Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Crj6v43kQjIyL1XJ-I65_hT6_KI.roa
File:                     Crj6v43kQjIyL1XJ-I65_hT6_KI.roa (raw, json)
Hash identifier:          1213fbhkG2b150SKoHvTN154rGhAZx3E0QFt2heuYso=
Subject key identifier:   0A:B8:FA:BF:8D:E4:42:32:32:2F:55:C9:F8:8E:B9:FE:14:FA:FC:A2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018C340AF1BF377BC090893A4CDCA8FD1C5D
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Crj6v43kQjIyL1XJ-I65_hT6_KI.roa
Signing time:             Mon 04 Dec 2023 08:56:21 +0000
ROA not before:           Mon 04 Dec 2023 08:56:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34872
IP address blocks:        62.3.50.0/24 maxlen: 24
                          45.154.97.0/24 maxlen: 24
                          194.28.98.0/23 maxlen: 24
                          2a0c:b641:540::/44 maxlen: 48
                          2a0c:b641:30::/44 maxlen: 48
                          2a0c:b641:10::/44 maxlen: 48
                          2a0f:8400::/32 maxlen: 48
                          2a0c:b641::/44 maxlen: 48
                          2a0c:b640::/32 maxlen: 48
                          2a0c:b641:70f::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:34:0a:f1:bf:37:7b:c0:90:89:3a:4c:dc:a8:fd:1c:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Dec  4 08:56:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0ab8fabf8de44232322f55c9f88eb9fe14fafca2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a5:fd:35:70:1b:7b:30:d1:a1:5f:e1:89:d3:
                    5b:ef:32:7c:52:c1:d6:f2:e9:dc:72:ee:55:2a:92:
                    8e:f3:f1:67:48:6f:13:c5:5b:c6:30:9d:7c:48:94:
                    c5:ed:0b:77:82:55:f6:d9:db:57:0d:8f:e2:b6:26:
                    86:63:5d:f0:65:9f:32:61:7a:7a:b8:33:20:00:e7:
                    64:d3:c5:c5:b7:94:b3:ed:d6:5b:03:20:20:b6:a4:
                    d0:92:32:31:b1:19:00:5b:aa:02:39:6e:83:cd:ba:
                    3d:84:f5:26:74:a0:2e:2f:7e:92:bf:a5:77:8f:a8:
                    22:2b:76:36:66:40:66:20:74:f0:1b:31:bf:30:3f:
                    90:cd:a4:2f:28:f0:9e:08:23:80:bc:ef:d8:39:45:
                    ff:d1:37:b8:01:50:e3:59:27:4a:81:d1:a2:f1:ae:
                    29:e0:59:14:e4:34:af:b0:fb:e4:c3:09:b0:5b:9b:
                    3c:e6:c8:ce:d2:80:2f:87:7c:58:46:f6:ba:00:4d:
                    d7:a5:31:b6:a6:44:40:11:ae:1c:19:2f:ad:c0:aa:
                    56:45:da:c1:3a:6f:44:9b:49:ab:11:70:8a:8f:c9:
                    98:98:78:f9:09:48:54:8a:58:80:e1:ed:f5:d9:d1:
                    33:89:17:9c:4b:80:e7:fd:71:85:21:97:0b:0b:b2:
                    d3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B8:FA:BF:8D:E4:42:32:32:2F:55:C9:F8:8E:B9:FE:14:FA:FC:A2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Crj6v43kQjIyL1XJ-I65_hT6_KI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.97.0/24
                  62.3.50.0/24
                  194.28.98.0/23
                IPv6:
                  2a0c:b640::-2a0c:b641:1f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:30::/44
                  2a0c:b641:540::/44
                  2a0c:b641:70f::/48
                  2a0f:8400::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:38:db:d3:c0:88:c1:d1:69:49:89:88:1c:ca:77:36:e2:1c:
         4d:8f:ed:e6:68:ff:50:cb:28:17:5a:80:ed:77:47:f9:74:2b:
         1f:d2:f6:98:e3:b2:e3:da:d3:df:b5:0f:0f:b7:e4:fb:f1:f9:
         58:45:24:d9:0c:1f:cf:05:a1:53:3a:a9:36:43:bc:0e:58:7d:
         a4:d3:a1:70:04:62:52:33:18:94:d5:7f:43:f2:eb:55:af:bb:
         c2:52:94:3a:00:35:18:c7:a2:bb:21:81:79:dc:37:8c:5d:7d:
         fb:18:87:44:e4:54:fd:c6:95:b0:a3:97:81:14:8d:f1:1a:f6:
         53:88:ef:32:1b:58:58:cc:22:c4:57:48:4e:93:ba:6d:2f:b6:
         7a:b3:64:d9:d3:1e:bc:ca:c8:9a:72:3f:b7:ce:65:4a:13:96:
         ec:57:3e:5d:d5:a6:3d:fa:1d:18:60:22:69:8a:ba:75:bc:de:
         f6:26:4b:62:60:2c:65:9a:df:24:2a:8a:a4:c4:61:f9:57:3a:
         38:75:88:78:ce:61:59:ff:28:c7:8d:c1:f8:02:8c:17:4d:6e:
         b4:07:3e:27:05:b7:a3:75:c6:74:c3:1b:cd:09:97:0b:34:5e:
         33:e6:ab:89:1d:8c:20:96:d7:29:94:c2:ee:e5:7a:78:d7:ae:
         92:c8:ec:10
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYw0CvG/N3vAkIk6TNyo/RxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjMxMjA0MDg1NjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWI4ZmFiZjhkZTQ0MjMyMzIyZjU1YzlmODhlYjlmZTE0ZmFmY2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqX9NXAbezDRoV/hidNb7zJ8UsHW
8unccu5VKpKO8/FnSG8TxVvGMJ18SJTF7Qt3glX22dtXDY/itiaGY13wZZ8yYXp6
uDMgAOdk08XFt5Sz7dZbAyAgtqTQkjIxsRkAW6oCOW6Dzbo9hPUmdKAuL36Sv6V3
j6giK3Y2ZkBmIHTwGzG/MD+QzaQvKPCeCCOAvO/YOUX/0Te4AVDjWSdKgdGi8a4p
4FkU5DSvsPvkwwmwW5s85sjO0oAvh3xYRva6AE3XpTG2pkRAEa4cGS+twKpWRdrB
Om9Em0mrEXCKj8mYmHj5CUhUiliA4e312dEziRecS4Dn/XGFIZcLC7LTOQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFAq4+r+N5EIyMi9VyfiOuf4U+vyiMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQ3JqNnY0M2tRakl5TDFYSi1JNjVfaFQ2X0tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjAYBAIAATASAwQALZphAwQA
PgMyAwQBwhxiMDoEAgACMDQwEAMFBioMtkADBwUqDLZBAAADBwQqDLZBADADBwQq
DLZBBUADBwAqDLZBBw8DBQAqD4QAMA0GCSqGSIb3DQEBCwUAA4IBAQAzONvTwIjB
0WlJiYgcync24hxNj+3maP9QyygXWoDtd0f5dCsf0vaY47Lj2tPftQ8Pt+T78flY
RSTZDB/PBaFTOqk2Q7wOWH2k06FwBGJSMxiU1X9D8utVr7vCUpQ6ADUYx6K7IYF5
3DeMXX37GIdE5FT9xpWwo5eBFI3xGvZTiO8yG1hYzCLEV0hOk7ptL7Z6s2TZ0x68
ysiacj+3zmVKE5bsVz5d1aY9+h0YYCJpirp1vN72JktiYCxlmt8kKoqkxGH5Vzo4
dYh4zmFZ/yjHjcH4AowXTW60Bz4nBbejdcZ0wxvNCZcLNF4z5quJHYwgltcplMLu
5Xp4166SyOwQ
-----END CERTIFICATE-----