Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/f02661-b591-4f5e-b369-f74a5f2bcb47/1/2QQ6QwVomJ8T4Cr_O9H2_h0TWSk.roa
File:                     2QQ6QwVomJ8T4Cr_O9H2_h0TWSk.roa (raw, json)
Hash identifier:          Ro5tpZo6ABPiJEED1TqMUGU2X7pHTLsdhH8PDgl8zak=
Subject key identifier:   D9:04:3A:43:05:68:98:9F:13:E0:2A:FF:3B:D1:F6:FE:1D:13:59:29
Certificate issuer:       /CN=5e8cb6da358a8d2d270c305f8b61f3c990d5766e
Certificate serial:       01856E5D5CB8676B2453C97D5773D53268C4
Authority key identifier: 5E:8C:B6:DA:35:8A:8D:2D:27:0C:30:5F:8B:61:F3:C9:90:D5:76:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xoy22jWKjS0nDDBfi2HzyZDVdm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/f02661-b591-4f5e-b369-f74a5f2bcb47/1/2QQ6QwVomJ8T4Cr_O9H2_h0TWSk.roa
Signing time:             Sun 01 Jan 2023 17:24:50 +0000
ROA not before:           Sun 01 Jan 2023 17:24:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28876
IP address blocks:        81.89.160.0/20 maxlen: 20
                          37.61.128.0/20 maxlen: 20
                          5.100.0.0/24 maxlen: 24
                          5.100.0.0/19 maxlen: 19
                          5.100.0.0/18 maxlen: 18
                          217.24.56.0/21 maxlen: 21
                          5.100.32.0/19 maxlen: 19
                          5.100.32.0/20 maxlen: 20
                          185.53.216.0/22 maxlen: 22
                          176.52.192.0/21 maxlen: 21
                          176.52.192.0/22 maxlen: 22
                          217.24.48.0/20 maxlen: 20
                          217.24.48.0/21 maxlen: 21
                          2a00:9d80::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:5d:5c:b8:67:6b:24:53:c9:7d:57:73:d5:32:68:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e8cb6da358a8d2d270c305f8b61f3c990d5766e
        Validity
            Not Before: Jan  1 17:24:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d9043a430568989f13e02aff3bd1f6fe1d135929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:95:d5:36:d3:22:1e:0e:08:04:e0:5c:3c:54:
                    31:f0:db:0b:c4:38:cc:f8:df:13:05:7a:8a:f3:da:
                    65:1f:91:ab:e2:bf:31:41:65:32:3d:da:ac:f0:b2:
                    14:48:e2:03:02:ed:bd:df:ab:a9:c1:f5:54:5b:d6:
                    bd:3f:65:ec:9f:73:22:a1:02:c5:3d:e2:be:22:29:
                    9f:77:64:69:2e:6d:e5:63:8b:8d:de:13:a2:ba:e3:
                    ee:fe:b5:b7:c6:f7:e9:50:85:26:89:b9:cb:16:77:
                    92:e4:57:0b:a1:c4:9b:78:71:97:a2:63:ec:9b:9a:
                    94:f1:46:72:06:1d:e7:45:fc:79:21:9c:2f:79:cc:
                    65:20:a1:80:ec:09:cf:f3:4a:85:1e:36:71:96:8a:
                    93:3d:ec:4f:da:99:65:61:6a:78:ea:d9:b5:c9:34:
                    63:14:70:69:9b:2c:36:ec:81:4c:03:b5:46:49:07:
                    c9:53:bc:ca:df:02:12:9a:6c:c4:fb:db:91:e5:23:
                    82:4c:a1:a4:32:56:a3:cd:e9:60:94:15:c9:d9:33:
                    1d:7a:da:fa:9b:89:08:57:17:10:88:2b:b0:92:2f:
                    d8:cb:8a:f1:c6:83:5a:de:a4:f7:fb:61:ec:ec:98:
                    e7:60:81:f2:f1:65:0e:9b:6f:04:87:89:97:42:c6:
                    10:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:04:3A:43:05:68:98:9F:13:E0:2A:FF:3B:D1:F6:FE:1D:13:59:29
            X509v3 Authority Key Identifier:
                keyid:5E:8C:B6:DA:35:8A:8D:2D:27:0C:30:5F:8B:61:F3:C9:90:D5:76:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xoy22jWKjS0nDDBfi2HzyZDVdm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f02661-b591-4f5e-b369-f74a5f2bcb47/1/2QQ6QwVomJ8T4Cr_O9H2_h0TWSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f02661-b591-4f5e-b369-f74a5f2bcb47/1/Xoy22jWKjS0nDDBfi2HzyZDVdm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.100.0.0/18
                  37.61.128.0/20
                  81.89.160.0/20
                  176.52.192.0/21
                  185.53.216.0/22
                  217.24.48.0/20
                IPv6:
                  2a00:9d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:6c:df:01:96:1c:49:a5:d3:be:79:f8:8d:d0:4c:e7:22:5f:
         84:50:e0:de:c9:dd:5b:ee:b7:55:be:55:ed:0e:01:15:a4:0d:
         ed:58:73:9c:0b:76:bf:4d:bf:f7:b8:48:e1:87:7f:13:cf:c7:
         92:fb:40:e4:bf:3a:ee:ea:0d:7c:3a:63:cf:df:04:ef:bf:85:
         64:6b:1b:c6:8d:f9:52:69:66:9c:e4:b2:d3:c4:f1:c9:60:60:
         58:e0:0c:79:c9:d0:61:45:a7:bf:8e:45:36:f2:35:74:74:9f:
         3c:81:22:bc:01:4f:2c:7f:4e:4b:a8:a0:09:fd:14:97:7c:ae:
         75:91:24:54:8f:25:14:6d:72:22:a7:39:6b:1f:95:1b:24:f6:
         f7:f8:83:51:b0:c5:55:66:ad:55:7d:f0:f8:6e:f9:e2:4a:29:
         ab:79:fc:bc:16:3f:81:c3:bf:a0:75:72:f5:77:ca:60:3b:38:
         ff:03:77:f1:f0:a1:15:f5:38:ad:54:31:3d:74:9e:cd:e4:72:
         94:61:eb:4c:b2:a5:f7:47:f8:75:84:07:c7:51:0f:59:92:47:
         03:8e:fe:15:28:bb:7f:a7:3e:bf:2d:af:74:96:89:e4:24:ba:
         0d:b4:a7:6d:d3:64:d1:b6:9c:b8:7c:d3:3e:55:bc:c1:db:1d:
         04:26:e2:66
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVuXVy4Z2skU8l9V3PVMmjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOGNiNmRhMzU4YThkMmQyNzBjMzA1ZjhiNjFmM2M5OTBk
NTc2NmUwHhcNMjMwMTAxMTcyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTA0M2E0MzA1Njg5ODlmMTNlMDJhZmYzYmQxZjZmZTFkMTM1OTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZXVNtMiHg4IBOBcPFQx8NsLxDjM
+N8TBXqK89plH5Gr4r8xQWUyPdqs8LIUSOIDAu2936upwfVUW9a9P2Xsn3MioQLF
PeK+Iimfd2RpLm3lY4uN3hOiuuPu/rW3xvfpUIUmibnLFneS5FcLocSbeHGXomPs
m5qU8UZyBh3nRfx5IZwvecxlIKGA7AnP80qFHjZxloqTPexP2pllYWp46tm1yTRj
FHBpmyw27IFMA7VGSQfJU7zK3wISmmzE+9uR5SOCTKGkMlajzelglBXJ2TMdetr6
m4kIVxcQiCuwki/Yy4rxxoNa3qT3+2Hs7JjnYIHy8WUOm28Eh4mXQsYQewIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFNkEOkMFaJifE+Aq/zvR9v4dE1kpMB8GA1UdIwQY
MBaAFF6Mtto1io0tJwwwX4th88mQ1XZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG95MjJqV0tqUzBuRERCZmkySHp5WkRWZG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9mMDI2NjEtYjU5MS00ZjVlLWIzNjkt
Zjc0YTVmMmJjYjQ3LzEvMlFRNlF3Vm9tSjhUNENyX085SDJfaDBUV1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9mMDI2NjEtYjU5MS00ZjVlLWIzNjktZjc0YTVmMmJjYjQ3
LzEvWG95MjJqV0tqUzBuRERCZmkySHp5WkRWZG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQGBWQAAwQE
JT2AAwQEUVmgAwQDsDTAAwQCuTXYAwQE2RgwMA0EAgACMAcDBQAqAJ2AMA0GCSqG
SIb3DQEBCwUAA4IBAQBubN8BlhxJpdO+efiN0EznIl+EUODeyd1b7rdVvlXtDgEV
pA3tWHOcC3a/Tb/3uEjhh38Tz8eS+0Dkvzru6g18OmPP3wTvv4VkaxvGjflSaWac
5LLTxPHJYGBY4Ax5ydBhRae/jkU28jV0dJ88gSK8AU8sf05LqKAJ/RSXfK51kSRU
jyUUbXIipzlrH5UbJPb3+INRsMVVZq1VffD4bvniSimrefy8Fj+Bw7+gdXL1d8pg
Ozj/A3fx8KEV9TitVDE9dJ7N5HKUYetMsqX3R/h1hAfHUQ9ZkkcDjv4VKLt/pz6/
La90lonkJLoNtKdt02TRtpy4fNM+VbzB2x0EJuJm
-----END CERTIFICATE-----