QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJFtv3g3FJk9mqBoWFilpucVjTovMB8GA1UdIwQY
MBaAFA51+09SqCnRNuKamgJcY20ZrjKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYt
MzViYTI2N2RlZDNiLzEva1cyX2VEY1VtVDJhb0doWVdLV201eFdOT2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYtMzViYTI2N2RlZDNi
LzEvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAnBAIAATAhMAsDAwBTiwME
AFOLAjAMAwQAU4sFAwQAU4sSAwQDU4sgMA0EAgACMAcDBQAqAUAAMA0GCSqGSIb3
DQEBCwUAA4IBAQBgP660b9ERENTCelXdoP7QILwY/f8YZWj0QvZf++ETxLB/RYwf
iSQmX0AOO+BQrmqrkngik5VAhg1vz3HYlTDehhn+TxGzw0rE++wLvjZOZRhSMSp2
B/V+wMNYqLL/dvINpEm8fy7hxlJl/wRkAkdq1s5biuOSTUhpeDTAES00QtwkJtSu
tuLbL60rkhbLwOrW+9HehvpdI9dopvHODy5BnZpOMLdpHlhWIETygLGxIoWfOJ/L
WPgzX44k5VsUZormfVmKSMw4c1IaF0uynNQD9dXb/BVJAZs3Vgr4TReRRjjKNU3L
YT0xQaaqgokOtMEUcUkncJg1cQYUyy/6Hsvz
-----END CERTIFICATE-----