Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/7db802-04ad-4c2d-b11a-64964976f7b3/1/Fh8fTOL-4kptMCvvYS9bq_A6U1Q.roa
File:                     Fh8fTOL-4kptMCvvYS9bq_A6U1Q.roa (raw, json)
Hash identifier:          eV0lPvzsQtOgiKd1d/o2qfLhTUFf+Ad53uNjnGjNn3M=
Subject key identifier:   16:1F:1F:4C:E2:FE:E2:4A:6D:30:2B:EF:61:2F:5B:AB:F0:3A:53:54
Certificate issuer:       /CN=a8cface114d8cdea6dc5e7a49943f322346cb35d
Certificate serial:       018C6E2BB0B377405FA12C85604C7F92CF8B
Authority key identifier: A8:CF:AC:E1:14:D8:CD:EA:6D:C5:E7:A4:99:43:F3:22:34:6C:B3:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qM-s4RTYzeptxeekmUPzIjRss10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/7db802-04ad-4c2d-b11a-64964976f7b3/1/Fh8fTOL-4kptMCvvYS9bq_A6U1Q.roa
Signing time:             Fri 15 Dec 2023 15:50:06 +0000
ROA not before:           Fri 15 Dec 2023 15:50:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16347
IP address blocks:        193.222.142.0/23 maxlen: 24
                          193.47.139.0/24 maxlen: 24
                          103.73.172.0/22 maxlen: 24
                          185.247.248.0/22 maxlen: 24
                          193.222.188.0/23 maxlen: 24
                          62.244.70.0/23 maxlen: 24
                          62.244.72.0/24 maxlen: 24
                          62.244.72.0/22 maxlen: 24
                          62.244.90.0/23 maxlen: 24
                          62.244.92.0/23 maxlen: 24
                          37.157.60.0/22 maxlen: 24
                          2a0d:4240::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:6e:2b:b0:b3:77:40:5f:a1:2c:85:60:4c:7f:92:cf:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8cface114d8cdea6dc5e7a49943f322346cb35d
        Validity
            Not Before: Dec 15 15:50:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=161f1f4ce2fee24a6d302bef612f5babf03a5354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ef:bb:08:6d:8c:50:5d:ac:c8:68:09:e8:81:
                    87:72:a5:c6:52:9a:11:9f:53:32:36:20:d5:a6:79:
                    13:c3:09:d9:8d:2b:1d:1d:bc:36:d0:97:ab:8a:d8:
                    73:e9:20:8d:b4:73:a7:99:69:7f:47:cc:f0:96:e1:
                    5f:8a:50:ef:73:38:33:37:d9:02:68:99:d5:ea:00:
                    fc:3e:ba:91:d5:73:25:cb:2d:2a:a0:f6:9a:07:77:
                    5b:be:4d:78:d7:b2:9e:80:c2:5e:ce:ac:66:3b:1c:
                    62:5f:0b:77:f5:04:e1:76:47:58:23:3a:61:e4:71:
                    d1:e3:bf:9b:a0:9c:39:31:58:a8:ca:ce:4d:f6:79:
                    13:83:50:73:7e:e7:0c:25:f9:1c:41:d0:b3:95:fc:
                    c1:40:10:6a:ce:65:45:a8:33:ae:72:31:bc:6b:07:
                    d8:75:52:f4:30:30:02:26:83:08:ab:da:28:ff:d1:
                    90:b0:70:01:ab:dd:c0:ac:f8:1d:b8:70:f7:68:7f:
                    2b:03:da:ad:2b:e7:21:f5:7e:b5:61:90:f2:e3:54:
                    7c:2f:52:be:8a:7a:25:e1:40:d3:c0:e8:1f:c3:71:
                    d2:dd:3b:95:bd:cf:3f:9d:4b:ce:4f:9f:8d:3a:ac:
                    4b:cb:59:fd:2d:e6:b8:e0:14:3f:56:4b:b3:67:71:
                    40:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:1F:1F:4C:E2:FE:E2:4A:6D:30:2B:EF:61:2F:5B:AB:F0:3A:53:54
            X509v3 Authority Key Identifier:
                keyid:A8:CF:AC:E1:14:D8:CD:EA:6D:C5:E7:A4:99:43:F3:22:34:6C:B3:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qM-s4RTYzeptxeekmUPzIjRss10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/7db802-04ad-4c2d-b11a-64964976f7b3/1/Fh8fTOL-4kptMCvvYS9bq_A6U1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/7db802-04ad-4c2d-b11a-64964976f7b3/1/qM-s4RTYzeptxeekmUPzIjRss10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.60.0/22
                  62.244.70.0-62.244.75.255
                  62.244.90.0-62.244.93.255
                  103.73.172.0/22
                  185.247.248.0/22
                  193.47.139.0/24
                  193.222.142.0/23
                  193.222.188.0/23
                IPv6:
                  2a0d:4240::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:20:c6:d2:68:a2:59:7a:10:bd:bb:02:15:da:0e:24:ca:5f:
         4a:44:f2:19:22:c7:c9:d3:ca:d8:aa:a0:17:0a:35:1f:04:bb:
         29:95:e4:ff:fa:d4:ac:b6:21:3e:98:cd:1b:06:fe:82:14:21:
         59:ff:d1:5b:6c:a0:94:f9:0a:ba:3c:e3:66:f4:76:b3:44:b9:
         cb:28:d3:f8:06:82:0b:e2:db:c1:39:02:49:7c:10:1d:bd:29:
         94:b6:b1:fb:af:10:40:bd:a5:d2:c1:03:a6:96:ab:3e:ad:0e:
         46:cf:10:fb:08:b2:41:eb:96:15:92:bc:4d:50:ca:7e:76:2b:
         22:c9:0a:8c:52:ec:1d:00:dc:5c:e9:f7:7a:78:8f:37:6d:75:
         c6:f7:8c:5c:03:74:4f:93:bb:a9:ea:c4:62:29:5d:3d:d5:84:
         5c:e9:8b:c7:a5:0b:53:aa:be:2a:39:5d:61:6e:3c:e4:26:30:
         47:d4:36:b9:70:18:56:f5:10:f2:96:78:da:22:fc:91:97:d8:
         f0:27:4d:e2:1c:57:01:09:04:8e:bc:13:03:ab:5b:4c:d3:50:
         f7:0a:77:c9:a2:6d:af:f0:8d:0d:c2:91:f4:f2:df:cc:93:bb:
         9a:30:17:b1:8b:a2:88:9b:7e:9b:df:56:e6:45:1b:8e:7f:b7:
         7d:16:00:fb
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYxuK7Czd0BfoSyFYEx/ks+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4Y2ZhY2UxMTRkOGNkZWE2ZGM1ZTdhNDk5NDNmMzIyMzQ2
Y2IzNWQwHhcNMjMxMjE1MTU1MDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjFmMWY0Y2UyZmVlMjRhNmQzMDJiZWY2MTJmNWJhYmYwM2E1MzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhu+7CG2MUF2syGgJ6IGHcqXGUpoR
n1MyNiDVpnkTwwnZjSsdHbw20Jerithz6SCNtHOnmWl/R8zwluFfilDvczgzN9kC
aJnV6gD8PrqR1XMlyy0qoPaaB3dbvk1417KegMJezqxmOxxiXwt39QThdkdYIzph
5HHR47+boJw5MVioys5N9nkTg1BzfucMJfkcQdCzlfzBQBBqzmVFqDOucjG8awfY
dVL0MDACJoMIq9oo/9GQsHABq93ArPgduHD3aH8rA9qtK+ch9X61YZDy41R8L1K+
inol4UDTwOgfw3HS3TuVvc8/nUvOT5+NOqxLy1n9Lea44BQ/VkuzZ3FAfQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFBYfH0zi/uJKbTAr72EvW6vwOlNUMB8GA1UdIwQY
MBaAFKjPrOEU2M3qbcXnpJlD8yI0bLNdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU0tczRSVFl6ZXB0eGVla21VUHpJalJzczEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC83ZGI4MDItMDRhZC00YzJkLWIxMWEt
NjQ5NjQ5NzZmN2IzLzEvRmg4ZlRPTC00a3B0TUN2dllTOWJxX0E2VTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC83ZGI4MDItMDRhZC00YzJkLWIxMWEtNjQ5NjQ5NzZmN2Iz
LzEvcU0tczRSVFl6ZXB0eGVla21VUHpJalJzczEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQCJZ08MAwD
BAE+9EYDBAI+9EgwDAMEAT70WgMEAT70XAMEAmdJrAMEArn3+AMEAMEviwMEAcHe
jgMEAcHevDANBAIAAjAHAwUDKg1CQDANBgkqhkiG9w0BAQsFAAOCAQEAciDG0mii
WXoQvbsCFdoOJMpfSkTyGSLHydPK2KqgFwo1HwS7KZXk//rUrLYhPpjNGwb+ghQh
Wf/RW2yglPkKujzjZvR2s0S5yyjT+AaCC+LbwTkCSXwQHb0plLax+68QQL2l0sED
pparPq0ORs8Q+wiyQeuWFZK8TVDKfnYrIskKjFLsHQDcXOn3eniPN211xveMXAN0
T5O7qerEYildPdWEXOmLx6ULU6q+KjldYW485CYwR9Q2uXAYVvUQ8pZ42iL8kZfY
8CdN4hxXAQkEjrwTA6tbTNNQ9wp3yaJtr/CNDcKR9PLfzJO7mjAXsYuiiJt+m99W
5kUbjn+3fRYA+w==
-----END CERTIFICATE-----