Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/1NPuhzZdba-xNlCMLj-rkGpf6Mc.roa
File:                     1NPuhzZdba-xNlCMLj-rkGpf6Mc.roa (raw, json)
Hash identifier:          r4YzJXHogV+ZTO/54pFIgZVkrxg4M6RurEWdJDq1um8=
Subject key identifier:   D4:D3:EE:87:36:5D:6D:AF:B1:36:50:8C:2E:3F:AB:90:6A:5F:E8:C7
Certificate issuer:       /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial:       018A218E4FCD07D0E3254AA165A49066AA4F
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/1NPuhzZdba-xNlCMLj-rkGpf6Mc.roa
Signing time:             Wed 23 Aug 2023 08:41:29 +0000
ROA not before:           Wed 23 Aug 2023 08:41:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59674
IP address blocks:        5.250.241.0/24 maxlen: 24
                          5.250.245.0/24 maxlen: 24
                          5.250.246.0/24 maxlen: 24
                          5.250.243.0/24 maxlen: 24
                          5.250.244.0/24 maxlen: 24
                          5.250.242.0/24 maxlen: 24
                          5.250.247.0/24 maxlen: 24
                          5.250.248.0/24 maxlen: 24
                          5.250.252.0/24 maxlen: 24
                          5.250.250.0/24 maxlen: 24
                          5.250.251.0/24 maxlen: 24
                          5.250.249.0/24 maxlen: 24
                          185.67.123.0/24 maxlen: 24
                          185.67.121.0/24 maxlen: 24
                          185.67.122.0/24 maxlen: 24
                          5.250.240.0/24 maxlen: 24
                          2a05:e80::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:21:8e:4f:cd:07:d0:e3:25:4a:a1:65:a4:90:66:aa:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
        Validity
            Not Before: Aug 23 08:41:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d4d3ee87365d6dafb136508c2e3fab906a5fe8c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:18:82:03:63:b0:61:68:0f:64:ca:9b:d4:41:
                    38:f5:b0:b2:f7:f8:e5:97:c1:3e:47:49:be:0d:35:
                    19:68:d2:66:4c:0a:0b:2f:ee:4d:a8:e1:f8:2d:d2:
                    52:b1:ad:06:ec:83:f7:ab:0b:2d:03:1c:df:3f:34:
                    22:09:f8:eb:15:86:b0:7c:b8:32:aa:b5:98:a5:ea:
                    11:1e:4b:20:ac:c4:a0:48:1b:d7:fa:66:8a:dd:55:
                    5b:69:44:a4:53:f6:21:53:24:a1:e2:c7:8a:f4:fa:
                    60:cb:dc:6d:d1:92:9a:68:4b:1a:64:5c:c0:71:68:
                    30:6a:b2:bc:9e:5f:f9:52:c1:c0:3b:64:54:7e:4f:
                    14:a5:a7:bc:54:8c:80:4a:a8:13:c4:47:a0:22:35:
                    8f:b4:fd:26:17:dc:aa:2e:f1:f2:fe:a3:19:08:ad:
                    f5:50:8e:4e:40:43:17:28:78:46:b0:97:53:c4:90:
                    e3:52:32:6b:78:a0:c4:a6:8a:9f:db:eb:ba:4d:da:
                    a1:a8:21:0f:f3:d1:5e:b5:02:61:dd:73:e3:90:37:
                    fc:b6:c4:65:02:a6:14:8e:6a:0f:5e:c8:e0:0d:db:
                    2f:1c:d3:d7:0e:a5:cb:14:75:25:b0:9b:b5:49:e2:
                    2d:e5:29:5c:27:67:36:a3:26:38:bf:a9:4a:78:c8:
                    1a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D3:EE:87:36:5D:6D:AF:B1:36:50:8C:2E:3F:AB:90:6A:5F:E8:C7
            X509v3 Authority Key Identifier:
                keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/1NPuhzZdba-xNlCMLj-rkGpf6Mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.240.0-5.250.252.255
                  185.67.121.0-185.67.123.255
                IPv6:
                  2a05:e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:15:bc:ae:3b:64:72:4c:4e:a2:20:14:f5:5c:0f:08:73:eb:
         b5:d9:e8:43:ed:ea:77:17:a7:45:c4:3f:c9:d1:4c:64:23:d9:
         64:36:51:8d:3f:83:9c:bc:4b:0f:97:d1:7f:9f:be:07:ed:f6:
         89:08:37:e0:6b:d7:59:44:66:54:ad:42:a1:70:65:66:43:3a:
         2b:97:cd:3c:d8:bd:3d:9f:51:a2:49:f6:56:ae:42:82:bb:07:
         16:3d:91:12:cb:f1:02:3c:fd:0d:c5:ae:ca:f3:30:2e:d9:00:
         33:4c:4f:56:52:a7:38:c3:89:02:4e:db:ee:23:01:bb:bf:e4:
         a4:e4:b6:dc:99:66:6d:36:42:94:04:3e:8e:7d:0d:97:28:c8:
         79:ea:5b:2e:76:ee:cf:b8:7f:29:d2:68:9e:44:40:33:0e:8a:
         ae:40:44:d5:c1:de:a3:93:a1:97:42:af:dc:20:aa:5d:e4:30:
         d7:59:ae:29:5e:29:61:3f:ee:bd:6a:f3:a5:cd:87:6f:e0:34:
         cb:77:a0:1b:00:79:12:3c:d9:1d:b7:2b:ed:d9:94:56:da:ff:
         9e:a4:8c:97:ab:d7:e8:1e:24:47:48:9c:b2:74:31:dc:f3:dc:
         95:f6:9a:19:0b:ab:d4:b3:c3:28:fe:7d:d7:02:ae:1d:39:41:
         56:ca:c6:12
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYohjk/NB9DjJUqhZaSQZqpPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWQwZTdlODE4YmFmOWE3YWZiOTg2NjEyNDI5MmE2MWFh
ZmI4Y2EwHhcNMjMwODIzMDg0MTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGQzZWU4NzM2NWQ2ZGFmYjEzNjUwOGMyZTNmYWI5MDZhNWZlOGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBiCA2OwYWgPZMqb1EE49bCy9/jl
l8E+R0m+DTUZaNJmTAoLL+5NqOH4LdJSsa0G7IP3qwstAxzfPzQiCfjrFYawfLgy
qrWYpeoRHksgrMSgSBvX+maK3VVbaUSkU/YhUySh4seK9Ppgy9xt0ZKaaEsaZFzA
cWgwarK8nl/5UsHAO2RUfk8Upae8VIyASqgTxEegIjWPtP0mF9yqLvHy/qMZCK31
UI5OQEMXKHhGsJdTxJDjUjJreKDEpoqf2+u6TdqhqCEP89FetQJh3XPjkDf8tsRl
AqYUjmoPXsjgDdsvHNPXDqXLFHUlsJu1SeIt5SlcJ2c2oyY4v6lKeMgakQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFNTT7oc2XW2vsTZQjC4/q5BqX+jHMB8GA1UdIwQY
MBaAFKsdDn6Bi6+aevuYZhJCkqYar7jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWIt
ZWE1OTI2NGY5MDgzLzEvMU5QdWh6WmRiYS14TmxDTUxqLXJrR3BmNk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWItZWE1OTI2NGY5MDgz
LzEvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAiBAIAATAcMAwDBAQF+vAD
BAAF+vwwDAMEALlDeQMEArlDeDANBAIAAjAHAwUAKgUOgDANBgkqhkiG9w0BAQsF
AAOCAQEARBW8rjtkckxOoiAU9VwPCHPrtdnoQ+3qdxenRcQ/ydFMZCPZZDZRjT+D
nLxLD5fRf5++B+32iQg34GvXWURmVK1CoXBlZkM6K5fNPNi9PZ9Rokn2Vq5CgrsH
Fj2REsvxAjz9DcWuyvMwLtkAM0xPVlKnOMOJAk7b7iMBu7/kpOS23JlmbTZClAQ+
jn0NlyjIeepbLnbuz7h/KdJonkRAMw6KrkBE1cHeo5Ohl0Kv3CCqXeQw11muKV4p
YT/uvWrzpc2Hb+A0y3egGwB5EjzZHbcr7dmUVtr/nqSMl6vX6B4kR0icsnQx3PPc
lfaaGQur1LPDKP591wKuHTlBVsrGEg==
-----END CERTIFICATE-----