Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/eOWLVqS6u2qeo0shN2VWnwwtuP0.roa
File:                     eOWLVqS6u2qeo0shN2VWnwwtuP0.roa (raw, json)
Hash identifier:          nmXkMeB8w5EEJB6H23hdkOZ797rG7LQ4Kc6bBEtbbhc=
Subject key identifier:   78:E5:8B:56:A4:BA:BB:6A:9E:A3:4B:21:37:65:56:9F:0C:2D:B8:FD
Certificate issuer:       /CN=4cbfd3e72d4a0396f95347336b42678f68c26430
Certificate serial:       0190E8B9BC34C3EC08B7A083E460DE14AEF6
Authority key identifier: 4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/eOWLVqS6u2qeo0shN2VWnwwtuP0.roa
Signing time:             Thu 25 Jul 2024 07:10:04 +0000
ROA not before:           Thu 25 Jul 2024 07:10:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3188
IP address blocks:        5.2.80.0/24 maxlen: 24
                          5.2.81.0/24 maxlen: 24
                          5.2.82.0/24 maxlen: 24
                          5.2.83.0/24 maxlen: 24
                          5.2.84.0/24 maxlen: 24
                          5.2.85.0/24 maxlen: 24
                          5.2.86.0/24 maxlen: 24
                          5.2.87.0/24 maxlen: 24
                          185.8.32.0/24 maxlen: 24
                          185.8.33.0/24 maxlen: 24
                          185.8.34.0/24 maxlen: 24
                          185.8.35.0/24 maxlen: 24
                          185.8.128.0/24 maxlen: 24
                          185.8.129.0/24 maxlen: 24
                          185.8.130.0/24 maxlen: 24
                          185.8.131.0/24 maxlen: 24
                          185.67.121.0/24 maxlen: 24
                          185.150.128.0/24 maxlen: 24
                          185.150.131.0/24 maxlen: 24
                          2a02:d9c0::/29 maxlen: 29
                          2a04:b600::/29 maxlen: 29
Validation:               Failed, certificate revoked on Thu 25 Jul 2024 10:42:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e8:b9:bc:34:c3:ec:08:b7:a0:83:e4:60:de:14:ae:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cbfd3e72d4a0396f95347336b42678f68c26430
        Validity
            Not Before: Jul 25 07:10:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78e58b56a4babb6a9ea34b213765569f0c2db8fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ff:c9:0a:49:f8:41:9b:4c:9e:5b:d3:e0:c7:
                    73:86:97:85:f6:f5:02:e0:96:32:c8:bc:74:bd:f5:
                    95:f5:46:d6:1c:40:be:e7:ba:de:b7:19:48:13:20:
                    c7:67:7a:a0:ab:2f:60:47:7d:53:1f:0e:dc:17:14:
                    75:70:3a:7e:b9:ae:ac:c2:ae:f5:2a:e2:cf:7a:2a:
                    37:66:18:da:58:b3:09:c1:17:ce:6c:90:ac:4d:e1:
                    a4:b9:8f:4e:30:d0:ed:44:c5:8a:29:e1:48:c5:22:
                    e2:94:13:2a:50:ff:5b:da:43:1a:95:57:8a:c3:a2:
                    82:ba:64:d3:63:f1:ec:14:97:88:17:29:96:0f:7c:
                    fb:ff:3d:4e:e8:1a:f7:89:27:9a:84:6d:0c:c9:c0:
                    37:a4:ce:51:85:d5:9c:bd:76:4e:40:70:be:61:3a:
                    0f:2f:8a:d4:4f:81:5a:1a:3e:7e:fb:f3:99:85:a7:
                    63:1a:4a:58:f6:79:df:c5:7c:45:8e:83:cc:6e:9e:
                    5e:50:c0:a0:33:d7:f9:10:3f:68:0b:d5:67:dd:f0:
                    47:6d:5a:9a:90:b7:72:7b:bd:86:5b:cc:ea:df:a3:
                    c2:72:6e:9f:28:e4:73:e0:d6:9b:07:64:1f:ce:09:
                    4e:2b:79:59:b3:b2:4b:cc:b2:31:4b:68:fc:e2:84:
                    73:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:E5:8B:56:A4:BA:BB:6A:9E:A3:4B:21:37:65:56:9F:0C:2D:B8:FD
            X509v3 Authority Key Identifier:
                keyid:4C:BF:D3:E7:2D:4A:03:96:F9:53:47:33:6B:42:67:8F:68:C2:64:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TL_T5y1KA5b5U0cza0Jnj2jCZDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/eOWLVqS6u2qeo0shN2VWnwwtuP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b5733b-3891-449b-9950-ff60e218ed41/1/TL_T5y1KA5b5U0cza0Jnj2jCZDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.2.80.0/21
                  185.8.32.0/22
                  185.8.128.0/22
                  185.67.121.0/24
                  185.150.128.0/24
                  185.150.131.0/24
                IPv6:
                  2a02:d9c0::/29
                  2a04:b600::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:9c:87:23:2f:0f:11:04:92:b7:86:b8:bf:f8:98:cf:83:cc:
         52:a6:50:17:a2:cc:2e:a8:18:c6:9e:a0:da:fa:b6:40:d4:6b:
         39:06:f2:48:ff:ac:eb:e9:8e:75:af:14:a7:29:ba:bc:ec:8a:
         07:75:6e:f4:fa:d6:79:a2:ad:7e:2c:1d:93:dc:64:6d:72:7f:
         9f:cf:bf:60:8a:47:0b:fc:97:31:ec:a1:f9:f9:9b:3f:41:02:
         06:99:ea:e8:af:0d:fc:c9:c7:ee:42:71:c3:73:d1:7e:37:e0:
         94:8e:c6:59:87:ca:5f:de:4e:77:c6:fe:8f:13:b9:76:82:69:
         01:d7:c7:3c:f6:16:67:7d:54:3c:ca:d0:96:3e:2d:2e:7e:53:
         ca:cc:26:7e:cb:7a:d0:9c:1a:e9:66:06:1d:ab:79:74:21:05:
         75:97:6b:dc:cc:ae:3e:4e:90:75:99:92:c9:3d:a8:67:f1:6c:
         a7:dd:c4:93:73:b5:10:5c:bd:c1:be:cd:48:5f:63:c2:cb:7c:
         61:7c:a7:5e:4b:32:1a:52:ad:7c:1b:25:22:cd:c2:eb:79:da:
         bf:5d:74:79:f9:63:3a:42:64:5c:64:b1:e4:80:2a:3f:b1:2a:
         b8:9e:82:12:78:e6:73:5f:7a:c3:01:ef:2a:96:d2:cc:21:a0:
         d1:5d:7c:96
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZDoubw0w+wIt6CD5GDeFK72MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYmZkM2U3MmQ0YTAzOTZmOTUzNDczMzZiNDI2NzhmNjhj
MjY0MzAwHhcNMjQwNzI1MDcxMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGU1OGI1NmE0YmFiYjZhOWVhMzRiMjEzNzY1NTY5ZjBjMmRiOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzf/JCkn4QZtMnlvT4MdzhpeF9vUC
4JYyyLx0vfWV9UbWHEC+57retxlIEyDHZ3qgqy9gR31THw7cFxR1cDp+ua6swq71
KuLPeio3ZhjaWLMJwRfObJCsTeGkuY9OMNDtRMWKKeFIxSLilBMqUP9b2kMalVeK
w6KCumTTY/HsFJeIFymWD3z7/z1O6Br3iSeahG0MycA3pM5RhdWcvXZOQHC+YToP
L4rUT4FaGj5++/OZhadjGkpY9nnfxXxFjoPMbp5eUMCgM9f5ED9oC9Vn3fBHbVqa
kLdye72GW8zq36PCcm6fKORz4NabB2QfzglOK3lZs7JLzLIxS2j84oRzGwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFHjli1akurtqnqNLITdlVp8MLbj9MB8GA1UdIwQY
MBaAFEy/0+ctSgOW+VNHM2tCZ49owmQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAt
ZmY2MGUyMThlZDQxLzEvZU9XTFZxUzZ1MnFlbzBzaE4yVldud3d0dVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iNTczM2ItMzg5MS00NDliLTk5NTAtZmY2MGUyMThlZDQx
LzEvVExfVDV5MUtBNWI1VTBjemEwSm5qMmpDWkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQDBQJQAwQC
uQggAwQCuQiAAwQAuUN5AwQAuZaAAwQAuZaDMBQEAgACMA4DBQMqAtnAAwUDKgS2
ADANBgkqhkiG9w0BAQsFAAOCAQEAUJyHIy8PEQSSt4a4v/iYz4PMUqZQF6LMLqgY
xp6g2vq2QNRrOQbySP+s6+mOda8Upym6vOyKB3Vu9PrWeaKtfiwdk9xkbXJ/n8+/
YIpHC/yXMeyh+fmbP0ECBpnq6K8N/MnH7kJxw3PRfjfglI7GWYfKX95Od8b+jxO5
doJpAdfHPPYWZ31UPMrQlj4tLn5Tyswmfst60Jwa6WYGHat5dCEFdZdr3MyuPk6Q
dZmSyT2oZ/Fsp93Ek3O1EFy9wb7NSF9jwst8YXynXksyGlKtfBslIs3C63nav110
efljOkJkXGSx5IAqP7EquJ6CEnjmc196wwHvKpbSzCGg0V18lg==
-----END CERTIFICATE-----