Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/MXYyIPxdFSnXbTJj2t5sjSDp1BM.roa
File:                     MXYyIPxdFSnXbTJj2t5sjSDp1BM.roa (raw, json)
Hash identifier:          V6aKjccZ3fV3Yyq6KXGRJOcSm6SG8iQ9qniYulHgyys=
Subject key identifier:   31:76:32:20:FC:5D:15:29:D7:6D:32:63:DA:DE:6C:8D:20:E9:D4:13
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0188FD7B9FA3DDC2BE31C1A59C833034F2AD
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/MXYyIPxdFSnXbTJj2t5sjSDp1BM.roa
Signing time:             Tue 27 Jun 2023 15:31:57 +0000
ROA not before:           Tue 27 Jun 2023 15:31:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30938
IP address blocks:        45.12.216.0/24 maxlen: 24
                          45.12.217.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
                          5.39.248.0/24 maxlen: 24
                          5.39.251.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.253.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22
                          31.192.240.0/21 maxlen: 21
                          5.178.98.0/24 maxlen: 24
                          5.178.97.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          5.144.176.0/21 maxlen: 21
                          5.178.99.0/24 maxlen: 24
                          5.178.105.0/24 maxlen: 24
                          5.178.104.0/24 maxlen: 24
                          5.178.106.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.39.255.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:fd:7b:9f:a3:dd:c2:be:31:c1:a5:9c:83:30:34:f2:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jun 27 15:31:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=31763220fc5d1529d76d3263dade6c8d20e9d413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f3:61:29:89:dc:6f:a8:5b:80:c6:31:11:51:
                    46:09:3f:62:20:20:c3:cb:d6:50:1b:7b:90:fa:a0:
                    2a:f6:af:fb:a0:0b:10:41:1d:d3:89:d0:05:60:67:
                    4c:5a:30:81:7c:25:90:0d:66:55:79:30:84:47:19:
                    69:48:d3:2e:85:cf:1a:ee:82:0d:5b:c8:1e:63:88:
                    09:78:5c:d4:65:3f:93:19:3a:0d:f2:a7:7d:e3:8c:
                    25:60:c3:25:7f:85:93:4b:4f:f4:2b:59:b5:94:c0:
                    21:3e:c5:73:72:d7:f5:9b:e5:71:f1:6f:e7:dd:39:
                    a0:2c:87:08:21:36:0d:39:52:d7:78:71:10:94:de:
                    cc:27:98:fc:b8:06:7d:2c:c9:a7:8a:74:a5:b3:a5:
                    9e:e0:3a:45:a9:ea:c9:63:fe:19:8b:4b:ed:8d:f6:
                    44:bf:59:33:62:73:5b:08:5c:47:d6:ca:fe:8e:b2:
                    c5:bb:c1:1c:31:0c:f1:4e:e2:b7:fb:25:8e:be:6c:
                    ac:82:83:22:43:76:97:8d:92:49:76:4d:f2:71:3c:
                    4f:af:d7:6a:1f:b1:a3:e7:dc:14:73:f6:c4:f4:55:
                    41:4a:7a:af:f4:78:95:6f:e8:24:83:52:69:10:e1:
                    ef:eb:57:5a:3c:88:dc:66:0b:74:14:82:ba:59:69:
                    a3:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:76:32:20:FC:5D:15:29:D7:6D:32:63:DA:DE:6C:8D:20:E9:D4:13
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/MXYyIPxdFSnXbTJj2t5sjSDp1BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/24
                  5.39.250.0-5.39.255.255
                  5.144.176.0/21
                  5.178.96.0/22
                  5.178.104.0-5.178.106.255
                  31.192.240.0/21
                  45.12.216.0/22
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:76:e1:1b:7a:46:3b:d5:72:32:73:5f:bc:59:18:66:66:d9:
         0b:c2:74:a8:a8:55:6d:3e:c3:e3:2b:0d:69:84:2f:3f:a2:3c:
         f4:3a:04:16:57:ac:c7:ee:68:b4:14:ce:96:7d:41:08:ad:a1:
         aa:ef:d4:8e:4f:4a:50:5c:21:86:24:a8:f4:56:ca:79:4e:83:
         37:ed:33:98:af:c8:20:26:67:fb:b2:6d:4d:a6:39:8d:01:c1:
         e3:e6:68:f8:6f:65:36:b0:ca:22:7c:a3:32:8c:40:94:f8:0d:
         94:26:44:c9:78:fa:08:9a:34:84:a5:66:1c:71:2b:fe:af:ea:
         b1:a9:75:ca:c9:b4:ec:e7:0f:3e:04:16:20:fd:ff:94:6d:2d:
         0f:43:1f:ec:91:21:ca:ae:ef:a3:78:57:d3:be:3b:de:da:e6:
         ba:14:12:ed:d6:6b:5a:09:54:60:db:f0:af:f3:60:22:27:de:
         06:e3:15:cb:dd:60:e1:41:cd:28:cc:43:b5:be:58:42:1b:6b:
         9e:e6:2c:1f:75:29:0c:ad:8e:e8:af:2d:d9:33:67:c0:1b:63:
         b3:18:04:ad:56:d2:bf:10:10:53:8b:72:e8:f2:30:fa:41:cf:
         b7:9d:79:ce:fa:82:5e:be:c1:e6:34:fc:31:b0:e6:07:8e:ba:
         c1:f4:9b:5d
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYj9e5+j3cK+McGlnIMwNPKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjMwNjI3MTUzMTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTc2MzIyMGZjNWQxNTI5ZDc2ZDMyNjNkYWRlNmM4ZDIwZTlkNDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PNhKYncb6hbgMYxEVFGCT9iICDD
y9ZQG3uQ+qAq9q/7oAsQQR3TidAFYGdMWjCBfCWQDWZVeTCERxlpSNMuhc8a7oIN
W8geY4gJeFzUZT+TGToN8qd944wlYMMlf4WTS0/0K1m1lMAhPsVzctf1m+Vx8W/n
3TmgLIcIITYNOVLXeHEQlN7MJ5j8uAZ9LMmninSls6We4DpFqerJY/4Zi0vtjfZE
v1kzYnNbCFxH1sr+jrLFu8EcMQzxTuK3+yWOvmysgoMiQ3aXjZJJdk3ycTxPr9dq
H7Gj59wUc/bE9FVBSnqv9HiVb+gkg1JpEOHv61daPIjcZgt0FIK6WWmj/QIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFDF2MiD8XRUp120yY9rebI0g6dQTMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvTVhZeUlQeGRGU25YYlRKajJ0NXNqU0RwMUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAATA/AwQABSf4MAsD
BAEFJ/oDAwMFIAMEAwWQsAMEAgWyYDAMAwQDBbJoAwQABbJqAwQDH8DwAwQCLQzY
AwQCuQUkMA0GCSqGSIb3DQEBCwUAA4IBAQBEduEbekY71XIyc1+8WRhmZtkLwnSo
qFVtPsPjKw1phC8/ojz0OgQWV6zH7mi0FM6WfUEIraGq79SOT0pQXCGGJKj0Vsp5
ToM37TOYr8ggJmf7sm1NpjmNAcHj5mj4b2U2sMoifKMyjECU+A2UJkTJePoImjSE
pWYccSv+r+qxqXXKybTs5w8+BBYg/f+UbS0PQx/skSHKru+jeFfTvjve2ua6FBLt
1mtaCVRg2/Cv82AiJ94G4xXL3WDhQc0ozEO1vlhCG2ue5iwfdSkMrY7ory3ZM2fA
G2OzGAStVtK/EBBTi3Lo8jD6Qc+3nXnO+oJevsHmNPwxsOYHjrrB9Jtd
-----END CERTIFICATE-----