Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/d937e0-4277-4e6a-b593-46a880425799/1/YhwzErdfy87P6TnhjCfJ5xKtKbc.roa
File:                     YhwzErdfy87P6TnhjCfJ5xKtKbc.roa (raw, json)
Hash identifier:          TOdq2HxWVhn1upXsEUb07gJwD74uN2b9ysmKeWUbyTA=
Subject key identifier:   62:1C:33:12:B7:5F:CB:CE:CF:E9:39:E1:8C:27:C9:E7:12:AD:29:B7
Certificate issuer:       /CN=52aaa0a6188c97aa742cc786e3b70bc909cac44c
Certificate serial:       0186A1BCC8FB3F9E1808BDE823F26DF8F035
Authority key identifier: 52:AA:A0:A6:18:8C:97:AA:74:2C:C7:86:E3:B7:0B:C9:09:CA:C4:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqqgphiMl6p0LMeG47cLyQnKxEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/d937e0-4277-4e6a-b593-46a880425799/1/YhwzErdfy87P6TnhjCfJ5xKtKbc.roa
Signing time:             Thu 02 Mar 2023 09:52:29 +0000
ROA not before:           Thu 02 Mar 2023 09:52:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48886
IP address blocks:        45.91.68.0/24 maxlen: 24
                          45.91.68.0/22 maxlen: 22
                          45.91.69.0/24 maxlen: 24
                          194.69.16.0/24 maxlen: 24
                          194.69.16.0/20 maxlen: 20
                          194.69.17.0/24 maxlen: 24
                          194.69.23.0/24 maxlen: 24
                          194.69.18.0/24 maxlen: 24
                          194.69.24.0/24 maxlen: 24
                          194.69.20.0/24 maxlen: 24
                          194.69.19.0/24 maxlen: 24
                          194.69.22.0/24 maxlen: 24
                          194.69.21.0/24 maxlen: 24
                          194.69.30.0/24 maxlen: 24
                          194.69.25.0/24 maxlen: 24
                          194.69.31.0/24 maxlen: 24
                          194.69.27.0/24 maxlen: 24
                          194.69.26.0/24 maxlen: 24
                          194.69.29.0/24 maxlen: 24
                          194.69.28.0/24 maxlen: 24
                          194.69.28.0/23 maxlen: 23

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a1:bc:c8:fb:3f:9e:18:08:bd:e8:23:f2:6d:f8:f0:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52aaa0a6188c97aa742cc786e3b70bc909cac44c
        Validity
            Not Before: Mar  2 09:52:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=621c3312b75fcbcecfe939e18c27c9e712ad29b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:28:5d:83:1d:df:d0:0d:fb:79:04:73:8d:68:
                    33:7b:5e:42:8f:88:f8:f9:5b:78:aa:1b:60:e1:f9:
                    3b:44:8b:db:4d:b0:50:b1:a9:b1:55:3f:5d:09:20:
                    b0:0b:37:81:79:e1:87:f3:4f:e6:5e:e3:bb:e5:1d:
                    1b:6e:e1:e5:ac:03:8c:9b:a4:55:0b:8f:17:f8:78:
                    aa:40:89:d8:6b:a3:5f:d8:a0:09:37:9c:42:a8:33:
                    22:ac:d8:76:f4:8f:a2:bf:b9:d0:2a:e3:b2:59:46:
                    41:aa:65:48:19:fb:2b:24:3f:8a:98:c0:fc:07:fd:
                    60:b4:0d:e8:8f:e7:ff:25:5f:7b:cc:bb:f1:fa:c7:
                    fb:90:12:1d:60:3d:23:1c:13:5b:ad:c6:50:44:db:
                    e7:02:33:78:d7:fc:c7:2a:48:da:80:3a:6a:c3:48:
                    3d:99:0a:5b:d7:38:83:43:c1:55:6b:e7:73:43:0a:
                    7f:01:7e:c8:08:2f:87:36:3e:29:45:31:37:39:cf:
                    18:e2:d7:49:b0:f4:04:4f:75:37:82:c6:d7:1a:6d:
                    60:e9:a2:37:5a:eb:ba:5a:78:db:0b:36:01:4c:64:
                    3b:29:88:ff:3e:07:a9:34:e6:0f:fa:22:63:6a:ed:
                    8a:cc:a6:3f:c0:fb:b2:70:a6:90:ea:e1:15:8c:5c:
                    7d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:1C:33:12:B7:5F:CB:CE:CF:E9:39:E1:8C:27:C9:E7:12:AD:29:B7
            X509v3 Authority Key Identifier:
                keyid:52:AA:A0:A6:18:8C:97:AA:74:2C:C7:86:E3:B7:0B:C9:09:CA:C4:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqqgphiMl6p0LMeG47cLyQnKxEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/d937e0-4277-4e6a-b593-46a880425799/1/YhwzErdfy87P6TnhjCfJ5xKtKbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/d937e0-4277-4e6a-b593-46a880425799/1/UqqgphiMl6p0LMeG47cLyQnKxEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.68.0/22
                  194.69.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         63:ed:8e:02:bd:39:8c:2d:01:e3:8a:af:9b:9a:b8:f0:df:8b:
         68:d3:60:28:a0:25:87:24:27:b6:92:c0:39:2e:68:1e:7d:0b:
         9a:1c:d7:bb:fc:96:35:1b:88:b5:f7:b0:d5:70:86:68:a7:40:
         06:7f:61:99:08:a8:47:4d:74:4a:75:90:73:2c:3b:ed:8a:9d:
         0b:e8:2d:c4:e9:d5:14:94:81:8e:53:ae:d8:c4:d1:04:f0:4e:
         c1:43:4b:3e:91:9b:a0:27:c4:d5:33:d2:10:ea:64:c0:59:fb:
         1b:96:19:f7:d6:cb:17:89:65:da:09:fb:51:7c:4e:8c:ba:ba:
         5e:2a:f9:0b:b6:9c:1a:ce:f2:5b:ba:81:19:e9:be:7f:17:8f:
         97:87:32:04:00:14:21:09:b1:2d:05:50:92:e5:ee:fd:d4:50:
         c5:07:aa:02:cb:41:bc:a9:b3:42:e6:45:1b:e8:d7:08:6c:5e:
         1c:24:7b:9d:14:0e:04:9e:38:ec:19:0d:29:82:af:06:8a:a6:
         49:87:76:1a:f7:06:34:c9:bf:02:3c:f8:3b:3a:c5:f7:10:2e:
         c0:32:49:b7:72:7b:71:59:50:b8:b2:07:46:65:15:73:9b:be:
         72:10:b7:18:26:d0:49:d8:d1:2d:ee:18:f1:57:62:cb:f0:67:
         00:93:f6:54
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYahvMj7P54YCL3oI/Jt+PA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYWFhMGE2MTg4Yzk3YWE3NDJjYzc4NmUzYjcwYmM5MDlj
YWM0NGMwHhcNMjMwMzAyMDk1MjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjFjMzMxMmI3NWZjYmNlY2ZlOTM5ZTE4YzI3YzllNzEyYWQyOWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyhdgx3f0A37eQRzjWgze15Cj4j4
+Vt4qhtg4fk7RIvbTbBQsamxVT9dCSCwCzeBeeGH80/mXuO75R0bbuHlrAOMm6RV
C48X+HiqQInYa6Nf2KAJN5xCqDMirNh29I+iv7nQKuOyWUZBqmVIGfsrJD+KmMD8
B/1gtA3oj+f/JV97zLvx+sf7kBIdYD0jHBNbrcZQRNvnAjN41/zHKkjagDpqw0g9
mQpb1ziDQ8FVa+dzQwp/AX7ICC+HNj4pRTE3Oc8Y4tdJsPQET3U3gsbXGm1g6aI3
Wuu6WnjbCzYBTGQ7KYj/PgepNOYP+iJjau2KzKY/wPuycKaQ6uEVjFx9hwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGIcMxK3X8vOz+k54YwnyecSrSm3MB8GA1UdIwQY
MBaAFFKqoKYYjJeqdCzHhuO3C8kJysRMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFxZ3BoaU1sNnAwTE1lRzQ3Y0x5UW5LeEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9kOTM3ZTAtNDI3Ny00ZTZhLWI1OTMt
NDZhODgwNDI1Nzk5LzEvWWh3ekVyZGZ5ODdQNlRuaGpDZko1eEt0S2JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9kOTM3ZTAtNDI3Ny00ZTZhLWI1OTMtNDZhODgwNDI1Nzk5
LzEvVXFxZ3BoaU1sNnAwTE1lRzQ3Y0x5UW5LeEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVtEAwQE
wkUQMA0GCSqGSIb3DQEBCwUAA4IBAQBj7Y4CvTmMLQHjiq+bmrjw34to02AooCWH
JCe2ksA5LmgefQuaHNe7/JY1G4i197DVcIZop0AGf2GZCKhHTXRKdZBzLDvtip0L
6C3E6dUUlIGOU67YxNEE8E7BQ0s+kZugJ8TVM9IQ6mTAWfsblhn31ssXiWXaCftR
fE6MurpeKvkLtpwazvJbuoEZ6b5/F4+XhzIEABQhCbEtBVCS5e791FDFB6oCy0G8
qbNC5kUb6NcIbF4cJHudFA4EnjjsGQ0pgq8GiqZJh3Ya9wY0yb8CPPg7OsX3EC7A
Mkm3cntxWVC4sgdGZRVzm75yELcYJtBJ2NEt7hjxV2LL8GcAk/ZU
-----END CERTIFICATE-----