Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/9425c6-c495-4878-a8f3-7a78c8c4e051/1/HYopqLVarPjYY-AFP2ynMrXlhlo.roa
File:                     HYopqLVarPjYY-AFP2ynMrXlhlo.roa (raw, json)
Hash identifier:          a4mU/LJh76f8thJIvND1aZ2ODqf74m+/d/aeBEuCQIg=
Subject key identifier:   1D:8A:29:A8:B5:5A:AC:F8:D8:63:E0:05:3F:6C:A7:32:B5:E5:86:5A
Certificate issuer:       /CN=e8f40902a003d8fe6f7c7742eb47d70b50ade036
Certificate serial:       018683577EEF64E3E452BF0AE490F4C9F100
Authority key identifier: E8:F4:09:02:A0:03:D8:FE:6F:7C:77:42:EB:47:D7:0B:50:AD:E0:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6PQJAqAD2P5vfHdC60fXC1Ct4DY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/9425c6-c495-4878-a8f3-7a78c8c4e051/1/HYopqLVarPjYY-AFP2ynMrXlhlo.roa
Signing time:             Fri 24 Feb 2023 12:13:14 +0000
ROA not before:           Fri 24 Feb 2023 12:13:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56376
IP address blocks:        130.255.96.0/24 maxlen: 24
                          130.255.96.0/21 maxlen: 21
                          130.255.98.0/23 maxlen: 24
                          130.255.97.0/24 maxlen: 24
                          130.255.100.0/22 maxlen: 24
                          46.231.37.0/24 maxlen: 24
                          46.231.36.0/24 maxlen: 24
                          46.231.32.0/22 maxlen: 24
                          185.62.241.0/24 maxlen: 24
                          185.62.242.0/24 maxlen: 24
                          185.62.243.0/24 maxlen: 24
                          46.231.38.0/23 maxlen: 24
                          185.62.240.0/24 maxlen: 24
                          185.62.240.0/22 maxlen: 22
                          2a03:d100::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:83:57:7e:ef:64:e3:e4:52:bf:0a:e4:90:f4:c9:f1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8f40902a003d8fe6f7c7742eb47d70b50ade036
        Validity
            Not Before: Feb 24 12:13:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d8a29a8b55aacf8d863e0053f6ca732b5e5865a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:74:00:82:94:57:86:58:0b:7c:b8:b8:ff:07:
                    2e:8d:20:43:b1:cc:aa:ba:4e:1e:22:1c:3f:81:a8:
                    67:cd:9f:52:82:59:40:5e:58:92:79:a8:65:05:c4:
                    6d:fb:8f:9a:25:d5:cc:ef:eb:a5:66:79:4f:41:d1:
                    60:1d:ea:5e:c5:b1:a4:c1:df:69:31:6c:c9:5c:82:
                    59:a8:e8:80:a8:b7:93:33:a8:37:36:57:27:c6:99:
                    bc:f1:5d:0a:5e:d4:d3:8b:71:d3:1c:cd:5d:06:88:
                    2f:5a:2e:c7:b2:ea:72:a4:9d:8f:ff:1e:70:74:5e:
                    59:b6:50:c8:a4:0e:d7:87:8e:d0:52:e6:50:95:05:
                    e9:b1:9d:8d:1b:d9:ea:05:5e:9d:5d:4b:41:a4:02:
                    c7:05:30:c5:e9:8c:06:25:17:74:08:e9:2d:0c:3d:
                    0c:09:e8:9b:fd:a0:03:9b:4e:16:12:86:20:af:e0:
                    8b:99:f1:f5:f4:fe:46:ac:92:c3:00:3a:0f:1b:7b:
                    3c:c9:81:00:ad:f9:f6:67:a3:f2:7c:2c:11:de:73:
                    ef:35:2a:8d:4a:06:34:c1:28:29:36:82:f6:30:40:
                    b6:ec:87:2c:bc:1a:aa:7a:18:4f:c7:e9:7f:a8:1e:
                    ca:08:cb:5f:9c:4e:b4:ca:a2:ab:64:9f:f2:c6:94:
                    25:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:8A:29:A8:B5:5A:AC:F8:D8:63:E0:05:3F:6C:A7:32:B5:E5:86:5A
            X509v3 Authority Key Identifier:
                keyid:E8:F4:09:02:A0:03:D8:FE:6F:7C:77:42:EB:47:D7:0B:50:AD:E0:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6PQJAqAD2P5vfHdC60fXC1Ct4DY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/9425c6-c495-4878-a8f3-7a78c8c4e051/1/HYopqLVarPjYY-AFP2ynMrXlhlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/9425c6-c495-4878-a8f3-7a78c8c4e051/1/6PQJAqAD2P5vfHdC60fXC1Ct4DY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.231.32.0/21
                  130.255.96.0/21
                  185.62.240.0/22
                IPv6:
                  2a03:d100::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:08:96:03:89:25:95:89:29:08:2e:7a:a6:77:55:b7:0b:d2:
         58:4f:b2:52:2d:2c:7a:b8:cb:a5:27:e0:1f:17:b0:8f:aa:de:
         6f:28:c6:c6:5c:15:83:47:2f:c9:66:fc:58:c5:04:35:12:73:
         1f:98:da:a4:39:8e:b9:bc:07:97:43:25:89:b8:e5:62:71:0b:
         0f:00:15:9a:31:8e:84:60:c8:79:ca:74:7c:c1:64:2a:7b:9b:
         3c:d5:93:b0:71:f0:12:7e:0c:d1:9e:75:0f:ad:b9:58:ab:96:
         e0:a5:97:ad:f3:87:e1:9e:45:8c:78:eb:ec:fc:b4:79:a5:1d:
         0c:9b:08:d3:9f:58:89:bd:7a:55:ff:4c:4c:6a:cb:0a:05:5b:
         1f:c3:70:ee:6c:55:77:55:50:f2:ed:7d:51:7a:42:0b:63:be:
         c1:f5:61:d0:83:99:2e:93:f7:90:d7:23:4b:85:02:2b:46:64:
         74:04:a0:01:09:1b:94:c4:c4:79:36:90:4a:7a:dd:e7:c1:4f:
         4b:92:ab:17:f8:3a:54:94:9e:c6:bb:73:c1:0d:2f:b9:10:db:
         e6:42:8b:d6:1e:b3:7c:32:d8:15:ac:02:e8:5d:80:11:71:a9:
         f1:43:cf:43:75:3a:21:a4:c9:e6:f3:35:12:a5:dd:ed:b8:ea:
         00:64:4e:b9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYaDV37vZOPkUr8K5JD0yfEAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ZjQwOTAyYTAwM2Q4ZmU2ZjdjNzc0MmViNDdkNzBiNTBh
ZGUwMzYwHhcNMjMwMjI0MTIxMzE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDhhMjlhOGI1NWFhY2Y4ZDg2M2UwMDUzZjZjYTczMmI1ZTU4NjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3QAgpRXhlgLfLi4/wcujSBDscyq
uk4eIhw/gahnzZ9SgllAXliSeahlBcRt+4+aJdXM7+ulZnlPQdFgHepexbGkwd9p
MWzJXIJZqOiAqLeTM6g3Nlcnxpm88V0KXtTTi3HTHM1dBogvWi7HsupypJ2P/x5w
dF5ZtlDIpA7Xh47QUuZQlQXpsZ2NG9nqBV6dXUtBpALHBTDF6YwGJRd0COktDD0M
Ceib/aADm04WEoYgr+CLmfH19P5GrJLDADoPG3s8yYEArfn2Z6PyfCwR3nPvNSqN
SgY0wSgpNoL2MEC27IcsvBqqehhPx+l/qB7KCMtfnE60yqKrZJ/yxpQlbwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFB2KKai1Wqz42GPgBT9spzK15YZaMB8GA1UdIwQY
MBaAFOj0CQKgA9j+b3x3QutH1wtQreA2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlBRSkFxQUQyUDV2ZkhkQzYwZlhDMUN0NERZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny85NDI1YzYtYzQ5NS00ODc4LWE4ZjMt
N2E3OGM4YzRlMDUxLzEvSFlvcHFMVmFyUGpZWS1BRlAyeW5NclhsaGxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny85NDI1YzYtYzQ5NS00ODc4LWE4ZjMtN2E3OGM4YzRlMDUx
LzEvNlBRSkFxQUQyUDV2ZkhkQzYwZlhDMUN0NERZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLucgAwQD
gv9gAwQCuT7wMA0EAgACMAcDBQAqA9EAMA0GCSqGSIb3DQEBCwUAA4IBAQA1CJYD
iSWViSkILnqmd1W3C9JYT7JSLSx6uMulJ+AfF7CPqt5vKMbGXBWDRy/JZvxYxQQ1
EnMfmNqkOY65vAeXQyWJuOVicQsPABWaMY6EYMh5ynR8wWQqe5s81ZOwcfASfgzR
nnUPrblYq5bgpZet84fhnkWMeOvs/LR5pR0MmwjTn1iJvXpV/0xMassKBVsfw3Du
bFV3VVDy7X1RekILY77B9WHQg5kuk/eQ1yNLhQIrRmR0BKABCRuUxMR5NpBKet3n
wU9LkqsX+DpUlJ7Gu3PBDS+5ENvmQovWHrN8MtgVrALoXYARcanxQ89DdTohpMnm
8zUSpd3tuOoAZE65
-----END CERTIFICATE-----