Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/12f26e-fb11-42e1-bacc-3969eca7b7d4/1/QPsZefBBdISf1BJw9-x70-tPERs.roa
File:                     QPsZefBBdISf1BJw9-x70-tPERs.roa (raw, json)
Hash identifier:          YZAuWiYElN80KaGPYy2S+Mrj8D6w8FqBVDZONM75gfM=
Subject key identifier:   40:FB:19:79:F0:41:74:84:9F:D4:12:70:F7:EC:7B:D3:EB:4F:11:1B
Certificate issuer:       /CN=15af072f9e156abc20c468498e2323152c736ae8
Certificate serial:       01856CAF4C05AF2096FBD59B8B4DC6926642
Authority key identifier: 15:AF:07:2F:9E:15:6A:BC:20:C4:68:49:8E:23:23:15:2C:73:6A:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fa8HL54VarwgxGhJjiMjFSxzaug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/12f26e-fb11-42e1-bacc-3969eca7b7d4/1/QPsZefBBdISf1BJw9-x70-tPERs.roa
Signing time:             Sun 01 Jan 2023 09:35:05 +0000
ROA not before:           Sun 01 Jan 2023 09:35:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47702
IP address blocks:        213.109.224.0/20 maxlen: 20
                          213.109.225.0/24 maxlen: 24
                          213.109.224.0/21 maxlen: 21
                          213.109.224.0/22 maxlen: 22
                          213.109.224.0/24 maxlen: 24
                          93.175.200.0/24 maxlen: 24
                          93.175.200.0/21 maxlen: 21
                          93.175.200.0/22 maxlen: 22
                          93.175.201.0/24 maxlen: 24
                          93.175.204.0/22 maxlen: 22
                          213.109.232.0/24 maxlen: 24
                          213.109.232.0/21 maxlen: 21
                          213.109.232.0/22 maxlen: 22
                          213.109.233.0/24 maxlen: 24
                          213.109.228.0/22 maxlen: 22
                          213.109.236.0/22 maxlen: 22
                          93.175.192.0/20 maxlen: 20
                          93.175.192.0/21 maxlen: 21
                          93.175.192.0/22 maxlen: 22
                          93.175.196.0/22 maxlen: 22
                          2001:67c:11d4::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:af:4c:05:af:20:96:fb:d5:9b:8b:4d:c6:92:66:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15af072f9e156abc20c468498e2323152c736ae8
        Validity
            Not Before: Jan  1 09:35:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40fb1979f04174849fd41270f7ec7bd3eb4f111b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:51:cf:96:f4:d3:bd:fe:91:d5:f9:28:91:fb:
                    30:23:72:35:9d:04:ad:dd:a3:59:54:02:a4:d3:b2:
                    4f:59:c3:24:2e:e1:9a:d7:47:a2:4f:6a:11:de:29:
                    55:b3:42:0f:37:fe:93:1e:3d:8e:09:60:a7:b4:8d:
                    af:31:f3:87:66:3f:86:15:dd:f6:4a:55:bf:4f:16:
                    1e:d9:77:4d:03:08:72:bc:b3:bd:e1:c6:01:99:96:
                    2a:6a:ad:0c:d8:5c:66:c5:ed:f5:39:3b:28:af:f5:
                    9f:b5:bb:85:8a:38:6a:4f:25:ec:9f:00:2f:0d:29:
                    83:99:d3:f2:27:7b:6b:df:03:28:f6:a3:63:da:f8:
                    b8:48:3d:de:62:37:5b:98:43:86:99:38:92:2f:9d:
                    d0:da:5e:c1:78:87:30:92:47:f6:25:f2:39:46:19:
                    53:06:b4:76:6d:82:a5:e7:b3:12:ad:64:24:11:e4:
                    b6:ef:aa:b6:00:f3:0e:a6:95:66:ea:04:d2:d9:04:
                    e2:c7:51:24:59:4c:5c:61:be:f2:a4:8b:73:37:c6:
                    c8:52:e9:78:af:09:dc:59:b5:ad:06:d6:6e:ee:6e:
                    65:d4:ba:75:95:ce:c4:26:e2:32:14:d1:22:31:90:
                    bf:10:83:45:9b:99:3e:d9:1d:95:ce:ab:c7:08:8a:
                    b4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:FB:19:79:F0:41:74:84:9F:D4:12:70:F7:EC:7B:D3:EB:4F:11:1B
            X509v3 Authority Key Identifier:
                keyid:15:AF:07:2F:9E:15:6A:BC:20:C4:68:49:8E:23:23:15:2C:73:6A:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fa8HL54VarwgxGhJjiMjFSxzaug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/12f26e-fb11-42e1-bacc-3969eca7b7d4/1/QPsZefBBdISf1BJw9-x70-tPERs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/12f26e-fb11-42e1-bacc-3969eca7b7d4/1/Fa8HL54VarwgxGhJjiMjFSxzaug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.175.192.0/20
                  213.109.224.0/20
                IPv6:
                  2001:67c:11d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:f9:4c:85:6e:fd:2f:bf:fe:33:8d:79:db:a1:6a:e6:d1:92:
         95:96:2f:c9:d7:48:2a:fb:d9:54:7a:01:84:4f:b2:7f:22:c2:
         b8:b3:24:c3:9c:7c:f5:b7:76:a5:74:9c:79:af:1c:51:e5:ba:
         80:87:27:57:dc:24:1b:af:27:42:20:33:eb:62:2a:99:08:41:
         b9:3f:e1:1e:55:6c:54:a5:a3:bf:c0:56:a6:0b:93:1a:62:81:
         13:4e:f4:bc:67:94:a9:60:b2:f1:6c:c6:72:65:6d:81:08:ca:
         c6:34:4e:01:ff:a2:03:66:af:57:08:76:45:6c:e8:86:05:36:
         2e:ac:c4:50:78:73:c4:d4:a0:3e:d7:18:78:a5:74:64:0b:a9:
         a9:81:9e:f0:74:95:e6:a9:b3:6f:bc:31:2a:e6:25:2c:40:a9:
         92:48:77:12:4d:59:a1:46:f0:3a:a8:e5:1b:fe:ea:08:44:13:
         9d:7c:ad:65:ec:4c:52:57:9f:03:76:dd:07:fa:1b:20:1c:96:
         9a:ea:0b:cf:ee:f9:1b:bc:2c:0a:f9:a3:8b:5a:a0:8d:32:6c:
         4e:61:0b:cf:9f:41:32:ed:21:ed:3a:21:52:87:90:2b:55:8b:
         91:5f:16:83:7d:4f:41:6e:9b:69:f9:74:c6:ff:9f:b7:85:af:
         bb:0a:2b:96
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVsr0wFryCW+9Wbi03GkmZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1YWYwNzJmOWUxNTZhYmMyMGM0Njg0OThlMjMyMzE1MmM3
MzZhZTgwHhcNMjMwMTAxMDkzNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGZiMTk3OWYwNDE3NDg0OWZkNDEyNzBmN2VjN2JkM2ViNGYxMTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1HPlvTTvf6R1fkokfswI3I1nQSt
3aNZVAKk07JPWcMkLuGa10eiT2oR3ilVs0IPN/6THj2OCWCntI2vMfOHZj+GFd32
SlW/TxYe2XdNAwhyvLO94cYBmZYqaq0M2Fxmxe31OTsor/WftbuFijhqTyXsnwAv
DSmDmdPyJ3tr3wMo9qNj2vi4SD3eYjdbmEOGmTiSL53Q2l7BeIcwkkf2JfI5RhlT
BrR2bYKl57MSrWQkEeS276q2APMOppVm6gTS2QTix1EkWUxcYb7ypItzN8bIUul4
rwncWbWtBtZu7m5l1Lp1lc7EJuIyFNEiMZC/EINFm5k+2R2VzqvHCIq0AwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFED7GXnwQXSEn9QScPfse9PrTxEbMB8GA1UdIwQY
MBaAFBWvBy+eFWq8IMRoSY4jIxUsc2roMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmE4SEw1NFZhcndneEdoSmppTWpGU3h6YXVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8xMmYyNmUtZmIxMS00MmUxLWJhY2Mt
Mzk2OWVjYTdiN2Q0LzEvUVBzWmVmQkJkSVNmMUJKdzkteDcwLXRQRVJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8xMmYyNmUtZmIxMS00MmUxLWJhY2MtMzk2OWVjYTdiN2Q0
LzEvRmE4SEw1NFZhcndneEdoSmppTWpGU3h6YXVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQEXa/AAwQE
1W3gMA8EAgACMAkDBwAgAQZ8EdQwDQYJKoZIhvcNAQELBQADggEBAFD5TIVu/S+/
/jONeduhaubRkpWWL8nXSCr72VR6AYRPsn8iwrizJMOcfPW3dqV0nHmvHFHluoCH
J1fcJBuvJ0IgM+tiKpkIQbk/4R5VbFSlo7/AVqYLkxpigRNO9LxnlKlgsvFsxnJl
bYEIysY0TgH/ogNmr1cIdkVs6IYFNi6sxFB4c8TUoD7XGHildGQLqamBnvB0leap
s2+8MSrmJSxAqZJIdxJNWaFG8Dqo5Rv+6ghEE518rWXsTFJXnwN23Qf6GyAclprq
C8/u+Ru8LAr5o4taoI0ybE5hC8+fQTLtIe06IVKHkCtVi5FfFoN9T0Fum2n5dMb/
n7eFr7sKK5Y=
-----END CERTIFICATE-----