Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/UCAuNX87veQZ9R-Uhi_VgQpyhs4.roa
File:                     UCAuNX87veQZ9R-Uhi_VgQpyhs4.roa (raw, json)
Hash identifier:          Oho4V4qNAFng7aXevOnTgG4xzudyHJrA5roXO9ciSi4=
Subject key identifier:   50:20:2E:35:7F:3B:BD:E4:19:F5:1F:94:86:2F:D5:81:0A:72:86:CE
Certificate issuer:       /CN=a4f8436003d37602026b65531755ca8fcd31bed2
Certificate serial:       018CC86F497A33BDB4D6A4F54D3B2118BE7C
Authority key identifier: A4:F8:43:60:03:D3:76:02:02:6B:65:53:17:55:CA:8F:CD:31:BE:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/UCAuNX87veQZ9R-Uhi_VgQpyhs4.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28717
IP address blocks:        195.93.176.0/23 maxlen: 23
                          195.93.182.0/23 maxlen: 23
                          188.120.64.0/19 maxlen: 19
                          91.143.112.0/20 maxlen: 20
                          94.18.0.0/16 maxlen: 16
                          109.202.128.0/19 maxlen: 19
                          88.212.64.0/18 maxlen: 18
                          78.111.160.0/20 maxlen: 20
                          5.83.24.0/21 maxlen: 21
                          176.222.232.0/21 maxlen: 21
                          212.60.96.0/19 maxlen: 19
                          2a01:4f0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 22 May 2024 12:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:49:7a:33:bd:b4:d6:a4:f5:4d:3b:21:18:be:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f8436003d37602026b65531755ca8fcd31bed2
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50202e357f3bbde419f51f94862fd5810a7286ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7c:ed:14:3f:01:9e:38:1d:65:6c:8b:0f:14:
                    f6:f9:41:43:01:5b:2a:76:07:b3:d0:97:0c:72:03:
                    66:aa:21:02:5c:bc:95:4e:1a:16:ee:bb:5f:03:3f:
                    61:78:8c:1e:ef:6c:09:e4:bd:1a:6e:02:6b:af:4b:
                    f2:cb:7d:31:5b:18:c6:99:49:7b:2f:77:fc:0d:2e:
                    7e:f3:22:62:a2:af:26:32:8c:83:52:df:ac:56:c0:
                    63:7f:33:c9:f3:3f:c7:9d:77:c9:60:aa:74:a7:fc:
                    72:d5:1b:14:c8:e9:7d:15:7f:06:ed:5a:ff:f7:f0:
                    b5:d5:56:f8:17:69:ce:c8:ac:b0:02:6c:eb:7f:71:
                    04:84:58:c5:26:01:dd:42:d1:f4:13:8e:c4:74:62:
                    be:98:44:3c:b2:6c:1d:2f:c6:4a:51:c8:19:3c:42:
                    85:bc:56:a3:73:bf:10:e0:4d:a4:75:fd:a9:77:47:
                    d4:da:0a:6d:ab:01:97:1b:7a:bf:0a:47:0d:b4:bc:
                    78:2c:79:34:7f:b4:fa:55:5d:43:4d:2d:50:17:f0:
                    51:0c:b6:67:b5:fa:b6:52:e0:d4:e7:67:6c:75:6a:
                    72:79:07:86:d5:c5:7e:5e:e0:cd:38:24:42:a1:d5:
                    1c:d9:be:4d:70:1f:51:fa:90:a9:77:26:7e:0d:01:
                    8d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:20:2E:35:7F:3B:BD:E4:19:F5:1F:94:86:2F:D5:81:0A:72:86:CE
            X509v3 Authority Key Identifier:
                keyid:A4:F8:43:60:03:D3:76:02:02:6B:65:53:17:55:CA:8F:CD:31:BE:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/UCAuNX87veQZ9R-Uhi_VgQpyhs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.24.0/21
                  78.111.160.0/20
                  88.212.64.0/18
                  91.143.112.0/20
                  94.18.0.0/16
                  109.202.128.0/19
                  176.222.232.0/21
                  188.120.64.0/19
                  195.93.176.0/23
                  195.93.182.0/23
                  212.60.96.0/19
                IPv6:
                  2a01:4f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:17:ab:01:7f:bf:b2:42:1a:89:60:cf:b1:fa:04:63:a2:2d:
         80:18:f1:2a:fe:13:f2:d0:de:d6:b5:2d:b3:37:f9:d2:36:4b:
         26:85:52:cc:77:33:d5:ac:cc:8c:eb:08:5a:76:f7:88:ec:c0:
         97:97:23:00:4e:fe:71:20:0b:9e:1b:9b:1d:ae:4d:67:0e:ff:
         ba:2a:4f:3b:20:d7:ca:83:e1:fc:a4:4b:08:52:6d:3f:79:dd:
         19:89:1c:4f:81:68:a7:b2:7d:40:4f:0c:7b:4b:4f:38:a1:63:
         75:c2:b6:69:85:86:21:ab:df:c6:e9:99:b7:8c:e6:b7:df:64:
         38:03:c0:2f:33:e4:dc:00:c0:9f:f5:a1:3f:31:2d:82:0e:9b:
         57:62:a1:ae:d0:69:62:f5:c0:1b:97:24:fb:65:a6:06:a2:03:
         39:a9:cf:87:53:89:a0:69:73:64:da:64:48:21:b0:c3:87:85:
         6f:5f:78:28:63:23:46:90:11:bc:3e:33:8c:57:1a:e8:f3:3c:
         62:a3:dc:9e:1a:3a:12:c8:5d:fd:94:ce:33:4d:ae:27:7a:55:
         a5:c3:f6:d7:4c:59:b8:de:e0:4b:3b:6f:ed:3c:3d:79:ac:0e:
         51:b7:ab:0b:4e:4a:16:ba:bf:57:52:f1:15:fd:ae:60:f9:dc:
         62:b0:50:86
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYzIb0l6M7201qT1TTshGL58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Zjg0MzYwMDNkMzc2MDIwMjZiNjU1MzE3NTVjYThmY2Qz
MWJlZDIwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDIwMmUzNTdmM2JiZGU0MTlmNTFmOTQ4NjJmZDU4MTBhNzI4NmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnztFD8BnjgdZWyLDxT2+UFDAVsq
dgez0JcMcgNmqiECXLyVThoW7rtfAz9heIwe72wJ5L0abgJrr0vyy30xWxjGmUl7
L3f8DS5+8yJioq8mMoyDUt+sVsBjfzPJ8z/HnXfJYKp0p/xy1RsUyOl9FX8G7Vr/
9/C11Vb4F2nOyKywAmzrf3EEhFjFJgHdQtH0E47EdGK+mEQ8smwdL8ZKUcgZPEKF
vFajc78Q4E2kdf2pd0fU2gptqwGXG3q/CkcNtLx4LHk0f7T6VV1DTS1QF/BRDLZn
tfq2UuDU52dsdWpyeQeG1cV+XuDNOCRCodUc2b5NcB9R+pCpdyZ+DQGNTQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFFAgLjV/O73kGfUflIYv1YEKcobOMB8GA1UdIwQY
MBaAFKT4Q2AD03YCAmtlUxdVyo/NMb7SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBoRFlBUFRkZ0lDYTJWVEYxWEtqODB4dnRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS81MTU2MDgtNTAxMi00YTQwLWIzMjQt
MjdiZjgzY2RlZDZiLzEvVUNBdU5YODd2ZVFaOVItVWhpX1ZnUXB5aHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS81MTU2MDgtNTAxMi00YTQwLWIzMjQtMjdiZjgzY2RlZDZi
LzEvcFBoRFlBUFRkZ0lDYTJWVEYxWEtqODB4dnRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBHBAIAATBBAwQDBVMYAwQE
Tm+gAwQGWNRAAwQEW49wAwMAXhIDBAVtyoADBAOw3ugDBAW8eEADBAHDXbADBAHD
XbYDBAXUPGAwDQQCAAIwBwMFACoBBPAwDQYJKoZIhvcNAQELBQADggEBAJAXqwF/
v7JCGolgz7H6BGOiLYAY8Sr+E/LQ3ta1LbM3+dI2SyaFUsx3M9WszIzrCFp294js
wJeXIwBO/nEgC54bmx2uTWcO/7oqTzsg18qD4fykSwhSbT953RmJHE+BaKeyfUBP
DHtLTzihY3XCtmmFhiGr38bpmbeM5rffZDgDwC8z5NwAwJ/1oT8xLYIOm1dioa7Q
aWL1wBuXJPtlpgaiAzmpz4dTiaBpc2TaZEghsMOHhW9feChjI0aQEbw+M4xXGujz
PGKj3J4aOhLIXf2UzjNNrid6VaXD9tdMWbje4Es7b+08PXmsDlG3qwtOSha6v1dS
8RX9rmD53GKwUIY=
-----END CERTIFICATE-----