Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/F2Q_-0xLa-se4snmMFgu9L5m0Pg.roa
File:                     F2Q_-0xLa-se4snmMFgu9L5m0Pg.roa (raw, json)
Hash identifier:          E7U3g9t5+60NbVhMy8bH/OXUZu3oySjZXJFwiatWnJw=
Subject key identifier:   17:64:3F:FB:4C:4B:6B:EB:1E:E2:C9:E6:30:58:2E:F4:BE:66:D0:F8
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018AC167C21F98B99E31AEC94185670CADBF
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/F2Q_-0xLa-se4snmMFgu9L5m0Pg.roa
Signing time:             Sat 23 Sep 2023 09:38:37 +0000
ROA not before:           Sat 23 Sep 2023 09:38:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59592
IP address blocks:        185.14.92.0/22 maxlen: 22
                          94.154.51.0/24 maxlen: 24
                          94.154.48.0/21 maxlen: 24
                          94.154.49.0/24 maxlen: 24
                          94.154.54.0/24 maxlen: 24
                          94.154.53.0/24 maxlen: 24
                          94.154.52.0/24 maxlen: 24
                          176.100.33.0/24 maxlen: 24
                          176.100.32.0/24 maxlen: 24
                          176.100.35.0/24 maxlen: 24
                          176.100.34.0/24 maxlen: 24
                          37.114.38.0/24 maxlen: 24
                          37.114.32.0/19 maxlen: 24
                          37.114.36.0/24 maxlen: 24
                          37.114.35.0/24 maxlen: 24
                          37.114.39.0/24 maxlen: 24
                          37.114.58.0/24 maxlen: 24
                          2a00:ccc2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Sun 24 Sep 2023 10:55:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:c1:67:c2:1f:98:b9:9e:31:ae:c9:41:85:67:0c:ad:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Sep 23 09:38:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17643ffb4c4b6beb1ee2c9e630582ef4be66d0f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6b:e6:74:81:19:8b:d9:88:db:7a:e5:93:d6:
                    34:4a:81:a0:53:a0:45:21:62:98:0f:a1:b6:bc:4b:
                    c1:d4:62:04:fd:c3:ad:7a:f1:7d:21:73:41:27:24:
                    05:5e:04:dc:09:eb:88:e9:6c:ba:f9:c7:e3:9a:92:
                    25:89:1c:92:a3:b6:62:26:99:15:43:5b:0a:20:ab:
                    7c:7e:7a:54:84:7c:33:9c:87:7d:5e:25:b5:d5:8a:
                    c9:96:c9:d6:ff:7d:3f:8e:19:ef:fa:ee:0b:d5:f4:
                    bf:30:b8:f1:e1:46:86:17:8f:fb:20:07:13:08:dc:
                    e5:81:a2:21:2c:51:52:db:21:b5:4d:93:20:15:ab:
                    e2:72:a4:15:36:b7:0b:2b:2a:94:bb:5d:d7:79:0f:
                    a4:b5:03:a8:f4:1b:b0:97:9e:bb:d1:6f:fe:fb:e6:
                    7c:9e:52:54:38:19:70:39:ad:45:87:ae:03:04:62:
                    6f:10:bc:62:e6:4f:1a:44:fe:e1:bf:a5:9b:dc:b4:
                    2e:c6:ed:fb:92:fb:d7:aa:a3:e6:46:7f:04:94:97:
                    f5:03:6c:5e:7a:3f:43:ae:8c:da:c5:6a:85:0f:60:
                    c3:e7:27:8b:b4:c2:d9:c9:4e:03:3b:ba:8d:1e:1d:
                    29:13:40:4a:da:20:79:49:7b:b9:99:17:63:87:c8:
                    09:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:64:3F:FB:4C:4B:6B:EB:1E:E2:C9:E6:30:58:2E:F4:BE:66:D0:F8
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/F2Q_-0xLa-se4snmMFgu9L5m0Pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.32.0/19
                  94.154.48.0/21
                  176.100.32.0/22
                  185.14.92.0/22
                IPv6:
                  2a00:ccc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:5d:ff:7e:7b:90:dd:4f:11:88:a8:56:25:fc:b3:66:c5:c3:
         68:9a:13:b4:4c:30:32:27:1f:dc:17:70:69:7e:54:c4:c3:b3:
         28:ea:62:8d:e5:fe:98:34:97:5e:72:5a:60:55:a4:cf:9c:84:
         4d:82:8f:29:f7:ea:a2:d4:7b:6c:e0:00:b4:85:43:b7:66:8e:
         61:d0:c0:44:9b:19:4f:4f:21:aa:67:7c:c9:ad:b4:af:ae:2a:
         5f:dc:c3:40:01:f5:56:16:d1:71:b7:ac:9e:e4:a5:9c:95:cd:
         17:47:18:e0:11:62:59:f8:12:2d:4a:64:45:e6:4d:2c:6f:8b:
         72:ec:af:66:47:68:75:74:ee:c9:bb:26:d7:a7:e3:42:78:e9:
         9a:46:b5:1d:ec:20:a8:1d:22:31:8e:4b:a5:0a:0f:49:b9:f7:
         89:6b:fd:75:10:6a:d5:15:81:e5:64:3a:ab:f5:a1:b2:ce:ca:
         31:dd:8c:8f:c6:9e:52:3c:ac:d2:51:a2:c6:65:09:25:aa:b0:
         4a:ca:e5:10:3a:f3:6b:85:6e:72:24:9a:1b:75:97:83:94:5a:
         64:ba:e5:6f:28:84:2c:03:26:9d:50:9d:2d:7a:bf:f1:9b:70:
         3f:bf:8c:3a:83:b5:e3:2e:38:98:6f:b6:80:ae:d7:cb:e9:0e:
         a2:b3:20:bc
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYrBZ8IfmLmeMa7JQYVnDK2/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjMwOTIzMDkzODM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzY0M2ZmYjRjNGI2YmViMWVlMmM5ZTYzMDU4MmVmNGJlNjZkMGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmvmdIEZi9mI23rlk9Y0SoGgU6BF
IWKYD6G2vEvB1GIE/cOtevF9IXNBJyQFXgTcCeuI6Wy6+cfjmpIliRySo7ZiJpkV
Q1sKIKt8fnpUhHwznId9XiW11YrJlsnW/30/jhnv+u4L1fS/MLjx4UaGF4/7IAcT
CNzlgaIhLFFS2yG1TZMgFavicqQVNrcLKyqUu13XeQ+ktQOo9Buwl5670W/+++Z8
nlJUOBlwOa1Fh64DBGJvELxi5k8aRP7hv6Wb3LQuxu37kvvXqqPmRn8ElJf1A2xe
ej9DrozaxWqFD2DD5yeLtMLZyU4DO7qNHh0pE0BK2iB5SXu5mRdjh8gJKwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFBdkP/tMS2vrHuLJ5jBYLvS+ZtD4MB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvRjJRXy0weExhLXNlNHNubU1GZ3U5TDVtMFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQFJXIgAwQD
XpowAwQCsGQgAwQCuQ5cMA0EAgACMAcDBQAqAMzCMA0GCSqGSIb3DQEBCwUAA4IB
AQAoXf9+e5DdTxGIqFYl/LNmxcNomhO0TDAyJx/cF3BpflTEw7Mo6mKN5f6YNJde
clpgVaTPnIRNgo8p9+qi1Hts4AC0hUO3Zo5h0MBEmxlPTyGqZ3zJrbSvripf3MNA
AfVWFtFxt6ye5KWclc0XRxjgEWJZ+BItSmRF5k0sb4ty7K9mR2h1dO7JuybXp+NC
eOmaRrUd7CCoHSIxjkulCg9JufeJa/11EGrVFYHlZDqr9aGyzsox3YyPxp5SPKzS
UaLGZQklqrBKyuUQOvNrhW5yJJobdZeDlFpkuuVvKIQsAyadUJ0ter/xm3A/v4w6
g7XjLjiYb7aArtfL6Q6isyC8
-----END CERTIFICATE-----