Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/EdMmPC7Ivb6Mgs38ypbDu_GgECY.roa
File:                     EdMmPC7Ivb6Mgs38ypbDu_GgECY.roa (raw, json)
Hash identifier:          uTFDq/+5CIIM7rtwONpI9/0liSOU/f0x2UJmWhqlhEo=
Subject key identifier:   11:D3:26:3C:2E:C8:BD:BE:8C:82:CD:FC:CA:96:C3:BB:F1:A0:10:26
Certificate issuer:       /CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
Certificate serial:       01856E78D827B618371DF0710FDDE2F0693B
Authority key identifier: CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/EdMmPC7Ivb6Mgs38ypbDu_GgECY.roa
Signing time:             Sun 01 Jan 2023 17:54:51 +0000
ROA not before:           Sun 01 Jan 2023 17:54:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47872
IP address blocks:        212.5.49.0/24 maxlen: 24
                          212.5.48.0/24 maxlen: 24
                          212.5.50.0/24 maxlen: 24
                          185.44.117.0/24 maxlen: 24
                          185.44.116.0/24 maxlen: 24
                          185.44.119.0/24 maxlen: 24
                          2a01:73e0::/32 maxlen: 64
                          2a01:73e0::/36 maxlen: 36
                          2a01:73e0:e000::/36 maxlen: 36
                          2a01:73e0:d000::/36 maxlen: 36
                          2a01:73e0:c000::/36 maxlen: 36
                          2a01:73e0:b000::/36 maxlen: 36
                          2a01:73e0:a000::/36 maxlen: 36
                          2a01:73e0:f000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:33:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:78:d8:27:b6:18:37:1d:f0:71:0f:dd:e2:f0:69:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
        Validity
            Not Before: Jan  1 17:54:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=11d3263c2ec8bdbe8c82cdfcca96c3bbf1a01026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d7:5f:96:a9:43:20:3d:55:26:06:3c:21:2d:
                    fb:b8:9f:9e:0e:e9:a1:50:2e:26:65:9a:56:03:99:
                    00:d1:ed:d5:97:e8:79:fa:d5:a5:ff:4c:8f:1b:8a:
                    58:29:0a:23:04:7d:ae:6b:00:56:c6:9d:2b:e7:5e:
                    fa:b2:79:a2:3e:80:df:c8:45:3a:67:eb:c5:56:b9:
                    14:72:b7:77:3b:c9:f8:89:68:8a:f5:b4:c4:eb:3b:
                    08:d6:82:8a:87:c0:02:5a:76:d6:4b:cc:7f:83:b2:
                    64:73:d2:85:dd:9e:3d:64:b4:88:b0:bb:68:7f:84:
                    32:6b:7b:59:32:69:4c:25:c6:77:38:81:ef:54:5a:
                    28:92:14:f1:49:d3:cb:9a:9b:86:11:8a:5b:0d:b5:
                    0f:e1:4c:b5:2a:5e:79:ec:e2:c1:35:6d:82:af:c6:
                    7e:76:d1:18:02:55:bc:ca:ca:7f:ac:a3:e2:0a:22:
                    f8:21:f4:65:f1:5e:16:32:9e:18:82:d4:97:3d:7d:
                    9b:0f:42:b0:5f:51:92:cd:fd:ed:07:c9:bf:29:01:
                    55:5d:9d:ea:1b:44:be:50:cd:8d:11:69:db:df:ad:
                    62:bf:24:8f:79:93:1a:67:d6:44:d3:3c:bb:db:14:
                    19:d1:5d:c3:62:d9:f8:65:ab:c0:87:61:c8:8e:e1:
                    72:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:D3:26:3C:2E:C8:BD:BE:8C:82:CD:FC:CA:96:C3:BB:F1:A0:10:26
            X509v3 Authority Key Identifier:
                keyid:CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/EdMmPC7Ivb6Mgs38ypbDu_GgECY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.116.0/23
                  185.44.119.0/24
                  212.5.48.0-212.5.50.255
                IPv6:
                  2a01:73e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:71:4d:c2:3a:06:e7:3d:ad:62:bd:e3:af:40:11:70:a2:58:
         3a:be:61:30:d5:6b:46:9b:f3:e8:05:02:dc:fa:61:05:21:9a:
         46:7a:bf:e4:29:ce:0c:0a:00:bc:6a:86:7d:c8:ab:b1:c2:38:
         e8:71:8f:cb:22:35:c4:24:a6:6e:40:6f:c5:af:31:34:37:81:
         55:f4:ce:46:dd:e4:74:49:59:54:a5:43:50:6c:eb:3b:e9:85:
         54:cc:f2:61:5f:b3:94:45:7a:a2:91:6c:84:cd:51:83:6e:5c:
         4e:05:34:83:09:5c:54:04:57:4e:f8:fd:8d:3c:f0:07:e9:df:
         7b:e0:3b:b1:5c:2b:4a:65:c3:26:c4:b9:32:be:40:ca:0c:25:
         4f:c1:5f:81:63:1b:bc:f9:42:4a:49:ca:2d:f9:cf:c7:ed:5f:
         d0:4e:d7:20:81:dc:e2:5d:f1:d0:8d:15:3e:13:82:77:41:3b:
         b8:d8:7f:84:8b:f1:8e:fc:98:81:e0:f1:24:0f:40:93:ac:1c:
         01:6d:d4:38:d7:f7:12:a7:03:9d:ab:56:39:e6:94:8f:92:65:
         33:9b:86:c7:54:c7:60:43:1e:ed:c0:c2:a9:35:f3:20:92:3d:
         53:82:15:45:e3:dd:ef:21:ae:31:e9:32:e7:f1:4e:a4:0d:cd:
         9e:e8:72:a1
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYVueNgnthg3HfBxD93i8Gk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiOTUyZjljMzM5Y2FiZDE0MjM0ZDAwYzg0YTI1MmQ3ZWM3
MWEyYTIwHhcNMjMwMTAxMTc1NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWQzMjYzYzJlYzhiZGJlOGM4MmNkZmNjYTk2YzNiYmYxYTAxMDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktdflqlDID1VJgY8IS37uJ+eDumh
UC4mZZpWA5kA0e3Vl+h5+tWl/0yPG4pYKQojBH2uawBWxp0r5176snmiPoDfyEU6
Z+vFVrkUcrd3O8n4iWiK9bTE6zsI1oKKh8ACWnbWS8x/g7Jkc9KF3Z49ZLSIsLto
f4Qya3tZMmlMJcZ3OIHvVFookhTxSdPLmpuGEYpbDbUP4Uy1Kl557OLBNW2Cr8Z+
dtEYAlW8ysp/rKPiCiL4IfRl8V4WMp4YgtSXPX2bD0KwX1GSzf3tB8m/KQFVXZ3q
G0S+UM2NEWnb361ivySPeZMaZ9ZE0zy72xQZ0V3DYtn4ZavAh2HIjuFyUwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFBHTJjwuyL2+jILN/MqWw7vxoBAmMB8GA1UdIwQY
MBaAFMuVL5wznKvRQjTQDISiUtfscaKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMt
ZmQyMmRmM2I1N2Y2LzEvRWRNbVBDN0l2YjZNZ3MzOHlwYkR1X0dnRUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMtZmQyMmRmM2I1N2Y2
LzEveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQBuSx0AwQA
uSx3MAwDBATUBTADBADUBTIwDQQCAAIwBwMFACoBc+AwDQYJKoZIhvcNAQELBQAD
ggEBACBxTcI6Buc9rWK9469AEXCiWDq+YTDVa0ab8+gFAtz6YQUhmkZ6v+QpzgwK
ALxqhn3Iq7HCOOhxj8siNcQkpm5Ab8WvMTQ3gVX0zkbd5HRJWVSlQ1Bs6zvphVTM
8mFfs5RFeqKRbITNUYNuXE4FNIMJXFQEV074/Y088Afp33vgO7FcK0plwybEuTK+
QMoMJU/BX4FjG7z5QkpJyi35z8ftX9BO1yCB3OJd8dCNFT4TgndBO7jYf4SL8Y78
mIHg8SQPQJOsHAFt1DjX9xKnA52rVjnmlI+SZTObhsdUx2BDHu3Awqk18yCSPVOC
FUXj3e8hrjHpMufxTqQNzZ7ocqE=
-----END CERTIFICATE-----