Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1b9a66-f820-45a0-b02d-d78766d8c858/1/T_88f3xBxaru1duTpSHWkkCCydI.roa
File:                     T_88f3xBxaru1duTpSHWkkCCydI.roa (raw, json)
Hash identifier:          ogER885odthx4c5sFflavvLuDx/Oivncf5Qyn8YoBd0=
Subject key identifier:   4F:FF:3C:7F:7C:41:C5:AA:EE:D5:DB:93:A5:21:D6:92:40:82:C9:D2
Certificate issuer:       /CN=4186e6b9d1f78c94d63fac934ab9aadc0c96d43e
Certificate serial:       01856B77B31A01EFC6E57E243C5A9A503BDC
Authority key identifier: 41:86:E6:B9:D1:F7:8C:94:D6:3F:AC:93:4A:B9:AA:DC:0C:96:D4:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QYbmudH3jJTWP6yTSrmq3AyW1D4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1b9a66-f820-45a0-b02d-d78766d8c858/1/T_88f3xBxaru1duTpSHWkkCCydI.roa
Signing time:             Sun 01 Jan 2023 03:54:44 +0000
ROA not before:           Sun 01 Jan 2023 03:54:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15516
IP address blocks:        79.98.192.0/21 maxlen: 21
                          195.135.216.0/22 maxlen: 22
                          62.61.128.0/19 maxlen: 19
                          81.161.128.0/18 maxlen: 18
                          77.75.160.0/21 maxlen: 21
                          91.100.0.0/15 maxlen: 15
                          85.24.0.0/17 maxlen: 17
                          87.72.0.0/15 maxlen: 15
                          82.211.224.0/19 maxlen: 19
                          82.147.224.0/19 maxlen: 19
                          2001:14d0::/29 maxlen: 29
                          2a01:558::/32 maxlen: 32
                          2a07:8900::/29 maxlen: 29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:77:b3:1a:01:ef:c6:e5:7e:24:3c:5a:9a:50:3b:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4186e6b9d1f78c94d63fac934ab9aadc0c96d43e
        Validity
            Not Before: Jan  1 03:54:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4fff3c7f7c41c5aaeed5db93a521d6924082c9d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:88:b5:53:b1:e4:d6:b0:5c:63:9a:75:43:e1:
                    31:4a:62:20:7b:26:7e:8e:30:fa:3e:08:8d:3f:a4:
                    eb:fe:5c:f7:d7:b9:b5:fd:63:07:c2:9e:1c:d4:11:
                    3c:4b:bb:fa:04:47:04:eb:6d:af:28:c9:b2:84:1e:
                    9f:34:3c:bf:69:79:f3:1b:5b:8b:c2:b3:ed:95:b8:
                    44:88:53:44:01:c1:80:2d:9f:be:6b:47:44:4a:88:
                    50:b4:63:b0:82:0a:f6:cc:10:19:f5:17:93:48:9a:
                    33:19:5d:f1:fc:ad:7e:00:09:db:56:b0:d4:e6:eb:
                    67:a4:10:e0:9a:b8:0a:6b:55:f6:e9:f5:b3:ce:b9:
                    d4:10:24:7b:a4:2c:55:19:37:e7:7e:e2:fb:62:38:
                    37:ee:1c:3c:e9:f5:67:c7:2d:e3:87:31:62:ea:67:
                    9f:0c:9b:a5:fc:cb:09:79:56:80:a8:ed:93:3b:82:
                    58:e3:da:2f:04:63:5a:8c:88:06:7c:17:4f:45:8c:
                    c4:8f:74:19:39:52:a0:8e:80:3e:41:4d:6b:da:4d:
                    09:64:b5:9e:d2:c3:27:8d:8d:2d:9d:40:cb:4c:0b:
                    10:c8:c8:58:8c:b0:28:84:ec:04:5b:28:a7:c0:7b:
                    41:cc:1a:b3:18:4b:32:49:ff:99:e6:91:92:d6:57:
                    d9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FF:3C:7F:7C:41:C5:AA:EE:D5:DB:93:A5:21:D6:92:40:82:C9:D2
            X509v3 Authority Key Identifier:
                keyid:41:86:E6:B9:D1:F7:8C:94:D6:3F:AC:93:4A:B9:AA:DC:0C:96:D4:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QYbmudH3jJTWP6yTSrmq3AyW1D4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1b9a66-f820-45a0-b02d-d78766d8c858/1/T_88f3xBxaru1duTpSHWkkCCydI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1b9a66-f820-45a0-b02d-d78766d8c858/1/QYbmudH3jJTWP6yTSrmq3AyW1D4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.61.128.0/19
                  77.75.160.0/21
                  79.98.192.0/21
                  81.161.128.0/18
                  82.147.224.0/19
                  82.211.224.0/19
                  85.24.0.0/17
                  87.72.0.0/15
                  91.100.0.0/15
                  195.135.216.0/22
                IPv6:
                  2001:14d0::/29
                  2a01:558::/32
                  2a07:8900::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:0b:29:82:b3:50:28:32:a5:ae:4c:f3:90:9f:b1:8d:b3:f1:
         af:dc:bb:3d:18:ca:e6:0f:98:f1:fd:4d:17:ba:70:f3:c5:ef:
         b4:98:ba:09:9b:cf:f1:a1:48:27:b6:4a:84:80:c2:ab:e4:48:
         59:a3:d1:c8:1e:e4:ea:4f:d3:be:21:0b:7c:56:f5:34:af:69:
         75:cd:22:d2:0a:42:96:ae:13:01:93:54:a2:8c:11:a4:b6:3a:
         a9:1d:8c:49:ff:db:b6:03:e4:87:9f:3e:d7:b6:41:13:3c:aa:
         c4:2a:00:94:ee:ef:a2:bd:9d:f3:4d:40:c5:54:79:c9:bc:0d:
         12:a0:69:e9:f0:68:55:c9:76:10:81:3b:c1:5b:c5:6f:e6:8f:
         5e:8f:7c:1d:89:a0:2a:bf:c4:4e:4a:cd:03:1b:e4:93:64:3e:
         e6:33:11:60:39:a7:99:8d:ae:92:30:a8:6f:fa:4e:be:e2:dd:
         fe:85:54:cc:fa:7e:88:01:31:67:33:07:8b:d8:8e:1b:45:d2:
         f5:55:b3:01:ea:c6:49:a1:71:33:89:90:17:22:7b:be:02:25:
         85:68:b0:5b:a1:88:2d:d4:a6:9e:44:b8:ee:f5:75:a9:65:e6:
         f7:1d:f8:4d:cb:8c:63:8c:09:cf:0e:b5:48:c6:f5:f6:25:31:
         fc:9b:40:60
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYVrd7MaAe/G5X4kPFqaUDvcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxODZlNmI5ZDFmNzhjOTRkNjNmYWM5MzRhYjlhYWRjMGM5
NmQ0M2UwHhcNMjMwMTAxMDM1NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmZmM2M3ZjdjNDFjNWFhZWVkNWRiOTNhNTIxZDY5MjQwODJjOWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIi1U7Hk1rBcY5p1Q+ExSmIgeyZ+
jjD6PgiNP6Tr/lz317m1/WMHwp4c1BE8S7v6BEcE622vKMmyhB6fNDy/aXnzG1uL
wrPtlbhEiFNEAcGALZ++a0dESohQtGOwggr2zBAZ9ReTSJozGV3x/K1+AAnbVrDU
5utnpBDgmrgKa1X26fWzzrnUECR7pCxVGTfnfuL7Yjg37hw86fVnxy3jhzFi6mef
DJul/MsJeVaAqO2TO4JY49ovBGNajIgGfBdPRYzEj3QZOVKgjoA+QU1r2k0JZLWe
0sMnjY0tnUDLTAsQyMhYjLAohOwEWyinwHtBzBqzGEsySf+Z5pGS1lfZMQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFE//PH98QcWq7tXbk6Uh1pJAgsnSMB8GA1UdIwQY
MBaAFEGG5rnR94yU1j+sk0q5qtwMltQ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVlibXVkSDNqSlRXUDZ5VFNybXEzQXlXMUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xYjlhNjYtZjgyMC00NWEwLWIwMmQt
ZDc4NzY2ZDhjODU4LzEvVF84OGYzeEJ4YXJ1MWR1VHBTSFdra0NDeWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xYjlhNjYtZjgyMC00NWEwLWIwMmQtZDc4NzY2ZDhjODU4
LzEvUVlibXVkSDNqSlRXUDZ5VFNybXEzQXlXMUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBABAIAATA6AwQFPj2AAwQD
TUugAwQDT2LAAwQGUaGAAwQFUpPgAwQFUtPgAwQHVRgAAwMBV0gDAwFbZAMEAsOH
2DAbBAIAAjAVAwUDIAEU0AMFACoBBVgDBQMqB4kAMA0GCSqGSIb3DQEBCwUAA4IB
AQCDCymCs1AoMqWuTPOQn7GNs/Gv3Ls9GMrmD5jx/U0XunDzxe+0mLoJm8/xoUgn
tkqEgMKr5EhZo9HIHuTqT9O+IQt8VvU0r2l1zSLSCkKWrhMBk1SijBGktjqpHYxJ
/9u2A+SHnz7XtkETPKrEKgCU7u+ivZ3zTUDFVHnJvA0SoGnp8GhVyXYQgTvBW8Vv
5o9ej3wdiaAqv8ROSs0DG+STZD7mMxFgOaeZja6SMKhv+k6+4t3+hVTM+n6IATFn
MweL2I4bRdL1VbMB6sZJoXEziZAXInu+AiWFaLBboYgt1KaeRLju9XWpZeb3HfhN
y4xjjAnPDrVIxvX2JTH8m0Bg
-----END CERTIFICATE-----