Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/KSYkZ_s_1hpbidPYEqsdDP_nGV0.roa
File:                     KSYkZ_s_1hpbidPYEqsdDP_nGV0.roa (raw, json)
Hash identifier:          7YHYncpv/eAwSoF6+g140jSno9Pg+f3rmkj1xCmAQHw=
Subject key identifier:   29:26:24:67:FB:3F:D6:1A:5B:89:D3:D8:12:AB:1D:0C:FF:E7:19:5D
Certificate issuer:       /CN=393cc8b7d2dc70a27d40fa459e4e56c005ccc63a
Certificate serial:       0185719E7EF603BC90E2F7A9C441AF95E2E3
Authority key identifier: 39:3C:C8:B7:D2:DC:70:A2:7D:40:FA:45:9E:4E:56:C0:05:CC:C6:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OTzIt9LccKJ9QPpFnk5WwAXMxjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/KSYkZ_s_1hpbidPYEqsdDP_nGV0.roa
Signing time:             Mon 02 Jan 2023 08:34:50 +0000
ROA not before:           Mon 02 Jan 2023 08:34:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50880
IP address blocks:        185.69.211.0/24 maxlen: 24
                          185.69.210.0/24 maxlen: 24
                          185.69.209.0/24 maxlen: 24
                          185.69.208.0/24 maxlen: 24
                          78.110.3.0/24 maxlen: 24
                          78.110.2.0/24 maxlen: 24
                          78.110.0.0/20 maxlen: 20
                          78.110.1.0/24 maxlen: 24
                          78.110.0.0/24 maxlen: 24
                          78.110.4.0/24 maxlen: 24
                          78.110.10.0/24 maxlen: 24
                          78.110.9.0/24 maxlen: 24
                          78.110.8.0/24 maxlen: 24
                          78.110.7.0/24 maxlen: 24
                          78.110.6.0/24 maxlen: 24
                          78.110.5.0/24 maxlen: 24
                          78.110.11.0/24 maxlen: 24
                          78.110.15.0/24 maxlen: 24
                          78.110.14.0/24 maxlen: 24
                          78.110.13.0/24 maxlen: 24
                          78.110.12.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:32:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:9e:7e:f6:03:bc:90:e2:f7:a9:c4:41:af:95:e2:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=393cc8b7d2dc70a27d40fa459e4e56c005ccc63a
        Validity
            Not Before: Jan  2 08:34:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=29262467fb3fd61a5b89d3d812ab1d0cffe7195d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4f:27:11:e7:7e:70:63:4b:7a:05:7c:2f:ec:
                    c5:7f:a8:f6:ec:27:76:a8:58:84:37:38:97:fa:8d:
                    1a:13:ee:fc:1e:87:f7:cb:61:c2:3e:af:b1:a6:cc:
                    05:66:97:7c:92:f0:87:a5:3b:35:ef:2b:b9:2c:d0:
                    a2:fa:cf:df:6d:ab:94:a5:5b:96:07:4b:57:8e:69:
                    93:8b:32:bb:a7:0d:92:dd:a4:20:af:e0:81:5d:a9:
                    78:06:62:4c:4c:8a:84:38:2c:e2:1e:2f:d7:21:aa:
                    21:de:e4:77:d7:be:37:9d:eb:1d:1e:09:e3:61:0d:
                    e2:a3:64:8d:37:22:74:04:dc:03:c9:84:ae:84:ec:
                    87:40:5b:85:ab:18:bd:42:db:58:fc:e6:d6:69:f0:
                    db:fe:72:4c:5c:fa:27:2b:94:ad:7e:1a:2b:41:73:
                    3e:a6:68:7a:84:8a:89:80:8e:5e:8e:11:f4:e2:77:
                    32:10:92:a6:4d:31:7c:06:54:7c:4d:f1:b6:54:36:
                    a7:5d:9b:88:91:9c:ac:55:5a:f0:35:bf:13:bf:19:
                    60:18:e2:d8:5e:76:e0:ab:bf:63:d9:4c:f0:ef:1d:
                    4c:d5:c5:dd:63:f7:ad:96:99:5a:a1:df:be:a3:9c:
                    c0:29:6d:14:9e:51:98:06:76:f5:6a:17:4f:76:34:
                    d7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:26:24:67:FB:3F:D6:1A:5B:89:D3:D8:12:AB:1D:0C:FF:E7:19:5D
            X509v3 Authority Key Identifier:
                keyid:39:3C:C8:B7:D2:DC:70:A2:7D:40:FA:45:9E:4E:56:C0:05:CC:C6:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OTzIt9LccKJ9QPpFnk5WwAXMxjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/KSYkZ_s_1hpbidPYEqsdDP_nGV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/137002-e75f-4201-9988-991a1c714f95/1/OTzIt9LccKJ9QPpFnk5WwAXMxjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.110.0.0/20
                  185.69.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:dd:fc:66:e1:46:b1:a1:0e:5a:c7:2e:6e:45:98:55:3a:91:
         22:80:60:15:b3:f7:39:ea:3f:34:76:a6:4b:d1:eb:47:c0:ab:
         28:8d:22:06:04:d6:c8:74:8d:ee:72:ef:5d:9d:6d:1b:1f:a6:
         85:e6:4b:91:21:4c:68:40:4b:84:ef:96:46:63:53:d5:11:77:
         e1:79:0d:0a:18:a5:29:11:e6:cd:c1:ca:d1:08:88:c9:61:f8:
         0f:13:55:3e:d8:c5:57:06:28:c9:f4:cc:32:15:dd:05:21:3b:
         f6:ee:e0:fa:00:6b:0f:95:ba:82:dc:b7:95:76:91:5a:5a:4d:
         94:f4:b7:b5:d8:75:fb:d2:ee:84:d7:c8:17:27:08:3e:c8:a3:
         fd:70:b0:c8:9a:ca:47:2a:9a:cc:b4:bb:84:c2:53:92:40:49:
         d6:96:a1:3f:41:71:93:86:41:7f:74:06:eb:32:55:b6:7f:c6:
         c2:d7:9c:67:88:f2:7c:98:68:7b:64:5b:d9:fd:8c:c3:b4:1b:
         30:18:1d:4c:39:2a:a5:27:f4:1a:e5:b9:df:9b:d0:f8:03:fd:
         ee:5c:57:75:6b:95:02:d2:57:17:e7:f3:b4:5a:02:15:4f:25:
         0a:2c:3a:a5:9d:29:09:c6:f1:3f:3c:77:b2:f1:57:c6:d4:56:
         25:5b:0e:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxnn72A7yQ4vepxEGvleLjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5M2NjOGI3ZDJkYzcwYTI3ZDQwZmE0NTllNGU1NmMwMDVj
Y2M2M2EwHhcNMjMwMTAyMDgzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTI2MjQ2N2ZiM2ZkNjFhNWI4OWQzZDgxMmFiMWQwY2ZmZTcxOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm08nEed+cGNLegV8L+zFf6j27Cd2
qFiENziX+o0aE+78Hof3y2HCPq+xpswFZpd8kvCHpTs17yu5LNCi+s/fbauUpVuW
B0tXjmmTizK7pw2S3aQgr+CBXal4BmJMTIqEOCziHi/XIaoh3uR31743nesdHgnj
YQ3io2SNNyJ0BNwDyYSuhOyHQFuFqxi9QttY/ObWafDb/nJMXPonK5StfhorQXM+
pmh6hIqJgI5ejhH04ncyEJKmTTF8BlR8TfG2VDanXZuIkZysVVrwNb8TvxlgGOLY
Xnbgq79j2Uzw7x1M1cXdY/etlplaod++o5zAKW0UnlGYBnb1ahdPdjTXRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCkmJGf7P9YaW4nT2BKrHQz/5xldMB8GA1UdIwQY
MBaAFDk8yLfS3HCifUD6RZ5OVsAFzMY6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1R6SXQ5TGNjS0o5UVBwRm5rNVd3QVhNeGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8xMzcwMDItZTc1Zi00MjAxLTk5ODgt
OTkxYTFjNzE0Zjk1LzEvS1NZa1pfc18xaHBiaWRQWUVxc2REUF9uR1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8xMzcwMDItZTc1Zi00MjAxLTk5ODgtOTkxYTFjNzE0Zjk1
LzEvT1R6SXQ5TGNjS0o5UVBwRm5rNVd3QVhNeGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQETm4AAwQC
uUXQMA0GCSqGSIb3DQEBCwUAA4IBAQA43fxm4UaxoQ5axy5uRZhVOpEigGAVs/c5
6j80dqZL0etHwKsojSIGBNbIdI3ucu9dnW0bH6aF5kuRIUxoQEuE75ZGY1PVEXfh
eQ0KGKUpEebNwcrRCIjJYfgPE1U+2MVXBijJ9MwyFd0FITv27uD6AGsPlbqC3LeV
dpFaWk2U9Le12HX70u6E18gXJwg+yKP9cLDImspHKprMtLuEwlOSQEnWlqE/QXGT
hkF/dAbrMlW2f8bC15xniPJ8mGh7ZFvZ/YzDtBswGB1MOSqlJ/Qa5bnfm9D4A/3u
XFd1a5UC0lcX5/O0WgIVTyUKLDqlnSkJxvE/PHey8VfG1FYlWw5R
-----END CERTIFICATE-----