Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/PzEjfi9dGfZXTELAF3k3TOLxA9Q.roa
File:                     PzEjfi9dGfZXTELAF3k3TOLxA9Q.roa (raw, json)
Hash identifier:          kjqPQ1OzuEVTjEGmpkFTqAMJRsgEwtbMHPyESV/nQ8o=
Subject key identifier:   3F:31:23:7E:2F:5D:19:F6:57:4C:42:C0:17:79:37:4C:E2:F1:03:D4
Certificate issuer:       /CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
Certificate serial:       018755C93502B17FE96CAA1CF93F0B03B522
Authority key identifier: 74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/PzEjfi9dGfZXTELAF3k3TOLxA9Q.roa
Signing time:             Thu 06 Apr 2023 08:57:42 +0000
ROA not before:           Thu 06 Apr 2023 08:57:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        88.212.157.0/24 maxlen: 24
                          88.212.156.0/24 maxlen: 24
                          88.212.158.0/24 maxlen: 24
                          88.212.159.0/24 maxlen: 24
                          185.8.132.0/24 maxlen: 24
                          185.8.135.0/24 maxlen: 24
                          185.8.133.0/24 maxlen: 24
                          83.151.192.0/24 maxlen: 24
                          83.151.195.0/24 maxlen: 24
                          83.151.193.0/24 maxlen: 24
                          83.151.194.0/24 maxlen: 24
                          88.202.210.0/24 maxlen: 24
                          88.202.208.0/24 maxlen: 24
                          88.202.208.0/23 maxlen: 23
                          88.202.209.0/24 maxlen: 24
                          88.202.211.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:55:c9:35:02:b1:7f:e9:6c:aa:1c:f9:3f:0b:03:b5:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7445ddeedfbd72d313e9ee8cceeae8403cc34146
        Validity
            Not Before: Apr  6 08:57:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f31237e2f5d19f6574c42c01779374ce2f103d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:fe:c2:4e:1f:9c:ad:21:7f:58:15:8d:e8:4c:
                    89:c0:10:1a:5b:86:02:c6:ab:e7:eb:f1:df:2b:ef:
                    21:6e:9d:5d:88:8f:d9:d7:e5:4f:1f:61:dc:6a:b5:
                    dc:95:73:d1:d6:7a:1c:51:87:93:3c:55:1b:8d:51:
                    70:db:2d:71:78:49:18:a2:ba:33:4c:ca:4c:1f:db:
                    2f:42:99:9b:8b:a5:af:b0:9d:25:99:b6:cf:11:9e:
                    d5:07:77:bf:f1:cd:e0:f4:a3:3a:18:39:9e:59:ce:
                    64:45:11:0a:67:ce:5d:38:0a:d3:c9:00:db:68:d5:
                    38:8c:45:f0:2c:65:7f:a6:ef:ed:71:92:7b:5b:9f:
                    44:06:55:0d:74:b5:b7:b4:9e:69:1a:06:39:f1:52:
                    a6:16:ea:a8:b5:21:d2:df:9f:1e:d6:77:6a:36:a9:
                    c5:42:3d:d9:e1:c5:f9:37:66:9c:52:ea:47:bf:cf:
                    c6:59:73:05:61:a8:92:a7:31:e2:0b:d6:d2:27:a9:
                    07:21:3b:df:99:94:65:10:50:eb:99:df:ec:5e:7e:
                    f2:b7:be:89:5d:dd:0d:32:bb:54:1e:c6:7f:4c:72:
                    f0:e3:61:0e:b6:97:6e:e0:d4:8e:d5:78:05:d9:14:
                    22:85:23:db:43:6b:ec:d5:53:38:78:c6:73:6d:e8:
                    28:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:31:23:7E:2F:5D:19:F6:57:4C:42:C0:17:79:37:4C:E2:F1:03:D4
            X509v3 Authority Key Identifier:
                keyid:74:45:DD:EE:DF:BD:72:D3:13:E9:EE:8C:CE:EA:E8:40:3C:C3:41:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEXd7t-9ctMT6e6MzuroQDzDQUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/PzEjfi9dGfZXTELAF3k3TOLxA9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c1765b-e3a5-410c-9cd3-6ca340fa7493/1/dEXd7t-9ctMT6e6MzuroQDzDQUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.151.192.0/22
                  88.202.208.0/22
                  88.212.156.0/22
                  185.8.132.0/23
                  185.8.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:27:be:c8:50:75:af:9d:b5:b7:09:80:6a:18:5e:65:31:ba:
         2e:9e:fa:64:d4:6f:e5:85:df:4d:88:02:22:a3:82:41:a7:e1:
         d9:9e:c8:51:0b:26:f3:07:b3:3f:9d:32:c2:28:43:35:20:3a:
         b0:c0:7c:60:51:34:87:c5:d8:7a:6e:91:f0:76:75:2f:50:61:
         07:77:a6:52:06:ff:04:8c:cb:ff:5b:30:25:be:12:a6:40:23:
         31:f0:db:1e:3a:d6:74:23:30:ec:30:85:8d:61:63:e4:2f:e8:
         34:22:f5:08:a0:94:c9:a6:f0:95:57:ed:75:bc:11:8b:0a:d8:
         10:62:2a:e0:6c:74:da:97:97:45:10:9e:1b:52:e9:08:90:4f:
         8a:2e:1a:d8:e3:96:9c:0e:ed:ee:ab:cd:f7:73:87:98:12:0c:
         b1:e4:5e:8f:de:33:93:c8:3e:3d:bc:b0:59:6a:9e:38:7d:3d:
         b2:fb:b4:24:ff:5a:fb:23:9b:50:68:77:ab:73:bd:c8:18:6c:
         24:e5:6e:d9:c1:c9:a8:72:2f:d3:3f:a1:19:b8:0d:f8:5d:6d:
         a7:fa:cb:6a:9f:5f:82:4e:11:c2:94:b4:29:21:89:29:f7:17:
         3b:ac:5c:b9:86:33:30:ae:56:05:f3:61:9e:8a:10:bc:d6:f0:
         32:ea:9d:59
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYdVyTUCsX/pbKoc+T8LA7UiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NDVkZGVlZGZiZDcyZDMxM2U5ZWU4Y2NlZWFlODQwM2Nj
MzQxNDYwHhcNMjMwNDA2MDg1NzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjMxMjM3ZTJmNWQxOWY2NTc0YzQyYzAxNzc5Mzc0Y2UyZjEwM2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/7CTh+crSF/WBWN6EyJwBAaW4YC
xqvn6/HfK+8hbp1diI/Z1+VPH2HcarXclXPR1nocUYeTPFUbjVFw2y1xeEkYoroz
TMpMH9svQpmbi6WvsJ0lmbbPEZ7VB3e/8c3g9KM6GDmeWc5kRREKZ85dOArTyQDb
aNU4jEXwLGV/pu/tcZJ7W59EBlUNdLW3tJ5pGgY58VKmFuqotSHS358e1ndqNqnF
Qj3Z4cX5N2acUupHv8/GWXMFYaiSpzHiC9bSJ6kHITvfmZRlEFDrmd/sXn7yt76J
Xd0NMrtUHsZ/THLw42EOtpdu4NSO1XgF2RQihSPbQ2vs1VM4eMZzbegoHwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFD8xI34vXRn2V0xCwBd5N0zi8QPUMB8GA1UdIwQY
MBaAFHRF3e7fvXLTE+nujM7q6EA8w0FGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMt
NmNhMzQwZmE3NDkzLzEvUHpFamZpOWRHZlpYVEVMQUYzazNUT0x4QTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jMTc2NWItZTNhNS00MTBjLTljZDMtNmNhMzQwZmE3NDkz
LzEvZEVYZDd0LTljdE1UNmU2TXp1cm9RRHpEUVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCU5fAAwQC
WMrQAwQCWNScAwQBuQiEAwQAuQiHMA0GCSqGSIb3DQEBCwUAA4IBAQAJJ77IUHWv
nbW3CYBqGF5lMbounvpk1G/lhd9NiAIio4JBp+HZnshRCybzB7M/nTLCKEM1IDqw
wHxgUTSHxdh6bpHwdnUvUGEHd6ZSBv8EjMv/WzAlvhKmQCMx8NseOtZ0IzDsMIWN
YWPkL+g0IvUIoJTJpvCVV+11vBGLCtgQYirgbHTal5dFEJ4bUukIkE+KLhrY45ac
Du3uq833c4eYEgyx5F6P3jOTyD49vLBZap44fT2y+7Qk/1r7I5tQaHerc73IGGwk
5W7Zwcmoci/TP6EZuA34XW2n+stqn1+CThHClLQpIYkp9xc7rFy5hjMwrlYF82Ge
ihC81vAy6p1Z
-----END CERTIFICATE-----