Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/EsQMMo8Z04ccmDO2MhxSxvq7AI0.roa
File:                     EsQMMo8Z04ccmDO2MhxSxvq7AI0.roa (raw, json)
Hash identifier:          MfNh8Hk1LR5gvGWnnhR+PnevfcsYqsqYZb6bi8oSbos=
Subject key identifier:   12:C4:0C:32:8F:19:D3:87:1C:98:33:B6:32:1C:52:C6:FA:BB:00:8D
Certificate issuer:       /CN=5ebba0735a07e40ca32026278b2678678f8bacd9
Certificate serial:       018CE7190E6F2DA282BB3CDDF3DEC30F6C32
Authority key identifier: 5E:BB:A0:73:5A:07:E4:0C:A3:20:26:27:8B:26:78:67:8F:8B:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xrugc1oH5AyjICYniyZ4Z4-LrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/EsQMMo8Z04ccmDO2MhxSxvq7AI0.roa
Signing time:             Mon 08 Jan 2024 03:23:48 +0000
ROA not before:           Mon 08 Jan 2024 03:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29555
IP address blocks:        85.117.98.0/24 maxlen: 24
                          85.117.96.0/24 maxlen: 24
                          85.117.97.0/24 maxlen: 24
                          85.117.105.0/24 maxlen: 24
                          85.117.99.0/24 maxlen: 24
                          85.117.100.0/24 maxlen: 24
                          85.117.101.0/24 maxlen: 24
                          85.117.102.0/24 maxlen: 24
                          85.117.103.0/24 maxlen: 24
                          85.117.104.0/24 maxlen: 24
                          85.117.106.0/24 maxlen: 24
                          85.117.107.0/24 maxlen: 24
                          85.117.108.0/24 maxlen: 24
                          85.117.109.0/24 maxlen: 24
                          185.57.72.0/24 maxlen: 24
                          185.57.73.0/24 maxlen: 24
                          2a03:32c0:d::/48 maxlen: 48
                          2a03:32c0:16::/48 maxlen: 48
                          2a03:32c0:c::/48 maxlen: 48
                          2a03:32c0:a::/48 maxlen: 48
                          2a03:32c0:b::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 08 Jan 2024 09:12:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e7:19:0e:6f:2d:a2:82:bb:3c:dd:f3:de:c3:0f:6c:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ebba0735a07e40ca32026278b2678678f8bacd9
        Validity
            Not Before: Jan  8 03:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12c40c328f19d3871c9833b6321c52c6fabb008d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b1:bf:89:8d:a0:71:cb:36:0e:d8:d2:02:7c:
                    27:cc:92:6f:d7:45:d6:89:a5:8c:9a:97:4d:c3:ae:
                    65:ca:5c:d1:f1:62:30:21:86:9c:73:e1:31:71:f5:
                    53:3d:76:7c:2d:83:e1:82:de:2b:a8:43:67:a7:7a:
                    6c:c3:33:ff:6b:49:ab:8e:86:6c:8b:b8:12:43:4e:
                    ca:8c:83:2f:5f:8e:63:fd:e7:b2:80:17:1d:48:6d:
                    57:7a:ff:94:a5:d7:d5:c6:55:7e:e1:9f:ca:9a:51:
                    c5:8f:d5:1d:d0:da:0d:04:63:bc:25:43:11:65:8f:
                    56:52:15:40:63:5c:4b:14:84:28:f3:57:89:8c:b3:
                    fb:94:03:d2:7d:f4:f9:e4:9f:a6:87:00:b0:87:56:
                    66:dd:ea:88:a1:f5:8c:85:56:e7:a2:b7:ad:3d:bb:
                    32:21:f1:86:84:cc:bb:b2:eb:9f:e1:b0:30:8c:9b:
                    48:88:76:b5:c7:51:a8:49:9d:40:0a:d3:32:f9:bf:
                    fb:fe:4c:b0:88:c5:b1:12:96:60:da:3f:4b:bb:cd:
                    93:26:38:57:79:e3:35:9e:8f:7c:21:56:9a:ff:1d:
                    6c:0f:93:56:ab:79:6e:fd:d6:e1:bd:ad:e3:70:90:
                    e8:8d:87:9e:04:06:b3:ef:e2:9f:68:12:33:45:ee:
                    0b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C4:0C:32:8F:19:D3:87:1C:98:33:B6:32:1C:52:C6:FA:BB:00:8D
            X509v3 Authority Key Identifier:
                keyid:5E:BB:A0:73:5A:07:E4:0C:A3:20:26:27:8B:26:78:67:8F:8B:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xrugc1oH5AyjICYniyZ4Z4-LrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/EsQMMo8Z04ccmDO2MhxSxvq7AI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/Xrugc1oH5AyjICYniyZ4Z4-LrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.96.0-85.117.109.255
                  185.57.72.0/23
                IPv6:
                  2a03:32c0:a::-2a03:32c0:d:ffff:ffff:ffff:ffff:ffff
                  2a03:32c0:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:b1:f4:c3:d6:8a:11:27:73:a9:9f:e1:98:2c:d9:d5:27:17:
         ce:b4:ec:1e:af:9a:48:54:f9:f3:73:d6:82:85:82:d9:b4:52:
         fd:15:eb:9f:45:2a:ae:fe:1d:22:a6:e5:a8:9d:90:f9:15:8b:
         1e:5e:48:53:d9:0c:da:b7:13:65:97:49:2e:09:17:17:04:63:
         65:97:e7:58:9a:71:94:e2:c9:70:a3:e4:bf:ed:55:33:d2:af:
         ff:67:a0:1d:57:be:c6:42:b5:dc:b8:c3:a7:65:65:05:d2:b2:
         af:36:47:5c:23:f9:91:9a:13:d0:ad:2f:62:65:f6:a6:34:b6:
         bf:3f:75:b0:55:f1:38:2e:15:48:ca:cf:01:e1:4a:a6:89:5c:
         fb:0c:7a:42:dc:a1:a4:c9:88:63:74:8a:33:97:33:69:6b:76:
         19:92:e5:93:3e:dc:09:a3:9f:66:48:cc:55:21:a4:b2:73:1b:
         0b:b8:85:4c:57:3c:14:f1:22:0d:87:17:e0:61:20:ac:2f:f6:
         24:35:78:71:ff:8d:a2:20:92:7c:0d:a9:5a:db:51:2d:be:10:
         c3:6b:60:b5:17:22:a5:95:2c:cb:e6:83:8f:ec:85:76:70:bc:
         9e:20:26:c4:4e:3d:ea:5e:3c:31:f1:d0:bc:48:80:86:e7:96:
         11:cc:e9:d4
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYznGQ5vLaKCuzzd897DD2wyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYmJhMDczNWEwN2U0MGNhMzIwMjYyNzhiMjY3ODY3OGY4
YmFjZDkwHhcNMjQwMTA4MDMyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmM0MGMzMjhmMTlkMzg3MWM5ODMzYjYzMjFjNTJjNmZhYmIwMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLG/iY2gccs2DtjSAnwnzJJv10XW
iaWMmpdNw65lylzR8WIwIYacc+ExcfVTPXZ8LYPhgt4rqENnp3pswzP/a0mrjoZs
i7gSQ07KjIMvX45j/eeygBcdSG1Xev+UpdfVxlV+4Z/KmlHFj9Ud0NoNBGO8JUMR
ZY9WUhVAY1xLFIQo81eJjLP7lAPSffT55J+mhwCwh1Zm3eqIofWMhVbnoretPbsy
IfGGhMy7suuf4bAwjJtIiHa1x1GoSZ1ACtMy+b/7/kywiMWxEpZg2j9Lu82TJjhX
eeM1no98IVaa/x1sD5NWq3lu/dbhva3jcJDojYeeBAaz7+KfaBIzRe4LvwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFBLEDDKPGdOHHJgztjIcUsb6uwCNMB8GA1UdIwQY
MBaAFF67oHNaB+QMoyAmJ4smeGePi6zZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHJ1Z2Mxb0g1QXlqSUNZbml5WjRaNC1Mck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC82MDc3ZDgtMjg3Ny00Njk4LTgwNDAt
MzIxMmI2ODU4NGU5LzEvRXNRTU1vOFowNGNjbURPMk1oeFN4dnE3QUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC82MDc3ZDgtMjg3Ny00Njk4LTgwNDAtMzIxMmI2ODU4NGU5
LzEvWHJ1Z2Mxb0g1QXlqSUNZbml5WjRaNC1Mck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAaBAIAATAUMAwDBAVVdWAD
BAFVdWwDBAG5OUgwIwQCAAIwHTASAwcBKgMywAAKAwcBKgMywAAMAwcAKgMywAAW
MA0GCSqGSIb3DQEBCwUAA4IBAQBTsfTD1ooRJ3Opn+GYLNnVJxfOtOwer5pIVPnz
c9aChYLZtFL9FeufRSqu/h0ipuWonZD5FYseXkhT2QzatxNll0kuCRcXBGNll+dY
mnGU4slwo+S/7VUz0q//Z6AdV77GQrXcuMOnZWUF0rKvNkdcI/mRmhPQrS9iZfam
NLa/P3WwVfE4LhVIys8B4UqmiVz7DHpC3KGkyYhjdIozlzNpa3YZkuWTPtwJo59m
SMxVIaSycxsLuIVMVzwU8SINhxfgYSCsL/YkNXhx/42iIJJ8Dala21EtvhDDa2C1
FyKllSzL5oOP7IV2cLyeICbETj3qXjwx8dC8SICG55YRzOnU
-----END CERTIFICATE-----