Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/8ymtCYVoFSqaBmY2Ll9rGTdBwbY.roa
File:                     8ymtCYVoFSqaBmY2Ll9rGTdBwbY.roa (raw, json)
Hash identifier:          Ckr9UKt88mKBtkEqdJaQ348Xy6nMHBOwYfFQOoS9wZk=
Subject key identifier:   F3:29:AD:09:85:68:15:2A:9A:06:66:36:2E:5F:6B:19:37:41:C1:B6
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       01919280D6B7E97D23309CCC38B3404CDBEC
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/8ymtCYVoFSqaBmY2Ll9rGTdBwbY.roa
Signing time:             Tue 27 Aug 2024 06:23:22 +0000
ROA not before:           Tue 27 Aug 2024 06:23:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34892
IP address blocks:        5.158.232.0/21 maxlen: 21
                          5.158.232.0/24 maxlen: 24
                          5.158.233.0/24 maxlen: 24
                          5.158.234.0/23 maxlen: 23
                          5.158.236.0/23 maxlen: 23
                          5.158.238.0/23 maxlen: 23
                          85.234.0.0/22 maxlen: 22
                          85.234.4.0/22 maxlen: 22
                          85.234.8.0/22 maxlen: 22
                          85.234.12.0/22 maxlen: 22
                          85.234.16.0/22 maxlen: 22
                          85.234.20.0/24 maxlen: 24
                          85.234.21.0/24 maxlen: 24
                          85.234.24.0/22 maxlen: 22
                          85.234.28.0/22 maxlen: 22
                          185.24.44.0/23 maxlen: 23
                          185.24.44.0/24 maxlen: 24
                          185.24.45.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 27 Aug 2024 10:21:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:92:80:d6:b7:e9:7d:23:30:9c:cc:38:b3:40:4c:db:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Aug 27 06:23:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f329ad098568152a9a0666362e5f6b193741c1b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:92:4e:50:01:35:a3:f9:45:12:71:cd:aa:fe:
                    16:bd:ac:c5:2d:3c:39:6d:2d:4f:2f:fc:fa:41:7c:
                    20:29:81:ec:fe:ba:f0:14:3a:f6:e4:f2:37:fd:3f:
                    e7:bb:3a:7e:53:05:24:92:18:8e:69:2c:08:4a:e3:
                    af:f0:99:74:12:42:a2:95:e9:86:8d:ff:90:ab:63:
                    ed:1d:91:db:25:02:7d:76:2f:2a:c3:01:c0:47:87:
                    90:24:e0:55:27:e1:7a:32:f0:a3:ec:56:0c:18:7e:
                    47:00:e2:d5:21:5e:d5:77:be:79:ff:78:24:f6:30:
                    ac:62:5e:ec:75:a1:4b:0a:8d:00:ad:da:4c:45:c6:
                    24:84:b0:03:3b:d1:77:8f:d3:a9:06:d8:3f:86:d6:
                    e2:de:91:3e:02:9f:90:02:d0:bb:0b:5b:45:c2:75:
                    ba:a0:23:d6:e1:b1:72:65:7d:fd:77:37:7f:17:88:
                    7f:93:c7:92:02:55:f5:54:29:4f:c1:c2:b8:59:54:
                    03:a9:79:04:3b:c5:7b:9c:8e:18:8b:ab:82:e9:76:
                    78:fc:ff:13:85:e4:b2:0b:8b:95:ac:f2:a6:e6:ff:
                    6e:09:c5:c6:d0:4c:a7:ac:93:4e:4a:ca:81:5a:2e:
                    5b:6f:aa:6e:87:33:d0:e3:62:dc:d8:86:30:20:e8:
                    50:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:29:AD:09:85:68:15:2A:9A:06:66:36:2E:5F:6B:19:37:41:C1:B6
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/8ymtCYVoFSqaBmY2Ll9rGTdBwbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.232.0/21
                  85.234.0.0-85.234.21.255
                  85.234.24.0/21
                  185.24.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:1d:bb:8a:73:ba:24:98:37:0c:35:f1:ce:11:6e:98:e2:64:
         d8:9b:3b:dd:d3:2c:44:0f:67:10:7e:bb:b0:12:a7:6d:7f:e3:
         63:75:41:67:69:ac:b1:a0:94:6d:6c:0d:ca:59:85:d2:4c:fd:
         be:ec:ef:e5:3e:d4:3f:fc:15:c9:d9:c9:cd:6f:a8:50:6b:e1:
         c1:5b:46:d4:4b:f1:ac:24:f6:a8:b2:e4:9a:00:9d:72:7a:74:
         79:c2:81:c3:71:b7:9c:70:c9:6a:e3:72:a5:ff:8a:65:98:50:
         f9:51:21:66:f0:6f:30:93:5b:2b:77:05:cc:ec:42:8a:48:75:
         dd:54:64:89:f8:66:41:10:06:60:b3:81:d7:cd:56:57:c4:31:
         e2:c3:65:b1:18:23:de:bd:34:a6:f2:f7:a0:32:a0:25:2c:ce:
         d2:a5:c3:ad:fd:08:c0:17:46:eb:ad:13:45:06:33:d0:47:88:
         02:85:19:62:94:f9:ae:95:85:e7:74:9c:bd:ef:52:c9:cd:55:
         e9:9d:66:5f:6c:f4:87:a2:66:6a:c0:43:24:08:22:a9:54:65:
         93:10:8e:2d:61:66:f5:9e:15:69:a8:aa:6c:a5:ee:7c:96:09:
         fa:9c:dc:d4:a8:73:61:df:48:63:ad:14:65:a8:32:43:75:ff:
         d4:e8:83:d2
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZGSgNa36X0jMJzMOLNATNvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwODI3MDYyMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzI5YWQwOTg1NjgxNTJhOWEwNjY2MzYyZTVmNmIxOTM3NDFjMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZJOUAE1o/lFEnHNqv4WvazFLTw5
bS1PL/z6QXwgKYHs/rrwFDr25PI3/T/nuzp+UwUkkhiOaSwISuOv8Jl0EkKilemG
jf+Qq2PtHZHbJQJ9di8qwwHAR4eQJOBVJ+F6MvCj7FYMGH5HAOLVIV7Vd755/3gk
9jCsYl7sdaFLCo0ArdpMRcYkhLADO9F3j9OpBtg/htbi3pE+Ap+QAtC7C1tFwnW6
oCPW4bFyZX39dzd/F4h/k8eSAlX1VClPwcK4WVQDqXkEO8V7nI4Yi6uC6XZ4/P8T
heSyC4uVrPKm5v9uCcXG0EynrJNOSsqBWi5bb6puhzPQ42Lc2IYwIOhQPwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPMprQmFaBUqmgZmNi5faxk3QcG2MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvOHltdENZVm9GU3FhQm1ZMkxsOXJHVGRCd2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAlBAIAATAfAwQDBZ7oMAsD
AwFV6gMEAVXqFAMEA1XqGAMEAbkYLDANBgkqhkiG9w0BAQsFAAOCAQEAaB27inO6
JJg3DDXxzhFumOJk2Js73dMsRA9nEH67sBKnbX/jY3VBZ2mssaCUbWwNylmF0kz9
vuzv5T7UP/wVydnJzW+oUGvhwVtG1EvxrCT2qLLkmgCdcnp0ecKBw3G3nHDJauNy
pf+KZZhQ+VEhZvBvMJNbK3cFzOxCikh13VRkifhmQRAGYLOB181WV8Qx4sNlsRgj
3r00pvL3oDKgJSzO0qXDrf0IwBdG660TRQYz0EeIAoUZYpT5rpWF53Scve9Syc1V
6Z1mX2z0h6JmasBDJAgiqVRlkxCOLWFm9Z4VaaiqbKXufJYJ+pzc1KhzYd9IY60U
ZagyQ3X/1OiD0g==
-----END CERTIFICATE-----