Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/_vdGD4nOw0F1b6qYAFEHIFEx7Vo.roa
File:                     _vdGD4nOw0F1b6qYAFEHIFEx7Vo.roa (raw, json)
Hash identifier:          q7Hf03aJ2Q66wrqHhky1TuQJvpNpeYydfJVW4k5ZOrM=
Subject key identifier:   FE:F7:46:0F:89:CE:C3:41:75:6F:AA:98:00:51:07:20:51:31:ED:5A
Certificate issuer:       /CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
Certificate serial:       01856CCB0101BE58DFC80224D6964B221B47
Authority key identifier: EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/_vdGD4nOw0F1b6qYAFEHIFEx7Vo.roa
Signing time:             Sun 01 Jan 2023 10:05:21 +0000
ROA not before:           Sun 01 Jan 2023 10:05:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62068
IP address blocks:        91.230.49.0/24 maxlen: 24
                          5.182.208.0/22 maxlen: 24
                          185.244.36.0/22 maxlen: 24
                          45.87.40.0/22 maxlen: 24
                          185.224.128.0/22 maxlen: 24
                          45.14.224.0/22 maxlen: 24
                          2a0d:2780::/29 maxlen: 32
                          2a0e:16c0::/29 maxlen: 29
                          2a0e:1740::/29 maxlen: 29
                          2a12:a8c0::/30 maxlen: 30
                          2a0d:2400::/29 maxlen: 39
                          2a0e:2000::/29 maxlen: 29
                          2a12:a8c4::/30 maxlen: 30

Validation:               Failed, certificate revoked on Mon 20 Mar 2023 22:44:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:cb:01:01:be:58:df:c8:02:24:d6:96:4b:22:1b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
        Validity
            Not Before: Jan  1 10:05:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fef7460f89cec341756faa98005107205131ed5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:79:9c:de:a6:37:f8:9c:9a:fc:e3:f9:66:98:
                    1c:4c:5a:a2:5b:77:d2:c5:5b:57:60:a3:36:e1:58:
                    87:d4:04:29:dd:b8:9c:c3:b6:81:9e:e5:32:4e:5b:
                    4f:25:7b:d0:7d:8e:4b:fb:ab:07:90:e6:8d:95:8e:
                    5a:3d:c4:ed:31:be:10:a3:a4:5e:e5:81:52:0e:ed:
                    99:29:02:fb:b5:4b:2d:65:ad:52:0b:08:26:57:32:
                    d6:7e:b1:06:2a:63:5b:46:17:37:0f:6a:80:50:14:
                    76:d9:d2:44:fe:71:95:6a:da:c4:6d:17:80:36:79:
                    81:39:67:7b:b2:ea:a7:d1:94:5b:f7:42:d7:28:5b:
                    b2:b6:77:ea:43:e5:97:0d:01:34:30:61:ad:8b:e5:
                    2f:74:dd:81:4a:12:a0:e5:4d:65:a0:c9:ee:b2:41:
                    01:87:d9:ab:9f:03:03:b7:0f:a3:b3:3d:52:a8:1d:
                    fb:20:3b:24:a7:c5:ce:f1:61:a2:75:a8:e3:5e:20:
                    35:2b:bc:a5:6f:12:b3:56:fc:63:a9:f9:28:04:b2:
                    0b:dd:f8:f8:ef:78:bc:76:fd:8f:e5:5d:60:ca:55:
                    67:3d:e3:19:1d:f1:e9:10:79:2f:81:5f:60:ae:b3:
                    f4:f2:f9:f5:81:44:65:7a:6a:13:89:8f:c6:1d:eb:
                    08:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:F7:46:0F:89:CE:C3:41:75:6F:AA:98:00:51:07:20:51:31:ED:5A
            X509v3 Authority Key Identifier:
                keyid:EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/_vdGD4nOw0F1b6qYAFEHIFEx7Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.208.0/22
                  45.14.224.0/22
                  45.87.40.0/22
                  91.230.49.0/24
                  185.224.128.0/22
                  185.244.36.0/22
                IPv6:
                  2a0d:2400::/29
                  2a0d:2780::/29
                  2a0e:16c0::/29
                  2a0e:1740::/29
                  2a0e:2000::/29
                  2a12:a8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:e1:b5:7b:8d:d4:59:23:5b:aa:a9:3b:ec:58:61:03:7b:f9:
         d4:d6:78:9c:86:c7:b7:20:0d:2d:ad:1c:7b:92:05:71:49:5a:
         6f:4a:4f:15:9a:93:13:45:6d:e2:b6:a2:5b:99:5e:5f:f1:92:
         76:22:95:b4:ea:c5:56:37:e7:cf:26:e7:ff:9e:8c:4e:20:9b:
         64:7a:35:95:68:4b:37:8c:bc:5d:62:5b:76:08:f0:b4:40:2c:
         46:08:f0:71:77:29:c8:10:f3:58:19:08:a5:d5:18:4d:6b:f5:
         3f:95:ed:6c:70:33:e1:ae:a0:ee:a9:f6:7e:b5:3b:5c:ae:0c:
         f0:aa:da:dd:3e:2b:36:2a:b4:8e:de:69:28:5e:48:cc:0a:24:
         98:33:6a:fd:fc:6b:4a:e5:1f:ba:f7:c7:f8:bf:44:b1:80:6b:
         03:51:e7:57:f8:8c:14:07:ff:12:15:1a:43:05:9d:98:c7:46:
         ff:05:eb:23:b7:28:88:de:81:55:f9:48:a1:90:f4:9c:d3:8a:
         0d:21:67:63:ec:4e:02:3f:37:2d:a8:2b:7c:88:5b:22:5b:96:
         04:34:d1:85:4b:cb:6f:62:cd:c5:6f:59:fe:07:48:8f:88:93:
         64:0d:91:00:8f:cc:6d:95:c6:12:11:0e:39:61:f6:4b:42:98:
         28:f5:03:ba
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYVsywEBvljfyAIk1pZLIhtHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGZiMDYxYTk0MjZlNGZiMjg4NWQ4MjI4Njc1NzJhMWI1
OGE0YzAwHhcNMjMwMTAxMTAwNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWY3NDYwZjg5Y2VjMzQxNzU2ZmFhOTgwMDUxMDcyMDUxMzFlZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3mc3qY3+Jya/OP5ZpgcTFqiW3fS
xVtXYKM24ViH1AQp3bicw7aBnuUyTltPJXvQfY5L+6sHkOaNlY5aPcTtMb4Qo6Re
5YFSDu2ZKQL7tUstZa1SCwgmVzLWfrEGKmNbRhc3D2qAUBR22dJE/nGVatrEbReA
NnmBOWd7suqn0ZRb90LXKFuytnfqQ+WXDQE0MGGti+UvdN2BShKg5U1loMnuskEB
h9mrnwMDtw+jsz1SqB37IDskp8XO8WGidajjXiA1K7ylbxKzVvxjqfkoBLIL3fj4
73i8dv2P5V1gylVnPeMZHfHpEHkvgV9grrP08vn1gURlemoTiY/GHesIEQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFP73Rg+JzsNBdW+qmABRByBRMe1aMB8GA1UdIwQY
MBaAFOxPsGGpQm5PsohdgihnVyobWKTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEt
Y2U1NzE1MDY5NWE5LzEvX3ZkR0Q0bk93MEYxYjZxWUFGRUhJRkV4N1ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEtY2U1NzE1MDY5NWE5
LzEvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjAqBAIAATAkAwQCBbbQAwQC
LQ7gAwQCLVcoAwQAW+YxAwQCueCAAwQCufQkMDAEAgACMCoDBQMqDSQAAwUDKg0n
gAMFAyoOFsADBQMqDhdAAwUDKg4gAAMFAyoSqMAwDQYJKoZIhvcNAQELBQADggEB
AGThtXuN1FkjW6qpO+xYYQN7+dTWeJyGx7cgDS2tHHuSBXFJWm9KTxWakxNFbeK2
oluZXl/xknYilbTqxVY3588m5/+ejE4gm2R6NZVoSzeMvF1iW3YI8LRALEYI8HF3
KcgQ81gZCKXVGE1r9T+V7WxwM+GuoO6p9n61O1yuDPCq2t0+KzYqtI7eaSheSMwK
JJgzav38a0rlH7r3x/i/RLGAawNR51f4jBQH/xIVGkMFnZjHRv8F6yO3KIjegVX5
SKGQ9JzTig0hZ2PsTgI/Ny2oK3yIWyJblgQ00YVLy29izcVvWf4HSI+Ik2QNkQCP
zG2VxhIRDjlh9ktCmCj1A7o=
-----END CERTIFICATE-----