Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/FioihqZN3nnmcNX3oj4kBgSuy8Y.roa
File:                     FioihqZN3nnmcNX3oj4kBgSuy8Y.roa (raw, json)
Hash identifier:          GnYY9Y8nyIn7dt1mDzC+wK5qZUbYNKYukJiIQ5N2P2g=
Subject key identifier:   16:2A:22:86:A6:4D:DE:79:E6:70:D5:F7:A2:3E:24:06:04:AE:CB:C6
Certificate issuer:       /CN=4ecf617af35f3724e7da860ebfbe4ec138ae1800
Certificate serial:       018572711155F174A953A342506F9DF86E26
Authority key identifier: 4E:CF:61:7A:F3:5F:37:24:E7:DA:86:0E:BF:BE:4E:C1:38:AE:18:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ts9hevNfNyTn2oYOv75OwTiuGAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/FioihqZN3nnmcNX3oj4kBgSuy8Y.roa
Signing time:             Mon 02 Jan 2023 12:24:50 +0000
ROA not before:           Mon 02 Jan 2023 12:24:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35401
IP address blocks:        217.170.112.0/20 maxlen: 24
                          87.244.56.0/22 maxlen: 24
                          87.244.54.0/24 maxlen: 24
                          87.244.55.0/24 maxlen: 24
                          87.244.52.0/24 maxlen: 24
                          87.244.53.0/24 maxlen: 24
                          87.244.63.0/24 maxlen: 24
                          87.244.62.0/24 maxlen: 24
                          87.244.60.0/23 maxlen: 24
                          87.244.0.0/21 maxlen: 24
                          87.244.16.0/21 maxlen: 24
                          87.244.32.0/21 maxlen: 24
                          87.244.40.0/21 maxlen: 24
                          87.244.48.0/21 maxlen: 24
                          185.138.160.0/23 maxlen: 23
                          2a02:26e0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:71:11:55:f1:74:a9:53:a3:42:50:6f:9d:f8:6e:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ecf617af35f3724e7da860ebfbe4ec138ae1800
        Validity
            Not Before: Jan  2 12:24:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=162a2286a64dde79e670d5f7a23e240604aecbc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:6c:f5:a8:46:ad:a1:24:de:10:5e:39:c3:49:
                    e5:f4:51:c8:91:aa:9b:af:5b:92:6a:59:ac:67:7a:
                    d5:b0:55:8f:48:e7:84:a7:ec:fb:8e:e9:e8:24:7b:
                    34:d4:2b:d3:ae:dc:27:64:89:38:d9:0e:06:ad:47:
                    42:cf:20:7d:f5:be:8f:0b:9f:2f:9d:7c:fa:bb:6d:
                    d4:5f:4f:99:35:b5:e7:df:d6:f1:5f:a8:b7:2e:c4:
                    1c:0d:83:8b:b6:ec:ee:b2:55:28:90:93:78:19:4b:
                    c3:22:6c:2b:f9:ef:ba:72:e0:54:96:ff:93:fe:ef:
                    ba:20:4c:08:45:10:7b:85:fd:d7:c9:e4:d8:58:1d:
                    5e:a4:a3:bb:b8:25:3f:90:9d:81:03:9d:b9:de:14:
                    4c:d1:cc:47:ce:90:af:55:3f:97:72:b7:f9:9a:28:
                    fb:a4:1f:58:65:a0:8b:3f:5e:29:64:76:b3:c7:59:
                    4a:06:27:f2:6b:b9:e1:77:ba:8f:95:d8:63:e7:88:
                    79:23:e5:83:12:dd:68:d0:dc:28:10:8c:53:ac:02:
                    97:11:78:eb:fb:c8:26:fe:d2:e2:68:1f:e1:e3:52:
                    57:39:0c:3a:24:b9:df:b4:71:a1:38:81:19:01:08:
                    cc:5c:c3:da:b9:50:72:ce:3f:5d:99:c3:f8:e9:e8:
                    e0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:2A:22:86:A6:4D:DE:79:E6:70:D5:F7:A2:3E:24:06:04:AE:CB:C6
            X509v3 Authority Key Identifier:
                keyid:4E:CF:61:7A:F3:5F:37:24:E7:DA:86:0E:BF:BE:4E:C1:38:AE:18:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ts9hevNfNyTn2oYOv75OwTiuGAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/FioihqZN3nnmcNX3oj4kBgSuy8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/975c5e-6b05-4a47-9e91-13699365c3c7/1/Ts9hevNfNyTn2oYOv75OwTiuGAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.244.0.0/21
                  87.244.16.0/21
                  87.244.32.0/19
                  185.138.160.0/23
                  217.170.112.0/20
                IPv6:
                  2a02:26e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:75:13:51:f1:df:64:52:2d:4c:1c:87:60:0c:94:7a:e7:be:
         cb:b0:32:b1:3d:e3:1b:ef:a7:71:ed:c7:f1:cb:1c:3f:34:d8:
         d4:cd:02:c5:cf:19:b5:45:e5:d7:19:c2:aa:fc:7f:bd:f7:2b:
         ac:56:76:06:d5:bc:69:4a:b1:25:cc:37:55:ec:48:54:84:69:
         27:99:00:90:b0:dc:cb:ed:51:74:47:fa:1e:e1:38:55:23:72:
         06:e4:b9:e7:b2:f1:9d:45:f4:6f:eb:e1:cb:ed:0b:01:db:09:
         20:ad:a3:5a:95:b0:d9:87:cb:9a:63:7f:d1:50:74:d5:c3:17:
         1d:f4:c2:c3:63:05:a5:90:9f:92:61:df:e2:89:f8:c0:26:7b:
         30:76:76:f6:f0:7b:ed:85:e3:a9:79:35:0b:02:57:d7:69:d1:
         a3:3f:eb:4c:a4:1f:4b:76:51:58:01:3f:ef:77:74:94:42:77:
         60:82:5a:b9:95:18:e1:f3:aa:29:a6:e1:01:e0:57:d3:c6:f9:
         87:6e:76:cc:12:8f:b8:f2:73:57:3e:54:4d:ad:a6:b7:fe:8e:
         51:83:82:a4:2f:83:71:7e:77:40:3e:43:ca:54:d2:9d:5e:37:
         cc:84:5d:e8:4c:cd:05:32:61:97:39:4f:07:85:6e:63:6a:3b:
         a2:68:42:cf
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVycRFV8XSpU6NCUG+d+G4mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlY2Y2MTdhZjM1ZjM3MjRlN2RhODYwZWJmYmU0ZWMxMzhh
ZTE4MDAwHhcNMjMwMTAyMTIyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjJhMjI4NmE2NGRkZTc5ZTY3MGQ1ZjdhMjNlMjQwNjA0YWVjYmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22z1qEatoSTeEF45w0nl9FHIkaqb
r1uSalmsZ3rVsFWPSOeEp+z7junoJHs01CvTrtwnZIk42Q4GrUdCzyB99b6PC58v
nXz6u23UX0+ZNbXn39bxX6i3LsQcDYOLtuzuslUokJN4GUvDImwr+e+6cuBUlv+T
/u+6IEwIRRB7hf3XyeTYWB1epKO7uCU/kJ2BA5253hRM0cxHzpCvVT+Xcrf5mij7
pB9YZaCLP14pZHazx1lKBifya7nhd7qPldhj54h5I+WDEt1o0NwoEIxTrAKXEXjr
+8gm/tLiaB/h41JXOQw6JLnftHGhOIEZAQjMXMPauVByzj9dmcP46ejgeQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFBYqIoamTd555nDV96I+JAYErsvGMB8GA1UdIwQY
MBaAFE7PYXrzXzck59qGDr++TsE4rhgAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHM5aGV2TmZOeVRuMm9ZT3Y3NU93VGl1R0FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi85NzVjNWUtNmIwNS00YTQ3LTllOTEt
MTM2OTkzNjVjM2M3LzEvRmlvaWhxWk4zbm5tY05YM29qNGtCZ1N1eThZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi85NzVjNWUtNmIwNS00YTQ3LTllOTEtMTM2OTkzNjVjM2M3
LzEvVHM5aGV2TmZOeVRuMm9ZT3Y3NU93VGl1R0FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDV/QAAwQD
V/QQAwQFV/QgAwQBuYqgAwQE2apwMA0EAgACMAcDBQAqAibgMA0GCSqGSIb3DQEB
CwUAA4IBAQB3dRNR8d9kUi1MHIdgDJR6577LsDKxPeMb76dx7cfxyxw/NNjUzQLF
zxm1ReXXGcKq/H+99yusVnYG1bxpSrElzDdV7EhUhGknmQCQsNzL7VF0R/oe4ThV
I3IG5LnnsvGdRfRv6+HL7QsB2wkgraNalbDZh8uaY3/RUHTVwxcd9MLDYwWlkJ+S
Yd/iifjAJnswdnb28HvtheOpeTULAlfXadGjP+tMpB9LdlFYAT/vd3SUQndgglq5
lRjh86oppuEB4FfTxvmHbnbMEo+48nNXPlRNraa3/o5Rg4KkL4NxfndAPkPKVNKd
XjfMhF3oTM0FMmGXOU8HhW5jajuiaELP
-----END CERTIFICATE-----