Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/389231-2b5f-4c9e-941d-b4b28437fe6c/1/tvz-Jchrvf6mFs1M_1Bx9IPCtko.roa
File:                     tvz-Jchrvf6mFs1M_1Bx9IPCtko.roa (raw, json)
Hash identifier:          9OD/WxY+kHkBSKyKTASMXTxxjBZJYBUwaf6QvqpFWeA=
Subject key identifier:   B6:FC:FE:25:C8:6B:BD:FE:A6:16:CD:4C:FF:50:71:F4:83:C2:B6:4A
Certificate issuer:       /CN=f4a5b042fe48eeb123be56dbf9e8dda20c1ea11d
Certificate serial:       01856FD50301DD8A351BD30198A653B90762
Authority key identifier: F4:A5:B0:42:FE:48:EE:B1:23:BE:56:DB:F9:E8:DD:A2:0C:1E:A1:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9KWwQv5I7rEjvlbb-ejdogweoR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/389231-2b5f-4c9e-941d-b4b28437fe6c/1/tvz-Jchrvf6mFs1M_1Bx9IPCtko.roa
Signing time:             Mon 02 Jan 2023 00:15:08 +0000
ROA not before:           Mon 02 Jan 2023 00:15:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8304
IP address blocks:        213.182.32.0/19 maxlen: 24
                          81.91.64.0/20 maxlen: 24
                          195.200.96.0/19 maxlen: 24
                          46.227.80.0/21 maxlen: 24
                          213.218.128.0/19 maxlen: 24
                          91.188.64.0/19 maxlen: 24
                          5.144.136.0/21 maxlen: 24
                          128.204.208.0/21 maxlen: 24
                          185.91.36.0/22 maxlen: 24
                          2a00:e00::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:29:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:d5:03:01:dd:8a:35:1b:d3:01:98:a6:53:b9:07:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4a5b042fe48eeb123be56dbf9e8dda20c1ea11d
        Validity
            Not Before: Jan  2 00:15:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b6fcfe25c86bbdfea616cd4cff5071f483c2b64a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:77:8c:31:3e:ac:03:96:7e:56:cd:7c:69:1e:
                    2b:74:df:fd:89:60:ea:c1:06:8b:d8:e7:34:4a:ad:
                    ef:37:23:d0:58:ef:9e:5c:72:1e:43:24:55:cc:b1:
                    a1:75:3c:ae:2e:bc:c7:a1:9d:f9:2a:e1:a9:6e:65:
                    0d:1b:36:ff:07:f7:5c:ae:b1:f6:0c:4b:3c:d3:68:
                    38:f6:2a:72:3c:93:66:4c:88:46:a0:14:61:d0:f9:
                    fd:a7:16:e3:09:dd:41:71:3c:9e:c7:fc:29:20:9b:
                    b2:1e:95:13:42:1c:24:a9:c1:85:04:a3:7a:0f:db:
                    62:c8:56:29:41:3f:79:ff:e9:d1:ed:26:67:f8:fd:
                    a4:ce:b7:17:8a:19:3e:b8:fa:69:86:df:c2:48:29:
                    36:dd:91:90:3b:09:77:d0:e8:fb:be:50:d6:2b:00:
                    71:10:f1:2c:8c:95:0a:78:b6:a5:e7:9f:fc:ce:dc:
                    9f:f7:4f:53:45:fc:14:5d:24:bb:77:6f:af:fd:34:
                    2f:4c:9f:40:d6:cc:cf:a5:b7:f0:b9:2b:f5:5c:fc:
                    1a:46:fb:29:87:5b:2a:87:97:7c:ee:8f:b5:c8:39:
                    3a:87:85:e4:b9:fd:ee:e6:f1:64:97:4c:3b:10:af:
                    23:6e:ec:66:4a:43:a2:9a:54:cc:f0:55:3d:7f:20:
                    35:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:FC:FE:25:C8:6B:BD:FE:A6:16:CD:4C:FF:50:71:F4:83:C2:B6:4A
            X509v3 Authority Key Identifier:
                keyid:F4:A5:B0:42:FE:48:EE:B1:23:BE:56:DB:F9:E8:DD:A2:0C:1E:A1:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9KWwQv5I7rEjvlbb-ejdogweoR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/389231-2b5f-4c9e-941d-b4b28437fe6c/1/tvz-Jchrvf6mFs1M_1Bx9IPCtko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/389231-2b5f-4c9e-941d-b4b28437fe6c/1/9KWwQv5I7rEjvlbb-ejdogweoR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.136.0/21
                  46.227.80.0/21
                  81.91.64.0/20
                  91.188.64.0/19
                  128.204.208.0/21
                  185.91.36.0/22
                  195.200.96.0/19
                  213.182.32.0/19
                  213.218.128.0/19
                IPv6:
                  2a00:e00::/32

    Signature Algorithm: sha256WithRSAEncryption
         be:d8:bb:c4:69:f9:3b:a2:5e:88:e8:96:50:05:9b:b1:aa:3a:
         21:75:11:bb:46:ad:3d:d9:bf:35:27:fc:8d:6f:50:dd:04:42:
         c2:07:3c:bf:02:04:a5:c9:dc:73:d2:e8:de:c0:cb:0b:54:4a:
         ce:9b:85:60:eb:10:26:45:34:88:c7:f6:2f:bb:78:5d:5c:f6:
         5b:0e:16:64:c7:1d:92:10:bb:8e:f8:79:4d:c0:1b:39:a5:95:
         77:c2:de:d2:b0:c0:24:f2:62:39:79:a7:8c:df:d1:b1:4e:b6:
         1e:d3:c5:8e:ba:bc:04:a2:87:ad:6b:ac:f2:8d:58:86:e0:e4:
         9f:ab:b7:10:c1:3e:d0:ad:e1:03:ac:17:6e:0e:b1:7e:47:64:
         e8:d2:12:25:e1:d2:53:7c:73:97:43:a2:e3:f6:c2:de:26:16:
         9a:e1:7b:0f:77:da:cf:b2:3e:65:5c:18:8a:fe:6c:4e:82:8e:
         eb:7f:69:8b:d3:be:1a:2d:c9:e1:6f:b9:b7:56:ba:88:91:ce:
         34:d0:2e:cf:c8:d0:03:28:d9:af:65:1b:74:96:d9:1b:15:d0:
         7e:e9:8e:26:6d:71:c1:e8:e1:da:da:56:0f:49:9f:d6:cc:b6:
         2b:b4:f6:f8:bc:5a:5b:f0:af:5c:f8:3f:a7:40:01:9e:00:70:
         7b:be:f4:bf
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVv1QMB3Yo1G9MBmKZTuQdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YTViMDQyZmU0OGVlYjEyM2JlNTZkYmY5ZThkZGEyMGMx
ZWExMWQwHhcNMjMwMTAyMDAxNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmZjZmUyNWM4NmJiZGZlYTYxNmNkNGNmZjUwNzFmNDgzYzJiNjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3eMMT6sA5Z+Vs18aR4rdN/9iWDq
wQaL2Oc0Sq3vNyPQWO+eXHIeQyRVzLGhdTyuLrzHoZ35KuGpbmUNGzb/B/dcrrH2
DEs802g49ipyPJNmTIhGoBRh0Pn9pxbjCd1BcTyex/wpIJuyHpUTQhwkqcGFBKN6
D9tiyFYpQT95/+nR7SZn+P2kzrcXihk+uPppht/CSCk23ZGQOwl30Oj7vlDWKwBx
EPEsjJUKeLal55/8ztyf909TRfwUXSS7d2+v/TQvTJ9A1szPpbfwuSv1XPwaRvsp
h1sqh5d87o+1yDk6h4Xkuf3u5vFkl0w7EK8jbuxmSkOimlTM8FU9fyA1rwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFLb8/iXIa73+phbNTP9QcfSDwrZKMB8GA1UdIwQY
MBaAFPSlsEL+SO6xI75W2/no3aIMHqEdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUtXd1F2NUk3ckVqdmxiYi1lamRvZ3dlb1IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zODkyMzEtMmI1Zi00YzllLTk0MWQt
YjRiMjg0MzdmZTZjLzEvdHZ6LUpjaHJ2ZjZtRnMxTV8xQng5SVBDdGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zODkyMzEtMmI1Zi00YzllLTk0MWQtYjRiMjg0MzdmZTZj
LzEvOUtXd1F2NUk3ckVqdmxiYi1lamRvZ3dlb1IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDBZCIAwQD
LuNQAwQEUVtAAwQFW7xAAwQDgMzQAwQCuVskAwQFw8hgAwQF1bYgAwQF1dqAMA0E
AgACMAcDBQAqAA4AMA0GCSqGSIb3DQEBCwUAA4IBAQC+2LvEafk7ol6I6JZQBZux
qjohdRG7Rq092b81J/yNb1DdBELCBzy/AgSlydxz0ujewMsLVErOm4Vg6xAmRTSI
x/Yvu3hdXPZbDhZkxx2SELuO+HlNwBs5pZV3wt7SsMAk8mI5eaeM39GxTrYe08WO
urwEooeta6zyjViG4OSfq7cQwT7QreEDrBduDrF+R2To0hIl4dJTfHOXQ6Lj9sLe
Jhaa4XsPd9rPsj5lXBiK/mxOgo7rf2mL074aLcnhb7m3VrqIkc400C7PyNADKNmv
ZRt0ltkbFdB+6Y4mbXHB6OHa2lYPSZ/WzLYrtPb4vFpb8K9c+D+nQAGeAHB7vvS/
-----END CERTIFICATE-----