Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/GhEn5VJqYV48qfOF1Y9LT8nozwU.roa
File:                     GhEn5VJqYV48qfOF1Y9LT8nozwU.roa (raw, json)
Hash identifier:          VRqLVbRE5w8xpt7klx+x/UsK9WxduLeb098tW3ZB5wM=
Subject key identifier:   1A:11:27:E5:52:6A:61:5E:3C:A9:F3:85:D5:8F:4B:4F:C9:E8:CF:05
Certificate issuer:       /CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
Certificate serial:       018755C935615E6A7FAE9600038B8B12C97B
Authority key identifier: 74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/GhEn5VJqYV48qfOF1Y9LT8nozwU.roa
Signing time:             Thu 06 Apr 2023 08:57:42 +0000
ROA not before:           Thu 06 Apr 2023 08:57:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        88.212.158.0/24 maxlen: 24
                          88.212.157.0/24 maxlen: 24
                          88.212.156.0/24 maxlen: 24
                          88.212.159.0/24 maxlen: 24
                          185.8.132.0/24 maxlen: 24
                          185.8.135.0/24 maxlen: 24
                          185.8.134.0/24 maxlen: 24
                          185.8.133.0/24 maxlen: 24
                          83.151.192.0/24 maxlen: 24
                          83.151.193.0/24 maxlen: 24
                          83.151.195.0/24 maxlen: 24
                          83.151.194.0/24 maxlen: 24
                          88.202.211.0/24 maxlen: 24
                          88.202.210.0/24 maxlen: 24
                          88.202.209.0/24 maxlen: 24
                          88.202.208.0/24 maxlen: 24
                          88.202.208.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:55:c9:35:61:5e:6a:7f:ae:96:00:03:8b:8b:12:c9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
        Validity
            Not Before: Apr  6 08:57:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1a1127e5526a615e3ca9f385d58f4b4fc9e8cf05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fa:52:0c:b2:40:91:f3:2f:1d:8a:6b:cd:9f:
                    aa:ea:01:14:5b:d3:07:0a:94:2a:ed:a0:3c:8d:78:
                    0c:37:1d:67:17:8d:4c:e1:e5:fe:aa:e2:e8:51:79:
                    11:c8:0b:61:05:f1:27:ae:b2:01:4b:86:76:cd:52:
                    7b:3e:fd:f8:2c:26:c8:7e:46:0d:c4:10:aa:98:41:
                    41:fe:86:12:99:8a:01:cb:71:22:57:ba:da:07:e4:
                    ce:a7:28:46:63:17:1b:99:19:52:f9:a4:7c:c6:56:
                    36:03:f2:74:b2:8c:3e:aa:c8:4d:52:46:5b:35:28:
                    f6:71:55:35:03:b1:0d:78:fd:41:e2:87:45:98:dc:
                    86:8d:58:1f:0d:b3:2f:c5:6c:f3:4e:76:b2:ee:d1:
                    be:a1:52:2f:30:1a:cf:b3:09:00:87:e0:f5:52:55:
                    d6:80:4b:f6:c0:9c:06:97:7d:8b:95:10:b5:64:fc:
                    83:97:0d:57:a9:69:0c:87:22:a4:8e:e2:4d:1c:e2:
                    0a:7f:1c:15:7c:9c:ef:ab:c9:04:6f:3e:25:3c:be:
                    01:70:66:e2:6e:dc:ab:4d:a5:d5:95:0f:f5:33:36:
                    8e:a6:9e:85:99:35:7d:b3:f3:e0:ef:b1:30:2d:d5:
                    9c:2e:1b:3a:3c:6a:4e:07:b5:a2:fd:02:bd:cc:c2:
                    a3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:11:27:E5:52:6A:61:5E:3C:A9:F3:85:D5:8F:4B:4F:C9:E8:CF:05
            X509v3 Authority Key Identifier:
                keyid:74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/GhEn5VJqYV48qfOF1Y9LT8nozwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.151.192.0/22
                  88.202.208.0/22
                  88.212.156.0/22
                  185.8.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:7c:c5:70:35:b8:cc:64:e5:e4:2b:6f:46:79:f6:63:78:34:
         e4:d7:d3:73:bc:99:05:0d:cd:d6:55:01:5d:4f:6f:99:94:b2:
         74:af:05:4b:eb:73:fb:7c:8f:5a:87:76:6b:3f:74:ba:61:4b:
         00:b6:4c:b6:26:69:76:c8:ae:cd:48:f9:df:d0:c0:40:03:0f:
         9c:e9:e2:84:a3:79:19:45:bd:0a:99:c0:67:ee:f0:cc:a5:04:
         b5:af:6f:6a:53:05:85:9f:28:2d:b1:e0:a1:d9:94:fd:b6:fb:
         80:ad:b5:60:50:50:e8:f4:69:77:24:e8:cc:94:c8:b9:c9:7b:
         c1:5e:54:dd:b7:bd:48:68:3e:ca:a4:77:f2:a6:37:00:74:6c:
         5d:17:e1:ae:47:b7:1f:5d:6f:7f:d1:76:74:be:48:43:17:53:
         f6:38:96:58:93:d8:98:f2:6d:87:21:84:12:b3:79:3c:0f:2d:
         68:6a:0f:29:05:24:09:b5:cc:01:87:03:52:da:dc:2a:6d:7c:
         80:ef:c4:64:6d:0e:e6:45:d6:58:f4:bd:d0:20:e3:a9:c2:85:
         4d:6f:32:9a:ac:1f:10:e1:1b:43:c5:88:40:d7:17:e9:a3:1a:
         ce:a2:c8:74:2b:0c:5b:54:c1:ed:c9:94:95:63:28:39:58:35:
         48:d5:f2:b3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYdVyTVhXmp/rpYAA4uLEsl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NDVkZGVlZGZiZDcyZDMxM2U5ZWU4Y2NlZWFlODQwM2Nj
MzQxNDYwHhcNMjMwNDA2MDg1NzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTExMjdlNTUyNmE2MTVlM2NhOWYzODVkNThmNGI0ZmM5ZThjZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPpSDLJAkfMvHYprzZ+q6gEUW9MH
CpQq7aA8jXgMNx1nF41M4eX+quLoUXkRyAthBfEnrrIBS4Z2zVJ7Pv34LCbIfkYN
xBCqmEFB/oYSmYoBy3EiV7raB+TOpyhGYxcbmRlS+aR8xlY2A/J0sow+qshNUkZb
NSj2cVU1A7ENeP1B4odFmNyGjVgfDbMvxWzzTnay7tG+oVIvMBrPswkAh+D1UlXW
gEv2wJwGl32LlRC1ZPyDlw1XqWkMhyKkjuJNHOIKfxwVfJzvq8kEbz4lPL4BcGbi
btyrTaXVlQ/1MzaOpp6FmTV9s/Pg77EwLdWcLhs6PGpOB7Wi/QK9zMKjPwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBoRJ+VSamFePKnzhdWPS0/J6M8FMB8GA1UdIwQY
MBaAFHRF3e7fvXLTE+nujM7q6EA8w0FGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMt
NmNhMzQwZmE3NDkzLzEvR2hFbjVWSnFZVjQ4cWZPRjFZOUxUOG5vendVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMtNmNhMzQwZmE3NDkz
LzEvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCU5fAAwQC
WMrQAwQCWNScAwQCuQiEMA0GCSqGSIb3DQEBCwUAA4IBAQAMfMVwNbjMZOXkK29G
efZjeDTk19NzvJkFDc3WVQFdT2+ZlLJ0rwVL63P7fI9ah3ZrP3S6YUsAtky2Jml2
yK7NSPnf0MBAAw+c6eKEo3kZRb0KmcBn7vDMpQS1r29qUwWFnygtseCh2ZT9tvuA
rbVgUFDo9Gl3JOjMlMi5yXvBXlTdt71IaD7KpHfypjcAdGxdF+GuR7cfXW9/0XZ0
vkhDF1P2OJZYk9iY8m2HIYQSs3k8Dy1oag8pBSQJtcwBhwNS2twqbXyA78RkbQ7m
RdZY9L3QIOOpwoVNbzKarB8Q4RtDxYhA1xfpoxrOosh0KwxbVMHtyZSVYyg5WDVI
1fKz
-----END CERTIFICATE-----