Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/XNv722XzVkavpYtgiVQfC5zn8PU.roa
File:                     XNv722XzVkavpYtgiVQfC5zn8PU.roa (raw, json)
Hash identifier:          twGUKmubTwwCe8dfCJi0M3zsxKYMxVXi4uA0JrZvpzY=
Subject key identifier:   5C:DB:FB:DB:65:F3:56:46:AF:A5:8B:60:89:54:1F:0B:9C:E7:F0:F5
Certificate issuer:       /CN=70b190d6f89a434cce5cb8c0d4b38a1669defb59
Certificate serial:       01856FB125B8F3793224C422F73B48ACF833
Authority key identifier: 70:B1:90:D6:F8:9A:43:4C:CE:5C:B8:C0:D4:B3:8A:16:69:DE:FB:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/XNv722XzVkavpYtgiVQfC5zn8PU.roa
Signing time:             Sun 01 Jan 2023 23:35:58 +0000
ROA not before:           Sun 01 Jan 2023 23:35:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206331
IP address blocks:        185.229.183.0/24 maxlen: 24
                          185.229.181.0/24 maxlen: 24
                          185.229.182.0/24 maxlen: 24
                          185.229.180.0/24 maxlen: 24
                          185.189.111.0/24 maxlen: 24
                          185.189.108.0/24 maxlen: 24
                          2a0b:e481::/32 maxlen: 32
                          2a0b:e484::/32 maxlen: 32
                          2a0b:e485::/32 maxlen: 32
                          2a0b:e482::/32 maxlen: 32
                          2a0b:e480::/29 maxlen: 29
                          2a0b:e483::/32 maxlen: 32
                          2a0b:e487::/32 maxlen: 32
                          2a0b:e480::/32 maxlen: 32
                          2a0b:e486::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:b1:25:b8:f3:79:32:24:c4:22:f7:3b:48:ac:f8:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70b190d6f89a434cce5cb8c0d4b38a1669defb59
        Validity
            Not Before: Jan  1 23:35:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cdbfbdb65f35646afa58b6089541f0b9ce7f0f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d0:d9:05:70:f1:47:7d:70:4f:9e:e8:48:d2:
                    0a:46:09:15:86:18:82:08:ec:c1:09:75:e8:24:91:
                    66:e2:4f:37:0c:43:ff:44:a1:52:4a:4d:3c:15:7f:
                    95:e3:97:9c:77:67:09:6b:e5:f6:7c:2d:79:5a:e6:
                    84:65:42:d8:72:88:04:9c:d0:b3:ce:db:63:9c:5a:
                    d7:95:62:c7:0c:7f:54:3c:f0:52:98:aa:02:13:b0:
                    99:93:e8:f9:b9:41:e1:43:bd:b9:b8:90:8e:6d:32:
                    2f:c4:25:09:43:f2:65:b3:5f:e4:81:6a:f3:8c:ad:
                    50:4f:b8:d7:9f:40:b4:67:b9:6e:ce:f9:ed:3c:7e:
                    d7:ac:5b:97:69:e1:a1:50:14:47:39:a7:80:e0:50:
                    33:0e:fa:9c:9f:1c:f3:ab:04:55:29:99:68:20:62:
                    29:99:ed:5e:3f:af:d8:c3:6e:bd:00:49:4a:ee:0d:
                    ff:c0:17:75:fc:46:ec:8d:14:90:02:01:34:b4:87:
                    bc:60:01:53:84:13:ba:5d:96:f2:8c:95:23:18:59:
                    73:e7:ef:13:64:ba:7f:ba:39:42:e8:70:70:43:64:
                    3a:23:7d:6c:58:f6:e9:28:7b:25:16:e0:d7:62:dd:
                    df:57:34:b6:ed:66:50:43:9b:9a:13:d8:30:83:06:
                    98:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:DB:FB:DB:65:F3:56:46:AF:A5:8B:60:89:54:1F:0B:9C:E7:F0:F5
            X509v3 Authority Key Identifier:
                keyid:70:B1:90:D6:F8:9A:43:4C:CE:5C:B8:C0:D4:B3:8A:16:69:DE:FB:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/XNv722XzVkavpYtgiVQfC5zn8PU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/cLGQ1viaQ0zOXLjA1LOKFmne-1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.108.0/24
                  185.189.111.0/24
                  185.229.180.0/22
                IPv6:
                  2a0b:e480::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:6d:00:25:9e:bf:f9:e6:20:a3:e8:3f:a8:a4:e2:8e:49:f9:
         8c:28:f0:c1:38:e3:db:b6:69:06:6a:79:f3:6c:0e:0b:20:69:
         80:f4:06:3a:6f:be:1b:f5:9b:d1:00:da:f5:f3:ef:1e:b9:67:
         d3:3e:2d:3b:93:68:0c:99:a3:8b:3b:9e:bc:7e:18:94:9f:f1:
         39:d1:b2:42:5f:13:cb:6d:39:9b:3f:51:65:53:cd:af:1b:c3:
         b1:f3:47:69:56:7b:c4:ee:64:3c:b6:4d:e8:65:44:c6:69:a8:
         8c:79:37:d7:2b:7d:da:7d:f3:71:92:16:7e:2c:39:2d:83:54:
         bb:62:06:d7:bb:94:7a:5d:5c:3e:19:74:16:a9:5b:cf:8e:b9:
         a5:c7:03:5b:92:ac:5a:03:ea:b5:27:6e:9e:88:2a:03:f9:02:
         3f:5e:d4:c2:3d:a0:78:0f:0f:95:56:34:76:a3:c3:51:af:14:
         41:42:1b:f6:84:6b:09:cc:d5:8a:84:65:59:c3:22:cb:b0:14:
         ae:65:c7:f2:41:0d:de:47:fb:fc:58:bf:e0:5c:00:d6:e7:f3:
         16:57:5b:62:17:08:e3:5d:67:04:40:99:0c:84:5f:4e:06:e7:
         90:95:7c:dc:11:ea:94:2b:28:ba:d7:a2:e7:fe:7a:3b:78:5e:
         6d:54:3a:d4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVvsSW483kyJMQi9ztIrPgzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYjE5MGQ2Zjg5YTQzNGNjZTVjYjhjMGQ0YjM4YTE2Njlk
ZWZiNTkwHhcNMjMwMTAxMjMzNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2RiZmJkYjY1ZjM1NjQ2YWZhNThiNjA4OTU0MWYwYjljZTdmMGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidDZBXDxR31wT57oSNIKRgkVhhiC
COzBCXXoJJFm4k83DEP/RKFSSk08FX+V45ecd2cJa+X2fC15WuaEZULYcogEnNCz
zttjnFrXlWLHDH9UPPBSmKoCE7CZk+j5uUHhQ725uJCObTIvxCUJQ/Jls1/kgWrz
jK1QT7jXn0C0Z7luzvntPH7XrFuXaeGhUBRHOaeA4FAzDvqcnxzzqwRVKZloIGIp
me1eP6/Yw269AElK7g3/wBd1/EbsjRSQAgE0tIe8YAFThBO6XZbyjJUjGFlz5+8T
ZLp/ujlC6HBwQ2Q6I31sWPbpKHslFuDXYt3fVzS27WZQQ5uaE9gwgwaYdwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFFzb+9tl81ZGr6WLYIlUHwuc5/D1MB8GA1UdIwQY
MBaAFHCxkNb4mkNMzly4wNSzihZp3vtZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0xHUTF2aWFRMHpPWExqQTFMT0tGbW5lLTFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8yM2RjNjEtN2U5ZC00MGIzLTkxYjYt
NDZiZDdkNzk0ZmI2LzEvWE52NzIyWHpWa2F2cFl0Z2lWUWZDNXpuOFBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8yM2RjNjEtN2U5ZC00MGIzLTkxYjYtNDZiZDdkNzk0ZmI2
LzEvY0xHUTF2aWFRMHpPWExqQTFMT0tGbW5lLTFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAub1sAwQA
ub1vAwQCueW0MA0EAgACMAcDBQMqC+SAMA0GCSqGSIb3DQEBCwUAA4IBAQCBbQAl
nr/55iCj6D+opOKOSfmMKPDBOOPbtmkGannzbA4LIGmA9AY6b74b9ZvRANr18+8e
uWfTPi07k2gMmaOLO568fhiUn/E50bJCXxPLbTmbP1FlU82vG8Ox80dpVnvE7mQ8
tk3oZUTGaaiMeTfXK33affNxkhZ+LDktg1S7YgbXu5R6XVw+GXQWqVvPjrmlxwNb
kqxaA+q1J26eiCoD+QI/XtTCPaB4Dw+VVjR2o8NRrxRBQhv2hGsJzNWKhGVZwyLL
sBSuZcfyQQ3eR/v8WL/gXADW5/MWV1tiFwjjXWcEQJkMhF9OBueQlXzcEeqUKyi6
16Ln/no7eF5tVDrU
-----END CERTIFICATE-----