Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/8a344e-0ed8-42b2-a744-a9e8468710a3/1/Cmjf5o3zR9IcI61w-4h7XDN54aw.roa
File:                     Cmjf5o3zR9IcI61w-4h7XDN54aw.roa (raw, json)
Hash identifier:          gfu5rp9YRBoHgHA/X+YWIzp8Yk6k324Jomrg/ueX14U=
Subject key identifier:   0A:68:DF:E6:8D:F3:47:D2:1C:23:AD:70:FB:88:7B:5C:33:79:E1:AC
Certificate issuer:       /CN=c8d335041718b18830b1f58c15d3518510fe6118
Certificate serial:       0186DF425D41683A1CDD53A8AF256928F0A9
Authority key identifier: C8:D3:35:04:17:18:B1:88:30:B1:F5:8C:15:D3:51:85:10:FE:61:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yNM1BBcYsYgwsfWMFdNRhRD-YRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/8a344e-0ed8-42b2-a744-a9e8468710a3/1/Cmjf5o3zR9IcI61w-4h7XDN54aw.roa
Signing time:             Tue 14 Mar 2023 08:35:13 +0000
ROA not before:           Tue 14 Mar 2023 08:35:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29286
IP address blocks:        37.1.174.0/24 maxlen: 24
                          37.1.175.0/24 maxlen: 24
                          37.1.173.0/24 maxlen: 24
                          37.252.206.0/24 maxlen: 24
                          37.252.205.0/24 maxlen: 24
                          37.252.200.0/21 maxlen: 21
                          37.252.207.0/24 maxlen: 24
                          185.15.32.0/22 maxlen: 22
                          37.1.169.0/24 maxlen: 24
                          37.1.168.0/21 maxlen: 21
                          37.1.168.0/24 maxlen: 24
                          37.1.171.0/24 maxlen: 24
                          37.1.170.0/24 maxlen: 24
                          37.1.172.0/24 maxlen: 24
                          2a03:b7c0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 14 Mar 2023 08:42:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:df:42:5d:41:68:3a:1c:dd:53:a8:af:25:69:28:f0:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8d335041718b18830b1f58c15d3518510fe6118
        Validity
            Not Before: Mar 14 08:35:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a68dfe68df347d21c23ad70fb887b5c3379e1ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6b:ba:a0:b6:4c:8a:8d:c4:78:ab:bc:c2:e8:
                    72:ad:ad:46:0f:19:2f:5d:b9:dd:38:9a:34:b2:e0:
                    88:fe:16:bc:6d:28:87:2b:77:22:d1:47:c5:38:24:
                    12:26:75:94:58:6e:bf:ca:68:ee:00:aa:8e:d9:12:
                    e9:bb:5e:7d:56:32:4f:bf:af:ca:55:cd:86:9c:82:
                    2f:82:de:34:be:66:fe:83:03:85:44:98:73:f8:28:
                    f3:f6:e2:d7:65:2b:72:3d:7f:30:a9:a8:b7:81:39:
                    94:d8:dc:2b:12:32:15:64:0d:bb:53:7d:34:53:bd:
                    dd:e8:2e:d5:9c:c3:08:cf:21:a7:72:1b:59:08:b5:
                    86:3b:8c:0e:92:30:f7:16:39:c3:e3:ad:89:6a:ce:
                    c7:d6:02:a7:30:9e:47:f4:c5:01:26:6b:1a:1a:ca:
                    1d:93:d0:27:1c:ed:90:e2:7d:5d:5a:f0:c4:fd:15:
                    d8:e5:d4:fb:49:34:7c:ed:d4:4d:1b:be:bf:ec:fb:
                    d7:50:bd:54:bb:6d:84:2e:76:35:55:61:36:72:fa:
                    9c:a6:8d:d4:de:a5:c9:dc:71:6c:af:2d:5c:d3:e1:
                    22:21:15:59:4c:83:9e:47:04:75:93:20:82:91:44:
                    0a:84:d4:ea:a1:82:2f:27:94:3e:87:6f:eb:83:0a:
                    1e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:68:DF:E6:8D:F3:47:D2:1C:23:AD:70:FB:88:7B:5C:33:79:E1:AC
            X509v3 Authority Key Identifier:
                keyid:C8:D3:35:04:17:18:B1:88:30:B1:F5:8C:15:D3:51:85:10:FE:61:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNM1BBcYsYgwsfWMFdNRhRD-YRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/8a344e-0ed8-42b2-a744-a9e8468710a3/1/Cmjf5o3zR9IcI61w-4h7XDN54aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/8a344e-0ed8-42b2-a744-a9e8468710a3/1/yNM1BBcYsYgwsfWMFdNRhRD-YRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.1.168.0/21
                  37.252.200.0/21
                  185.15.32.0/22
                IPv6:
                  2a03:b7c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a8:0d:13:98:5e:fc:44:e1:28:27:00:d8:d4:3c:3c:7e:da:4e:
         38:b6:96:89:41:95:e4:89:64:cf:be:02:d1:75:0d:08:15:8a:
         fc:89:d4:3e:8b:11:93:6b:3c:50:d9:fa:4e:e4:98:83:28:d4:
         89:c9:54:48:0e:52:0d:c9:dc:8d:4f:7f:b2:28:b2:8b:2b:57:
         83:77:68:1b:d0:ea:63:15:d0:3d:1f:f4:6c:d7:17:95:93:44:
         e5:d5:f6:07:68:ec:8b:0b:9a:ae:52:c2:ae:3f:43:77:eb:9f:
         54:d8:f3:7a:7c:e5:78:5c:20:3a:71:24:55:72:bf:b5:9d:aa:
         b9:61:b6:47:f9:08:09:56:67:62:22:c0:0f:dc:47:f5:69:99:
         db:08:68:b5:de:f4:c4:93:10:7b:66:ad:1a:5d:b9:c2:53:5e:
         f4:d4:9e:fc:7b:6c:6b:1b:8c:81:a0:b2:30:44:f3:45:86:c3:
         57:f7:56:03:10:0c:30:3a:a0:cf:e3:8a:92:41:1a:67:2d:2d:
         51:ca:5d:0a:c9:f3:37:1c:5b:19:85:13:be:33:5b:79:a8:8f:
         83:a5:ea:91:95:3d:a2:72:49:d7:0f:ff:d6:14:e1:7f:95:93:
         dc:b5:d2:20:9f:45:ae:2b:95:49:00:aa:58:f1:bb:60:3e:d9:
         51:39:9e:27
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYbfQl1BaDoc3VOoryVpKPCpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDMzNTA0MTcxOGIxODgzMGIxZjU4YzE1ZDM1MTg1MTBm
ZTYxMTgwHhcNMjMwMzE0MDgzNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTY4ZGZlNjhkZjM0N2QyMWMyM2FkNzBmYjg4N2I1YzMzNzllMWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumu6oLZMio3EeKu8wuhyra1GDxkv
XbndOJo0suCI/ha8bSiHK3ci0UfFOCQSJnWUWG6/ymjuAKqO2RLpu159VjJPv6/K
Vc2GnIIvgt40vmb+gwOFRJhz+Cjz9uLXZStyPX8wqai3gTmU2NwrEjIVZA27U300
U73d6C7VnMMIzyGnchtZCLWGO4wOkjD3FjnD462Jas7H1gKnMJ5H9MUBJmsaGsod
k9AnHO2Q4n1dWvDE/RXY5dT7STR87dRNG76/7PvXUL1Uu22ELnY1VWE2cvqcpo3U
3qXJ3HFsry1c0+EiIRVZTIOeRwR1kyCCkUQKhNTqoYIvJ5Q+h2/rgwoeswIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFApo3+aN80fSHCOtcPuIe1wzeeGsMB8GA1UdIwQY
MBaAFMjTNQQXGLGIMLH1jBXTUYUQ/mEYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5NMUJCY1lzWWd3c2ZXTUZkTlJoUkQtWVJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84YTM0NGUtMGVkOC00MmIyLWE3NDQt
YTllODQ2ODcxMGEzLzEvQ21qZjVvM3pSOUljSTYxdy00aDdYRE41NGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84YTM0NGUtMGVkOC00MmIyLWE3NDQtYTllODQ2ODcxMGEz
LzEveU5NMUJCY1lzWWd3c2ZXTUZkTlJoUkQtWVJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDJQGoAwQD
JfzIAwQCuQ8gMA0EAgACMAcDBQAqA7fAMA0GCSqGSIb3DQEBCwUAA4IBAQCoDROY
XvxE4SgnANjUPDx+2k44tpaJQZXkiWTPvgLRdQ0IFYr8idQ+ixGTazxQ2fpO5JiD
KNSJyVRIDlINydyNT3+yKLKLK1eDd2gb0OpjFdA9H/Rs1xeVk0Tl1fYHaOyLC5qu
UsKuP0N3659U2PN6fOV4XCA6cSRVcr+1naq5YbZH+QgJVmdiIsAP3Ef1aZnbCGi1
3vTEkxB7Zq0aXbnCU1701J78e2xrG4yBoLIwRPNFhsNX91YDEAwwOqDP44qSQRpn
LS1Ryl0KyfM3HFsZhRO+M1t5qI+DpeqRlT2icknXD//WFOF/lZPctdIgn0WuK5VJ
AKpY8btgPtlROZ4n
-----END CERTIFICATE-----