Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/3L0LN2_BnAYR68h6jbCfoZGG724.roa
File:                     3L0LN2_BnAYR68h6jbCfoZGG724.roa (raw, json)
Hash identifier:          WtWrWC7LRPhrcQ9jqc7X/8oZmDBPyFUDBPfRJp6BgfM=
Subject key identifier:   DC:BD:0B:37:6F:C1:9C:06:11:EB:C8:7A:8D:B0:9F:A1:91:86:EF:6E
Certificate issuer:       /CN=9f6fb7954179a9666b4cb6afe346d1e21ec30e45
Certificate serial:       018A079ED7428A17F245B17467522E96334D
Authority key identifier: 9F:6F:B7:95:41:79:A9:66:6B:4C:B6:AF:E3:46:D1:E2:1E:C3:0E:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/3L0LN2_BnAYR68h6jbCfoZGG724.roa
Signing time:             Fri 18 Aug 2023 07:49:24 +0000
ROA not before:           Fri 18 Aug 2023 07:49:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1200
IP address blocks:        91.236.189.0/24 maxlen: 24
                          193.105.101.0/24 maxlen: 24
                          185.55.139.0/24 maxlen: 24
                          185.55.138.0/24 maxlen: 24
                          185.55.137.0/24 maxlen: 24
                          185.55.136.0/22 maxlen: 22
                          185.55.136.0/24 maxlen: 24
                          91.200.16.0/22 maxlen: 22
                          195.69.144.0/22 maxlen: 22
                          195.60.82.128/26 maxlen: 26
                          2001:67c:1a8::/48 maxlen: 48
                          2a02:4b60::/32 maxlen: 32
                          2001:7f8:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 22 Nov 2023 13:50:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:07:9e:d7:42:8a:17:f2:45:b1:74:67:52:2e:96:33:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f6fb7954179a9666b4cb6afe346d1e21ec30e45
        Validity
            Not Before: Aug 18 07:49:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dcbd0b376fc19c0611ebc87a8db09fa19186ef6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:18:c0:2c:ef:d0:26:39:d0:bf:a9:35:ee:19:
                    d4:ee:5c:d8:55:74:a4:86:32:e4:4f:8e:7f:9b:ba:
                    58:59:91:72:13:19:f2:9a:72:a3:9f:80:a6:dd:40:
                    d5:e5:5f:d7:59:92:d3:9e:df:e4:ec:57:28:84:b6:
                    32:d9:1d:d1:4b:1f:d9:66:19:42:18:f6:6d:f2:3d:
                    9e:e9:40:cc:33:c4:31:31:24:71:4d:04:ea:79:89:
                    f1:24:e5:45:c8:f2:6e:94:d6:56:d4:c7:55:e5:a8:
                    c4:94:38:8b:61:f9:5d:61:f2:23:f2:d0:5f:09:39:
                    cc:8a:f2:e3:e9:76:d6:0e:0e:8c:d8:71:80:21:fe:
                    54:f5:a2:00:55:93:bc:e3:68:6f:73:ac:fe:f3:17:
                    fa:98:3b:70:e6:e5:2b:b6:9f:d6:8d:90:37:cc:0f:
                    02:29:58:59:c6:f5:9b:7a:c5:44:d1:60:2f:12:33:
                    d5:42:1a:36:e5:df:69:c4:a2:6d:05:49:eb:68:a5:
                    ad:61:27:7e:bc:36:4a:04:f7:34:9e:b7:62:a7:29:
                    8a:e2:15:51:88:33:c8:10:bd:94:b5:ab:d4:09:32:
                    fc:be:e7:35:51:65:2d:68:b6:99:94:7b:e6:94:2f:
                    eb:b5:77:6c:3c:2a:01:09:c0:4d:fd:35:f1:5c:1a:
                    24:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BD:0B:37:6F:C1:9C:06:11:EB:C8:7A:8D:B0:9F:A1:91:86:EF:6E
            X509v3 Authority Key Identifier:
                keyid:9F:6F:B7:95:41:79:A9:66:6B:4C:B6:AF:E3:46:D1:E2:1E:C3:0E:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/3L0LN2_BnAYR68h6jbCfoZGG724.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/n2-3lUF5qWZrTLav40bR4h7DDkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.16.0/22
                  91.236.189.0/24
                  185.55.136.0/22
                  193.105.101.0/24
                  195.60.82.128/26
                  195.69.144.0/22
                IPv6:
                  2001:67c:1a8::/48
                  2001:7f8:1::/48
                  2a02:4b60::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:fc:ba:9e:b6:d8:8b:8a:46:31:d2:a0:d3:07:63:e4:f9:77:
         40:82:ff:9f:e8:44:c3:ea:0f:f0:87:7a:7b:21:e8:d8:7f:40:
         43:f6:d6:00:8f:38:4a:17:31:f7:ee:6b:82:44:0d:2d:5c:5f:
         87:f4:21:66:7f:f6:42:60:84:25:ae:90:24:99:0e:01:d7:f5:
         51:8a:7d:c7:2a:62:f2:dd:ec:22:54:98:e7:8c:e1:bb:5b:08:
         33:65:b2:d3:56:89:2f:fb:79:24:2a:22:bb:37:ab:13:60:8d:
         2a:90:5e:30:3a:f8:11:a0:09:a8:03:43:4a:76:a4:ea:67:56:
         da:7e:56:bb:6c:ec:64:5d:2e:2c:2b:3c:1c:1d:6f:04:cc:2b:
         f6:77:49:e8:6b:d7:3b:8e:34:0b:a8:e2:3e:52:63:e6:32:62:
         cd:49:47:38:97:81:30:53:fd:86:5f:86:6d:0d:c7:e4:cb:26:
         14:f6:df:cf:67:ae:3d:e1:58:9e:4b:13:c0:39:62:76:44:10:
         fe:b9:6f:ed:0f:0d:1d:e5:93:16:ad:f6:ea:bc:eb:b8:48:69:
         14:ad:c0:9b:03:0d:64:32:32:2d:d5:9c:2c:94:d8:8b:b9:74:
         69:5f:29:01:bc:49:64:0a:16:4e:c9:e7:39:dc:82:20:b7:8b:
         ee:da:9a:00
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYoHntdCihfyRbF0Z1IuljNNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNmZiNzk1NDE3OWE5NjY2YjRjYjZhZmUzNDZkMWUyMWVj
MzBlNDUwHhcNMjMwODE4MDc0OTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2JkMGIzNzZmYzE5YzA2MTFlYmM4N2E4ZGIwOWZhMTkxODZlZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohjALO/QJjnQv6k17hnU7lzYVXSk
hjLkT45/m7pYWZFyExnymnKjn4Cm3UDV5V/XWZLTnt/k7FcohLYy2R3RSx/ZZhlC
GPZt8j2e6UDMM8QxMSRxTQTqeYnxJOVFyPJulNZW1MdV5ajElDiLYfldYfIj8tBf
CTnMivLj6XbWDg6M2HGAIf5U9aIAVZO842hvc6z+8xf6mDtw5uUrtp/WjZA3zA8C
KVhZxvWbesVE0WAvEjPVQho25d9pxKJtBUnraKWtYSd+vDZKBPc0nrdipymK4hVR
iDPIEL2UtavUCTL8vuc1UWUtaLaZlHvmlC/rtXdsPCoBCcBN/TXxXBokDwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFNy9CzdvwZwGEevIeo2wn6GRhu9uMB8GA1UdIwQY
MBaAFJ9vt5VBealma0y2r+NG0eIeww5FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjItM2xVRjVxV1pyVExhdjQwYlI0aDdERGtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8wYTNmZmYtMWE0Mi00MDQ0LWFlOGYt
NzM1NGE3M2JkYTdlLzEvM0wwTE4yX0JuQVlSNjhoNmpiQ2ZvWkdHNzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8wYTNmZmYtMWE0Mi00MDQ0LWFlOGYtNzM1NGE3M2JkYTdl
LzEvbjItM2xVRjVxV1pyVExhdjQwYlI0aDdERGtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjArBAIAATAlAwQCW8gQAwQA
W+y9AwQCuTeIAwQAwWllAwUGwzxSgAMEAsNFkDAfBAIAAjAZAwcAIAEGfAGoAwcA
IAEH+AABAwUAKgJLYDANBgkqhkiG9w0BAQsFAAOCAQEAHPy6nrbYi4pGMdKg0wdj
5Pl3QIL/n+hEw+oP8Id6eyHo2H9AQ/bWAI84Shcx9+5rgkQNLVxfh/QhZn/2QmCE
Ja6QJJkOAdf1UYp9xypi8t3sIlSY54zhu1sIM2Wy01aJL/t5JCoiuzerE2CNKpBe
MDr4EaAJqANDSnak6mdW2n5Wu2zsZF0uLCs8HB1vBMwr9ndJ6GvXO440C6jiPlJj
5jJizUlHOJeBMFP9hl+GbQ3H5MsmFPbfz2euPeFYnksTwDlidkQQ/rlv7Q8NHeWT
Fq326rzruEhpFK3AmwMNZDIyLdWcLJTYi7l0aV8pAbxJZAoWTsnnOdyCILeL7tqa
AA==
-----END CERTIFICATE-----