Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/92Niq1XZqToucrtHtmDdyvlNWl8.roa
File:                     92Niq1XZqToucrtHtmDdyvlNWl8.roa (raw, json)
Hash identifier:          GRBDeJV+us9px2uCX5xo6QaR6IZ0Q+t0Y0/yLvF34lE=
Subject key identifier:   F7:63:62:AB:55:D9:A9:3A:2E:72:BB:47:B6:60:DD:CA:F9:4D:5A:5F
Certificate issuer:       /CN=8d4dd2d06d920e403933fdb2cd1984893552579c
Certificate serial:       018B85D11CEAD0929C95BFA49AF2CDDF5FFD
Authority key identifier: 8D:4D:D2:D0:6D:92:0E:40:39:33:FD:B2:CD:19:84:89:35:52:57:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jU3S0G2SDkA5M_2yzRmEiTVSV5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/92Niq1XZqToucrtHtmDdyvlNWl8.roa
Signing time:             Tue 31 Oct 2023 12:59:15 +0000
ROA not before:           Tue 31 Oct 2023 12:59:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39280
IP address blocks:        81.21.80.0/21 maxlen: 21
                          81.21.80.0/20 maxlen: 20
                          81.21.88.0/21 maxlen: 21
                          93.184.224.0/20 maxlen: 20
                          93.184.224.0/21 maxlen: 21
                          93.184.232.0/21 maxlen: 21
                          46.228.176.0/21 maxlen: 21
                          46.228.176.0/20 maxlen: 20
                          46.228.184.0/21 maxlen: 21
                          185.41.202.0/23 maxlen: 23
                          185.41.200.0/23 maxlen: 23
                          185.41.200.0/22 maxlen: 22
                          46.18.64.0/21 maxlen: 21
                          46.18.64.0/22 maxlen: 22
                          46.18.68.0/22 maxlen: 22
                          2a03:ba40::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:85:d1:1c:ea:d0:92:9c:95:bf:a4:9a:f2:cd:df:5f:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d4dd2d06d920e403933fdb2cd1984893552579c
        Validity
            Not Before: Oct 31 12:59:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f76362ab55d9a93a2e72bb47b660ddcaf94d5a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:db:31:c8:1d:74:14:63:3c:84:5e:4d:9d:2d:
                    30:02:7b:7a:d8:b9:d5:b4:8c:aa:16:f7:db:dc:7f:
                    fd:df:f7:aa:2d:31:56:1e:8a:83:ed:8f:9c:8b:67:
                    10:91:12:25:10:47:35:0a:67:54:16:dd:31:e8:45:
                    c1:69:5c:02:75:c4:a6:6a:8e:28:62:12:78:8d:14:
                    7e:1e:24:a3:2b:58:2b:30:30:9c:54:29:10:6c:c7:
                    07:43:53:0d:d7:e1:43:f1:a4:04:0f:b2:bf:78:c4:
                    f7:2d:e7:84:c1:1d:ed:c9:42:76:d5:17:e9:b1:a3:
                    64:8c:3d:73:c1:01:3c:20:62:77:0b:6b:dc:e8:6d:
                    24:72:78:77:85:77:0d:80:4f:99:37:4c:b6:4f:0e:
                    1c:c2:4b:5b:7b:f8:c9:b0:a3:ab:17:78:3c:a5:f1:
                    17:4d:fc:43:77:7c:de:bc:f9:7b:f7:78:17:0d:d6:
                    37:8f:42:64:18:f0:35:ba:dd:87:6f:9f:bf:4d:36:
                    13:11:57:3e:1b:34:93:95:05:80:69:5f:05:83:34:
                    7b:23:15:49:8a:18:d7:69:ae:14:ff:26:fe:40:39:
                    2b:1d:ba:10:c4:3e:bf:8e:bc:d0:5d:7a:7f:02:49:
                    11:46:ff:cc:db:86:e2:85:11:ac:68:67:1e:0b:6e:
                    c4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:63:62:AB:55:D9:A9:3A:2E:72:BB:47:B6:60:DD:CA:F9:4D:5A:5F
            X509v3 Authority Key Identifier:
                keyid:8D:4D:D2:D0:6D:92:0E:40:39:33:FD:B2:CD:19:84:89:35:52:57:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jU3S0G2SDkA5M_2yzRmEiTVSV5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/92Niq1XZqToucrtHtmDdyvlNWl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f621a7-e080-4255-926d-32ff31ceec8b/1/jU3S0G2SDkA5M_2yzRmEiTVSV5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.64.0/21
                  46.228.176.0/20
                  81.21.80.0/20
                  93.184.224.0/20
                  185.41.200.0/22
                IPv6:
                  2a03:ba40::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:1b:6a:21:ad:d7:3d:be:45:a4:4f:f1:3e:9b:10:08:1d:5b:
         05:41:a2:3d:23:63:2d:48:e0:93:f0:39:fb:c7:6b:a9:65:c3:
         77:0b:ef:a8:69:9e:b9:75:d4:1f:aa:53:f6:82:9d:09:2e:cd:
         51:b1:7d:9d:b7:ff:35:bc:a9:10:3f:50:99:ee:9b:a0:d7:53:
         1b:9b:f0:45:49:62:0f:7a:26:22:36:1d:1f:03:23:b9:e5:e2:
         9f:54:11:9c:2a:f0:22:8a:1d:3e:9c:a6:6b:3e:46:2e:7d:63:
         95:bf:7d:cd:6f:11:1a:53:42:1e:4a:da:6a:4c:ee:4f:5b:19:
         ee:38:3a:d0:2f:e6:31:9d:5f:d3:d7:25:2f:f9:fa:47:b2:60:
         2d:56:87:b0:80:84:aa:9d:d0:f8:c2:c4:24:5c:ad:31:b7:2b:
         6a:79:db:b5:01:a7:4b:17:aa:dc:bc:bf:2c:ba:cd:80:93:0b:
         90:3a:4c:06:63:08:8a:a6:1b:49:35:b1:99:d9:37:00:9f:3b:
         02:ed:8e:a6:8f:5a:4f:67:09:68:df:39:85:ab:9b:a7:07:11:
         c6:66:27:7c:ee:6c:4a:8e:3a:01:88:31:10:9a:88:eb:a3:e8:
         83:73:25:0a:4a:ec:5c:22:e6:8f:b3:2d:32:aa:18:46:e4:4b:
         e2:9e:3f:49
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYuF0Rzq0JKclb+kmvLN31/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNGRkMmQwNmQ5MjBlNDAzOTMzZmRiMmNkMTk4NDg5MzU1
MjU3OWMwHhcNMjMxMDMxMTI1OTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzYzNjJhYjU1ZDlhOTNhMmU3MmJiNDdiNjYwZGRjYWY5NGQ1YTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNsxyB10FGM8hF5NnS0wAnt62LnV
tIyqFvfb3H/93/eqLTFWHoqD7Y+ci2cQkRIlEEc1CmdUFt0x6EXBaVwCdcSmao4o
YhJ4jRR+HiSjK1grMDCcVCkQbMcHQ1MN1+FD8aQED7K/eMT3LeeEwR3tyUJ21Rfp
saNkjD1zwQE8IGJ3C2vc6G0kcnh3hXcNgE+ZN0y2Tw4cwktbe/jJsKOrF3g8pfEX
TfxDd3zevPl793gXDdY3j0JkGPA1ut2Hb5+/TTYTEVc+GzSTlQWAaV8FgzR7IxVJ
ihjXaa4U/yb+QDkrHboQxD6/jrzQXXp/AkkRRv/M24bihRGsaGceC27EqwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFPdjYqtV2ak6LnK7R7Zg3cr5TVpfMB8GA1UdIwQY
MBaAFI1N0tBtkg5AOTP9ss0ZhIk1UlecMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalUzUzBHMlNEa0E1TV8yeXpSbUVpVFZTVjV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mNjIxYTctZTA4MC00MjU1LTkyNmQt
MzJmZjMxY2VlYzhiLzEvOTJOaXExWFpxVG91Y3J0SHRtRGR5dmxOV2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mNjIxYTctZTA4MC00MjU1LTkyNmQtMzJmZjMxY2VlYzhi
LzEvalUzUzBHMlNEa0E1TV8yeXpSbUVpVFZTVjV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDLhJAAwQE
LuSwAwQEURVQAwQEXbjgAwQCuSnIMA0EAgACMAcDBQAqA7pAMA0GCSqGSIb3DQEB
CwUAA4IBAQArG2ohrdc9vkWkT/E+mxAIHVsFQaI9I2MtSOCT8Dn7x2upZcN3C++o
aZ65ddQfqlP2gp0JLs1RsX2dt/81vKkQP1CZ7pug11Mbm/BFSWIPeiYiNh0fAyO5
5eKfVBGcKvAiih0+nKZrPkYufWOVv33NbxEaU0IeStpqTO5PWxnuODrQL+YxnV/T
1yUv+fpHsmAtVoewgISqndD4wsQkXK0xtytqedu1AadLF6rcvL8sus2AkwuQOkwG
YwiKphtJNbGZ2TcAnzsC7Y6mj1pPZwlo3zmFq5unBxHGZid87mxKjjoBiDEQmojr
o+iDcyUKSuxcIuaPsy0yqhhG5Evinj9J
-----END CERTIFICATE-----