Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/lSjrIcYpHvilkD7w-dQ8iGOdziw.roa
File:                     lSjrIcYpHvilkD7w-dQ8iGOdziw.roa (raw, json)
Hash identifier:          o0PTkCww++C/SWx/WfXypZnHRaSd2uxOxkTCudz1WB4=
Subject key identifier:   95:28:EB:21:C6:29:1E:F8:A5:90:3E:F0:F9:D4:3C:88:63:9D:CE:2C
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       01865FC2F4EA534EF0CC5A9F42F95D4B3D7F
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/lSjrIcYpHvilkD7w-dQ8iGOdziw.roa
Signing time:             Fri 17 Feb 2023 14:24:17 +0000
ROA not before:           Fri 17 Feb 2023 14:24:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        45.140.8.0/23 maxlen: 23
                          109.206.250.0/23 maxlen: 23
                          45.151.112.0/22 maxlen: 23
                          45.157.202.0/23 maxlen: 23
                          45.154.238.0/23 maxlen: 23
                          45.157.32.0/23 maxlen: 23
                          45.128.158.0/23 maxlen: 23
                          45.141.62.0/23 maxlen: 23
                          2a0c:9e02::/32 maxlen: 40
                          2a0b:3c41:2::/48 maxlen: 48
                          2a0e:eb40::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 28 Mar 2023 09:15:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:5f:c2:f4:ea:53:4e:f0:cc:5a:9f:42:f9:5d:4b:3d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Feb 17 14:24:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9528eb21c6291ef8a5903ef0f9d43c88639dce2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:98:64:4d:a5:11:3a:c5:b5:e9:85:38:a0:fa:
                    57:e2:db:87:75:bb:54:a4:56:fe:09:05:a9:e0:95:
                    52:58:db:fb:76:63:3b:d9:b1:67:4d:02:52:4d:b2:
                    02:cf:e8:a3:81:98:d4:81:ab:d5:45:90:15:52:1e:
                    0a:d8:ed:7b:6d:a2:61:44:7b:89:db:10:26:24:48:
                    e1:6f:d0:99:9d:58:82:68:6a:77:20:86:1c:b7:6b:
                    0e:10:03:67:dd:e1:f2:9a:83:07:56:2c:9e:d2:3e:
                    c3:ce:a3:88:f8:84:ba:9a:2a:c0:7b:1b:f3:ee:d6:
                    fc:9e:60:6a:92:72:98:a6:00:5a:c7:e5:aa:06:c5:
                    2a:5a:ee:9e:3f:c5:f8:3c:d5:90:be:da:c7:4b:25:
                    1a:f5:66:33:34:7c:cb:4c:5e:9b:da:e6:3b:b7:39:
                    e2:db:f7:b8:a9:65:95:89:33:f4:c8:a5:c1:4e:2a:
                    69:2a:7d:ec:90:59:f8:25:66:28:c4:df:08:12:f7:
                    97:36:7d:94:b4:30:9c:e2:bd:3e:85:bb:94:bd:99:
                    d0:2d:70:d6:3e:5f:d5:02:a6:74:04:36:02:31:e9:
                    40:ca:e6:f5:83:d0:3d:75:b6:11:12:c2:b2:4e:b5:
                    9b:6f:1b:8f:04:12:f8:1f:7a:63:47:80:d0:f2:fd:
                    d5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:28:EB:21:C6:29:1E:F8:A5:90:3E:F0:F9:D4:3C:88:63:9D:CE:2C
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/lSjrIcYpHvilkD7w-dQ8iGOdziw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.158.0/23
                  45.140.8.0/23
                  45.141.62.0/23
                  45.151.112.0/22
                  45.154.238.0/23
                  45.157.32.0/23
                  45.157.202.0/23
                  109.206.250.0/23
                IPv6:
                  2a0b:3c41:2::/48
                  2a0c:9e02::/32
                  2a0e:eb40::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:ce:e8:7e:a5:92:6d:38:c5:82:2a:f0:64:54:d7:60:72:1a:
         11:1c:6f:d0:95:82:eb:93:e2:fc:a3:15:a2:3d:b2:46:9f:8b:
         7d:95:9a:37:49:71:bb:10:1a:2f:69:6d:28:eb:d5:13:9b:eb:
         de:19:9e:df:e9:3f:3e:01:86:02:53:ab:c7:6a:ba:87:9a:26:
         d9:7f:14:9c:16:8c:df:34:70:b0:a4:61:d0:3d:0b:01:ab:51:
         e8:5e:6d:9c:5a:4e:38:b0:04:d9:09:b5:9a:d5:38:0b:a1:7f:
         bb:ad:a4:01:ec:90:1e:a0:91:db:ef:c4:2e:36:6b:43:08:24:
         f1:18:7e:db:31:ed:65:49:8a:9d:ab:02:5f:75:2c:63:09:3e:
         10:bc:eb:dc:e5:46:d7:03:05:d1:80:fe:9b:4b:d3:8c:db:c5:
         f2:8a:ad:31:18:76:2a:28:e5:dd:7c:98:00:f7:9a:4b:30:e2:
         74:58:14:ab:b8:3e:55:b3:f9:cb:de:d6:07:79:ef:77:4e:0e:
         3a:62:61:65:77:96:cc:e5:ac:4d:4a:c6:b3:ea:d3:04:6d:4d:
         cd:c7:f7:7a:b1:ad:e6:1e:60:90:f1:6f:26:2b:0a:b9:b6:9a:
         e0:88:e9:01:76:a0:ef:60:97:23:21:d9:3a:05:ae:70:97:8e:
         1f:dc:8f:a0
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYZfwvTqU07wzFqfQvldSz1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjMwMjE3MTQyNDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTI4ZWIyMWM2MjkxZWY4YTU5MDNlZjBmOWQ0M2M4ODYzOWRjZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZhkTaUROsW16YU4oPpX4tuHdbtU
pFb+CQWp4JVSWNv7dmM72bFnTQJSTbICz+ijgZjUgavVRZAVUh4K2O17baJhRHuJ
2xAmJEjhb9CZnViCaGp3IIYct2sOEANn3eHymoMHViye0j7DzqOI+IS6mirAexvz
7tb8nmBqknKYpgBax+WqBsUqWu6eP8X4PNWQvtrHSyUa9WYzNHzLTF6b2uY7tzni
2/e4qWWViTP0yKXBTippKn3skFn4JWYoxN8IEveXNn2UtDCc4r0+hbuUvZnQLXDW
Pl/VAqZ0BDYCMelAyub1g9A9dbYREsKyTrWbbxuPBBL4H3pjR4DQ8v3VxwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFJUo6yHGKR74pZA+8PnUPIhjnc4sMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvbFNqckljWXBIdmlsa0Q3dy1kUThpR09keml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzA2BAIAATAwAwQBLYCeAwQB
LYwIAwQBLY0+AwQCLZdwAwQBLZruAwQBLZ0gAwQBLZ3KAwQBbc76MB0EAgACMBcD
BwAqCzxBAAIDBQAqDJ4CAwUAKg7rQDANBgkqhkiG9w0BAQsFAAOCAQEAH87ofqWS
bTjFgirwZFTXYHIaERxv0JWC65Pi/KMVoj2yRp+LfZWaN0lxuxAaL2ltKOvVE5vr
3hme3+k/PgGGAlOrx2q6h5om2X8UnBaM3zRwsKRh0D0LAatR6F5tnFpOOLAE2Qm1
mtU4C6F/u62kAeyQHqCR2+/ELjZrQwgk8Rh+2zHtZUmKnasCX3UsYwk+ELzr3OVG
1wMF0YD+m0vTjNvF8oqtMRh2Kijl3XyYAPeaSzDidFgUq7g+VbP5y97WB3nvd04O
OmJhZXeWzOWsTUrGs+rTBG1Nzcf3erGt5h5gkPFvJisKubaa4IjpAXag72CXIyHZ
OgWucJeOH9yPoA==
-----END CERTIFICATE-----