Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/2If72WrA2ayGxmXzo92ETDCou1k.roa
File:                     2If72WrA2ayGxmXzo92ETDCou1k.roa (raw, json)
Hash identifier:          CFnCGw1nJ2NxVzn8kTKd3SGw9LZF0YyMMcB8IRB2OyM=
Subject key identifier:   D8:87:FB:D9:6A:C0:D9:AC:86:C6:65:F3:A3:DD:84:4C:30:A8:BB:59
Certificate issuer:       /CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
Certificate serial:       018AB466E7541BD5FFA662780FF1B15555A4
Authority key identifier: E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/2If72WrA2ayGxmXzo92ETDCou1k.roa
Signing time:             Wed 20 Sep 2023 21:02:37 +0000
ROA not before:           Wed 20 Sep 2023 21:02:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        151.186.192.0/24 maxlen: 24
                          151.186.192.0/20 maxlen: 24
                          151.186.193.0/24 maxlen: 24
                          151.186.196.0/24 maxlen: 24
                          151.186.194.0/24 maxlen: 24
                          151.186.195.0/24 maxlen: 24
                          151.186.199.0/24 maxlen: 24
                          151.186.197.0/24 maxlen: 24
                          151.186.198.0/24 maxlen: 24
                          151.186.203.0/24 maxlen: 24
                          151.186.201.0/24 maxlen: 24
                          151.186.202.0/24 maxlen: 24
                          151.186.206.0/24 maxlen: 24
                          151.186.204.0/24 maxlen: 24
                          151.186.205.0/24 maxlen: 24
                          151.186.200.0/24 maxlen: 24
                          151.186.207.0/24 maxlen: 24
                          151.186.172.0/22 maxlen: 24
                          2a04:e4c4:5::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 20 Sep 2023 22:23:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b4:66:e7:54:1b:d5:ff:a6:62:78:0f:f1:b1:55:55:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
        Validity
            Not Before: Sep 20 21:02:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d887fbd96ac0d9ac86c665f3a3dd844c30a8bb59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:88:1f:e5:e7:a5:fe:a5:a5:de:da:83:0b:bb:
                    7b:33:92:4d:68:4d:b2:6a:d0:04:8d:84:9a:99:a4:
                    a5:80:ad:29:54:54:8d:e7:eb:7f:ab:cb:fe:4e:e8:
                    01:7a:d7:8a:1a:e2:3f:6d:5a:1a:e3:de:80:04:29:
                    10:0e:6a:82:46:e4:f8:28:30:87:6e:b6:04:13:2e:
                    6b:22:73:9f:02:41:ea:e2:22:39:10:a5:1f:0a:43:
                    c3:38:2c:86:1c:13:00:82:b6:83:22:2e:ce:60:6d:
                    8a:a4:6b:72:92:77:41:dc:43:29:f9:f8:1f:81:5e:
                    7f:4a:9a:21:fb:73:f1:cb:de:d8:e1:07:22:19:f5:
                    53:69:1f:b4:7d:e1:d9:85:b3:09:80:8a:cf:7c:71:
                    dd:02:cf:4e:f0:57:03:77:cb:a8:b5:34:05:ac:db:
                    18:45:18:80:b6:59:0c:10:6f:3c:c2:f6:5d:d2:f7:
                    38:f2:af:73:bc:b5:66:1a:a4:67:78:17:4d:e3:bd:
                    0a:2b:dd:b7:3f:07:7a:9e:cf:e0:40:91:17:b7:39:
                    42:be:11:36:b5:24:75:90:9e:48:9a:13:d9:c3:a2:
                    dc:79:da:97:2e:75:8c:40:24:3a:cd:d1:96:ed:c9:
                    a8:8f:ba:bf:48:f5:be:cf:d3:dc:89:03:7b:f1:e6:
                    2c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:87:FB:D9:6A:C0:D9:AC:86:C6:65:F3:A3:DD:84:4C:30:A8:BB:59
            X509v3 Authority Key Identifier:
                keyid:E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/2If72WrA2ayGxmXzo92ETDCou1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.186.172.0/22
                  151.186.192.0/20
                IPv6:
                  2a04:e4c4:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:4a:2c:fb:8b:d9:21:df:50:ad:86:4e:2a:29:95:3a:af:98:
         81:d4:92:cd:63:6c:21:fc:e3:81:c5:96:53:d8:4b:a2:75:bf:
         7d:36:9f:a9:13:5c:a9:92:08:fe:fb:c7:87:fc:54:7d:58:ea:
         d2:7c:43:5a:a4:25:1d:89:eb:d4:1e:69:95:a8:02:37:f2:7c:
         e3:f9:da:45:5a:ba:97:78:76:34:f1:4c:c1:32:86:4a:0c:d7:
         96:ce:0e:cb:eb:2c:46:f5:85:a0:52:50:cf:29:e4:12:8d:db:
         2b:b9:5c:82:a9:92:21:3e:85:e2:42:9c:7a:bf:d1:72:73:33:
         9e:c3:24:12:4a:4b:c9:fa:d0:0b:3a:98:e6:db:86:24:99:f3:
         21:98:36:6c:80:f6:e8:72:ce:0e:3e:27:42:26:26:ca:83:b1:
         04:ac:26:c8:2d:f0:02:ee:ba:6b:0a:fe:f7:58:4d:08:36:11:
         d5:56:e9:14:68:78:8f:4b:e6:6b:e8:0d:97:57:a5:ea:1e:d9:
         a4:82:9b:9a:3d:89:06:f4:80:cb:53:88:4c:e4:f5:5d:6a:74:
         a3:38:f6:2e:5d:5b:01:87:cb:f9:fc:8a:4b:6d:26:30:76:4f:
         54:e5:e2:2c:4f:41:84:c9:79:6e:e2:87:f8:93:d1:51:d2:d6:
         9e:f0:e2:9e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYq0ZudUG9X/pmJ4D/GxVVWkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTMzZGNhZjJiMWViZjVkYWRlNWEzM2FhMWIyZmI5OWQy
Njg5YmEwHhcNMjMwOTIwMjEwMjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODg3ZmJkOTZhYzBkOWFjODZjNjY1ZjNhM2RkODQ0YzMwYThiYjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4gf5eel/qWl3tqDC7t7M5JNaE2y
atAEjYSamaSlgK0pVFSN5+t/q8v+TugBeteKGuI/bVoa496ABCkQDmqCRuT4KDCH
brYEEy5rInOfAkHq4iI5EKUfCkPDOCyGHBMAgraDIi7OYG2KpGtykndB3EMp+fgf
gV5/Spoh+3Pxy97Y4QciGfVTaR+0feHZhbMJgIrPfHHdAs9O8FcDd8uotTQFrNsY
RRiAtlkMEG88wvZd0vc48q9zvLVmGqRneBdN470KK923Pwd6ns/gQJEXtzlCvhE2
tSR1kJ5ImhPZw6LcedqXLnWMQCQ6zdGW7cmoj7q/SPW+z9PciQN78eYscQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFNiH+9lqwNmshsZl86PdhEwwqLtZMB8GA1UdIwQY
MBaAFOcTPcrysev12t5aM6obL7mdJom6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUt
MTljZTQ2YTQyZmE0LzEvMklmNzJXckEyYXlHeG1Yem85MkVURENvdTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUtMTljZTQ2YTQyZmE0
LzEvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCl7qsAwQE
l7rAMA8EAgACMAkDBwAqBOTEAAUwDQYJKoZIhvcNAQELBQADggEBAIJKLPuL2SHf
UK2GTioplTqvmIHUks1jbCH844HFllPYS6J1v302n6kTXKmSCP77x4f8VH1Y6tJ8
Q1qkJR2J69QeaZWoAjfyfOP52kVaupd4djTxTMEyhkoM15bODsvrLEb1haBSUM8p
5BKN2yu5XIKpkiE+heJCnHq/0XJzM57DJBJKS8n60As6mObbhiSZ8yGYNmyA9uhy
zg4+J0ImJsqDsQSsJsgt8ALuumsK/vdYTQg2EdVW6RRoeI9L5mvoDZdXpeoe2aSC
m5o9iQb0gMtTiEzk9V1qdKM49i5dWwGHy/n8ikttJjB2T1Tl4ixPQYTJeW7ih/iT
0VHS1p7w4p4=
-----END CERTIFICATE-----