Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/oIyR509XrVe2zKbSZPzWZSalqW0.roa
File:                     oIyR509XrVe2zKbSZPzWZSalqW0.roa (raw, json)
Hash identifier:          IhEOjcCNBrlu/RQAPgYviEa4qOkBQFAbD+agnwbg/T0=
Subject key identifier:   A0:8C:91:E7:4F:57:AD:57:B6:CC:A6:D2:64:FC:D6:65:26:A5:A9:6D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0188999F940938BCC7FAA77D00998C7FE18B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/oIyR509XrVe2zKbSZPzWZSalqW0.roa
Signing time:             Thu 08 Jun 2023 06:09:12 +0000
ROA not before:           Thu 08 Jun 2023 06:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207633
IP address blocks:        62.76.226.0/24 maxlen: 24
                          194.87.104.0/24 maxlen: 24
                          195.133.84.0/24 maxlen: 24
                          194.87.34.0/24 maxlen: 24
                          194.87.42.0/24 maxlen: 24
                          195.58.56.0/24 maxlen: 24
                          195.58.62.0/24 maxlen: 24
                          195.58.59.0/24 maxlen: 24
                          195.58.61.0/24 maxlen: 24
                          194.87.188.0/24 maxlen: 24
                          194.87.86.0/24 maxlen: 24
                          194.87.91.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 26 Jul 2023 08:19:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:99:9f:94:09:38:bc:c7:fa:a7:7d:00:99:8c:7f:e1:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  8 06:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a08c91e74f57ad57b6cca6d264fcd66526a5a96d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fe:b3:5e:fd:44:20:90:8f:96:88:f3:6e:15:
                    1f:88:84:d8:74:94:93:fb:d1:fd:d3:5d:ad:3d:52:
                    5f:ab:da:3d:8c:d0:a4:b2:f4:d4:6e:f6:fd:de:1e:
                    d9:d4:6e:39:0d:93:b2:34:af:fa:3b:15:ef:b2:e4:
                    21:8b:e9:6a:d9:f3:a9:a5:0d:bd:3b:d0:50:dc:d5:
                    49:c9:21:89:9e:ec:62:0c:c7:8b:0d:43:94:cc:be:
                    0f:36:bb:69:03:0a:2d:db:ed:b7:17:c3:f2:50:0d:
                    62:39:b3:3d:d7:a4:48:f5:fe:a2:15:d4:a2:d6:73:
                    4d:e3:03:83:5e:80:c1:bc:a9:f6:b3:de:6e:a5:e7:
                    ef:8a:a8:ed:4d:98:7c:59:2e:52:20:07:46:eb:c6:
                    55:58:6a:b4:16:70:7d:fc:7d:e4:8d:97:e4:64:99:
                    db:bb:05:2f:d8:5a:a5:2c:76:7f:b0:22:9f:91:7e:
                    88:d2:09:bc:37:97:0e:1f:f6:30:65:8c:7d:03:15:
                    3c:de:0f:69:b4:71:a7:8a:6f:21:cd:f5:fd:6d:a3:
                    b7:10:19:fe:01:11:d0:09:22:de:74:97:7d:0f:cc:
                    d7:ee:19:4f:18:54:68:0f:aa:cc:23:05:3b:1b:ce:
                    b7:13:ef:7b:03:17:0d:f4:72:c6:66:f0:b2:f2:33:
                    6d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:8C:91:E7:4F:57:AD:57:B6:CC:A6:D2:64:FC:D6:65:26:A5:A9:6D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/oIyR509XrVe2zKbSZPzWZSalqW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.226.0/24
                  194.87.34.0/24
                  194.87.42.0/24
                  194.87.86.0/24
                  194.87.91.0/24
                  194.87.104.0/24
                  194.87.188.0/24
                  195.58.56.0/24
                  195.58.59.0/24
                  195.58.61.0-195.58.62.255
                  195.133.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:27:81:8e:62:42:eb:3d:ab:3e:67:9d:af:22:67:39:de:37:
         10:44:9c:3a:32:de:7f:55:8b:1c:49:b4:c3:cc:33:cb:54:19:
         b1:7e:a6:4e:e0:b0:dc:31:32:78:a6:4e:bc:98:76:66:bd:93:
         43:f5:98:10:0d:a7:af:19:65:74:6f:65:0c:bd:9b:1b:0f:be:
         fd:70:63:c5:80:a4:47:9f:96:55:15:54:f7:95:40:68:69:8d:
         0b:c9:f3:cc:4f:61:1b:2b:bc:b1:1f:93:4c:fe:c2:bb:db:b8:
         a7:04:7c:18:45:d2:d4:15:6d:8d:73:77:62:e0:35:bb:4e:46:
         31:c7:97:ec:c8:98:a0:f9:c4:e1:6d:7b:ec:11:49:6e:4a:44:
         a8:e1:10:a6:64:8e:02:e1:80:49:34:bc:ed:17:93:af:49:b1:
         13:3a:80:89:22:eb:d5:83:76:d4:a5:9c:f7:ee:f5:78:4c:1b:
         f7:5b:ad:31:d8:fc:94:69:f2:23:20:57:a1:92:c2:9e:f6:3e:
         74:67:5f:86:a7:c7:d5:f3:f6:95:fc:bf:1d:d8:b0:63:57:bd:
         c1:8b:f4:59:2c:0c:98:16:60:5b:ea:e5:9b:60:f0:c5:62:c7:
         31:dc:6b:c0:03:19:27:a9:36:2f:f4:1e:80:c5:05:ba:40:60:
         68:04:e7:a1
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYiZn5QJOLzH+qd9AJmMf+GLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNjA4MDYwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDhjOTFlNzRmNTdhZDU3YjZjY2E2ZDI2NGZjZDY2NTI2YTVhOTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiP6zXv1EIJCPlojzbhUfiITYdJST
+9H9012tPVJfq9o9jNCksvTUbvb93h7Z1G45DZOyNK/6OxXvsuQhi+lq2fOppQ29
O9BQ3NVJySGJnuxiDMeLDUOUzL4PNrtpAwot2+23F8PyUA1iObM916RI9f6iFdSi
1nNN4wODXoDBvKn2s95upefviqjtTZh8WS5SIAdG68ZVWGq0FnB9/H3kjZfkZJnb
uwUv2FqlLHZ/sCKfkX6I0gm8N5cOH/YwZYx9AxU83g9ptHGnim8hzfX9baO3EBn+
ARHQCSLedJd9D8zX7hlPGFRoD6rMIwU7G863E+97AxcN9HLGZvCy8jNtKQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFKCMkedPV61Xtsym0mT81mUmpaltMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvb0l5UjUwOVhyVmUyektiU1pQeldaU2FscVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAPkziAwQA
wlciAwQAwlcqAwQAwldWAwQAwldbAwQAwldoAwQAwle8AwQAwzo4AwQAwzo7MAwD
BADDOj0DBADDOj4DBADDhVQwDQYJKoZIhvcNAQELBQADggEBAAongY5iQus9qz5n
na8iZzneNxBEnDoy3n9VixxJtMPMM8tUGbF+pk7gsNwxMnimTryYdma9k0P1mBAN
p68ZZXRvZQy9mxsPvv1wY8WApEefllUVVPeVQGhpjQvJ88xPYRsrvLEfk0z+wrvb
uKcEfBhF0tQVbY1zd2LgNbtORjHHl+zImKD5xOFte+wRSW5KRKjhEKZkjgLhgEk0
vO0Xk69JsRM6gIki69WDdtSlnPfu9XhMG/dbrTHY/JRp8iMgV6GSwp72PnRnX4an
x9Xz9pX8vx3YsGNXvcGL9FksDJgWYFvq5Ztg8MVixzHca8ADGSepNi/0HoDFBbpA
YGgE56E=
-----END CERTIFICATE-----