Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/JvnIhcv4D4JlsTw8wUT0AVN0XBw.roa
File:                     JvnIhcv4D4JlsTw8wUT0AVN0XBw.roa (raw, json)
Hash identifier:          LLwtqT2DnSuC5Yd75BbH4YYCRYq2jpWYK9Og4K3BK2k=
Subject key identifier:   26:F9:C8:85:CB:F8:0F:82:65:B1:3C:3C:C1:44:F4:01:53:74:5C:1C
Certificate issuer:       /CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
Certificate serial:       018ADAD06D8BE3F92FC95BB67F57CB99D596
Authority key identifier: 62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/JvnIhcv4D4JlsTw8wUT0AVN0XBw.roa
Signing time:             Thu 28 Sep 2023 08:03:27 +0000
ROA not before:           Thu 28 Sep 2023 08:03:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     137502
IP address blocks:        213.248.219.0/24 maxlen: 24
                          213.248.218.0/24 maxlen: 24
                          213.248.217.0/24 maxlen: 24
                          213.248.216.0/24 maxlen: 24
                          213.248.222.0/24 maxlen: 24
                          213.248.221.0/24 maxlen: 24
                          213.248.220.0/24 maxlen: 24
                          213.248.254.0/24 maxlen: 24
                          213.248.255.0/24 maxlen: 24
                          2a01:618:405::/48 maxlen: 48
                          2a01:618:400::/48 maxlen: 48
                          2a01:618:403::/48 maxlen: 48
                          2a01:618:404::/48 maxlen: 48
                          2a01:618:407::/48 maxlen: 48
                          2a01:618:402::/48 maxlen: 48
                          2a01:618:406::/48 maxlen: 48
                          2a01:618:401::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 28 Sep 2023 11:09:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:da:d0:6d:8b:e3:f9:2f:c9:5b:b6:7f:57:cb:99:d5:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=622ecc6cc5903aea0db61200f4ccd4f824cdd54f
        Validity
            Not Before: Sep 28 08:03:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=26f9c885cbf80f8265b13c3cc144f40153745c1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:61:de:fa:db:47:b8:11:be:9f:02:bb:4a:14:
                    8f:bd:0b:a8:1a:8b:b0:f5:b1:5d:08:c1:08:99:fa:
                    06:e0:c5:74:3f:5c:59:7f:d7:70:dc:c3:61:c1:d3:
                    9b:93:26:88:c8:5d:3e:d5:d0:2d:a0:bd:72:e3:9e:
                    82:a0:bb:15:54:fc:7d:1c:0f:2f:cc:53:bd:92:20:
                    a1:e4:36:58:c9:26:70:de:49:d8:fe:a5:17:d9:b6:
                    66:3c:19:3c:91:fc:c4:f3:bf:57:87:46:19:95:2b:
                    c0:06:8a:ae:ab:6b:dd:e6:3a:45:b9:51:e0:0b:e2:
                    f3:23:60:24:01:60:21:ff:e3:9a:1b:ba:6c:f4:49:
                    db:5f:08:c9:c3:ed:26:f9:1f:fb:f2:98:44:6e:84:
                    5b:08:01:40:f8:e4:54:e3:11:43:79:3c:c2:99:81:
                    84:72:27:61:da:5b:0c:73:c5:b7:e4:a7:f5:4f:7b:
                    76:ea:ad:4c:27:32:d2:b0:91:53:f4:c7:09:2d:b6:
                    08:92:c6:a7:54:fc:48:f9:f8:48:dd:9a:8a:57:39:
                    95:65:df:03:f1:18:2e:99:6f:5c:01:8d:b5:71:ca:
                    12:dd:aa:58:cf:3b:81:7c:30:b5:81:20:2c:ec:7a:
                    d7:38:c7:e1:36:e5:5d:2a:00:4f:7c:45:16:20:cb:
                    e2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:F9:C8:85:CB:F8:0F:82:65:B1:3C:3C:C1:44:F4:01:53:74:5C:1C
            X509v3 Authority Key Identifier:
                keyid:62:2E:CC:6C:C5:90:3A:EA:0D:B6:12:00:F4:CC:D4:F8:24:CD:D5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yi7MbMWQOuoNthIA9MzU-CTN1U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/JvnIhcv4D4JlsTw8wUT0AVN0XBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/262a4b-c701-48dc-9ae5-346368827e68/1/Yi7MbMWQOuoNthIA9MzU-CTN1U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.248.216.0-213.248.222.255
                  213.248.254.0/23
                IPv6:
                  2a01:618:400::/45

    Signature Algorithm: sha256WithRSAEncryption
         1b:e2:60:4f:6d:f5:9a:eb:a1:ba:0f:8f:1a:03:fa:8b:bc:59:
         b6:09:50:b7:07:44:1b:3a:0b:31:61:56:e7:45:64:d1:07:a6:
         1c:14:73:7b:7d:8a:73:50:d2:12:97:4a:7c:97:e8:19:01:42:
         7c:48:fb:2e:d7:f4:de:03:0f:6e:10:fa:64:ee:ce:7f:f6:27:
         d4:fe:14:ea:90:0f:17:c9:d8:ed:49:71:39:45:d6:ca:62:1f:
         0d:e9:76:f6:56:3d:88:33:00:12:16:0e:f1:3d:5e:9b:7d:6c:
         f7:9a:14:36:5a:50:e4:94:a1:86:64:a2:72:ea:f1:ad:65:d2:
         1d:ce:ff:d0:18:01:3d:1d:1f:e7:c6:c2:60:96:99:28:8a:58:
         ab:80:38:81:a2:2f:9f:00:db:40:f1:d2:bf:fa:3e:d8:0a:af:
         9d:5b:9a:aa:6e:e9:c0:c1:e9:41:c1:5b:6b:3c:86:2c:62:3d:
         be:fa:a0:cc:89:1f:ff:99:36:26:5f:34:4e:f2:a8:82:8c:d7:
         94:a5:e7:35:e8:f3:0b:34:5c:36:42:b6:79:b0:bd:6a:76:16:
         33:06:18:eb:fe:99:f6:28:e0:d2:10:e3:6d:6f:24:fb:fd:f2:
         68:10:1c:87:0a:df:6b:5c:70:fc:ab:ed:eb:69:8f:53:f6:36:
         34:54:f5:9d
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYra0G2L4/kvyVu2f1fLmdWWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMmVjYzZjYzU5MDNhZWEwZGI2MTIwMGY0Y2NkNGY4MjRj
ZGQ1NGYwHhcNMjMwOTI4MDgwMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmY5Yzg4NWNiZjgwZjgyNjViMTNjM2NjMTQ0ZjQwMTUzNzQ1YzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGHe+ttHuBG+nwK7ShSPvQuoGouw
9bFdCMEImfoG4MV0P1xZf9dw3MNhwdObkyaIyF0+1dAtoL1y456CoLsVVPx9HA8v
zFO9kiCh5DZYySZw3knY/qUX2bZmPBk8kfzE879Xh0YZlSvABoquq2vd5jpFuVHg
C+LzI2AkAWAh/+OaG7ps9EnbXwjJw+0m+R/78phEboRbCAFA+ORU4xFDeTzCmYGE
cidh2lsMc8W35Kf1T3t26q1MJzLSsJFT9McJLbYIksanVPxI+fhI3ZqKVzmVZd8D
8RgumW9cAY21ccoS3apYzzuBfDC1gSAs7HrXOMfhNuVdKgBPfEUWIMviAwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFCb5yIXL+A+CZbE8PMFE9AFTdFwcMB8GA1UdIwQY
MBaAFGIuzGzFkDrqDbYSAPTM1PgkzdVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUt
MzQ2MzY4ODI3ZTY4LzEvSnZuSWhjdjRENEpsc1R3OHdVVDBBVk4wWEJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yNjJhNGItYzcwMS00OGRjLTlhZTUtMzQ2MzY4ODI3ZTY4
LzEvWWk3TWJNV1FPdW9OdGhJQTlNelUtQ1ROMVU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUMAwDBAPV+NgD
BADV+N4DBAHV+P4wDwQCAAIwCQMHAyoBBhgEADANBgkqhkiG9w0BAQsFAAOCAQEA
G+JgT231muuhug+PGgP6i7xZtglQtwdEGzoLMWFW50Vk0QemHBRze32Kc1DSEpdK
fJfoGQFCfEj7Ltf03gMPbhD6ZO7Of/Yn1P4U6pAPF8nY7UlxOUXWymIfDel29lY9
iDMAEhYO8T1em31s95oUNlpQ5JShhmSicurxrWXSHc7/0BgBPR0f58bCYJaZKIpY
q4A4gaIvnwDbQPHSv/o+2AqvnVuaqm7pwMHpQcFbazyGLGI9vvqgzIkf/5k2Jl80
TvKogozXlKXnNejzCzRcNkK2ebC9anYWMwYY6/6Z9ijg0hDjbW8k+/3yaBAchwrf
a1xw/Kvt62mPU/Y2NFT1nQ==
-----END CERTIFICATE-----