Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/HV9GmONuVPuRpynKOa-Mh_wHjNc.roa
File:                     HV9GmONuVPuRpynKOa-Mh_wHjNc.roa (raw, json)
Hash identifier:          d5oDAKkwpeqnPgyEKtfMgs5ra7EkWtJ/GXhl9agYGCM=
Subject key identifier:   1D:5F:46:98:E3:6E:54:FB:91:A7:29:CA:39:AF:8C:87:FC:07:8C:D7
Certificate issuer:       /CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
Certificate serial:       01856EB8E3F60456CF1535F8391943E68E3E
Authority key identifier: E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/HV9GmONuVPuRpynKOa-Mh_wHjNc.roa
Signing time:             Sun 01 Jan 2023 19:04:48 +0000
ROA not before:           Sun 01 Jan 2023 19:04:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204548
IP address blocks:        81.28.6.0/24 maxlen: 24
                          83.229.84.0/24 maxlen: 24
                          83.229.85.0/24 maxlen: 24
                          83.229.86.0/24 maxlen: 24
                          83.229.87.0/24 maxlen: 24
                          194.36.88.0/24 maxlen: 24
                          63.250.59.0/24 maxlen: 24
                          63.250.60.0/24 maxlen: 24
                          45.83.41.0/24 maxlen: 24
                          185.237.97.0/24 maxlen: 24
                          185.237.96.0/24 maxlen: 24
                          185.237.14.0/24 maxlen: 24
                          185.237.15.0/24 maxlen: 24
                          91.202.170.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 01 Mar 2023 22:29:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:b8:e3:f6:04:56:cf:15:35:f8:39:19:43:e6:8e:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
        Validity
            Not Before: Jan  1 19:04:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d5f4698e36e54fb91a729ca39af8c87fc078cd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0d:cf:7c:f9:28:d7:e9:8a:88:a8:c8:71:13:
                    ab:cb:24:7a:16:41:78:6a:5f:ad:9c:51:15:ed:4d:
                    35:36:55:e6:13:86:9d:46:27:72:16:b1:4d:c5:b0:
                    cc:da:db:1e:ef:b0:fe:15:a1:f8:3e:06:3c:84:cb:
                    2f:17:77:2e:f9:2d:25:20:19:28:19:28:e0:dd:19:
                    09:57:bd:2c:55:55:66:80:87:e8:c1:94:4f:f7:37:
                    84:51:b8:7c:b8:c3:46:83:68:9a:6e:35:bb:1f:be:
                    1f:4f:9c:d8:94:54:36:fd:7a:73:53:27:cf:cf:e8:
                    d9:3b:99:60:2a:cc:b9:c3:83:fc:da:99:ca:56:a8:
                    eb:99:be:bb:9a:89:2f:78:eb:27:a4:60:05:cd:7f:
                    a3:4d:01:e7:c0:e4:fe:3b:cb:0a:34:aa:36:ce:e9:
                    2d:1d:40:3a:44:c9:42:19:8d:f4:70:46:44:7e:a9:
                    1d:6e:75:60:fc:30:b0:6b:5c:a5:ab:67:34:c8:09:
                    31:6e:84:31:25:0a:fe:8c:f9:52:14:91:8a:1d:6f:
                    9c:03:77:46:02:62:57:75:a0:96:d8:f8:a5:8d:1d:
                    fd:c9:da:34:2e:2d:86:55:e1:11:73:42:93:e3:8f:
                    cc:7d:3b:3a:80:3b:7f:47:9d:52:ba:25:c3:a4:92:
                    36:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:5F:46:98:E3:6E:54:FB:91:A7:29:CA:39:AF:8C:87:FC:07:8C:D7
            X509v3 Authority Key Identifier:
                keyid:E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/HV9GmONuVPuRpynKOa-Mh_wHjNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/5b15I6_brofQeyMI3TidnPCC7W0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.41.0/24
                  63.250.59.0-63.250.60.255
                  81.28.6.0/24
                  83.229.84.0/22
                  91.202.170.0/24
                  185.237.14.0/23
                  185.237.96.0/23
                  194.36.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:a2:e7:61:a1:90:b0:88:30:2a:c5:ce:7a:81:43:67:a3:66:
         7e:34:6b:35:35:09:45:74:52:7e:b2:01:90:e4:9a:ac:31:e1:
         31:7e:84:3f:43:3b:31:d1:4e:9d:78:fb:00:6d:f4:ea:e4:55:
         2f:b3:97:45:e8:77:c5:df:49:b7:59:53:48:13:21:a1:9e:43:
         c7:a0:7d:9a:6f:25:ed:f1:3b:0c:61:6a:be:97:54:0a:fe:3a:
         74:b3:3e:7a:a3:ee:b0:18:58:fb:82:61:8e:1d:b0:92:a6:02:
         59:f7:0e:19:71:37:4c:49:4b:cc:13:99:f2:d3:ab:ce:b2:06:
         fb:78:34:3d:57:cf:a9:e3:95:ce:ab:7b:a3:7b:cf:38:1b:b7:
         e2:d5:3c:ff:11:79:e6:7d:bf:aa:7d:97:bf:71:20:c1:82:dc:
         24:92:86:f0:f0:36:b2:82:8e:7a:a4:3a:b9:02:5b:87:31:2f:
         ed:33:66:f8:40:19:75:c8:a0:0b:12:e8:62:77:a3:1f:43:8a:
         7e:3a:4d:b1:e7:37:d0:12:30:dd:2f:cc:aa:9b:3c:02:5e:af:
         e9:1e:c3:d9:29:6c:92:f4:dd:d9:d0:72:10:ab:ae:e6:3c:ba:
         0f:6a:27:3a:11:cd:b4:b1:d2:93:f9:a6:08:0b:67:88:e5:4d:
         c7:62:cd:b6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVuuOP2BFbPFTX4ORlD5o4+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmQ3OTIzYWZkYmFlODdkMDdiMjMwOGRkMzg5ZDljZjA4
MmVkNmQwHhcNMjMwMTAxMTkwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDVmNDY5OGUzNmU1NGZiOTFhNzI5Y2EzOWFmOGM4N2ZjMDc4Y2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmA3PfPko1+mKiKjIcROryyR6FkF4
al+tnFEV7U01NlXmE4adRidyFrFNxbDM2tse77D+FaH4PgY8hMsvF3cu+S0lIBko
GSjg3RkJV70sVVVmgIfowZRP9zeEUbh8uMNGg2iabjW7H74fT5zYlFQ2/XpzUyfP
z+jZO5lgKsy5w4P82pnKVqjrmb67mokveOsnpGAFzX+jTQHnwOT+O8sKNKo2zukt
HUA6RMlCGY30cEZEfqkdbnVg/DCwa1ylq2c0yAkxboQxJQr+jPlSFJGKHW+cA3dG
AmJXdaCW2PiljR39ydo0Li2GVeERc0KT44/MfTs6gDt/R51SuiXDpJI2DwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFB1fRpjjblT7kacpyjmvjIf8B4zXMB8GA1UdIwQY
MBaAFOW9eSOv266H0HsjCN04nZzwgu1tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2Ut
MjZkMWU1NDU3OGYxLzEvSFY5R21PTnVWUHVScHluS09hLU1oX3dIak5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2UtMjZkMWU1NDU3OGYx
LzEvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQALVMpMAwD
BAA/+jsDBAA/+jwDBABRHAYDBAJT5VQDBABbyqoDBAG57Q4DBAG57WADBADCJFgw
DQYJKoZIhvcNAQELBQADggEBAH6i52GhkLCIMCrFznqBQ2ejZn40azU1CUV0Un6y
AZDkmqwx4TF+hD9DOzHRTp14+wBt9OrkVS+zl0Xod8XfSbdZU0gTIaGeQ8egfZpv
Je3xOwxhar6XVAr+OnSzPnqj7rAYWPuCYY4dsJKmAln3DhlxN0xJS8wTmfLTq86y
Bvt4ND1Xz6njlc6re6N7zzgbt+LVPP8ReeZ9v6p9l79xIMGC3CSShvDwNrKCjnqk
OrkCW4cxL+0zZvhAGXXIoAsS6GJ3ox9Din46TbHnN9ASMN0vzKqbPAJer+kew9kp
bJL03dnQchCrruY8ug9qJzoRzbSx0pP5pggLZ4jlTcdizbY=
-----END CERTIFICATE-----