Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eomdLDpMoMuYkPQZr4F3uxNvVcQ.roa
File:                     eomdLDpMoMuYkPQZr4F3uxNvVcQ.roa (raw, json)
Hash identifier:          G1Bun3Fk55Uc3vhQS2p3jX5uf/mbzBSSczllUOIB6nY=
Subject key identifier:   7A:89:9D:2C:3A:4C:A0:CB:98:90:F4:19:AF:81:77:BB:13:6F:55:C4
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0190ABF76C182D252CC707AB99B5E1F25D16
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eomdLDpMoMuYkPQZr4F3uxNvVcQ.roa
Signing time:             Sat 13 Jul 2024 12:00:37 +0000
ROA not before:           Sat 13 Jul 2024 12:00:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211619
IP address blocks:        5.182.115.0/24 maxlen: 24
                          45.9.168.0/24 maxlen: 24
                          77.242.152.0/24 maxlen: 24
                          77.242.153.0/24 maxlen: 24
                          77.242.154.0/24 maxlen: 24
                          77.242.155.0/24 maxlen: 24
                          83.137.157.0/24 maxlen: 24
                          88.209.205.0/24 maxlen: 24
                          88.209.206.0/24 maxlen: 24
                          88.209.228.0/24 maxlen: 24
                          88.209.236.0/22 maxlen: 22
                          88.209.236.0/24 maxlen: 24
                          88.209.237.0/24 maxlen: 24
                          88.209.238.0/24 maxlen: 24
                          88.209.239.0/24 maxlen: 24
                          92.52.217.0/24 maxlen: 24
                          194.41.47.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 06 Sep 2024 15:22:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ab:f7:6c:18:2d:25:2c:c7:07:ab:99:b5:e1:f2:5d:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jul 13 12:00:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a899d2c3a4ca0cb9890f419af8177bb136f55c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:87:c1:7f:1e:d1:87:90:90:3b:ce:0b:80:c4:
                    d1:18:86:c0:2a:74:ac:d0:b2:cf:da:c0:96:07:09:
                    97:27:38:ed:9b:b4:66:f2:ae:60:07:81:1f:90:23:
                    fa:b3:43:2d:ba:ee:a1:77:c8:48:a4:df:5f:d0:fb:
                    bc:92:d6:90:88:ab:b0:50:25:2a:e4:85:d0:01:a5:
                    6b:7f:ca:be:b3:31:ef:f1:92:53:42:62:87:f0:d3:
                    0c:50:3d:16:51:49:ec:ca:5b:7b:4c:4d:77:57:be:
                    3f:99:11:22:09:fd:86:2e:64:c2:bc:8a:ba:51:b1:
                    31:28:71:66:99:01:2c:7d:a5:77:52:aa:fc:73:5d:
                    1f:95:68:1e:2e:74:2e:82:2c:42:ad:f3:b8:f1:e5:
                    91:c0:52:e1:54:35:dc:83:80:6f:38:60:ae:0f:f7:
                    0d:22:42:68:45:34:a2:ab:d8:24:43:d3:0a:73:32:
                    f2:1a:f9:2b:07:be:9f:b4:db:5d:3d:fc:1d:3f:14:
                    f1:fe:19:6e:6b:45:ce:3a:4d:80:37:ca:0d:95:07:
                    e9:a6:e9:11:4d:dc:a5:c2:24:14:e1:56:d4:08:bf:
                    f3:8b:c3:fc:5e:63:00:dc:0f:ab:7b:46:ef:70:a9:
                    5c:14:b8:dd:cf:a4:44:c8:6a:d8:66:ba:75:5b:90:
                    13:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:89:9D:2C:3A:4C:A0:CB:98:90:F4:19:AF:81:77:BB:13:6F:55:C4
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/eomdLDpMoMuYkPQZr4F3uxNvVcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.115.0/24
                  45.9.168.0/24
                  77.242.152.0/22
                  83.137.157.0/24
                  88.209.205.0-88.209.206.255
                  88.209.228.0/24
                  88.209.236.0/22
                  92.52.217.0/24
                  194.41.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:a2:dd:56:b3:0a:3f:14:a2:8e:a8:25:51:5b:0e:c9:b5:1f:
         76:ed:26:90:59:55:2e:d9:b2:26:5f:b6:34:84:bd:4c:c2:f0:
         ab:bc:89:2a:0d:87:80:5f:1e:63:df:1d:f6:46:03:58:03:a3:
         31:61:a6:1b:9f:86:fd:59:34:15:fe:bc:23:9e:ad:39:b1:d4:
         79:e7:d8:5c:1d:30:f0:2a:e6:fa:91:14:99:d2:45:2e:a7:ad:
         9d:c2:65:a1:84:8f:43:93:69:a9:14:6f:8e:75:7f:51:5f:35:
         62:6a:9e:c5:69:58:80:a5:fa:47:d7:34:6c:ae:64:00:50:40:
         d1:e7:bc:ca:12:3e:b5:45:fd:97:61:a9:f5:eb:76:65:c7:f6:
         20:91:aa:93:1f:00:3d:6d:9c:4e:c7:42:70:df:cf:38:0e:80:
         f0:8c:74:a6:7a:c7:8e:7f:71:03:8e:71:89:2e:09:66:7f:de:
         64:fb:fd:b0:54:b3:e9:0c:97:60:d3:4d:a8:2a:fd:e3:d2:da:
         b0:ee:5d:e7:38:ab:56:ee:a6:98:6a:8b:d4:c3:79:1b:4d:46:
         2e:3d:d1:4a:a6:53:c6:29:1b:14:c9:09:c7:81:92:f2:b1:76:
         d4:a8:33:21:d4:60:c4:6a:d1:8d:c0:77:b7:15:9e:75:c7:95:
         7e:70:97:86
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZCr92wYLSUsxwermbXh8l0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwNzEzMTIwMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTg5OWQyYzNhNGNhMGNiOTg5MGY0MTlhZjgxNzdiYjEzNmY1NWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsofBfx7Rh5CQO84LgMTRGIbAKnSs
0LLP2sCWBwmXJzjtm7Rm8q5gB4EfkCP6s0Mtuu6hd8hIpN9f0Pu8ktaQiKuwUCUq
5IXQAaVrf8q+szHv8ZJTQmKH8NMMUD0WUUnsylt7TE13V74/mREiCf2GLmTCvIq6
UbExKHFmmQEsfaV3Uqr8c10flWgeLnQugixCrfO48eWRwFLhVDXcg4BvOGCuD/cN
IkJoRTSiq9gkQ9MKczLyGvkrB76ftNtdPfwdPxTx/hlua0XOOk2AN8oNlQfppukR
TdylwiQU4VbUCL/zi8P8XmMA3A+re0bvcKlcFLjdz6REyGrYZrp1W5AT9QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFHqJnSw6TKDLmJD0Ga+Bd7sTb1XEMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZW9tZExEcE1vTXVZa1BRWnI0RjN1eE52VmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQABbZzAwQA
LQmoAwQCTfKYAwQAU4mdMAwDBABY0c0DBABY0c4DBABY0eQDBAJY0ewDBABcNNkD
BADCKS8wDQYJKoZIhvcNAQELBQADggEBAKyi3VazCj8Uoo6oJVFbDsm1H3btJpBZ
VS7ZsiZftjSEvUzC8Ku8iSoNh4BfHmPfHfZGA1gDozFhphufhv1ZNBX+vCOerTmx
1Hnn2FwdMPAq5vqRFJnSRS6nrZ3CZaGEj0OTaakUb451f1FfNWJqnsVpWICl+kfX
NGyuZABQQNHnvMoSPrVF/ZdhqfXrdmXH9iCRqpMfAD1tnE7HQnDfzzgOgPCMdKZ6
x45/cQOOcYkuCWZ/3mT7/bBUs+kMl2DTTagq/ePS2rDuXec4q1bupphqi9TDeRtN
Ri490UqmU8YpGxTJCceBkvKxdtSoMyHUYMRq0Y3Ad7cVnnXHlX5wl4Y=
-----END CERTIFICATE-----