Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/0L90IqF3TJpuSZhvjNst6U5gJOw.roa
File:                     0L90IqF3TJpuSZhvjNst6U5gJOw.roa (raw, json)
Hash identifier:          XpKYO0hlnmdsSAUkrsENsYgOpHDZPz2eX/QriEeGXl8=
Subject key identifier:   D0:BF:74:22:A1:77:4C:9A:6E:49:98:6F:8C:DB:2D:E9:4E:60:24:EC
Certificate issuer:       /CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
Certificate serial:       018AEAE7E2A3DEB45DB911A8C648DB71E99A
Authority key identifier: E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/0L90IqF3TJpuSZhvjNst6U5gJOw.roa
Signing time:             Sun 01 Oct 2023 11:02:59 +0000
ROA not before:           Sun 01 Oct 2023 11:02:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41436
IP address blocks:        83.229.83.0/24 maxlen: 24
                          83.229.82.0/24 maxlen: 24
                          103.13.210.0/24 maxlen: 24
                          63.250.56.0/24 maxlen: 24
                          63.250.57.0/24 maxlen: 24
                          185.220.204.0/24 maxlen: 24
                          185.220.205.0/24 maxlen: 24
                          195.238.121.0/24 maxlen: 24
                          45.91.168.0/24 maxlen: 24
                          45.91.169.0/24 maxlen: 24
                          103.241.67.0/24 maxlen: 24
                          194.146.38.0/24 maxlen: 24
                          194.146.39.0/24 maxlen: 24
                          5.180.180.0/24 maxlen: 24
                          103.45.247.0/24 maxlen: 24
                          5.180.182.0/24 maxlen: 24
                          5.180.183.0/24 maxlen: 24
                          5.180.181.0/24 maxlen: 24
                          2a06:c5c0:200::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ea:e7:e2:a3:de:b4:5d:b9:11:a8:c6:48:db:71:e9:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
        Validity
            Not Before: Oct  1 11:02:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d0bf7422a1774c9a6e49986f8cdb2de94e6024ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:0f:4c:f9:7f:d2:af:d6:12:2e:08:12:08:6f:
                    75:e1:3a:d0:4f:32:92:da:ac:08:0c:33:7f:e4:01:
                    9c:a5:46:e8:05:98:64:3b:a9:cb:a7:ff:5c:47:7f:
                    2d:39:43:17:ce:7f:21:14:1c:68:1d:35:58:c9:86:
                    98:2e:46:40:c5:98:0d:92:4a:7f:b7:13:99:b3:b6:
                    9e:08:d9:3f:fe:b5:d2:19:7d:9a:cc:a0:46:27:b6:
                    73:78:72:31:ef:0e:11:26:f7:54:81:34:b4:f1:4a:
                    96:0a:f5:56:18:69:ff:74:8c:ef:ba:b9:c5:c8:e2:
                    94:3f:c5:75:87:90:9a:d5:96:48:14:67:06:f7:52:
                    68:c7:9b:7c:44:fd:b4:34:36:2c:00:16:94:f2:d3:
                    9c:87:57:2b:83:89:4c:dd:e2:0d:24:28:c2:49:69:
                    79:3c:ad:f3:1d:58:66:c1:63:ab:63:a0:a2:61:fc:
                    c4:4f:e1:24:8c:2f:15:a8:6a:70:44:41:0e:8d:82:
                    dc:e2:9a:52:9d:10:6a:a0:89:69:0f:e2:56:8d:81:
                    5e:9d:ea:84:92:2f:bf:4d:d6:4f:eb:4e:55:d9:10:
                    c9:57:0b:9b:74:ff:b7:00:4d:95:ca:32:5c:bb:46:
                    34:c4:2b:c4:1c:d4:d9:7b:9b:97:9e:1b:18:0e:f6:
                    47:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:BF:74:22:A1:77:4C:9A:6E:49:98:6F:8C:DB:2D:E9:4E:60:24:EC
            X509v3 Authority Key Identifier:
                keyid:E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/0L90IqF3TJpuSZhvjNst6U5gJOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/5b15I6_brofQeyMI3TidnPCC7W0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.180.0/22
                  45.91.168.0/23
                  63.250.56.0/23
                  83.229.82.0/23
                  103.13.210.0/24
                  103.45.247.0/24
                  103.241.67.0/24
                  185.220.204.0/23
                  194.146.38.0/23
                  195.238.121.0/24
                IPv6:
                  2a06:c5c0:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         d9:37:55:8e:75:a5:c3:0d:ba:89:96:56:17:57:4c:ff:7e:b8:
         55:9c:d7:df:12:05:eb:33:fe:23:6c:b0:12:b2:1a:d3:8d:32:
         5a:6a:d2:9a:4c:ed:ae:e6:b0:67:fa:21:76:f5:ca:23:58:87:
         8b:e7:4d:2d:d2:81:f0:cf:fb:65:73:1f:06:85:b5:60:fd:2e:
         e2:c3:ca:a0:24:09:83:e8:7b:ca:9e:83:da:84:d3:aa:de:56:
         9d:f3:3a:d6:1f:17:6c:47:ce:8a:73:b1:d1:83:c4:69:bc:1d:
         39:14:e5:09:c6:31:8c:ef:04:23:f5:1d:ef:4e:f7:e4:e3:17:
         ae:24:87:79:d1:4f:76:5b:51:fc:66:a2:24:19:7d:7d:88:0e:
         d8:f1:b3:c7:90:72:30:19:20:bb:00:cd:d4:00:f7:4b:ae:85:
         18:4d:61:7d:a8:8b:25:61:66:bb:29:72:1e:07:fe:11:89:59:
         59:5e:f6:81:5c:8d:a4:44:68:9f:4c:dc:bc:eb:28:24:66:c6:
         ce:90:f5:c4:9d:72:8a:cb:ba:39:1a:71:42:85:8d:f7:b4:0e:
         1a:15:cc:29:e5:03:fd:36:e3:d9:79:9d:71:9f:a6:a4:66:e3:
         a0:ab:1c:2c:cc:b6:c8:19:d0:be:37:8e:da:cc:2a:f5:89:c1:
         f7:d9:5d:df
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYrq5+Kj3rRduRGoxkjbcemaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmQ3OTIzYWZkYmFlODdkMDdiMjMwOGRkMzg5ZDljZjA4
MmVkNmQwHhcNMjMxMDAxMTEwMjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGJmNzQyMmExNzc0YzlhNmU0OTk4NmY4Y2RiMmRlOTRlNjAyNGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA9M+X/Sr9YSLggSCG914TrQTzKS
2qwIDDN/5AGcpUboBZhkO6nLp/9cR38tOUMXzn8hFBxoHTVYyYaYLkZAxZgNkkp/
txOZs7aeCNk//rXSGX2azKBGJ7ZzeHIx7w4RJvdUgTS08UqWCvVWGGn/dIzvurnF
yOKUP8V1h5Ca1ZZIFGcG91Jox5t8RP20NDYsABaU8tOch1crg4lM3eINJCjCSWl5
PK3zHVhmwWOrY6CiYfzET+EkjC8VqGpwREEOjYLc4ppSnRBqoIlpD+JWjYFeneqE
ki+/TdZP605V2RDJVwubdP+3AE2VyjJcu0Y0xCvEHNTZe5uXnhsYDvZHGwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFNC/dCKhd0yabkmYb4zbLelOYCTsMB8GA1UdIwQY
MBaAFOW9eSOv266H0HsjCN04nZzwgu1tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2Ut
MjZkMWU1NDU3OGYxLzEvMEw5MElxRjNUSnB1U1podmpOc3Q2VTVnSk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2UtMjZkMWU1NDU3OGYx
LzEvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBCBAIAATA8AwQCBbS0AwQB
LVuoAwQBP/o4AwQBU+VSAwQAZw3SAwQAZy33AwQAZ/FDAwQBudzMAwQBwpImAwQA
w+55MA8EAgACMAkDBwAqBsXAAgAwDQYJKoZIhvcNAQELBQADggEBANk3VY51pcMN
uomWVhdXTP9+uFWc198SBesz/iNssBKyGtONMlpq0ppM7a7msGf6IXb1yiNYh4vn
TS3SgfDP+2VzHwaFtWD9LuLDyqAkCYPoe8qeg9qE06reVp3zOtYfF2xHzopzsdGD
xGm8HTkU5QnGMYzvBCP1He9O9+TjF64kh3nRT3ZbUfxmoiQZfX2IDtjxs8eQcjAZ
ILsAzdQA90uuhRhNYX2oiyVhZrspch4H/hGJWVle9oFcjaREaJ9M3LzrKCRmxs6Q
9cSdcorLujkacUKFjfe0DhoVzCnlA/0249l5nXGfpqRm46CrHCzMtsgZ0L43jtrM
KvWJwffZXd8=
-----END CERTIFICATE-----