Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/BDZzUk3Gws2uFusaNYBf6hi7H7E.roa
File:                     BDZzUk3Gws2uFusaNYBf6hi7H7E.roa (raw, json)
Hash identifier:          eM3wlaSfAzY41m2fM1gozu00/hXeCuUYQZ0VivBwz8I=
Subject key identifier:   04:36:73:52:4D:C6:C2:CD:AE:16:EB:1A:35:80:5F:EA:18:BB:1F:B1
Certificate issuer:       /CN=36574be6ae76cd523b33787cfbdb69264263d074
Certificate serial:       0185729ECAD99442D4CF5235A4F29ADF0E95
Authority key identifier: 36:57:4B:E6:AE:76:CD:52:3B:33:78:7C:FB:DB:69:26:42:63:D0:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NldL5q52zVI7M3h8-9tpJkJj0HQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/BDZzUk3Gws2uFusaNYBf6hi7H7E.roa
Signing time:             Mon 02 Jan 2023 13:14:47 +0000
ROA not before:           Mon 02 Jan 2023 13:14:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62007
IP address blocks:        185.36.53.0/24 maxlen: 24
                          185.36.52.0/22 maxlen: 22
                          185.36.52.0/24 maxlen: 24
                          185.36.55.0/24 maxlen: 24
                          185.36.54.0/24 maxlen: 24
                          84.246.144.0/24 maxlen: 24
                          84.246.144.0/22 maxlen: 22
                          84.246.145.0/24 maxlen: 24
                          84.246.150.0/24 maxlen: 24
                          84.246.149.0/24 maxlen: 24
                          84.246.151.0/24 maxlen: 24
                          84.246.146.0/24 maxlen: 24
                          84.246.148.0/22 maxlen: 22
                          84.246.148.0/24 maxlen: 24
                          84.246.147.0/24 maxlen: 24
                          37.221.96.0/22 maxlen: 22
                          37.221.96.0/24 maxlen: 24
                          37.221.98.0/24 maxlen: 24
                          37.221.97.0/24 maxlen: 24
                          185.67.239.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:9e:ca:d9:94:42:d4:cf:52:35:a4:f2:9a:df:0e:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36574be6ae76cd523b33787cfbdb69264263d074
        Validity
            Not Before: Jan  2 13:14:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=043673524dc6c2cdae16eb1a35805fea18bb1fb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:03:44:69:7c:b2:e4:94:8b:ba:8b:db:53:cf:
                    70:50:0d:74:61:a7:14:90:74:e9:49:b8:dd:0e:61:
                    1f:10:b2:a4:7e:e2:2c:a9:11:51:a5:18:97:88:24:
                    cd:9c:51:b7:a8:d5:88:67:ea:2e:fb:1b:08:08:7f:
                    cb:d5:9c:94:1a:a8:00:88:6c:0f:a5:f9:83:a2:a0:
                    84:52:ba:46:0d:e6:19:07:1b:ef:e3:0f:79:b9:cb:
                    23:16:ed:aa:28:96:91:59:42:85:bd:3b:b1:fd:69:
                    06:45:1e:1c:09:bb:d1:41:f1:5d:de:13:fc:df:80:
                    42:b2:d1:cc:33:9e:2a:31:0b:da:be:87:28:a2:44:
                    6d:98:bf:e8:9c:5b:a8:19:6e:a7:78:8f:73:84:55:
                    f7:e9:dd:61:01:8c:62:41:58:ab:0d:7e:35:63:15:
                    84:c9:5a:21:bd:ec:cc:32:3f:93:a1:90:c9:dd:f2:
                    64:ad:3e:7c:b9:97:33:e3:3f:f8:38:3a:c4:75:65:
                    3a:45:0c:2f:68:2a:3f:ba:e4:44:fb:f3:44:4c:1c:
                    9b:43:aa:ec:ba:85:e6:04:b3:02:a1:0f:f1:4e:c3:
                    aa:68:f6:cf:32:4a:e6:dc:67:6d:88:6b:74:36:36:
                    c2:0c:3e:90:81:e7:31:de:8b:23:bd:a6:77:1c:3a:
                    ac:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:36:73:52:4D:C6:C2:CD:AE:16:EB:1A:35:80:5F:EA:18:BB:1F:B1
            X509v3 Authority Key Identifier:
                keyid:36:57:4B:E6:AE:76:CD:52:3B:33:78:7C:FB:DB:69:26:42:63:D0:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NldL5q52zVI7M3h8-9tpJkJj0HQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/BDZzUk3Gws2uFusaNYBf6hi7H7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/NldL5q52zVI7M3h8-9tpJkJj0HQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.96.0/22
                  84.246.144.0/21
                  185.36.52.0/22
                  185.67.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f1:c8:44:5d:2d:1b:2c:09:2d:0a:81:2b:1a:27:a7:63:c1:
         2d:c7:21:77:f9:80:8c:1a:73:31:15:80:92:6d:84:7f:46:df:
         19:23:cf:72:70:5f:95:87:73:da:6d:33:3c:8e:1a:1d:d8:7a:
         7e:b6:04:35:6f:ca:03:69:dc:ef:3c:83:c4:2e:61:21:4a:8f:
         88:3c:65:84:af:47:b9:3a:1a:e0:c0:89:bc:3f:b0:4b:4a:31:
         b2:ff:53:7f:89:84:b3:25:ca:f1:f5:c7:17:15:a0:84:8c:c8:
         a6:9f:e0:ed:f5:ed:f5:ec:ad:a5:54:3b:b4:cc:94:a8:86:b1:
         0f:22:85:86:1e:99:4e:ba:67:df:1d:77:45:87:79:b7:da:77:
         05:1d:9d:f1:03:67:ac:3a:47:a5:6e:fd:5b:80:9c:3b:51:33:
         b3:85:9d:d0:ba:e4:04:f0:c7:73:5e:1a:3e:b7:a7:71:7b:9d:
         78:97:6a:2a:70:9e:0b:4b:b4:95:04:1e:c4:8f:bb:80:20:73:
         1a:24:26:c2:5c:d5:12:e9:eb:70:fb:f9:25:12:d7:42:8a:7e:
         87:da:aa:f0:ae:14:2a:3a:ae:92:a0:af:23:19:26:e7:aa:cd:
         e0:68:23:52:f4:bb:6b:be:e9:a8:71:a8:b2:c8:85:c2:9e:fe:
         64:3a:9f:82
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVynsrZlELUz1I1pPKa3w6VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NTc0YmU2YWU3NmNkNTIzYjMzNzg3Y2ZiZGI2OTI2NDI2
M2QwNzQwHhcNMjMwMTAyMTMxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDM2NzM1MjRkYzZjMmNkYWUxNmViMWEzNTgwNWZlYTE4YmIxZmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQNEaXyy5JSLuovbU89wUA10YacU
kHTpSbjdDmEfELKkfuIsqRFRpRiXiCTNnFG3qNWIZ+ou+xsICH/L1ZyUGqgAiGwP
pfmDoqCEUrpGDeYZBxvv4w95ucsjFu2qKJaRWUKFvTux/WkGRR4cCbvRQfFd3hP8
34BCstHMM54qMQvavocookRtmL/onFuoGW6neI9zhFX36d1hAYxiQVirDX41YxWE
yVohvezMMj+ToZDJ3fJkrT58uZcz4z/4ODrEdWU6RQwvaCo/uuRE+/NETBybQ6rs
uoXmBLMCoQ/xTsOqaPbPMkrm3GdtiGt0NjbCDD6Qgecx3osjvaZ3HDqsSQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAQ2c1JNxsLNrhbrGjWAX+oYux+xMB8GA1UdIwQY
MBaAFDZXS+auds1SOzN4fPvbaSZCY9B0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmxkTDVxNTJ6Vkk3TTNoOC05dHBKa0pqMEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS83ZTFkOTQtMTg1NC00NzNkLTg3NTMt
MThkZWQ4MGI0YjVkLzEvQkRaelVrM0d3czJ1RnVzYU5ZQmY2aGk3SDdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS83ZTFkOTQtMTg1NC00NzNkLTg3NTMtMThkZWQ4MGI0YjVk
LzEvTmxkTDVxNTJ6Vkk3TTNoOC05dHBKa0pqMEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCJd1gAwQD
VPaQAwQCuSQ0AwQAuUPvMA0GCSqGSIb3DQEBCwUAA4IBAQBJ8chEXS0bLAktCoEr
GienY8EtxyF3+YCMGnMxFYCSbYR/Rt8ZI89ycF+Vh3PabTM8jhod2Hp+tgQ1b8oD
adzvPIPELmEhSo+IPGWEr0e5OhrgwIm8P7BLSjGy/1N/iYSzJcrx9ccXFaCEjMim
n+Dt9e317K2lVDu0zJSohrEPIoWGHplOumffHXdFh3m32ncFHZ3xA2esOkelbv1b
gJw7UTOzhZ3QuuQE8MdzXho+t6dxe514l2oqcJ4LS7SVBB7Ej7uAIHMaJCbCXNUS
6etw+/klEtdCin6H2qrwrhQqOq6SoK8jGSbnqs3gaCNS9LtrvumocaiyyIXCnv5k
Op+C
-----END CERTIFICATE-----