Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/4iJ4naHZcSFKdqOsEn8Q3bHsfgE.roa
File:                     4iJ4naHZcSFKdqOsEn8Q3bHsfgE.roa (raw, json)
Hash identifier:          CYbsZSLiWGT2K6KhZ/zVWjNePauJ3BIYNpZvLELnbe8=
Subject key identifier:   E2:22:78:9D:A1:D9:71:21:4A:76:A3:AC:12:7F:10:DD:B1:EC:7E:01
Certificate issuer:       /CN=6efa8c0fe62ec54accbde35c60bd8ad4b9014ff7
Certificate serial:       018B1B649FFFCD5F63C130DE8D3A54E51BDF
Authority key identifier: 6E:FA:8C:0F:E6:2E:C5:4A:CC:BD:E3:5C:60:BD:8A:D4:B9:01:4F:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bvqMD-YuxUrMveNcYL2K1LkBT_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/4iJ4naHZcSFKdqOsEn8Q3bHsfgE.roa
Signing time:             Tue 10 Oct 2023 21:01:01 +0000
ROA not before:           Tue 10 Oct 2023 21:01:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     63399
IP address blocks:        185.91.9.0/24 maxlen: 24
                          185.91.8.0/24 maxlen: 24
                          2a05:e580:500::/40 maxlen: 40
                          2a05:e580:900::/40 maxlen: 40
                          2a05:e580:100::/40 maxlen: 40
                          2a05:e580:b00::/40 maxlen: 40
                          2a05:e580:200::/40 maxlen: 40
                          2a05:e580:d00::/40 maxlen: 40
                          2a05:e580:a00::/40 maxlen: 40
                          2a05:e580:400::/40 maxlen: 40
                          2a05:e580:700::/40 maxlen: 40
                          2a05:e580:600::/40 maxlen: 40
                          2a05:e580:300::/40 maxlen: 40
                          2a05:e580:800::/40 maxlen: 40
                          2a05:e580:c00::/40 maxlen: 40
                          2a05:e580::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1b:64:9f:ff:cd:5f:63:c1:30:de:8d:3a:54:e5:1b:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6efa8c0fe62ec54accbde35c60bd8ad4b9014ff7
        Validity
            Not Before: Oct 10 21:01:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e222789da1d971214a76a3ac127f10ddb1ec7e01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c7:4e:52:64:ed:24:25:a4:be:f2:5e:4f:c4:
                    1f:98:cc:a3:9f:7f:a7:1c:1b:2e:bb:27:66:70:ea:
                    d6:a8:d3:e2:dc:dc:c5:05:44:34:25:1d:41:15:01:
                    b6:d9:8c:e7:37:1a:64:51:e8:9e:a1:01:59:f8:bb:
                    5d:9a:80:6a:76:1a:eb:9d:63:46:f6:c0:8e:2c:3f:
                    26:d2:94:f2:42:65:33:8a:cb:5e:ff:fb:e5:e6:86:
                    ad:48:9b:9e:73:15:38:b3:28:f6:5e:55:a5:9e:53:
                    7a:80:1c:0c:6d:01:0e:b5:41:9c:0b:88:e9:ad:e7:
                    0f:f2:5c:36:7d:b1:f2:4e:e9:40:1e:58:ea:d4:d2:
                    5a:f2:81:34:45:0e:77:a4:53:2d:2d:f7:ce:74:01:
                    c3:56:76:5a:9b:92:7f:99:c5:43:3b:db:b5:63:eb:
                    2d:04:b1:3e:e4:1d:55:19:b8:3a:be:22:34:68:0a:
                    92:3a:42:46:90:ae:71:1b:c5:4c:f0:b3:b6:69:da:
                    7f:64:6b:1e:f3:f8:7a:3b:c4:2a:6f:a6:45:3a:6d:
                    b8:c4:12:a9:90:be:f8:d1:05:95:6a:db:f5:5f:e9:
                    80:55:93:7d:98:c3:69:21:4b:dc:c0:80:ec:04:a4:
                    ff:5e:18:38:79:27:a3:d4:a6:f2:3a:c8:32:01:02:
                    29:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:22:78:9D:A1:D9:71:21:4A:76:A3:AC:12:7F:10:DD:B1:EC:7E:01
            X509v3 Authority Key Identifier:
                keyid:6E:FA:8C:0F:E6:2E:C5:4A:CC:BD:E3:5C:60:BD:8A:D4:B9:01:4F:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bvqMD-YuxUrMveNcYL2K1LkBT_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/4iJ4naHZcSFKdqOsEn8Q3bHsfgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/bvqMD-YuxUrMveNcYL2K1LkBT_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.8.0/23
                IPv6:
                  2a05:e580::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:49:93:3b:bc:93:bb:04:19:88:9d:00:32:8c:5e:74:91:4a:
         c6:5f:0f:07:66:1c:7e:b5:a3:f0:3a:af:70:71:03:d5:41:63:
         5a:e0:4e:d2:d9:41:9b:38:2c:6f:9f:82:fc:ec:f5:64:8e:72:
         2e:d2:28:ba:c2:ec:89:3c:fc:42:aa:56:66:27:07:71:9a:12:
         4a:46:d5:20:4f:13:3c:06:17:59:92:de:02:15:a4:3e:ae:f9:
         bd:04:22:b5:df:68:53:9c:a4:f1:df:36:f9:e0:91:bc:d5:4a:
         b7:7f:02:0e:89:c7:69:99:33:4d:31:8b:01:38:08:5a:db:c1:
         4b:09:65:42:f2:4e:b9:11:20:b0:8c:e7:f9:60:7e:55:d6:73:
         1d:2d:f3:d0:e4:ce:2f:6f:2b:51:b9:18:c6:4c:d4:d7:23:25:
         54:ad:df:5c:00:a4:a2:87:b0:73:0f:63:ce:6e:f4:80:4b:47:
         d3:03:9e:37:cd:1b:3a:e3:a3:65:6c:dc:c3:1c:55:1f:c0:1f:
         0b:16:bc:df:5c:d6:37:05:ad:1b:e0:74:66:31:85:d1:7a:d2:
         11:96:25:2c:60:e9:4b:bd:71:76:ad:3a:cf:53:5f:52:5f:da:
         d8:d4:b7:d1:a2:b2:54:7f:4b:73:1b:29:4f:34:db:cf:24:18:
         2c:a4:05:47
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYsbZJ//zV9jwTDejTpU5RvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZmE4YzBmZTYyZWM1NGFjY2JkZTM1YzYwYmQ4YWQ0Yjkw
MTRmZjcwHhcNMjMxMDEwMjEwMTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjIyNzg5ZGExZDk3MTIxNGE3NmEzYWMxMjdmMTBkZGIxZWM3ZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8dOUmTtJCWkvvJeT8QfmMyjn3+n
HBsuuydmcOrWqNPi3NzFBUQ0JR1BFQG22YznNxpkUeieoQFZ+LtdmoBqdhrrnWNG
9sCOLD8m0pTyQmUziste//vl5oatSJuecxU4syj2XlWlnlN6gBwMbQEOtUGcC4jp
recP8lw2fbHyTulAHljq1NJa8oE0RQ53pFMtLffOdAHDVnZam5J/mcVDO9u1Y+st
BLE+5B1VGbg6viI0aAqSOkJGkK5xG8VM8LO2adp/ZGse8/h6O8Qqb6ZFOm24xBKp
kL740QWVatv1X+mAVZN9mMNpIUvcwIDsBKT/Xhg4eSej1KbyOsgyAQIpnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOIieJ2h2XEhSnajrBJ/EN2x7H4BMB8GA1UdIwQY
MBaAFG76jA/mLsVKzL3jXGC9itS5AU/3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnZxTUQtWXV4VXJNdmVOY1lMMksxTGtCVF9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82YzdiMjItYjY1Zi00ZjM3LWE0MGUt
YTk5MTdjYzE1ZTBhLzEvNGlKNG5hSFpjU0ZLZHFPc0VuOFEzYkhzZmdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82YzdiMjItYjY1Zi00ZjM3LWE0MGUtYTk5MTdjYzE1ZTBh
LzEvYnZxTUQtWXV4VXJNdmVOY1lMMksxTGtCVF9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuVsIMA0E
AgACMAcDBQMqBeWAMA0GCSqGSIb3DQEBCwUAA4IBAQCHSZM7vJO7BBmInQAyjF50
kUrGXw8HZhx+taPwOq9wcQPVQWNa4E7S2UGbOCxvn4L87PVkjnIu0ii6wuyJPPxC
qlZmJwdxmhJKRtUgTxM8BhdZkt4CFaQ+rvm9BCK132hTnKTx3zb54JG81Uq3fwIO
icdpmTNNMYsBOAha28FLCWVC8k65ESCwjOf5YH5V1nMdLfPQ5M4vbytRuRjGTNTX
IyVUrd9cAKSih7BzD2PObvSAS0fTA543zRs646NlbNzDHFUfwB8LFrzfXNY3Ba0b
4HRmMYXRetIRliUsYOlLvXF2rTrPU19SX9rY1LfRorJUf0tzGylPNNvPJBgspAVH
-----END CERTIFICATE-----