Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/ixeRedNUUE5Gn8EFMfFUy3pduBM.roa
File:                     ixeRedNUUE5Gn8EFMfFUy3pduBM.roa (raw, json)
Hash identifier:          AgkaYDhh+DTWzIbot2EOpByL5ZY+r7Ui29jFzp0Ww40=
Subject key identifier:   8B:17:91:79:D3:54:50:4E:46:9F:C1:05:31:F1:54:CB:7A:5D:B8:13
Certificate issuer:       /CN=f2d593b1c87b81739ec41910295bf385f2c9a992
Certificate serial:       018CC5DBFFFA2093A97B7045E04B2C26029D
Authority key identifier: F2:D5:93:B1:C8:7B:81:73:9E:C4:19:10:29:5B:F3:85:F2:C9:A9:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8tWTsch7gXOexBkQKVvzhfLJqZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/ixeRedNUUE5Gn8EFMfFUy3pduBM.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210892
IP address blocks:        79.135.124.0/24 maxlen: 24
                          79.135.125.0/24 maxlen: 24
                          5.1.45.0/24 maxlen: 24
                          79.135.126.0/24 maxlen: 24
                          79.135.127.0/24 maxlen: 24
                          109.224.223.0/24 maxlen: 24
                          109.224.232.0/24 maxlen: 24
                          2a11:2b07:f003::/48 maxlen: 48
                          2a11:2b07:f000::/48 maxlen: 48
                          2a11:2b07:f002::/48 maxlen: 48
                          2a11:2b07:f001::/48 maxlen: 48
                          2a11:2b07:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 19 Mar 2024 13:14:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ff:fa:20:93:a9:7b:70:45:e0:4b:2c:26:02:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2d593b1c87b81739ec41910295bf385f2c9a992
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b179179d354504e469fc10531f154cb7a5db813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:40:18:5f:f8:73:eb:39:3d:f6:9c:f6:9a:25:
                    12:27:b6:ca:71:44:88:d4:52:f4:64:e7:cd:09:6d:
                    06:fb:09:15:d0:5c:24:0f:c5:f4:11:a7:46:86:35:
                    43:a0:3d:46:db:e8:ce:97:30:52:7d:5e:e1:0e:8c:
                    d2:c0:ba:f4:0e:25:95:58:3c:b9:25:78:1c:66:69:
                    8e:18:1a:1d:81:3e:18:7b:72:9d:b6:ee:62:2b:cb:
                    0c:09:97:20:4e:a4:38:60:b6:c7:54:ea:53:e5:49:
                    b1:95:fc:9d:02:8e:2b:03:f1:c2:c4:2f:c4:b9:0a:
                    fa:30:4e:f5:f5:ef:06:91:a5:cc:59:4f:64:f6:e6:
                    0a:80:53:a8:2b:13:7d:9a:be:6c:b3:12:d7:54:34:
                    dc:d9:8c:25:7c:4e:8d:76:94:2c:02:10:ce:3c:fb:
                    17:89:26:d3:3f:0f:e7:90:f1:78:de:d7:1d:ea:06:
                    b0:e9:2a:3c:ae:54:f4:ac:d4:83:40:f1:4e:eb:7a:
                    99:a1:5a:f0:1f:6d:30:18:79:ad:30:2c:02:62:64:
                    c2:b9:3c:0f:9d:69:ab:c8:e6:61:5e:57:e7:27:0d:
                    4d:c6:14:2d:3e:d6:90:98:b9:b9:3e:8d:e3:df:6c:
                    65:37:96:8f:68:f4:14:b7:04:32:8d:c4:71:64:fd:
                    4f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:17:91:79:D3:54:50:4E:46:9F:C1:05:31:F1:54:CB:7A:5D:B8:13
            X509v3 Authority Key Identifier:
                keyid:F2:D5:93:B1:C8:7B:81:73:9E:C4:19:10:29:5B:F3:85:F2:C9:A9:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8tWTsch7gXOexBkQKVvzhfLJqZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/ixeRedNUUE5Gn8EFMfFUy3pduBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9391a6-dd3f-4933-9da2-9b8d68ee87fc/1/8tWTsch7gXOexBkQKVvzhfLJqZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.45.0/24
                  79.135.124.0/22
                  109.224.223.0/24
                  109.224.232.0/24
                IPv6:
                  2a11:2b07:1::/48
                  2a11:2b07:f000::/46

    Signature Algorithm: sha256WithRSAEncryption
         78:da:68:2c:d0:52:05:eb:30:74:de:75:24:c5:13:6d:e9:ea:
         ca:13:aa:17:19:9c:01:d4:f2:6d:9b:f8:c7:7f:84:12:c4:93:
         47:da:53:a9:a3:a0:77:c6:c5:f6:62:31:1a:d8:56:a3:60:e5:
         ae:c1:41:49:23:14:ee:b6:fb:aa:58:84:70:ca:27:f7:aa:27:
         6e:e2:ed:c0:3f:2b:db:45:f1:80:fb:99:65:da:da:a3:94:41:
         fb:db:76:ed:57:c9:94:77:e1:40:d5:36:04:23:47:50:57:cd:
         54:33:76:aa:41:8e:e4:a1:3c:63:d2:0c:e6:16:7b:d9:50:94:
         c1:82:b3:16:0e:b4:34:51:e4:65:17:46:1a:77:56:68:89:c1:
         56:65:f6:2a:05:a2:49:d3:c7:5b:ae:e2:1f:5c:ee:8c:e8:31:
         53:01:b0:c9:89:71:0b:ba:5f:3d:55:b2:34:9b:1f:ed:a3:a5:
         eb:9a:41:c9:d8:83:91:88:f0:ba:9a:a9:ea:5e:0d:85:50:6d:
         3b:5b:9f:76:dd:8e:b5:bd:5a:b5:69:21:f8:bd:63:af:72:87:
         00:bf:5a:68:80:c4:63:42:cc:8d:16:1d:10:b8:f0:80:4f:bc:
         4c:a3:8d:5a:65:87:27:ed:34:d9:fe:6c:93:47:38:49:a4:51:
         10:57:5c:bc
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzF2//6IJOpe3BF4EssJgKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZDU5M2IxYzg3YjgxNzM5ZWM0MTkxMDI5NWJmMzg1ZjJj
OWE5OTIwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjE3OTE3OWQzNTQ1MDRlNDY5ZmMxMDUzMWYxNTRjYjdhNWRiODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUAYX/hz6zk99pz2miUSJ7bKcUSI
1FL0ZOfNCW0G+wkV0FwkD8X0EadGhjVDoD1G2+jOlzBSfV7hDozSwLr0DiWVWDy5
JXgcZmmOGBodgT4Ye3Kdtu5iK8sMCZcgTqQ4YLbHVOpT5UmxlfydAo4rA/HCxC/E
uQr6ME719e8GkaXMWU9k9uYKgFOoKxN9mr5ssxLXVDTc2YwlfE6NdpQsAhDOPPsX
iSbTPw/nkPF43tcd6gaw6So8rlT0rNSDQPFO63qZoVrwH20wGHmtMCwCYmTCuTwP
nWmryOZhXlfnJw1NxhQtPtaQmLm5Po3j32xlN5aPaPQUtwQyjcRxZP1P6QIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFIsXkXnTVFBORp/BBTHxVMt6XbgTMB8GA1UdIwQY
MBaAFPLVk7HIe4FznsQZEClb84XyyamSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHRXVHNjaDdnWE9leEJrUUtWdnpoZkxKcVpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS85MzkxYTYtZGQzZi00OTMzLTlkYTIt
OWI4ZDY4ZWU4N2ZjLzEvaXhlUmVkTlVVRTVHbjhFRk1mRlV5M3BkdUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS85MzkxYTYtZGQzZi00OTMzLTlkYTItOWI4ZDY4ZWU4N2Zj
LzEvOHRXVHNjaDdnWE9leEJrUUtWdnpoZkxKcVpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAeBAIAATAYAwQABQEtAwQC
T4d8AwQAbeDfAwQAbeDoMBgEAgACMBIDBwAqESsHAAEDBwIqESsH8AAwDQYJKoZI
hvcNAQELBQADggEBAHjaaCzQUgXrMHTedSTFE23p6soTqhcZnAHU8m2b+Md/hBLE
k0faU6mjoHfGxfZiMRrYVqNg5a7BQUkjFO62+6pYhHDKJ/eqJ27i7cA/K9tF8YD7
mWXa2qOUQfvbdu1XyZR34UDVNgQjR1BXzVQzdqpBjuShPGPSDOYWe9lQlMGCsxYO
tDRR5GUXRhp3VmiJwVZl9ioFoknTx1uu4h9c7ozoMVMBsMmJcQu6Xz1VsjSbH+2j
peuaQcnYg5GI8LqaqepeDYVQbTtbn3bdjrW9WrVpIfi9Y69yhwC/WmiAxGNCzI0W
HRC48IBPvEyjjVplhyftNNn+bJNHOEmkURBXXLw=