Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/EzTknY_aD2X61ff0Rxe9N0wEis4.roa
File:                     EzTknY_aD2X61ff0Rxe9N0wEis4.roa (raw, json)
Hash identifier:          27jAZeDLd7dv/f65sqzhJyaHZhUOKVfJWwQA/D5qPQs=
Subject key identifier:   13:34:E4:9D:8F:DA:0F:65:FA:D5:F7:F4:47:17:BD:37:4C:04:8A:CE
Certificate issuer:       /CN=c1ab247c636ad389bf9f8c5074c8220230e8edcc
Certificate serial:       018570429B1BC870B0B34D48CEE4F37C34B4
Authority key identifier: C1:AB:24:7C:63:6A:D3:89:BF:9F:8C:50:74:C8:22:02:30:E8:ED:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/EzTknY_aD2X61ff0Rxe9N0wEis4.roa
Signing time:             Mon 02 Jan 2023 02:14:51 +0000
ROA not before:           Mon 02 Jan 2023 02:14:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44964
IP address blocks:        93.188.40.0/21 maxlen: 21
                          37.203.240.0/24 maxlen: 24
                          37.203.242.64/27 maxlen: 27
                          37.203.243.0/24 maxlen: 24
                          37.203.242.192/26 maxlen: 26
                          37.203.242.128/26 maxlen: 26
                          37.203.242.0/24 maxlen: 29
                          37.203.245.0/24 maxlen: 24
                          37.203.246.0/24 maxlen: 24
                          37.203.247.0/24 maxlen: 24
                          93.188.41.79/32 maxlen: 32
                          37.203.242.48/29 maxlen: 29
                          37.203.242.32/28 maxlen: 28
                          2a00:c8c0:1::/48 maxlen: 48
                          2a00:c8c0::/47 maxlen: 47

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:42:9b:1b:c8:70:b0:b3:4d:48:ce:e4:f3:7c:34:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1ab247c636ad389bf9f8c5074c8220230e8edcc
        Validity
            Not Before: Jan  2 02:14:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1334e49d8fda0f65fad5f7f44717bd374c048ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7e:72:6d:23:3f:63:20:7a:62:51:ea:2b:13:
                    45:f7:0e:1c:1a:b4:d1:c6:56:03:fa:c4:a5:11:8c:
                    ba:1b:73:a1:e1:b9:31:fc:18:d2:04:de:f2:8a:c4:
                    ac:9b:57:9c:7c:db:d9:7a:10:01:70:17:fc:da:82:
                    15:9f:4a:3e:99:45:3e:57:65:97:cb:83:99:8d:08:
                    26:66:d9:6f:57:9a:04:ce:5c:20:66:96:68:52:f7:
                    43:63:94:f7:3e:12:69:57:18:53:ac:0a:38:44:52:
                    84:c4:bc:9b:ce:e1:cd:b5:46:50:7a:ef:7c:fd:71:
                    1d:cb:9a:f6:d9:74:50:a3:30:a4:a0:55:c2:80:3f:
                    04:74:a1:09:c4:d0:30:90:25:48:dd:a7:b8:2e:93:
                    53:8b:b6:43:2e:40:50:6c:41:e7:d9:77:70:e6:9c:
                    5a:fd:0b:5b:f0:85:80:4e:be:63:12:f6:2b:b4:14:
                    10:d3:12:c5:89:c8:25:89:81:b7:7d:b5:69:d4:d9:
                    31:22:92:09:14:be:a0:a0:8b:c7:28:32:2c:41:2c:
                    fa:05:3b:11:40:b0:e5:98:cd:9e:45:ba:d0:84:ec:
                    af:d1:85:a9:ac:8f:cc:ef:ca:af:b6:ee:a5:a9:f3:
                    9f:0a:1d:a6:d6:c0:b5:d9:70:89:a5:7a:56:a6:03:
                    8c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:34:E4:9D:8F:DA:0F:65:FA:D5:F7:F4:47:17:BD:37:4C:04:8A:CE
            X509v3 Authority Key Identifier:
                keyid:C1:AB:24:7C:63:6A:D3:89:BF:9F:8C:50:74:C8:22:02:30:E8:ED:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/EzTknY_aD2X61ff0Rxe9N0wEis4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/waskfGNq04m_n4xQdMgiAjDo7cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.203.240.0/24
                  37.203.242.0/23
                  37.203.245.0-37.203.247.255
                  93.188.40.0/21
                IPv6:
                  2a00:c8c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         05:c1:e4:33:cd:bf:c7:c1:64:a2:e8:d3:f9:48:c8:d6:be:a0:
         56:53:1d:43:b0:29:58:3a:e3:6f:8a:8c:4e:7b:e4:51:4d:0d:
         e6:ed:8f:ce:8f:13:33:ef:7e:50:5c:ac:7d:79:3b:66:f4:82:
         97:58:6a:0e:65:36:af:fd:04:84:66:82:13:cf:ec:7a:63:2a:
         30:cb:37:3d:2c:39:97:a8:c4:d9:d7:ce:8c:bf:b1:d9:73:45:
         56:13:5a:f6:13:09:3a:6e:0a:d3:87:b3:24:fe:3d:65:4c:1f:
         27:7f:d7:83:dc:ce:4a:50:b2:60:fb:a2:3f:d1:1e:d3:52:f5:
         89:ff:b4:76:06:0b:20:27:ba:8a:f8:d4:db:4b:e0:d3:ef:aa:
         92:d8:a0:a6:91:5d:f2:2d:e7:f4:d4:39:14:c2:f8:92:ec:33:
         b3:31:ee:c7:43:1b:b0:49:b6:88:9c:86:e1:ef:69:4b:51:f5:
         76:68:2b:c9:9c:13:ad:cc:3d:31:ce:3a:67:ef:0d:fc:23:3e:
         34:61:a7:bd:a3:d1:5d:29:58:e0:d8:7d:28:39:3f:ee:d4:af:
         e5:65:a7:15:37:bc:22:92:d5:5e:ad:b5:88:48:93:c7:1a:80:
         0f:32:82:b3:a0:0b:41:74:0a:2e:d9:c7:32:71:bb:8b:f6:2f:
         ce:5e:cb:52
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYVwQpsbyHCws01IzuTzfDS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYWIyNDdjNjM2YWQzODliZjlmOGM1MDc0YzgyMjAyMzBl
OGVkY2MwHhcNMjMwMTAyMDIxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzM0ZTQ5ZDhmZGEwZjY1ZmFkNWY3ZjQ0NzE3YmQzNzRjMDQ4YWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmX5ybSM/YyB6YlHqKxNF9w4cGrTR
xlYD+sSlEYy6G3Oh4bkx/BjSBN7yisSsm1ecfNvZehABcBf82oIVn0o+mUU+V2WX
y4OZjQgmZtlvV5oEzlwgZpZoUvdDY5T3PhJpVxhTrAo4RFKExLybzuHNtUZQeu98
/XEdy5r22XRQozCkoFXCgD8EdKEJxNAwkCVI3ae4LpNTi7ZDLkBQbEHn2Xdw5pxa
/Qtb8IWATr5jEvYrtBQQ0xLFicgliYG3fbVp1NkxIpIJFL6goIvHKDIsQSz6BTsR
QLDlmM2eRbrQhOyv0YWprI/M78qvtu6lqfOfCh2m1sC12XCJpXpWpgOM+wIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFBM05J2P2g9l+tX39EcXvTdMBIrOMB8GA1UdIwQY
MBaAFMGrJHxjatOJv5+MUHTIIgIw6O3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2Fza2ZHTnEwNG1fbjR4UWRNZ2lBakRvN2N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81NjY5MzgtZTJhOC00OGIzLTgxNmIt
MjdiMTEzY2ZmNTNiLzEvRXpUa25ZX2FEMlg2MWZmMFJ4ZTlOMHdFaXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81NjY5MzgtZTJhOC00OGIzLTgxNmItMjdiMTEzY2ZmNTNi
LzEvd2Fza2ZHTnEwNG1fbjR4UWRNZ2lBakRvN2N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQAJcvwAwQB
JcvyMAwDBAAly/UDBAMly/ADBANdvCgwDwQCAAIwCQMHASoAyMAAADANBgkqhkiG
9w0BAQsFAAOCAQEABcHkM82/x8FkoujT+UjI1r6gVlMdQ7ApWDrjb4qMTnvkUU0N
5u2Pzo8TM+9+UFysfXk7ZvSCl1hqDmU2r/0EhGaCE8/semMqMMs3PSw5l6jE2dfO
jL+x2XNFVhNa9hMJOm4K04ezJP49ZUwfJ3/Xg9zOSlCyYPuiP9Ee01L1if+0dgYL
ICe6ivjU20vg0++qktigppFd8i3n9NQ5FML4kuwzszHux0MbsEm2iJyG4e9pS1H1
dmgryZwTrcw9Mc46Z+8N/CM+NGGnvaPRXSlY4Nh9KDk/7tSv5WWnFTe8IpLVXq21
iEiTxxqADzKCs6ALQXQKLtnHMnG7i/Yvzl7LUg==
-----END CERTIFICATE-----