Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/S2ejMHHcPuAxVY23rneaLi9myqY.roa
File:                     S2ejMHHcPuAxVY23rneaLi9myqY.roa (raw, json)
Hash identifier:          ZL06a/BMS1npVKh0ll/dVg+BxTW3lGM9MLBtfVSZR0M=
Subject key identifier:   4B:67:A3:30:71:DC:3E:E0:31:55:8D:B7:AE:77:9A:2E:2F:66:CA:A6
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0185C8BFEEE835CE6825DFE33551E6FEE1E1
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/S2ejMHHcPuAxVY23rneaLi9myqY.roa
Signing time:             Thu 19 Jan 2023 06:38:19 +0000
ROA not before:           Thu 19 Jan 2023 06:38:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        84.32.52.0/22 maxlen: 24
                          88.216.98.0/24 maxlen: 24
                          88.216.214.0/24 maxlen: 24
                          84.32.6.0/24 maxlen: 24
                          88.216.17.0/24 maxlen: 24
                          88.216.240.0/22 maxlen: 24
                          88.216.244.0/22 maxlen: 24
                          88.216.36.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
                          84.32.42.0/24 maxlen: 24
                          88.216.43.0/24 maxlen: 24
                          88.216.40.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 20 Jan 2023 07:08:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:c8:bf:ee:e8:35:ce:68:25:df:e3:35:51:e6:fe:e1:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan 19 06:38:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4b67a33071dc3ee031558db7ae779a2e2f66caa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:77:33:35:0b:62:ed:d7:39:09:9a:ca:93:14:
                    77:68:7a:c6:f3:08:a6:1a:a1:10:f1:56:5c:33:6e:
                    ae:3c:52:ff:93:45:f5:55:41:55:5e:2d:63:60:7b:
                    14:36:41:b7:36:d8:33:c2:cc:e7:74:9d:36:e0:ac:
                    ff:c0:4d:59:79:7e:0b:88:4d:6d:b6:8b:bb:3d:99:
                    a2:2d:6d:ce:67:98:3c:8d:db:14:f0:f5:bc:b4:1e:
                    4f:1e:17:13:13:bc:a2:3a:ab:90:f2:90:10:22:7e:
                    34:68:aa:d3:d7:6f:1f:9a:70:24:60:ee:9c:71:11:
                    6e:94:90:bb:13:5e:df:24:aa:0f:6f:45:b2:f9:22:
                    98:07:5f:0c:cd:41:64:38:26:83:69:c5:62:43:6e:
                    bf:97:80:d4:61:8a:e9:49:df:aa:1f:72:28:25:04:
                    e9:1a:c2:43:00:15:33:64:ed:f9:e0:ce:45:67:56:
                    72:64:ec:60:a4:df:7d:8a:02:75:5e:f5:66:8e:d9:
                    2c:90:cd:79:d0:d4:51:da:16:30:6b:e1:38:e6:92:
                    9e:65:30:3f:43:36:19:a7:8a:ec:4f:27:53:60:b0:
                    84:e8:fd:63:a3:cb:cb:23:90:2e:1f:3e:6f:f3:67:
                    12:80:d0:fe:0d:15:87:9d:1a:b1:a6:68:58:56:de:
                    d6:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:67:A3:30:71:DC:3E:E0:31:55:8D:B7:AE:77:9A:2E:2F:66:CA:A6
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/S2ejMHHcPuAxVY23rneaLi9myqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.6.0/24
                  84.32.42.0/24
                  84.32.52.0/22
                  88.216.17.0/24
                  88.216.36.0/24
                  88.216.40.0/24
                  88.216.43.0/24
                  88.216.98.0/24
                  88.216.214.0/24
                  88.216.240.0/21
                  88.216.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:95:99:b8:1b:b7:28:7a:3a:c2:01:69:c8:35:87:17:a4:51:
         8d:91:08:e1:92:6d:7f:b1:1e:11:0c:70:03:1e:c5:b2:49:dc:
         fb:88:88:bb:12:63:17:b1:6e:10:75:37:db:47:37:64:6f:42:
         4a:30:cc:cc:9d:08:81:90:59:c3:f5:33:c8:95:b7:15:5e:74:
         1c:7e:24:02:ed:2e:e5:b4:a6:e1:a3:9d:f0:a2:64:18:c8:15:
         ff:91:ff:3b:0d:9a:c3:95:be:e8:9d:27:ca:a7:27:89:28:ee:
         0a:7e:c7:25:68:ee:bf:20:68:fa:0d:31:82:5d:91:fa:27:c6:
         57:8a:f2:06:32:cd:f7:ae:b2:d8:f5:e6:12:11:5e:53:53:b4:
         76:f0:7e:1c:66:af:6b:5e:f2:ab:f5:ea:71:3a:62:c2:e9:66:
         4b:16:5f:c7:51:fe:46:7e:78:ed:02:6c:2c:d5:8a:98:d4:22:
         5a:9f:3c:45:e8:a1:cc:37:6d:f5:db:0b:33:f2:b1:58:04:06:
         9d:d0:7c:ac:4b:be:23:83:68:51:33:e5:b6:98:fe:ca:4d:65:
         3b:9f:14:75:48:52:ae:f7:23:73:92:4b:85:8c:96:37:01:3c:
         c9:c4:3f:94:2a:69:e9:c9:ac:95:4a:68:98:67:72:fa:f9:89:
         a6:bf:7d:f7
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYXIv+7oNc5oJd/jNVHm/uHhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMTE5MDYzODE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjY3YTMzMDcxZGMzZWUwMzE1NThkYjdhZTc3OWEyZTJmNjZjYWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXczNQti7dc5CZrKkxR3aHrG8wim
GqEQ8VZcM26uPFL/k0X1VUFVXi1jYHsUNkG3NtgzwszndJ024Kz/wE1ZeX4LiE1t
tou7PZmiLW3OZ5g8jdsU8PW8tB5PHhcTE7yiOquQ8pAQIn40aKrT128fmnAkYO6c
cRFulJC7E17fJKoPb0Wy+SKYB18MzUFkOCaDacViQ26/l4DUYYrpSd+qH3IoJQTp
GsJDABUzZO354M5FZ1ZyZOxgpN99igJ1XvVmjtkskM150NRR2hYwa+E45pKeZTA/
QzYZp4rsTydTYLCE6P1jo8vLI5AuHz5v82cSgND+DRWHnRqxpmhYVt7W2QIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFEtnozBx3D7gMVWNt653mi4vZsqmMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvUzJlak1ISGNQdUF4VlkyM3JuZWFMaTlteXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAVCAGAwQA
VCAqAwQCVCA0AwQAWNgRAwQAWNgkAwQAWNgoAwQAWNgrAwQAWNhiAwQAWNjWAwQD
WNjwAwQCWNj8MA0GCSqGSIb3DQEBCwUAA4IBAQAulZm4G7coejrCAWnINYcXpFGN
kQjhkm1/sR4RDHADHsWySdz7iIi7EmMXsW4QdTfbRzdkb0JKMMzMnQiBkFnD9TPI
lbcVXnQcfiQC7S7ltKbho53womQYyBX/kf87DZrDlb7onSfKpyeJKO4KfsclaO6/
IGj6DTGCXZH6J8ZXivIGMs33rrLY9eYSEV5TU7R28H4cZq9rXvKr9epxOmLC6WZL
Fl/HUf5GfnjtAmws1YqY1CJanzxF6KHMN2312wsz8rFYBAad0HysS74jg2hRM+W2
mP7KTWU7nxR1SFKu9yNzkkuFjJY3ATzJxD+UKmnpyayVSmiYZ3L6+Ymmv333
-----END CERTIFICATE-----