Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/759874-e7f2-45fd-819d-a5d1148f25bd/1/iOMCY1akuq7DTHvQXTt_QIjmERE.roa
File:                     iOMCY1akuq7DTHvQXTt_QIjmERE.roa (raw, json)
Hash identifier:          cObaxl5XiYtAc6W9goEnI5cdX8A5xrq5qSCwnt7osRQ=
Subject key identifier:   88:E3:02:63:56:A4:BA:AE:C3:4C:7B:D0:5D:3B:7F:40:88:E6:11:11
Certificate issuer:       /CN=caaee579e013218f571386413e2c5b2bc245a836
Certificate serial:       018B3361E71CCEA2B65BE2C7481C5E727923
Authority key identifier: CA:AE:E5:79:E0:13:21:8F:57:13:86:41:3E:2C:5B:2B:C2:45:A8:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yq7leeATIY9XE4ZBPixbK8JFqDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/759874-e7f2-45fd-819d-a5d1148f25bd/1/iOMCY1akuq7DTHvQXTt_QIjmERE.roa
Signing time:             Sun 15 Oct 2023 12:48:56 +0000
ROA not before:           Sun 15 Oct 2023 12:48:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208349
IP address blocks:        31.10.7.0/24 maxlen: 24
                          77.105.157.0/24 maxlen: 24
                          77.105.159.0/24 maxlen: 24
                          77.105.156.0/24 maxlen: 24
                          185.31.133.0/24 maxlen: 24
                          45.134.125.0/24 maxlen: 24
                          45.134.124.0/22 maxlen: 22
                          45.134.124.0/24 maxlen: 24
                          45.134.127.0/24 maxlen: 24
                          45.134.126.0/24 maxlen: 24
                          2a0e:7e40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:33:61:e7:1c:ce:a2:b6:5b:e2:c7:48:1c:5e:72:79:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caaee579e013218f571386413e2c5b2bc245a836
        Validity
            Not Before: Oct 15 12:48:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=88e3026356a4baaec34c7bd05d3b7f4088e61111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ac:b0:c2:c4:4f:25:73:e2:41:b5:78:fc:0e:
                    a2:a2:de:d4:21:51:ad:f6:52:dc:5f:ed:84:23:ba:
                    7f:b5:b4:d8:89:0a:23:67:37:d4:cd:9f:fe:a2:3e:
                    e2:66:8a:18:ad:f6:58:74:51:ac:be:3f:df:b3:07:
                    78:fa:5f:d2:99:88:45:10:4c:bf:12:bb:93:fd:1e:
                    18:8f:97:d4:9e:2c:7d:9d:e0:b4:f7:eb:11:86:00:
                    d0:8c:64:4c:3b:ab:e1:64:73:d1:be:1a:f1:eb:b0:
                    77:b8:62:9f:38:32:34:4a:1f:f8:36:61:00:b4:81:
                    94:8f:b8:de:a4:3a:50:36:9d:71:55:c4:53:53:b9:
                    07:ce:43:b5:cd:1b:13:b2:ec:4f:63:11:e7:35:d4:
                    a8:94:a0:75:10:a7:b7:fe:e5:08:90:b2:63:11:e4:
                    96:4b:cf:c2:7e:6c:ec:40:37:c0:43:fc:67:7a:45:
                    0c:80:e7:e6:d7:96:4e:05:83:a4:05:c8:64:32:d4:
                    53:da:df:99:88:f8:34:1a:91:a0:58:87:51:c6:26:
                    db:95:4e:b7:79:11:07:d5:f3:4e:c9:3f:ef:b7:e1:
                    13:15:05:ba:8b:3f:67:3c:c7:46:fe:04:ab:aa:de:
                    0b:16:e0:23:74:ce:92:df:00:7d:d1:c6:04:64:09:
                    c2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:E3:02:63:56:A4:BA:AE:C3:4C:7B:D0:5D:3B:7F:40:88:E6:11:11
            X509v3 Authority Key Identifier:
                keyid:CA:AE:E5:79:E0:13:21:8F:57:13:86:41:3E:2C:5B:2B:C2:45:A8:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yq7leeATIY9XE4ZBPixbK8JFqDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/759874-e7f2-45fd-819d-a5d1148f25bd/1/iOMCY1akuq7DTHvQXTt_QIjmERE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/759874-e7f2-45fd-819d-a5d1148f25bd/1/yq7leeATIY9XE4ZBPixbK8JFqDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.10.7.0/24
                  45.134.124.0/22
                  77.105.156.0/23
                  77.105.159.0/24
                  185.31.133.0/24
                IPv6:
                  2a0e:7e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:db:d7:fe:b6:ac:e5:3c:7d:0f:f3:b3:f3:fb:02:97:e6:25:
         97:5d:36:73:b7:35:ca:fc:30:f2:d4:07:8c:30:cd:ac:a9:15:
         1e:66:46:f1:10:56:78:20:d7:dc:c5:fe:7b:c5:4c:e4:c6:cc:
         84:cd:24:34:de:5b:2f:c7:69:13:3b:db:b6:9c:ae:ac:e9:fb:
         01:d2:f3:1b:c7:a7:19:75:68:da:a4:21:5a:79:fc:d2:d3:0d:
         d2:80:bd:d3:83:96:4f:99:63:7d:ed:19:ca:34:3e:04:85:ce:
         da:44:14:7b:9d:3c:1d:b5:69:e5:0d:a9:b2:8e:dc:4e:61:a3:
         9e:08:dc:18:a2:77:b8:7d:78:1f:7b:d9:59:db:29:0f:70:1d:
         e6:91:07:d4:c4:6f:87:2b:b2:c1:b9:bc:d1:1d:e5:ef:d4:99:
         ab:0a:e1:9c:ab:df:5f:90:b5:48:25:ce:19:6c:90:cc:88:4f:
         89:93:ab:8c:9e:ec:c5:55:4e:6b:78:34:32:70:2a:d4:f8:4a:
         96:f4:fa:ff:a9:d6:7c:95:8f:22:83:e6:79:2a:20:f3:0d:9d:
         f5:42:d9:c1:c4:f6:d8:bf:33:fb:a2:65:23:b7:c3:84:74:0d:
         85:56:84:99:b4:a7:3b:fc:c9:58:d5:01:6d:a9:c8:bb:ff:88:
         ff:14:f8:d5
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYszYecczqK2W+LHSBxecnkjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYWVlNTc5ZTAxMzIxOGY1NzEzODY0MTNlMmM1YjJiYzI0
NWE4MzYwHhcNMjMxMDE1MTI0ODU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGUzMDI2MzU2YTRiYWFlYzM0YzdiZDA1ZDNiN2Y0MDg4ZTYxMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaywwsRPJXPiQbV4/A6iot7UIVGt
9lLcX+2EI7p/tbTYiQojZzfUzZ/+oj7iZooYrfZYdFGsvj/fswd4+l/SmYhFEEy/
EruT/R4Yj5fUnix9neC09+sRhgDQjGRMO6vhZHPRvhrx67B3uGKfODI0Sh/4NmEA
tIGUj7jepDpQNp1xVcRTU7kHzkO1zRsTsuxPYxHnNdSolKB1EKe3/uUIkLJjEeSW
S8/CfmzsQDfAQ/xnekUMgOfm15ZOBYOkBchkMtRT2t+ZiPg0GpGgWIdRxibblU63
eREH1fNOyT/vt+ETFQW6iz9nPMdG/gSrqt4LFuAjdM6S3wB90cYEZAnCIQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFIjjAmNWpLquw0x70F07f0CI5hERMB8GA1UdIwQY
MBaAFMqu5XngEyGPVxOGQT4sWyvCRag2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXE3bGVlQVRJWTlYRTRaQlBpeGJLOEpGcURZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC83NTk4NzQtZTdmMi00NWZkLTgxOWQt
YTVkMTE0OGYyNWJkLzEvaU9NQ1kxYWt1cTdEVEh2UVhUdF9RSWptRVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC83NTk4NzQtZTdmMi00NWZkLTgxOWQtYTVkMTE0OGYyNWJk
LzEveXE3bGVlQVRJWTlYRTRaQlBpeGJLOEpGcURZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAHwoHAwQC
LYZ8AwQBTWmcAwQATWmfAwQAuR+FMA0EAgACMAcDBQMqDn5AMA0GCSqGSIb3DQEB
CwUAA4IBAQBl29f+tqzlPH0P87Pz+wKX5iWXXTZztzXK/DDy1AeMMM2sqRUeZkbx
EFZ4INfcxf57xUzkxsyEzSQ03lsvx2kTO9u2nK6s6fsB0vMbx6cZdWjapCFaefzS
0w3SgL3Tg5ZPmWN97RnKND4Ehc7aRBR7nTwdtWnlDamyjtxOYaOeCNwYone4fXgf
e9lZ2ykPcB3mkQfUxG+HK7LBubzRHeXv1JmrCuGcq99fkLVIJc4ZbJDMiE+Jk6uM
nuzFVU5reDQycCrU+EqW9Pr/qdZ8lY8ig+Z5KiDzDZ31QtnBxPbYvzP7omUjt8OE
dA2FVoSZtKc7/MlY1QFtqci7/4j/FPjV
-----END CERTIFICATE-----