Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/lJ1PoCWVm-1_iRMMNNGzUT8M10I.roa
File:                     lJ1PoCWVm-1_iRMMNNGzUT8M10I.roa (raw, json)
Hash identifier:          /NCSeOPecSjepfg0DUg1cfBtoEB+0Pb8FlfNGIFIPjc=
Subject key identifier:   94:9D:4F:A0:25:95:9B:ED:7F:89:13:0C:34:D1:B3:51:3F:0C:D7:42
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018E76DAABF455CB9BE47AE3435E3D538C81
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/lJ1PoCWVm-1_iRMMNNGzUT8M10I.roa
Signing time:             Mon 25 Mar 2024 18:23:46 +0000
ROA not before:           Mon 25 Mar 2024 18:23:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        2.58.99.0/24 maxlen: 24
                          91.240.33.0/24 maxlen: 24
                          109.196.104.0/24 maxlen: 24
                          109.196.105.0/24 maxlen: 24
                          109.196.106.0/24 maxlen: 24
                          109.196.107.0/24 maxlen: 24
                          109.196.108.0/24 maxlen: 24
                          109.196.109.0/24 maxlen: 24
                          109.196.110.0/24 maxlen: 24
                          109.196.111.0/24 maxlen: 24
                          176.101.56.0/24 maxlen: 24
                          176.101.57.0/24 maxlen: 24
                          176.101.58.0/24 maxlen: 24
                          176.101.59.0/24 maxlen: 24
                          176.101.60.0/24 maxlen: 24
                          176.101.61.0/24 maxlen: 24
                          176.101.62.0/24 maxlen: 24
                          176.101.63.0/24 maxlen: 24
                          213.109.108.0/24 maxlen: 24
                          213.109.109.0/24 maxlen: 24
                          213.109.110.0/24 maxlen: 24
                          213.109.111.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 05 Sep 2024 16:30:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:da:ab:f4:55:cb:9b:e4:7a:e3:43:5e:3d:53:8c:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Mar 25 18:23:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=949d4fa025959bed7f89130c34d1b3513f0cd742
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d3:2c:5e:08:c0:42:ad:13:4f:99:45:a3:09:
                    ef:42:b4:ec:43:45:f1:07:da:af:35:9a:f9:e4:7f:
                    20:48:05:8c:0c:81:8f:cf:40:91:45:30:45:cb:c8:
                    b0:07:60:c7:67:ee:6e:35:2c:59:71:22:c0:78:d4:
                    f7:b5:2d:d5:73:52:3d:14:72:3e:b6:76:51:9a:44:
                    b9:ea:00:bf:07:21:3a:be:33:72:89:03:56:30:25:
                    32:83:00:20:d9:f7:70:0e:06:0e:bd:96:9e:cf:28:
                    d7:fd:e3:2c:33:2c:4c:7b:87:2f:69:a3:f9:81:34:
                    28:0a:cd:59:07:4c:e5:a6:92:7b:b6:da:82:23:b7:
                    82:1b:ee:c5:74:31:00:b5:58:8e:28:ed:fc:f5:fe:
                    08:03:28:66:d6:cc:5e:7b:96:a6:ab:72:0c:cf:de:
                    c6:14:ed:0f:9c:48:a8:0f:5b:41:57:bf:4f:be:e9:
                    23:3e:48:3d:42:85:75:fb:ae:f4:e6:ab:90:c9:89:
                    fc:79:36:a0:2b:7d:a4:b3:3a:e6:c7:d4:4b:f6:dc:
                    ae:d9:45:f1:10:4a:af:aa:ac:3e:61:12:a0:6e:37:
                    f0:bf:44:e0:27:cd:fd:b6:ac:92:09:8d:75:da:6b:
                    ce:7d:e0:46:74:43:5a:e1:76:e6:69:0a:1e:7e:b5:
                    66:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:9D:4F:A0:25:95:9B:ED:7F:89:13:0C:34:D1:B3:51:3F:0C:D7:42
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/lJ1PoCWVm-1_iRMMNNGzUT8M10I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.99.0/24
                  91.240.33.0/24
                  109.196.104.0/21
                  176.101.56.0/21
                  213.109.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:e3:ab:24:a6:cb:fc:97:d9:a4:74:c9:98:c4:60:d4:c0:a0:
         1d:df:9a:f8:bd:b3:3f:06:90:a5:f1:5f:b6:29:bd:8d:ee:00:
         f7:02:58:b0:e0:24:59:3c:b5:d7:a4:a1:53:fd:db:65:2f:8b:
         4c:aa:ce:42:58:d7:84:8a:79:b5:f4:be:58:f5:84:45:40:17:
         e1:01:8f:2d:61:18:79:74:40:c7:9d:92:54:a7:54:e5:25:78:
         dd:5f:6c:2e:ff:a9:ba:be:dc:51:50:7f:a0:35:82:b6:e7:ed:
         e7:eb:75:e3:dc:f1:48:37:7d:52:13:75:6e:1c:ca:59:73:7c:
         1a:14:d9:e8:d0:d2:53:31:d8:92:6b:31:62:26:e7:cd:fa:34:
         c6:d4:5c:0c:86:5a:2a:ed:2b:34:d6:4a:73:0d:2b:8c:4b:fc:
         5f:6a:58:e2:af:0d:94:4e:e3:2d:c5:b9:be:fb:b5:73:ad:dd:
         e6:fd:d4:41:1e:00:ac:a5:e1:eb:3e:4a:c7:bf:d7:77:a1:04:
         7c:6b:45:e3:35:0d:57:3e:43:16:bc:d2:37:a5:9c:08:36:27:
         e2:68:66:03:87:d7:6c:ad:d0:33:a2:98:13:70:a1:80:3e:79:
         a6:bf:8b:f3:64:23:bb:04:df:2a:f4:4e:c3:57:81:be:42:5e:
         fb:4e:65:fc
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY522qv0Vcub5HrjQ149U4yBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMzI1MTgyMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDlkNGZhMDI1OTU5YmVkN2Y4OTEzMGMzNGQxYjM1MTNmMGNkNzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdMsXgjAQq0TT5lFownvQrTsQ0Xx
B9qvNZr55H8gSAWMDIGPz0CRRTBFy8iwB2DHZ+5uNSxZcSLAeNT3tS3Vc1I9FHI+
tnZRmkS56gC/ByE6vjNyiQNWMCUygwAg2fdwDgYOvZaezyjX/eMsMyxMe4cvaaP5
gTQoCs1ZB0zlppJ7ttqCI7eCG+7FdDEAtViOKO389f4IAyhm1sxee5amq3IMz97G
FO0PnEioD1tBV79PvukjPkg9QoV1+6705quQyYn8eTagK32kszrmx9RL9tyu2UXx
EEqvqqw+YRKgbjfwv0TgJ839tqySCY112mvOfeBGdENa4XbmaQoefrVmMQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJSdT6AllZvtf4kTDDTRs1E/DNdCMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvbEoxUG9DV1ZtLTFfaVJNTU5OR3pVVDhNMTBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAAjpjAwQA
W/AhAwQDbcRoAwQDsGU4AwQC1W1sMA0GCSqGSIb3DQEBCwUAA4IBAQCq46skpsv8
l9mkdMmYxGDUwKAd35r4vbM/BpCl8V+2Kb2N7gD3Aliw4CRZPLXXpKFT/dtlL4tM
qs5CWNeEinm19L5Y9YRFQBfhAY8tYRh5dEDHnZJUp1TlJXjdX2wu/6m6vtxRUH+g
NYK25+3n63Xj3PFIN31SE3VuHMpZc3waFNno0NJTMdiSazFiJufN+jTG1FwMhloq
7Ss01kpzDSuMS/xfaljirw2UTuMtxbm++7Vzrd3m/dRBHgCspeHrPkrHv9d3oQR8
a0XjNQ1XPkMWvNI3pZwINifiaGYDh9dsrdAzopgTcKGAPnmmv4vzZCO7BN8q9E7D
V4G+Ql77TmX8
-----END CERTIFICATE-----