Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/t5sCeOPV6YSIN_GQud8e4dm29mA.roa
File:                     t5sCeOPV6YSIN_GQud8e4dm29mA.roa (raw, json)
Hash identifier:          xClYarJYWtBCXxh9JncZg/wum0oRN5Y7YThLeYKWnhE=
Subject key identifier:   B7:9B:02:78:E3:D5:E9:84:88:37:F1:90:B9:DF:1E:E1:D9:B6:F6:60
Certificate issuer:       /CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Certificate serial:       018DD535C8CBFEB6C263DFE382CF07EE2D71
Authority key identifier: 0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/t5sCeOPV6YSIN_GQud8e4dm29mA.roa
Signing time:             Fri 23 Feb 2024 09:04:48 +0000
ROA not before:           Fri 23 Feb 2024 09:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33852
IP address blocks:        83.139.0.0/24 maxlen: 24
                          83.139.1.0/24 maxlen: 24
                          83.139.2.0/24 maxlen: 24
                          83.139.4.0/24 maxlen: 24
                          83.139.5.0/24 maxlen: 24
                          83.139.6.0/23 maxlen: 23
                          83.139.8.0/21 maxlen: 21
                          83.139.8.0/24 maxlen: 24
                          83.139.9.0/24 maxlen: 24
                          83.139.10.0/24 maxlen: 24
                          83.139.11.0/24 maxlen: 24
                          83.139.12.0/24 maxlen: 24
                          83.139.13.0/24 maxlen: 24
                          83.139.14.0/24 maxlen: 24
                          83.139.15.0/24 maxlen: 24
                          83.139.16.0/24 maxlen: 24
                          83.139.17.0/24 maxlen: 24
                          83.139.18.0/24 maxlen: 24
                          83.139.32.0/21 maxlen: 21
                          83.139.33.0/24 maxlen: 24
                          83.139.35.0/24 maxlen: 24
                          83.139.39.0/24 maxlen: 24
                          2a01:4000::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Apr 2024 06:05:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:35:c8:cb:fe:b6:c2:63:df:e3:82:cf:07:ee:2d:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
        Validity
            Not Before: Feb 23 09:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b79b0278e3d5e9848837f190b9df1ee1d9b6f660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:71:fc:8d:20:ca:49:54:c3:70:f6:4c:4d:65:
                    4a:18:2e:a8:c3:d8:3a:26:a8:61:87:fe:e4:65:fa:
                    01:e1:54:8c:55:b4:4b:ec:c2:65:57:6f:74:d7:36:
                    ae:23:24:01:94:47:45:28:ab:37:94:29:de:4e:bf:
                    33:b0:79:cf:5c:96:ee:6e:b0:f0:96:66:78:25:f4:
                    60:05:05:ea:e3:f9:c6:29:e6:b3:90:3c:42:86:f3:
                    c4:7e:ec:db:4b:82:8c:d0:bc:6e:0c:eb:e3:35:83:
                    91:05:56:16:37:d3:83:e7:20:72:ce:85:0b:49:3c:
                    89:12:c2:d2:4a:d8:db:fb:f3:54:cf:8f:44:4b:a8:
                    8a:2c:d6:0c:fb:16:d3:8a:10:fb:6d:75:e8:da:57:
                    16:2b:57:f7:6f:6e:78:bd:d7:6d:b7:d4:0f:86:ef:
                    94:9e:7b:95:25:47:ba:64:61:e8:ed:f6:6d:71:61:
                    ad:02:8c:7d:7f:5d:92:5a:d6:c4:5e:85:4c:dc:e0:
                    a4:0d:e8:3c:70:9c:60:92:7f:92:ae:3e:70:82:b7:
                    a4:51:26:91:2b:af:2c:fc:46:a0:60:ae:b1:55:6e:
                    d3:69:bf:f1:7b:43:d1:d5:fe:9e:22:0c:d0:2c:c9:
                    c9:a2:50:df:04:57:73:17:ec:b8:fc:9b:b0:86:12:
                    21:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:9B:02:78:E3:D5:E9:84:88:37:F1:90:B9:DF:1E:E1:D9:B6:F6:60
            X509v3 Authority Key Identifier:
                keyid:0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/t5sCeOPV6YSIN_GQud8e4dm29mA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.139.0.0-83.139.2.255
                  83.139.4.0-83.139.18.255
                  83.139.32.0/21
                IPv6:
                  2a01:4000::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:a0:a0:68:3f:2d:d0:e3:f4:9f:c9:d1:dc:cc:38:19:4a:b4:
         e9:db:d1:41:01:1e:a7:ac:33:a1:5d:d6:fa:bd:e2:6b:a1:31:
         16:04:87:87:6e:27:c4:ae:c4:b2:26:d2:9c:a3:4d:68:27:90:
         b7:59:b6:d0:e9:22:a4:67:db:2e:b0:4b:a0:7d:49:c0:28:92:
         31:00:5c:cc:ec:5c:e7:65:1b:37:c3:39:25:d4:08:e2:c6:a4:
         45:ab:98:7a:b1:2a:3d:14:a6:c2:82:60:d1:46:9a:a2:2d:a3:
         b4:d3:b7:65:41:36:69:7a:24:01:15:37:ee:00:14:cd:53:12:
         ca:12:80:33:a7:a4:08:ef:a3:cd:93:21:73:db:45:2f:da:00:
         7d:2d:ce:a0:59:9b:f8:21:78:30:a9:ed:86:b9:4b:92:fd:11:
         7a:94:5c:10:8d:6c:00:81:e6:7c:9b:78:36:4b:1a:e9:7c:f6:
         2e:33:35:c5:b7:fb:b8:a3:7d:24:5f:76:fe:9b:15:e7:a3:01:
         76:b3:fd:67:a1:8c:04:ef:82:81:f1:3b:0c:fa:9e:99:6b:de:
         03:35:05:3c:dd:0d:b6:6d:f4:b3:d0:ec:5a:5d:ce:ab:b9:51:
         5e:c6:ab:cf:a5:3d:40:11:88:b9:0c:13:4f:03:e0:ca:09:95:
         d4:10:7a:79
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY3VNcjL/rbCY9/jgs8H7i1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNzVmYjRmNTJhODI5ZDEzNmUyOWE5YTAyNWM2MzZkMTlh
ZTMyOGUwHhcNMjQwMjIzMDkwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzliMDI3OGUzZDVlOTg0ODgzN2YxOTBiOWRmMWVlMWQ5YjZmNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnH8jSDKSVTDcPZMTWVKGC6ow9g6
Jqhhh/7kZfoB4VSMVbRL7MJlV2901zauIyQBlEdFKKs3lCneTr8zsHnPXJbubrDw
lmZ4JfRgBQXq4/nGKeazkDxChvPEfuzbS4KM0LxuDOvjNYORBVYWN9OD5yByzoUL
STyJEsLSStjb+/NUz49ES6iKLNYM+xbTihD7bXXo2lcWK1f3b254vddtt9QPhu+U
nnuVJUe6ZGHo7fZtcWGtAox9f12SWtbEXoVM3OCkDeg8cJxgkn+Srj5wgrekUSaR
K68s/EagYK6xVW7Tab/xe0PR1f6eIgzQLMnJolDfBFdzF+y4/JuwhhIhTwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLebAnjj1emEiDfxkLnfHuHZtvZgMB8GA1UdIwQY
MBaAFA51+09SqCnRNuKamgJcY20ZrjKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYt
MzViYTI2N2RlZDNiLzEvdDVzQ2VPUFY2WVNJTl9HUXVkOGU0ZG0yOW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYtMzViYTI2N2RlZDNi
LzEvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAnBAIAATAhMAsDAwBTiwME
AFOLAjAMAwQCU4sEAwQAU4sSAwQDU4sgMA0EAgACMAcDBQAqAUAAMA0GCSqGSIb3
DQEBCwUAA4IBAQA+oKBoPy3Q4/SfydHczDgZSrTp29FBAR6nrDOhXdb6veJroTEW
BIeHbifErsSyJtKco01oJ5C3WbbQ6SKkZ9susEugfUnAKJIxAFzM7FznZRs3wzkl
1AjixqRFq5h6sSo9FKbCgmDRRpqiLaO007dlQTZpeiQBFTfuABTNUxLKEoAzp6QI
76PNkyFz20Uv2gB9Lc6gWZv4IXgwqe2GuUuS/RF6lFwQjWwAgeZ8m3g2SxrpfPYu
MzXFt/u4o30kX3b+mxXnowF2s/1noYwE74KB8TsM+p6Za94DNQU83Q22bfSz0Oxa
Xc6ruVFexqvPpT1AEYi5DBNPA+DKCZXUEHp5
-----END CERTIFICATE-----