Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/oTihG5HwoH_n_1dbKiO5bLM06jI.roa
File:                     oTihG5HwoH_n_1dbKiO5bLM06jI.roa (raw, json)
Hash identifier:          9pes0ogTsVlm2bTEG2XOTm9SSYTx38o68hdbqmP1myM=
Subject key identifier:   A1:38:A1:1B:91:F0:A0:7F:E7:FF:57:5B:2A:23:B9:6C:B3:34:EA:32
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       0186839FD51DF3B87DCE978BAAA3D6417A82
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/oTihG5HwoH_n_1dbKiO5bLM06jI.roa
Signing time:             Fri 24 Feb 2023 13:32:15 +0000
ROA not before:           Fri 24 Feb 2023 13:32:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59592
IP address blocks:        185.14.92.0/22 maxlen: 22
                          94.154.51.0/24 maxlen: 24
                          94.154.48.0/21 maxlen: 24
                          94.154.49.0/24 maxlen: 24
                          94.154.54.0/24 maxlen: 24
                          94.154.53.0/24 maxlen: 24
                          94.154.52.0/24 maxlen: 24
                          176.100.33.0/24 maxlen: 24
                          176.100.32.0/24 maxlen: 24
                          176.100.35.0/24 maxlen: 24
                          176.100.34.0/24 maxlen: 24
                          37.114.38.0/24 maxlen: 24
                          37.114.32.0/19 maxlen: 19
                          37.114.36.0/24 maxlen: 24
                          37.114.35.0/24 maxlen: 24
                          37.114.39.0/24 maxlen: 24
                          37.114.58.0/24 maxlen: 24
                          2a00:ccc2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Sat 23 Sep 2023 09:38:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:83:9f:d5:1d:f3:b8:7d:ce:97:8b:aa:a3:d6:41:7a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Feb 24 13:32:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a138a11b91f0a07fe7ff575b2a23b96cb334ea32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:00:11:c3:56:12:df:2a:ee:41:d7:61:12:a4:
                    f7:9f:6e:81:42:61:4e:3b:41:6e:4e:e4:c3:58:84:
                    d3:53:42:b4:1b:96:be:78:11:2e:9d:a3:ab:a3:f5:
                    bb:89:e2:d7:d5:c5:e3:81:95:14:9c:4f:45:0b:db:
                    bc:0d:12:c2:b9:c7:67:fc:81:8b:c2:e4:a3:29:1d:
                    d0:ec:73:a7:51:10:be:15:17:a3:50:88:8f:77:b5:
                    e5:2b:2e:0b:c9:7b:e4:79:08:ce:af:65:ae:97:0a:
                    ac:dd:74:28:6f:55:c0:75:74:68:d4:7e:b8:44:b0:
                    eb:df:f3:30:3b:ee:49:08:60:2d:6b:3b:5c:38:60:
                    b1:48:f8:9c:7f:18:c9:8f:e1:31:15:30:93:30:fb:
                    5e:0c:0f:ac:9f:c7:ff:82:4e:65:24:2e:40:fd:37:
                    8c:2e:48:e4:b3:b8:a3:ff:21:cf:21:80:28:5b:a5:
                    6d:2d:26:d9:cf:40:53:bb:60:a5:9f:2c:5b:35:da:
                    a2:85:bd:cb:50:b7:29:35:38:9d:1f:55:a4:d2:64:
                    99:39:b0:97:59:61:d0:c9:4b:a5:47:d9:a2:d1:66:
                    1c:51:a6:e1:45:78:34:97:59:69:3c:a2:9a:0c:de:
                    4f:6e:a2:27:a4:2e:63:e3:bb:c7:3a:61:4c:1b:79:
                    7a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:38:A1:1B:91:F0:A0:7F:E7:FF:57:5B:2A:23:B9:6C:B3:34:EA:32
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/oTihG5HwoH_n_1dbKiO5bLM06jI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.32.0/19
                  94.154.48.0/21
                  176.100.32.0/22
                  185.14.92.0/22
                IPv6:
                  2a00:ccc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:c0:e2:cc:f6:fc:23:32:0c:98:30:d9:90:a2:83:f2:c8:4f:
         50:75:ba:64:6e:4a:10:8b:f7:54:8b:1d:ff:ec:52:3c:09:52:
         39:e0:9a:ad:21:25:42:da:27:07:44:2f:42:a1:d3:8e:06:58:
         65:02:71:34:ca:44:a0:b7:77:2f:09:e5:54:f4:d1:bc:e5:f6:
         4c:a6:85:3c:1b:e3:65:85:dd:45:14:9e:60:59:3d:15:dc:49:
         33:e2:b1:56:0c:40:d9:31:25:82:a7:b1:3a:5b:dd:78:55:ec:
         23:01:d5:cd:f7:d9:f9:a3:1e:36:06:7e:3f:2e:a7:a7:9c:84:
         53:54:9b:19:6a:99:58:2f:90:31:40:47:4c:af:74:c1:59:eb:
         2f:31:be:e4:71:74:c4:e3:6c:36:e5:0c:96:d7:73:2e:3c:c2:
         65:92:3d:ad:3d:ff:3b:5b:ab:b8:9a:1f:72:12:37:17:56:3c:
         83:e5:88:c8:b1:c4:0c:e8:f4:6f:3b:a5:33:e9:9f:cc:e7:af:
         79:8f:6d:69:24:4a:24:54:32:dc:b3:14:be:f5:d2:c6:72:6a:
         ea:2d:7c:ab:26:ae:bc:10:45:42:e4:59:42:42:fb:6c:47:97:
         48:c3:dc:a3:0b:7c:81:11:04:4e:57:4b:06:45:a3:da:ec:56:
         d0:b1:0f:73
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYaDn9Ud87h9zpeLqqPWQXqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjMwMjI0MTMzMjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTM4YTExYjkxZjBhMDdmZTdmZjU3NWIyYTIzYjk2Y2IzMzRlYTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgARw1YS3yruQddhEqT3n26BQmFO
O0FuTuTDWITTU0K0G5a+eBEunaOro/W7ieLX1cXjgZUUnE9FC9u8DRLCucdn/IGL
wuSjKR3Q7HOnURC+FRejUIiPd7XlKy4LyXvkeQjOr2Wulwqs3XQob1XAdXRo1H64
RLDr3/MwO+5JCGAtaztcOGCxSPicfxjJj+ExFTCTMPteDA+sn8f/gk5lJC5A/TeM
Lkjks7ij/yHPIYAoW6VtLSbZz0BTu2ClnyxbNdqihb3LULcpNTidH1Wk0mSZObCX
WWHQyUulR9mi0WYcUabhRXg0l1lpPKKaDN5PbqInpC5j47vHOmFMG3l6+wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKE4oRuR8KB/5/9XWyojuWyzNOoyMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvb1RpaEc1SHdvSF9uXzFkYktpTzViTE0wNmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQFJXIgAwQD
XpowAwQCsGQgAwQCuQ5cMA0EAgACMAcDBQAqAMzCMA0GCSqGSIb3DQEBCwUAA4IB
AQCWwOLM9vwjMgyYMNmQooPyyE9QdbpkbkoQi/dUix3/7FI8CVI54JqtISVC2icH
RC9CodOOBlhlAnE0ykSgt3cvCeVU9NG85fZMpoU8G+Nlhd1FFJ5gWT0V3Ekz4rFW
DEDZMSWCp7E6W914VewjAdXN99n5ox42Bn4/LqennIRTVJsZaplYL5AxQEdMr3TB
WesvMb7kcXTE42w25QyW13MuPMJlkj2tPf87W6u4mh9yEjcXVjyD5YjIscQM6PRv
O6Uz6Z/M5695j21pJEokVDLcsxS+9dLGcmrqLXyrJq68EEVC5FlCQvtsR5dIw9yj
C3yBEQROV0sGRaPa7FbQsQ9z
-----END CERTIFICATE-----