Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/MstoWveAszp6a1SuTyr8vajqqQw.roa
File:                     MstoWveAszp6a1SuTyr8vajqqQw.roa (raw, json)
Hash identifier:          b74prBYWtEIuFvWnFd1rt0xwmPk3OqF1TISaUscZvmg=
Subject key identifier:   32:CB:68:5A:F7:80:B3:3A:7A:6B:54:AE:4F:2A:FC:BD:A8:EA:A9:0C
Certificate issuer:       /CN=9f6fb7954179a9666b4cb6afe346d1e21ec30e45
Certificate serial:       018BF74BCC164149BD43EBC6B04023729F1D
Authority key identifier: 9F:6F:B7:95:41:79:A9:66:6B:4C:B6:AF:E3:46:D1:E2:1E:C3:0E:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/MstoWveAszp6a1SuTyr8vajqqQw.roa
Signing time:             Wed 22 Nov 2023 13:50:21 +0000
ROA not before:           Wed 22 Nov 2023 13:50:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1200
IP address blocks:        91.236.189.0/24 maxlen: 24
                          193.105.101.0/24 maxlen: 24
                          185.55.139.0/24 maxlen: 24
                          185.55.138.0/24 maxlen: 24
                          185.55.137.0/24 maxlen: 24
                          185.55.136.0/22 maxlen: 22
                          185.55.136.0/24 maxlen: 24
                          91.200.16.0/22 maxlen: 22
                          195.69.145.0/24 maxlen: 24
                          195.69.144.0/22 maxlen: 22
                          195.60.82.128/26 maxlen: 26
                          2001:67c:1a8::/48 maxlen: 48
                          2a02:4b60::/32 maxlen: 32
                          2001:7f8:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f7:4b:cc:16:41:49:bd:43:eb:c6:b0:40:23:72:9f:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f6fb7954179a9666b4cb6afe346d1e21ec30e45
        Validity
            Not Before: Nov 22 13:50:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=32cb685af780b33a7a6b54ae4f2afcbda8eaa90c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5f:ea:ee:43:c8:f2:17:b1:5e:78:9f:4c:f3:
                    8c:89:e5:a9:7b:e3:30:fa:29:a1:12:04:19:15:de:
                    09:3c:02:f3:80:3a:18:d7:f6:d8:27:68:57:64:f8:
                    41:e6:f4:71:5e:7b:00:ec:7d:74:84:90:74:d2:4a:
                    56:b8:e6:e4:3c:79:55:bb:66:1c:fc:f2:4b:ae:7d:
                    71:56:11:c4:42:99:b7:76:de:2c:71:37:e7:8c:3f:
                    71:86:08:4d:b4:45:d9:ce:f2:fb:21:ad:af:82:87:
                    ea:84:e7:bf:ff:91:0e:10:81:f5:bd:d6:85:73:dd:
                    d0:8e:0c:4d:15:24:17:e3:a2:16:4b:05:49:e0:85:
                    57:cc:ff:8d:03:01:1e:60:0a:d8:df:80:18:78:a8:
                    9d:7e:52:59:bd:57:9a:0e:f7:2c:64:a6:4f:3e:3b:
                    70:52:07:20:f5:b1:fd:53:f3:07:3d:e2:28:bb:dd:
                    fa:d8:9b:86:65:52:48:86:19:a0:77:0b:55:eb:9f:
                    fc:b4:51:b8:cf:e3:bf:05:eb:05:5d:4c:e5:39:d8:
                    81:da:46:b3:c5:3a:76:5b:63:59:79:fc:43:b9:81:
                    7c:9a:2d:44:b0:21:ed:7e:76:96:af:93:25:4a:f5:
                    b2:c6:13:19:de:16:0b:1a:76:44:29:67:aa:8c:18:
                    86:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:CB:68:5A:F7:80:B3:3A:7A:6B:54:AE:4F:2A:FC:BD:A8:EA:A9:0C
            X509v3 Authority Key Identifier:
                keyid:9F:6F:B7:95:41:79:A9:66:6B:4C:B6:AF:E3:46:D1:E2:1E:C3:0E:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/MstoWveAszp6a1SuTyr8vajqqQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/n2-3lUF5qWZrTLav40bR4h7DDkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.16.0/22
                  91.236.189.0/24
                  185.55.136.0/22
                  193.105.101.0/24
                  195.60.82.128/26
                  195.69.144.0/22
                IPv6:
                  2001:67c:1a8::/48
                  2001:7f8:1::/48
                  2a02:4b60::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:47:04:43:7d:c2:85:04:64:9a:75:5b:9d:c9:4a:94:e0:07:
         06:e2:55:46:51:78:f7:1f:77:d4:07:ef:b9:91:53:dc:20:f5:
         09:83:bc:61:25:6a:b4:54:83:04:84:66:d4:ec:77:73:91:1d:
         9d:08:f4:54:b0:d6:c2:e9:d1:d1:85:5e:29:7d:67:57:f2:2d:
         5b:4b:71:c6:23:eb:bd:f9:65:5c:a0:b1:1b:28:e6:bf:87:61:
         6a:37:a2:77:96:05:c3:d1:8e:f9:81:b0:59:14:96:4e:19:4b:
         58:8f:5d:8a:85:9b:74:02:1e:38:50:17:2a:18:ac:41:db:44:
         76:28:2e:12:54:2e:2e:1c:be:23:4c:8b:75:34:83:cf:87:64:
         63:51:17:56:67:eb:ab:6d:a9:7a:ff:3a:cf:36:85:5b:7e:3e:
         b4:d4:42:7c:2b:95:42:46:31:16:c6:ca:11:f8:07:be:e0:38:
         5a:48:01:e5:28:a7:d9:d7:51:03:13:1a:3d:07:0a:ce:21:b9:
         a5:41:53:f4:25:7a:9e:72:c2:9b:fd:da:35:d5:81:8b:15:90:
         c7:99:91:41:16:08:08:4b:0f:a0:21:9e:3d:16:84:fc:8b:ff:
         ac:25:06:de:9d:11:a2:59:34:e9:bf:bf:e7:14:de:52:30:c3:
         70:20:0c:a9
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYv3S8wWQUm9Q+vGsEAjcp8dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNmZiNzk1NDE3OWE5NjY2YjRjYjZhZmUzNDZkMWUyMWVj
MzBlNDUwHhcNMjMxMTIyMTM1MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmNiNjg1YWY3ODBiMzNhN2E2YjU0YWU0ZjJhZmNiZGE4ZWFhOTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtF/q7kPI8hexXnifTPOMieWpe+Mw
+imhEgQZFd4JPALzgDoY1/bYJ2hXZPhB5vRxXnsA7H10hJB00kpWuObkPHlVu2Yc
/PJLrn1xVhHEQpm3dt4scTfnjD9xhghNtEXZzvL7Ia2vgofqhOe//5EOEIH1vdaF
c93QjgxNFSQX46IWSwVJ4IVXzP+NAwEeYArY34AYeKidflJZvVeaDvcsZKZPPjtw
Ugcg9bH9U/MHPeIou9362JuGZVJIhhmgdwtV65/8tFG4z+O/BesFXUzlOdiB2kaz
xTp2W2NZefxDuYF8mi1EsCHtfnaWr5MlSvWyxhMZ3hYLGnZEKWeqjBiGmQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFDLLaFr3gLM6emtUrk8q/L2o6qkMMB8GA1UdIwQY
MBaAFJ9vt5VBealma0y2r+NG0eIeww5FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjItM2xVRjVxV1pyVExhdjQwYlI0aDdERGtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8wYTNmZmYtMWE0Mi00MDQ0LWFlOGYt
NzM1NGE3M2JkYTdlLzEvTXN0b1d2ZUFzenA2YTFTdVR5cjh2YWpxcVF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8wYTNmZmYtMWE0Mi00MDQ0LWFlOGYtNzM1NGE3M2JkYTdl
LzEvbjItM2xVRjVxV1pyVExhdjQwYlI0aDdERGtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjArBAIAATAlAwQCW8gQAwQA
W+y9AwQCuTeIAwQAwWllAwUGwzxSgAMEAsNFkDAfBAIAAjAZAwcAIAEGfAGoAwcA
IAEH+AABAwUAKgJLYDANBgkqhkiG9w0BAQsFAAOCAQEABkcEQ33ChQRkmnVbnclK
lOAHBuJVRlF49x931AfvuZFT3CD1CYO8YSVqtFSDBIRm1Ox3c5EdnQj0VLDWwunR
0YVeKX1nV/ItW0txxiPrvfllXKCxGyjmv4dhajeid5YFw9GO+YGwWRSWThlLWI9d
ioWbdAIeOFAXKhisQdtEdiguElQuLhy+I0yLdTSDz4dkY1EXVmfrq22pev86zzaF
W34+tNRCfCuVQkYxFsbKEfgHvuA4WkgB5Sin2ddRAxMaPQcKziG5pUFT9CV6nnLC
m/3aNdWBixWQx5mRQRYICEsPoCGePRaE/Iv/rCUG3p0Rolk06b+/5xTeUjDDcCAM
qQ==
-----END CERTIFICATE-----