Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eNXeelQakhevOcSzmTUStiBoahQ.roa
File:                     eNXeelQakhevOcSzmTUStiBoahQ.roa (raw, json)
Hash identifier:          J7cPrGtFkk7Tk5pZayzXqGbp6GsdyXEOkAHnQvGc/L4=
Subject key identifier:   78:D5:DE:7A:54:1A:92:17:AF:39:C4:B3:99:35:12:B6:20:68:6A:14
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0189D9386320D26A34709A09AE66CC849F58
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eNXeelQakhevOcSzmTUStiBoahQ.roa
Signing time:             Wed 09 Aug 2023 07:34:58 +0000
ROA not before:           Wed 09 Aug 2023 07:34:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43548
IP address blocks:        94.156.4.0/23 maxlen: 23
                          93.123.65.0/24 maxlen: 24
                          31.13.212.0/24 maxlen: 24
                          85.217.164.0/22 maxlen: 22
                          91.92.168.0/22 maxlen: 22
                          87.121.108.0/23 maxlen: 23
                          87.120.99.0/24 maxlen: 24
                          85.217.176.0/21 maxlen: 21
                          31.13.247.0/24 maxlen: 24
                          87.120.246.0/24 maxlen: 24
                          94.156.80.0/21 maxlen: 21
                          94.156.97.0/24 maxlen: 24
                          2a00:1728:2d::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 09 Aug 2023 08:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d9:38:63:20:d2:6a:34:70:9a:09:ae:66:cc:84:9f:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug  9 07:34:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=78d5de7a541a9217af39c4b3993512b620686a14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:21:7f:6f:96:09:d4:5b:1c:2a:5e:f0:d5:d9:
                    40:9a:4a:4c:e4:10:b1:24:9b:68:bf:e3:7b:8b:f2:
                    3e:d5:31:23:cc:73:71:8e:0a:4a:75:d1:c5:1e:5b:
                    05:45:db:5f:91:b2:40:8b:86:16:c8:30:39:16:f8:
                    17:4c:da:f9:4c:31:e8:6b:3c:77:fc:64:cd:3f:24:
                    41:1f:fb:84:35:3c:48:f6:b7:c2:20:92:1a:19:a0:
                    73:e6:d8:60:7d:73:bf:22:be:0c:5a:16:2f:c1:19:
                    b3:8d:54:9d:7b:a1:4e:37:6f:78:b1:15:be:93:82:
                    2f:4f:14:a1:3c:23:66:61:41:9a:60:b9:88:6b:71:
                    8c:30:ff:2f:b2:81:8d:b3:ff:46:56:52:3b:5e:e4:
                    fe:f5:4f:cb:e9:34:b5:14:f9:5f:e3:75:28:aa:36:
                    3e:bf:a2:39:5c:b8:f8:fe:a5:c3:81:86:3d:d9:e0:
                    36:21:53:5c:d6:82:29:67:80:d5:d0:55:a2:66:50:
                    e9:8f:af:ab:a5:32:10:e0:ca:5e:f8:8c:2d:a3:10:
                    48:18:c5:2d:a1:ee:46:1d:35:8f:8f:1e:ba:7d:c1:
                    60:9b:0a:72:ab:df:ad:f0:35:de:be:77:a7:4e:da:
                    12:0e:47:40:fd:08:80:31:d6:d6:f3:b6:03:1b:f6:
                    01:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:D5:DE:7A:54:1A:92:17:AF:39:C4:B3:99:35:12:B6:20:68:6A:14
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eNXeelQakhevOcSzmTUStiBoahQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.212.0/24
                  31.13.247.0/24
                  85.217.164.0/22
                  85.217.176.0/21
                  87.120.99.0/24
                  87.120.246.0/24
                  87.121.108.0/23
                  91.92.168.0/22
                  93.123.65.0/24
                  94.156.4.0/23
                  94.156.80.0/21
                  94.156.97.0/24
                IPv6:
                  2a00:1728:2d::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:f7:3f:bb:99:8b:ed:98:c6:6e:9c:10:c9:34:58:22:d3:19:
         99:53:eb:f8:c2:3b:5b:26:37:e3:9c:a0:85:77:d8:41:6f:bf:
         85:a0:84:db:92:82:53:49:f1:fc:b5:e0:4d:d8:fe:26:15:77:
         3f:53:03:ca:6c:56:c8:ad:00:7a:c6:4f:4a:5f:a4:56:b9:ec:
         63:e3:4c:16:d6:79:43:20:19:2b:f6:a4:c7:7a:c7:61:cb:be:
         93:a6:b8:a2:50:25:ff:e0:89:1a:a7:c0:20:be:c6:fe:ce:e6:
         9c:10:d2:24:d8:f3:3d:7f:a7:2f:51:24:1b:fb:fc:20:ea:61:
         a9:bc:d3:00:3b:7e:7d:af:78:ae:57:26:a5:58:7b:98:a4:4e:
         91:63:f0:44:10:64:bb:3b:05:1e:ec:3e:25:1c:b7:70:29:db:
         d7:d7:79:1b:48:f4:0b:52:0b:89:4c:26:e3:b9:62:46:3d:79:
         01:67:d3:4c:28:ed:ff:91:67:89:d3:e1:87:73:af:3b:1d:ee:
         53:99:88:3c:e6:d9:c5:d4:78:70:b5:04:9f:75:f1:26:11:99:
         d5:10:c7:70:91:3d:83:b8:2c:31:6d:41:4f:5f:8f:cf:39:33:
         84:e3:b8:49:96:b4:9e:36:8e:9c:56:d5:8a:07:91:e1:3c:cc:
         37:39:1c:5f
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYnZOGMg0mo0cJoJrmbMhJ9YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwODA5MDczNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGQ1ZGU3YTU0MWE5MjE3YWYzOWM0YjM5OTM1MTJiNjIwNjg2YTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCF/b5YJ1FscKl7w1dlAmkpM5BCx
JJtov+N7i/I+1TEjzHNxjgpKddHFHlsFRdtfkbJAi4YWyDA5FvgXTNr5TDHoazx3
/GTNPyRBH/uENTxI9rfCIJIaGaBz5thgfXO/Ir4MWhYvwRmzjVSde6FON294sRW+
k4IvTxShPCNmYUGaYLmIa3GMMP8vsoGNs/9GVlI7XuT+9U/L6TS1FPlf43UoqjY+
v6I5XLj4/qXDgYY92eA2IVNc1oIpZ4DV0FWiZlDpj6+rpTIQ4Mpe+IwtoxBIGMUt
oe5GHTWPjx66fcFgmwpyq9+t8DXevnenTtoSDkdA/QiAMdbW87YDG/YBrQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFHjV3npUGpIXrznEs5k1ErYgaGoUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZU5YZWVsUWFraGV2T2NTem1UVVN0aUJvYWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBOBAIAATBIAwQAHw3UAwQA
Hw33AwQCVdmkAwQDVdmwAwQAV3hjAwQAV3j2AwQBV3lsAwQCW1yoAwQAXXtBAwQB
XpwEAwQDXpxQAwQAXpxhMA8EAgACMAkDBwAqABcoAC0wDQYJKoZIhvcNAQELBQAD
ggEBAJ/3P7uZi+2Yxm6cEMk0WCLTGZlT6/jCO1smN+OcoIV32EFvv4WghNuSglNJ
8fy14E3Y/iYVdz9TA8psVsitAHrGT0pfpFa57GPjTBbWeUMgGSv2pMd6x2HLvpOm
uKJQJf/giRqnwCC+xv7O5pwQ0iTY8z1/py9RJBv7/CDqYam80wA7fn2veK5XJqVY
e5ikTpFj8EQQZLs7BR7sPiUct3Ap29fXeRtI9AtSC4lMJuO5YkY9eQFn00wo7f+R
Z4nT4Ydzrzsd7lOZiDzm2cXUeHC1BJ918SYRmdUQx3CRPYO4LDFtQU9fj885M4Tj
uEmWtJ42jpxW1YoHkeE8zDc5HF8=
-----END CERTIFICATE-----