Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/L4nud5O39Kc1nMjE5SeRb2x93Aw.roa
File:                     L4nud5O39Kc1nMjE5SeRb2x93Aw.roa (raw, json)
Hash identifier:          yR+WwD4zMfFTTw20LL56yCmf5zKQBqCrgQ4l/Rlu7UU=
Subject key identifier:   2F:89:EE:77:93:B7:F4:A7:35:9C:C8:C4:E5:27:91:6F:6C:7D:DC:0C
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0186262B3027E063B5BAB7BA90D4392769BE
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/L4nud5O39Kc1nMjE5SeRb2x93Aw.roa
Signing time:             Mon 06 Feb 2023 10:00:09 +0000
ROA not before:           Mon 06 Feb 2023 10:00:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1299
IP address blocks:        84.32.91.0/24 maxlen: 24
                          88.216.101.0/24 maxlen: 24
                          84.32.105.0/24 maxlen: 24
                          84.32.104.0/24 maxlen: 24
                          84.32.228.0/24 maxlen: 24
                          84.32.252.0/24 maxlen: 24
                          84.32.253.0/24 maxlen: 24
                          84.32.249.0/24 maxlen: 24
                          88.216.38.0/24 maxlen: 24
                          84.32.254.0/24 maxlen: 24
                          88.216.39.0/24 maxlen: 24
                          88.216.42.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:26:2b:30:27:e0:63:b5:ba:b7:ba:90:d4:39:27:69:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb  6 10:00:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2f89ee7793b7f4a7359cc8c4e527916f6c7ddc0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a5:4e:bf:fb:c5:4f:80:e0:73:ec:55:f9:c5:
                    f4:8a:bb:0b:5c:3c:46:a7:e0:29:01:b8:ff:99:13:
                    7b:5b:b8:c7:95:2d:73:f5:aa:b6:89:1b:1d:56:15:
                    fa:f0:b1:74:c8:9a:5c:7d:e8:72:77:f7:8a:ed:2e:
                    ea:54:c5:9f:44:9c:d9:d2:ee:72:7d:0c:d0:ba:f9:
                    61:0e:b5:08:4e:9a:a6:83:dc:37:83:e5:97:f1:41:
                    4b:35:63:42:1d:a1:02:7e:81:01:db:d3:9f:c2:41:
                    91:cc:5c:da:80:66:77:2d:72:39:51:3d:a8:06:f8:
                    39:ce:cf:c0:0a:7a:8a:25:20:94:d1:6a:fd:9d:51:
                    d7:cf:cd:10:85:be:5e:9e:6e:c4:5d:d5:c6:ed:92:
                    b0:a6:c5:fe:df:c4:ba:64:5a:59:33:67:f6:3b:a3:
                    4d:96:79:99:d3:4a:33:ee:0f:97:6f:06:3a:9f:37:
                    b7:89:c9:f0:85:27:6b:20:a2:96:26:d1:a3:6b:00:
                    72:82:16:a4:10:5f:9d:e6:a7:2e:4c:c2:75:8e:1a:
                    54:18:30:ec:d7:ad:58:55:57:0e:c2:c6:4c:33:41:
                    68:33:76:11:2c:ec:ec:34:71:40:86:d5:30:ca:76:
                    95:c3:73:ec:2e:ab:dc:bb:4a:e8:e0:1f:82:58:c8:
                    42:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:89:EE:77:93:B7:F4:A7:35:9C:C8:C4:E5:27:91:6F:6C:7D:DC:0C
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/L4nud5O39Kc1nMjE5SeRb2x93Aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.91.0/24
                  84.32.104.0/23
                  84.32.228.0/24
                  84.32.249.0/24
                  84.32.252.0-84.32.254.255
                  88.216.38.0/23
                  88.216.42.0/24
                  88.216.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:28:27:4c:e2:1f:78:fe:91:38:c9:91:39:c0:e9:bb:ec:5c:
         1b:f9:9a:e5:fa:90:85:b8:b4:55:70:c3:76:5a:9c:f0:c6:cb:
         f9:dd:02:8c:f6:fc:b0:a0:e1:95:21:3d:b5:76:cb:48:0f:eb:
         02:19:23:03:2f:35:da:be:57:64:b3:e1:8b:32:4a:3d:b6:e8:
         b1:2b:45:a3:e4:d9:84:ee:d0:a3:36:ba:11:39:b7:c4:e0:f6:
         e2:2f:6f:97:65:eb:ca:49:5c:38:7b:64:04:02:f3:59:5c:6d:
         d6:a5:a2:86:38:fa:38:31:e7:17:08:21:9b:31:8e:0e:26:97:
         dc:16:ef:10:5c:ae:65:cb:27:98:1e:20:ee:d0:1b:60:3f:97:
         a1:fc:06:a8:fb:e9:de:55:54:44:14:20:5b:6f:a2:ce:30:98:
         d3:b8:23:a4:41:a0:ef:59:64:90:e0:d8:5a:92:26:78:b3:27:
         d5:2f:0b:0b:3d:d5:05:eb:71:5a:88:d5:a6:b3:c6:85:b3:22:
         e9:75:93:ba:e8:ee:21:bd:62:a5:fb:74:c4:bd:df:73:f0:27:
         98:09:cf:9b:2f:2f:1b:7a:23:61:20:43:55:d6:04:1e:5e:49:
         6f:97:b6:b0:5d:b3:2d:67:59:4d:4d:4c:b4:1f:da:28:2f:5c:
         d0:7f:b6:51
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYYmKzAn4GO1ure6kNQ5J2m+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMjA2MTAwMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjg5ZWU3NzkzYjdmNGE3MzU5Y2M4YzRlNTI3OTE2ZjZjN2RkYzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqVOv/vFT4Dgc+xV+cX0irsLXDxG
p+ApAbj/mRN7W7jHlS1z9aq2iRsdVhX68LF0yJpcfehyd/eK7S7qVMWfRJzZ0u5y
fQzQuvlhDrUITpqmg9w3g+WX8UFLNWNCHaECfoEB29OfwkGRzFzagGZ3LXI5UT2o
Bvg5zs/ACnqKJSCU0Wr9nVHXz80Qhb5enm7EXdXG7ZKwpsX+38S6ZFpZM2f2O6NN
lnmZ00oz7g+XbwY6nze3icnwhSdrIKKWJtGjawByghakEF+d5qcuTMJ1jhpUGDDs
161YVVcOwsZMM0FoM3YRLOzsNHFAhtUwynaVw3PsLqvcu0ro4B+CWMhC4QIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFC+J7neTt/SnNZzIxOUnkW9sfdwMMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTDRudWQ1TzM5S2Mxbk1qRTVTZVJiMng5M0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAVCBbAwQB
VCBoAwQAVCDkAwQAVCD5MAwDBAJUIPwDBABUIP4DBAFY2CYDBABY2CoDBABY2GUw
DQYJKoZIhvcNAQELBQADggEBAC8oJ0ziH3j+kTjJkTnA6bvsXBv5muX6kIW4tFVw
w3ZanPDGy/ndAoz2/LCg4ZUhPbV2y0gP6wIZIwMvNdq+V2Sz4YsySj226LErRaPk
2YTu0KM2uhE5t8Tg9uIvb5dl68pJXDh7ZAQC81lcbdalooY4+jgx5xcIIZsxjg4m
l9wW7xBcrmXLJ5geIO7QG2A/l6H8Bqj76d5VVEQUIFtvos4wmNO4I6RBoO9ZZJDg
2FqSJnizJ9UvCws91QXrcVqI1aazxoWzIul1k7ro7iG9YqX7dMS933PwJ5gJz5sv
Lxt6I2EgQ1XWBB5eSW+XtrBdsy1nWU1NTLQf2igvXNB/tlE=
-----END CERTIFICATE-----