Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/jlsRNYQNoLW6s2qkhfNmnkiaPy8.roa
File:                     jlsRNYQNoLW6s2qkhfNmnkiaPy8.roa (raw, json)
Hash identifier:          npYCoBLQniKYU1hCI6PTIO2aghDeVI6IYfvDXXszl4s=
Subject key identifier:   8E:5B:11:35:84:0D:A0:B5:BA:B3:6A:A4:85:F3:66:9E:48:9A:3F:2F
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018DFA8AFC239EC818F77B588637527559B8
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/jlsRNYQNoLW6s2qkhfNmnkiaPy8.roa
Signing time:             Fri 01 Mar 2024 15:03:48 +0000
ROA not before:           Fri 01 Mar 2024 15:03:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211619
IP address blocks:        5.182.112.0/24 maxlen: 24
                          45.9.168.0/24 maxlen: 24
                          83.137.156.0/24 maxlen: 24
                          83.137.157.0/24 maxlen: 24
                          88.209.206.0/24 maxlen: 24
                          88.209.228.0/24 maxlen: 24
                          88.209.236.0/22 maxlen: 22
                          88.209.236.0/24 maxlen: 24
                          88.209.237.0/24 maxlen: 24
                          88.209.239.0/24 maxlen: 24
                          88.209.246.0/24 maxlen: 24
                          88.209.247.0/24 maxlen: 24
                          88.209.254.0/24 maxlen: 24
                          92.52.217.0/24 maxlen: 24
                          92.52.218.0/24 maxlen: 24
                          194.41.47.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 05 Mar 2024 10:04:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:8a:fc:23:9e:c8:18:f7:7b:58:86:37:52:75:59:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Mar  1 15:03:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e5b1135840da0b5bab36aa485f3669e489a3f2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c0:72:db:5a:da:d9:27:9f:6d:ce:3a:a4:c2:
                    1d:ad:26:1f:09:59:51:95:a2:52:aa:f5:ed:92:8c:
                    f4:d7:1a:7f:03:63:9f:73:db:55:2d:4a:f2:b9:0f:
                    74:9d:17:c5:97:96:d4:5e:bd:eb:1f:6b:b0:2c:c0:
                    bf:eb:18:4d:9c:d5:98:19:d7:7f:1c:11:4f:1e:77:
                    f1:5c:0b:68:38:99:c3:e5:09:ec:16:79:b0:ef:b0:
                    e2:fd:fc:95:77:7b:fc:df:51:72:2b:28:44:d1:d3:
                    8f:16:0a:17:ee:d3:bd:2d:9d:ad:f4:55:60:58:96:
                    e4:0c:db:54:6a:39:3f:b0:34:35:a1:2d:a4:db:3e:
                    7f:0e:b0:ad:61:65:32:a0:0b:2f:f5:07:94:fe:2c:
                    c8:68:8b:6b:54:7e:d6:9b:3d:c4:64:60:d0:69:12:
                    05:51:17:d1:4b:2a:8f:58:b5:78:c5:96:d1:6f:f9:
                    25:68:a8:2e:df:b8:fd:f1:7c:9f:30:c1:2a:34:e0:
                    79:d7:f2:c0:ca:2d:86:10:c3:14:2e:2b:78:f4:10:
                    a1:43:bb:a2:11:d6:61:59:ac:f0:4c:7c:12:23:aa:
                    c1:e0:5a:a6:79:97:9a:4b:8d:46:82:5b:b2:96:2d:
                    a9:1d:67:f1:6b:6f:f2:4f:2c:c4:e8:1e:ad:28:37:
                    19:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:5B:11:35:84:0D:A0:B5:BA:B3:6A:A4:85:F3:66:9E:48:9A:3F:2F
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/jlsRNYQNoLW6s2qkhfNmnkiaPy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.112.0/24
                  45.9.168.0/24
                  83.137.156.0/23
                  88.209.206.0/24
                  88.209.228.0/24
                  88.209.236.0/22
                  88.209.246.0/23
                  88.209.254.0/24
                  92.52.217.0-92.52.218.255
                  194.41.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:c8:5d:c3:d8:55:cb:d7:0b:a9:22:7e:f1:6a:4a:e1:01:3c:
         8f:77:ba:58:df:da:85:44:d2:39:93:2c:de:bd:a4:b5:df:74:
         20:14:3d:1e:e3:94:26:1e:0b:5d:6b:4c:af:4d:5c:3d:e3:0a:
         a6:d1:40:06:51:05:cd:82:15:fa:8e:31:7a:f1:43:29:73:35:
         8d:78:2a:39:98:76:5b:ef:79:10:58:92:0d:b9:e7:ff:e1:06:
         bf:77:af:93:9f:9b:59:3d:f5:9b:bc:f4:f5:1f:fc:38:b2:0e:
         df:c5:ef:50:31:af:bb:01:34:ba:4c:e2:e3:24:71:68:71:4a:
         aa:21:0c:a4:0b:e7:57:a8:20:b1:40:fb:eb:11:58:27:fa:79:
         ae:b1:7f:84:d0:a3:3b:b4:07:4e:bd:b9:6c:d6:54:17:25:0e:
         43:e4:3a:41:78:fc:8d:69:c5:e5:6f:0d:7d:67:36:29:78:2e:
         73:25:35:be:92:2a:fc:30:d3:b7:12:6f:56:3e:93:e6:a4:2e:
         14:b6:c2:23:77:87:1a:e8:66:25:a6:0d:2b:04:fe:46:8a:d4:
         d9:9a:ec:ef:d5:77:38:82:52:68:36:e3:ff:34:20:90:3c:4d:
         fb:8a:36:7d:b2:a0:a1:18:f7:44:2d:80:a5:a6:b1:aa:85:d4:
         eb:f4:bd:50
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY36ivwjnsgY93tYhjdSdVm4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMzAxMTUwMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTViMTEzNTg0MGRhMGI1YmFiMzZhYTQ4NWYzNjY5ZTQ4OWEzZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcBy21ra2Sefbc46pMIdrSYfCVlR
laJSqvXtkoz01xp/A2Ofc9tVLUryuQ90nRfFl5bUXr3rH2uwLMC/6xhNnNWYGdd/
HBFPHnfxXAtoOJnD5QnsFnmw77Di/fyVd3v831FyKyhE0dOPFgoX7tO9LZ2t9FVg
WJbkDNtUajk/sDQ1oS2k2z5/DrCtYWUyoAsv9QeU/izIaItrVH7Wmz3EZGDQaRIF
URfRSyqPWLV4xZbRb/klaKgu37j98XyfMMEqNOB51/LAyi2GEMMULit49BChQ7ui
EdZhWazwTHwSI6rB4FqmeZeaS41Ggluyli2pHWfxa2/yTyzE6B6tKDcZmwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFI5bETWEDaC1urNqpIXzZp5Imj8vMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvamxzUk5ZUU5vTFc2czJxa2hmTm1ua2lhUHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQABbZwAwQA
LQmoAwQBU4mcAwQAWNHOAwQAWNHkAwQCWNHsAwQBWNH2AwQAWNH+MAwDBABcNNkD
BABcNNoDBADCKS8wDQYJKoZIhvcNAQELBQADggEBAAnIXcPYVcvXC6kifvFqSuEB
PI93uljf2oVE0jmTLN69pLXfdCAUPR7jlCYeC11rTK9NXD3jCqbRQAZRBc2CFfqO
MXrxQylzNY14KjmYdlvveRBYkg255//hBr93r5Ofm1k99Zu89PUf/DiyDt/F71Ax
r7sBNLpM4uMkcWhxSqohDKQL51eoILFA++sRWCf6ea6xf4TQozu0B069uWzWVBcl
DkPkOkF4/I1pxeVvDX1nNil4LnMlNb6SKvww07cSb1Y+k+akLhS2wiN3hxroZiWm
DSsE/kaK1Nma7O/VdziCUmg24/80IJA8TfuKNn2yoKEY90QtgKWmsaqF1Ov0vVA=
-----END CERTIFICATE-----