Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/aF9CRcTSajF92T9hAnsU6oZ9ze4.roa
File:                     aF9CRcTSajF92T9hAnsU6oZ9ze4.roa (raw, json)
Hash identifier:          q+zelP6JEEepsd6EYEC53Non+7CtjnlULDM0ftx9tI4=
Subject key identifier:   68:5F:42:45:C4:D2:6A:31:7D:D9:3F:61:02:7B:14:EA:86:7D:CD:EE
Certificate issuer:       /CN=3b3daef89306a75f0b88191440742a720afb3f20
Certificate serial:       0186369E95BAC52A127A37E2588CC95FFA3D
Authority key identifier: 3B:3D:AE:F8:93:06:A7:5F:0B:88:19:14:40:74:2A:72:0A:FB:3F:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/aF9CRcTSajF92T9hAnsU6oZ9ze4.roa
Signing time:             Thu 09 Feb 2023 14:40:08 +0000
ROA not before:           Thu 09 Feb 2023 14:40:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     24796
IP address blocks:        193.201.40.0/24 maxlen: 24
                          193.24.29.0/24 maxlen: 24
                          185.33.110.0/24 maxlen: 24
                          185.33.110.0/23 maxlen: 23
                          185.33.111.0/24 maxlen: 24
                          185.33.108.0/23 maxlen: 23
                          185.33.108.0/24 maxlen: 24
                          185.33.108.0/22 maxlen: 22
                          185.33.109.0/24 maxlen: 24
                          2a0f:80::/32 maxlen: 32
                          2a0f:80:b::/48 maxlen: 48
                          2a0f:80:a::/48 maxlen: 48
                          2a0f:80:3::/48 maxlen: 48
                          2a0f:80:1::/48 maxlen: 48
                          2001:7f8:10::/48 maxlen: 48
                          2a0f:80:c::/48 maxlen: 48
                          2a0f:80:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 14 Feb 2023 15:20:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:36:9e:95:ba:c5:2a:12:7a:37:e2:58:8c:c9:5f:fa:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b3daef89306a75f0b88191440742a720afb3f20
        Validity
            Not Before: Feb  9 14:40:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=685f4245c4d26a317dd93f61027b14ea867dcdee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:bd:05:70:b1:9b:90:31:f9:76:8a:da:e8:74:
                    c8:62:b7:4a:12:1a:af:bf:d1:a1:7a:2d:8e:f7:e3:
                    42:8f:93:f2:52:08:2a:fe:21:29:c0:dc:87:66:41:
                    7a:5a:d1:09:be:d3:b2:82:6e:a3:2e:63:df:de:58:
                    38:77:50:82:e3:86:f0:e4:7d:10:b4:c8:65:8f:e4:
                    65:0b:ec:17:2b:0a:ba:e3:81:03:a0:79:5a:18:c7:
                    07:96:c8:29:4f:cb:d6:1b:c1:a6:b5:1c:fd:da:fe:
                    98:1c:58:6a:d1:68:d5:85:85:be:e1:91:e8:e5:ae:
                    a4:83:7f:17:3a:4f:51:89:1a:2a:f9:4b:15:c4:cf:
                    7d:db:d8:6a:e0:a5:81:ad:1c:06:98:02:ca:fb:bb:
                    e1:2a:2a:4f:03:77:54:ff:2a:41:be:b6:d7:2f:1c:
                    19:ec:ae:c7:04:3a:8e:10:aa:5a:94:65:07:af:f6:
                    be:72:a7:d8:35:1f:e0:00:93:f5:d4:31:e1:58:88:
                    1f:d5:c0:7f:7c:54:b8:b3:ac:1f:f6:d5:19:16:4e:
                    ae:7b:db:50:6c:08:fb:a3:4d:13:4d:ad:ef:c8:ee:
                    71:93:58:5d:51:c3:45:7d:f3:05:a0:dd:f8:7e:d2:
                    fe:ea:99:86:62:15:2f:1d:68:63:49:bc:f4:af:b2:
                    67:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:5F:42:45:C4:D2:6A:31:7D:D9:3F:61:02:7B:14:EA:86:7D:CD:EE
            X509v3 Authority Key Identifier:
                keyid:3B:3D:AE:F8:93:06:A7:5F:0B:88:19:14:40:74:2A:72:0A:FB:3F:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/aF9CRcTSajF92T9hAnsU6oZ9ze4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/Oz2u-JMGp18LiBkUQHQqcgr7PyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.108.0/22
                  193.24.29.0/24
                  193.201.40.0/24
                IPv6:
                  2001:7f8:10::/48
                  2a0f:80::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:22:82:b2:59:2d:61:fc:57:a6:31:86:6c:5a:d7:f2:d8:9f:
         71:06:b4:d6:75:ec:23:c1:4c:d2:0c:89:d3:08:89:20:c5:fc:
         13:08:df:ce:8f:c9:0e:4c:22:40:ca:51:b2:b9:04:97:67:ee:
         b7:24:67:90:6b:b6:f0:e4:0d:ba:dd:ed:07:de:b3:9f:d6:c4:
         46:3b:b4:25:8c:41:24:d1:ac:44:be:44:a1:57:45:3f:3f:68:
         25:14:25:0d:51:f0:72:fc:14:c4:a2:16:70:73:86:b5:92:d8:
         a5:57:be:69:4f:e3:bc:b7:62:cf:8b:4d:8c:79:27:35:f2:ad:
         ed:fe:78:38:83:af:75:4d:3c:20:83:e7:cf:e6:c4:70:be:e1:
         98:5c:96:14:84:bc:16:7c:89:26:80:fd:98:6f:3a:5e:3c:46:
         99:4c:54:4f:e8:5a:6b:b9:8d:c1:e3:27:0a:ea:5d:43:c0:2e:
         b6:db:ab:10:06:c2:27:07:34:f5:c7:4c:a8:77:0d:fa:13:26:
         18:9f:99:e5:cc:5c:35:e8:7d:7d:d0:0b:f4:66:6e:92:e5:8c:
         a9:65:f9:70:bc:00:be:c6:b6:09:83:e5:e8:de:1c:bd:e7:db:
         59:03:6a:7a:d1:03:2a:52:5b:9d:ef:c1:03:d4:0d:73:8c:c9:
         a2:55:c1:31
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYY2npW6xSoSejfiWIzJX/o9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiM2RhZWY4OTMwNmE3NWYwYjg4MTkxNDQwNzQyYTcyMGFm
YjNmMjAwHhcNMjMwMjA5MTQ0MDA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODVmNDI0NWM0ZDI2YTMxN2RkOTNmNjEwMjdiMTRlYTg2N2RjZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk70FcLGbkDH5dora6HTIYrdKEhqv
v9Ghei2O9+NCj5PyUggq/iEpwNyHZkF6WtEJvtOygm6jLmPf3lg4d1CC44bw5H0Q
tMhlj+RlC+wXKwq644EDoHlaGMcHlsgpT8vWG8GmtRz92v6YHFhq0WjVhYW+4ZHo
5a6kg38XOk9RiRoq+UsVxM9929hq4KWBrRwGmALK+7vhKipPA3dU/ypBvrbXLxwZ
7K7HBDqOEKpalGUHr/a+cqfYNR/gAJP11DHhWIgf1cB/fFS4s6wf9tUZFk6ue9tQ
bAj7o00TTa3vyO5xk1hdUcNFffMFoN34ftL+6pmGYhUvHWhjSbz0r7JnZwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGhfQkXE0moxfdk/YQJ7FOqGfc3uMB8GA1UdIwQY
MBaAFDs9rviTBqdfC4gZFEB0KnIK+z8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3oydS1KTUdwMThMaUJrVVFIUXFjZ3I3UHlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9mMTUwYjEtNDNiOS00OTExLWEwMDUt
YWFjYWQ4NmM2MTdkLzEvYUY5Q1JjVFNhakY5MlQ5aEFuc1U2b1o5emU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9mMTUwYjEtNDNiOS00OTExLWEwMDUtYWFjYWQ4NmM2MTdk
LzEvT3oydS1KTUdwMThMaUJrVVFIUXFjZ3I3UHlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAYBAIAATASAwQCuSFsAwQA
wRgdAwQAwckoMBYEAgACMBADBwAgAQf4ABADBQAqDwCAMA0GCSqGSIb3DQEBCwUA
A4IBAQCDIoKyWS1h/FemMYZsWtfy2J9xBrTWdewjwUzSDInTCIkgxfwTCN/Oj8kO
TCJAylGyuQSXZ+63JGeQa7bw5A263e0H3rOf1sRGO7QljEEk0axEvkShV0U/P2gl
FCUNUfBy/BTEohZwc4a1ktilV75pT+O8t2LPi02MeSc18q3t/ng4g691TTwgg+fP
5sRwvuGYXJYUhLwWfIkmgP2YbzpePEaZTFRP6FpruY3B4ycK6l1DwC6226sQBsIn
BzT1x0yodw36EyYYn5nlzFw16H190Av0Zm6S5YypZflwvAC+xrYJg+Xo3hy959tZ
A2p60QMqUlud78ED1A1zjMmiVcEx
-----END CERTIFICATE-----