Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BZ4aJLeTd6aiH1GbKKG4_fNSq9Y.roa
File:                     BZ4aJLeTd6aiH1GbKKG4_fNSq9Y.roa (raw, json)
Hash identifier:          S8ey85Nc6B5YFOb+EOtK43ZgQSp3GDnjyW7IhLeoP/I=
Subject key identifier:   05:9E:1A:24:B7:93:77:A6:A2:1F:51:9B:28:A1:B8:FD:F3:52:AB:D6
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01887D4E6E36791795EA47C94B99A363A515
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BZ4aJLeTd6aiH1GbKKG4_fNSq9Y.roa
Signing time:             Fri 02 Jun 2023 18:11:12 +0000
ROA not before:           Fri 02 Jun 2023 18:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213035
IP address blocks:        212.193.31.0/24 maxlen: 24
                          193.124.227.0/24 maxlen: 24
                          212.193.29.0/24 maxlen: 24
                          212.193.28.0/24 maxlen: 24
                          195.133.16.0/24 maxlen: 24
                          212.192.218.0/24 maxlen: 24
                          212.192.216.0/24 maxlen: 24
                          195.133.17.0/24 maxlen: 24
                          212.192.219.0/24 maxlen: 24
                          212.192.217.0/24 maxlen: 24
                          195.133.37.0/24 maxlen: 24
                          212.192.240.0/24 maxlen: 24
                          192.124.188.0/24 maxlen: 24
                          212.192.243.0/24 maxlen: 24
                          195.133.42.0/24 maxlen: 24
                          195.133.43.0/24 maxlen: 24
                          194.87.84.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7d:4e:6e:36:79:17:95:ea:47:c9:4b:99:a3:63:a5:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  2 18:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=059e1a24b79377a6a21f519b28a1b8fdf352abd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c2:3f:02:3a:a7:5a:a1:47:b5:3f:91:6f:44:
                    7e:23:af:02:95:87:7a:9b:43:41:e4:b9:74:d0:6e:
                    b2:e7:a8:63:4a:11:fe:9b:8d:13:27:55:bb:94:bb:
                    38:a1:ca:b0:03:5e:1a:4a:82:c9:e0:fe:33:fd:7a:
                    46:2b:19:fe:7f:88:7a:bf:e3:7d:68:be:fb:df:b7:
                    e4:fa:79:e5:31:c1:83:db:00:11:ee:e6:41:f6:a1:
                    a4:11:9b:17:60:19:75:62:eb:1c:4e:04:76:4c:f7:
                    cc:b8:e0:b4:86:be:ae:bb:1b:ec:ef:22:63:97:e3:
                    ea:3f:38:5d:7a:21:ef:43:68:4e:50:53:9b:c6:45:
                    ab:0a:b8:92:f7:a5:b8:94:eb:f1:1c:c2:43:08:43:
                    a4:c5:30:2f:4b:14:04:a4:55:a2:ba:c7:6e:3c:a6:
                    b2:f5:a9:ac:60:33:bb:70:b8:d4:32:13:40:68:b8:
                    72:bc:d1:72:39:20:45:15:a9:a4:82:62:e4:a7:fd:
                    d8:31:b3:19:7a:4f:84:34:07:04:f1:92:b9:a8:e7:
                    47:e1:d3:04:96:c7:e2:62:8b:15:05:26:ab:45:0f:
                    5d:cc:01:7d:15:ad:19:74:cf:7b:7a:46:5d:36:8b:
                    27:19:a5:cf:29:04:cb:9d:6b:dc:a2:b4:1f:dc:f7:
                    e1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:9E:1A:24:B7:93:77:A6:A2:1F:51:9B:28:A1:B8:FD:F3:52:AB:D6
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BZ4aJLeTd6aiH1GbKKG4_fNSq9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.188.0/24
                  193.124.227.0/24
                  194.87.84.0/24
                  195.133.16.0/23
                  195.133.37.0/24
                  195.133.42.0/23
                  212.192.216.0/22
                  212.192.240.0/24
                  212.192.243.0/24
                  212.193.28.0/23
                  212.193.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:7d:69:e4:9c:66:ee:48:07:79:be:a0:ed:f2:ae:b0:83:8b:
         a0:87:b2:bd:25:48:e3:17:6f:24:31:cc:d5:a1:71:96:0d:f6:
         63:06:e0:56:c6:dd:1c:e2:80:9b:2d:81:d7:38:9a:69:4c:51:
         2f:1e:06:05:d2:5b:7a:7a:5a:26:57:3c:4b:20:00:03:ce:ec:
         74:e1:c0:d0:3e:87:3a:81:e5:35:b6:6a:5d:08:12:79:da:38:
         28:a9:32:ff:77:9d:11:ef:4e:d5:af:38:60:d7:dc:1f:a1:75:
         65:5f:3b:de:d4:0d:1f:18:77:f1:b1:0c:81:65:6b:f9:b1:2c:
         fb:61:e2:67:fd:81:97:06:02:08:13:6e:6c:fc:bd:93:e3:ba:
         78:02:6a:b5:e3:cd:1c:d1:6b:20:a1:e3:4f:1c:85:a9:04:66:
         49:fa:21:bb:7a:6c:7b:71:35:fc:e1:49:1d:e1:af:f8:ca:8f:
         bf:56:f8:6b:56:6c:a9:6f:a2:92:41:21:43:ae:1a:3c:6f:78:
         1e:73:d8:89:2f:89:69:ac:3a:e0:fa:15:56:dc:a4:a9:af:4c:
         a6:7b:ce:9e:c9:75:df:5f:78:44:9f:ba:93:6c:66:3a:44:7b:
         c3:31:fc:86:e8:c8:a8:fa:f0:71:56:d6:47:1c:da:29:56:b5:
         a9:ab:9a:aa
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYh9Tm42eReV6kfJS5mjY6UVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNjAyMTgxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTllMWEyNGI3OTM3N2E2YTIxZjUxOWIyOGExYjhmZGYzNTJhYmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8I/AjqnWqFHtT+Rb0R+I68ClYd6
m0NB5Ll00G6y56hjShH+m40TJ1W7lLs4ocqwA14aSoLJ4P4z/XpGKxn+f4h6v+N9
aL7737fk+nnlMcGD2wAR7uZB9qGkEZsXYBl1YuscTgR2TPfMuOC0hr6uuxvs7yJj
l+PqPzhdeiHvQ2hOUFObxkWrCriS96W4lOvxHMJDCEOkxTAvSxQEpFWiusduPKay
9amsYDO7cLjUMhNAaLhyvNFyOSBFFamkgmLkp/3YMbMZek+ENAcE8ZK5qOdH4dME
lsfiYosVBSarRQ9dzAF9Fa0ZdM97ekZdNosnGaXPKQTLnWvcorQf3PfhQwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFAWeGiS3k3emoh9RmyihuP3zUqvWMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQlo0YUpMZVRkNmFpSDFHYktLRzRfZk5TcTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAwHy8AwQA
wXzjAwQAwldUAwQBw4UQAwQAw4UlAwQBw4UqAwQC1MDYAwQA1MDwAwQA1MDzAwQB
1MEcAwQA1MEfMA0GCSqGSIb3DQEBCwUAA4IBAQAlfWnknGbuSAd5vqDt8q6wg4ug
h7K9JUjjF28kMczVoXGWDfZjBuBWxt0c4oCbLYHXOJppTFEvHgYF0lt6elomVzxL
IAADzux04cDQPoc6geU1tmpdCBJ52jgoqTL/d50R707Vrzhg19wfoXVlXzve1A0f
GHfxsQyBZWv5sSz7YeJn/YGXBgIIE25s/L2T47p4Amq1480c0WsgoeNPHIWpBGZJ
+iG7emx7cTX84Ukd4a/4yo+/VvhrVmypb6KSQSFDrho8b3gec9iJL4lprDrg+hVW
3KSpr0yme86eyXXfX3hEn7qTbGY6RHvDMfyG6Mio+vBxVtZHHNopVrWpq5qq
-----END CERTIFICATE-----