Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/d8Z27X_33EuTTQathxz5BfqeIN0.roa
File:                     d8Z27X_33EuTTQathxz5BfqeIN0.roa (raw, json)
Hash identifier:          69g/GlbMW+jQIuE/Z4olPq7UmhITL30dQ5Rm/7l+KJQ=
Subject key identifier:   77:C6:76:ED:7F:F7:DC:4B:93:4D:06:AD:87:1C:F9:05:FA:9E:20:DD
Certificate issuer:       /CN=a501c89f44829c72f2a953d2a2ba4ae0b7b50d8a
Certificate serial:       018572D5D423578F6A84256E749FB2FAF478
Authority key identifier: A5:01:C8:9F:44:82:9C:72:F2:A9:53:D2:A2:BA:4A:E0:B7:B5:0D:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pQHIn0SCnHLyqVPSorpK4Le1DYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/d8Z27X_33EuTTQathxz5BfqeIN0.roa
Signing time:             Mon 02 Jan 2023 14:14:54 +0000
ROA not before:           Mon 02 Jan 2023 14:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59414
IP address blocks:        5.102.144.0/21 maxlen: 24
                          45.151.213.0/24 maxlen: 24
                          185.79.232.0/22 maxlen: 24
                          185.98.120.0/22 maxlen: 24
                          45.81.68.0/22 maxlen: 24
                          45.11.220.0/22 maxlen: 24
                          185.72.238.0/23 maxlen: 24
                          2a06:c07::/32 maxlen: 48
                          2a06:c01::/32 maxlen: 48
                          2a06:c02::/32 maxlen: 48
                          2a06:c00::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:30:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:d5:d4:23:57:8f:6a:84:25:6e:74:9f:b2:fa:f4:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a501c89f44829c72f2a953d2a2ba4ae0b7b50d8a
        Validity
            Not Before: Jan  2 14:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=77c676ed7ff7dc4b934d06ad871cf905fa9e20dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7d:5d:96:20:b0:22:f0:6d:17:b4:69:6f:7e:
                    34:6b:cc:20:a4:c0:d2:9f:59:22:51:54:b0:09:09:
                    58:5a:5a:4f:65:cc:f0:bd:5c:c9:eb:7d:c4:97:11:
                    ac:e3:54:5d:c2:87:7e:ba:a5:47:2a:ce:6a:42:ee:
                    25:14:f8:c2:83:9b:80:6d:0b:5f:32:c4:0e:d5:8b:
                    36:00:af:78:e6:63:55:5a:a5:3c:80:04:fa:a5:54:
                    0d:6c:46:36:ca:aa:7b:1d:de:8a:69:28:77:23:67:
                    07:2c:d2:51:7b:3d:e7:67:b0:76:9d:4f:b4:1c:be:
                    1b:62:86:82:fb:f7:9c:1a:93:ef:25:2c:06:63:2e:
                    53:83:62:c0:85:8c:d3:9a:72:da:3e:a4:b8:ec:f8:
                    f0:56:2b:13:7d:99:40:d0:ff:e2:7f:48:da:20:1c:
                    e8:f7:f3:a9:32:3a:8d:f0:bc:b2:5f:da:04:f2:49:
                    b8:e0:db:ac:b2:80:aa:77:4b:d0:78:61:48:fb:4f:
                    66:59:a9:91:33:0e:7b:a7:b4:d7:f3:05:a3:1f:6c:
                    1c:90:b4:b8:12:20:e6:1d:72:e4:78:c8:b1:f7:5c:
                    91:2b:d3:e6:42:06:3e:09:58:dc:66:63:cd:7c:9e:
                    e3:91:a9:f2:56:2f:92:21:f7:83:d0:e0:04:97:6c:
                    c7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:C6:76:ED:7F:F7:DC:4B:93:4D:06:AD:87:1C:F9:05:FA:9E:20:DD
            X509v3 Authority Key Identifier:
                keyid:A5:01:C8:9F:44:82:9C:72:F2:A9:53:D2:A2:BA:4A:E0:B7:B5:0D:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pQHIn0SCnHLyqVPSorpK4Le1DYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/d8Z27X_33EuTTQathxz5BfqeIN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/pQHIn0SCnHLyqVPSorpK4Le1DYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.144.0/21
                  45.11.220.0/22
                  45.81.68.0/22
                  45.151.213.0/24
                  185.72.238.0/23
                  185.79.232.0/22
                  185.98.120.0/22
                IPv6:
                  2a06:c00::-2a06:c02:ffff:ffff:ffff:ffff:ffff:ffff
                  2a06:c07::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:ea:89:3a:c1:53:18:fb:6e:6b:4c:ea:43:7f:e6:c7:49:cf:
         16:12:3e:d3:db:70:32:0e:ed:d2:f9:44:ad:df:6c:1e:b7:54:
         e9:e8:72:fc:88:59:9c:16:ed:84:48:e0:af:09:d7:96:10:f9:
         01:e2:ba:4b:55:db:52:e9:d2:ae:54:5f:04:e4:20:81:a5:d1:
         4b:58:18:1f:09:c5:d8:eb:cb:de:57:aa:60:bd:fb:42:ef:f7:
         e3:fa:f7:41:3c:96:c6:93:23:09:8e:26:2a:80:08:0b:84:20:
         67:04:2f:28:8d:41:d2:8e:86:02:38:98:92:0a:27:83:8d:89:
         94:8f:cc:0e:d3:88:72:a6:c2:26:87:f1:4c:31:a8:c5:51:8d:
         19:6a:25:8f:35:de:52:fd:49:01:53:13:08:71:4e:5e:b7:6c:
         20:4f:41:ad:91:15:8d:01:24:46:d8:1f:4c:c8:f0:4c:92:97:
         8b:a0:55:e5:3e:b0:69:dc:72:0b:7b:a0:99:4c:4b:bb:fb:d3:
         78:9a:d6:ef:57:f6:bc:c2:d3:59:4a:a6:01:8e:0d:bd:c1:20:
         42:db:2f:5f:8c:1e:4d:53:49:bb:18:dc:95:cf:b3:77:25:fa:
         24:18:10:ed:db:81:d2:1c:88:15:43:b0:25:eb:a1:b4:1c:de:
         60:2e:b8:06
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYVy1dQjV49qhCVudJ+y+vR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MDFjODlmNDQ4MjljNzJmMmE5NTNkMmEyYmE0YWUwYjdi
NTBkOGEwHhcNMjMwMTAyMTQxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2M2NzZlZDdmZjdkYzRiOTM0ZDA2YWQ4NzFjZjkwNWZhOWUyMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmn1dliCwIvBtF7Rpb340a8wgpMDS
n1kiUVSwCQlYWlpPZczwvVzJ633ElxGs41Rdwod+uqVHKs5qQu4lFPjCg5uAbQtf
MsQO1Ys2AK945mNVWqU8gAT6pVQNbEY2yqp7Hd6KaSh3I2cHLNJRez3nZ7B2nU+0
HL4bYoaC+/ecGpPvJSwGYy5Tg2LAhYzTmnLaPqS47PjwVisTfZlA0P/if0jaIBzo
9/OpMjqN8LyyX9oE8km44NussoCqd0vQeGFI+09mWamRMw57p7TX8wWjH2wckLS4
EiDmHXLkeMix91yRK9PmQgY+CVjcZmPNfJ7jkanyVi+SIfeD0OAEl2zHdwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHfGdu1/99xLk00GrYcc+QX6niDdMB8GA1UdIwQY
MBaAFKUByJ9Egpxy8qlT0qK6SuC3tQ2KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFFISW4wU0NuSEx5cVZQU29ycEs0TGUxRFlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9kNWUxMDMtOTBiNS00NGYxLWI4NjQt
MTRhMWViNTUxMmQ2LzEvZDhaMjdYXzMzRXVUVFFhdGh4ejVCZnFlSU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9kNWUxMDMtOTBiNS00NGYxLWI4NjQtMTRhMWViNTUxMmQ2
LzEvcFFISW4wU0NuSEx5cVZQU29ycEs0TGUxRFlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDAwBAIAATAqAwQDBWaQAwQC
LQvcAwQCLVFEAwQALZfVAwQBuUjuAwQCuU/oAwQCuWJ4MBwEAgACMBYwDQMEAioG
DAMFACoGDAIDBQAqBgwHMA0GCSqGSIb3DQEBCwUAA4IBAQAt6ok6wVMY+25rTOpD
f+bHSc8WEj7T23AyDu3S+USt32wet1Tp6HL8iFmcFu2ESOCvCdeWEPkB4rpLVdtS
6dKuVF8E5CCBpdFLWBgfCcXY68veV6pgvftC7/fj+vdBPJbGkyMJjiYqgAgLhCBn
BC8ojUHSjoYCOJiSCieDjYmUj8wO04hypsImh/FMMajFUY0ZaiWPNd5S/UkBUxMI
cU5et2wgT0GtkRWNASRG2B9MyPBMkpeLoFXlPrBp3HILe6CZTEu7+9N4mtbvV/a8
wtNZSqYBjg29wSBC2y9fjB5NU0m7GNyVz7N3JfokGBDt24HSHIgVQ7Al66G0HN5g
LrgG
-----END CERTIFICATE-----