Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9ff43e-f817-4ebe-a0d9-7a18931d985b/1/4acXsXKJ8r7Pex5ezb1g7Nwv_pY.roa
File:                     4acXsXKJ8r7Pex5ezb1g7Nwv_pY.roa (raw, json)
Hash identifier:          AwsovaZ1QSUZ/TsT11jBatQSxRuO36kw57ZB4VlHP18=
Subject key identifier:   E1:A7:17:B1:72:89:F2:BE:CF:7B:1E:5E:CD:BD:60:EC:DC:2F:FE:96
Certificate issuer:       /CN=b67f1b87e6752f45439b8528cc968b4770a5a0fb
Certificate serial:       01856C65E47B94D043E76BF9248B91251639
Authority key identifier: B6:7F:1B:87:E6:75:2F:45:43:9B:85:28:CC:96:8B:47:70:A5:A0:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tn8bh-Z1L0VDm4UozJaLR3CloPs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9ff43e-f817-4ebe-a0d9-7a18931d985b/1/4acXsXKJ8r7Pex5ezb1g7Nwv_pY.roa
Signing time:             Sun 01 Jan 2023 08:14:54 +0000
ROA not before:           Sun 01 Jan 2023 08:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61232
IP address blocks:        195.242.164.0/23 maxlen: 23
                          195.242.163.0/24 maxlen: 24
                          185.152.17.0/24 maxlen: 24
                          185.152.16.0/24 maxlen: 24
                          185.152.19.0/24 maxlen: 24
                          185.152.18.0/24 maxlen: 24
                          2a07:7cc6::/32 maxlen: 32
                          2a07:7cc3::/32 maxlen: 32
                          2a07:7cc7::/32 maxlen: 32
                          2a07:7cc1::/32 maxlen: 32
                          2a07:7cc4::/32 maxlen: 32
                          2a07:7cc0::/32 maxlen: 32
                          2a07:7cc2::/32 maxlen: 32
                          2a07:7cc5::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:30:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:65:e4:7b:94:d0:43:e7:6b:f9:24:8b:91:25:16:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b67f1b87e6752f45439b8528cc968b4770a5a0fb
        Validity
            Not Before: Jan  1 08:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e1a717b17289f2becf7b1e5ecdbd60ecdc2ffe96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5c:b2:37:ee:01:18:76:2e:f7:7e:9a:51:2a:
                    70:ab:09:dc:08:f3:20:f9:be:1b:2f:92:49:da:c0:
                    61:54:c8:a4:c8:3e:f7:52:28:cb:ec:8c:9b:9e:38:
                    c4:b8:80:0e:11:f4:9a:df:df:9d:b4:dc:64:43:76:
                    eb:45:6b:3b:05:e8:b1:97:e5:e3:c8:60:ed:d5:91:
                    b1:7c:80:06:59:e3:c9:74:38:09:c1:6d:73:72:ba:
                    d0:4e:f3:c6:74:be:3d:aa:8e:64:85:b7:21:2a:af:
                    c1:21:aa:6a:d7:bf:a6:e3:7e:a4:4d:3c:b1:8c:60:
                    ee:be:a0:c6:95:0e:02:3d:08:78:c1:f4:28:4b:fa:
                    10:9b:11:0e:c7:25:04:93:d7:0a:dd:92:99:dd:30:
                    19:1c:bd:04:ea:1e:dc:7c:c4:af:3f:a6:61:af:96:
                    ca:eb:d8:bd:9c:20:51:07:4f:3f:ca:ba:f1:2b:3f:
                    2a:dd:ce:b1:ef:a6:b3:bf:dd:a2:65:d3:6f:40:f1:
                    3e:e1:8a:78:6e:38:27:c7:fa:79:ac:e9:66:f2:28:
                    27:dc:b1:4d:4a:73:fa:0d:08:81:73:1f:b1:df:0b:
                    35:45:7c:ea:5c:51:75:f3:20:73:30:a2:f3:d7:39:
                    04:51:ef:eb:f9:d0:ba:53:b2:22:25:cc:f3:6d:09:
                    cd:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:A7:17:B1:72:89:F2:BE:CF:7B:1E:5E:CD:BD:60:EC:DC:2F:FE:96
            X509v3 Authority Key Identifier:
                keyid:B6:7F:1B:87:E6:75:2F:45:43:9B:85:28:CC:96:8B:47:70:A5:A0:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tn8bh-Z1L0VDm4UozJaLR3CloPs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9ff43e-f817-4ebe-a0d9-7a18931d985b/1/4acXsXKJ8r7Pex5ezb1g7Nwv_pY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9ff43e-f817-4ebe-a0d9-7a18931d985b/1/tn8bh-Z1L0VDm4UozJaLR3CloPs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.16.0/22
                  195.242.163.0-195.242.165.255
                IPv6:
                  2a07:7cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:17:39:fb:01:15:49:95:8e:9d:d2:85:5e:bf:de:6d:22:72:
         ea:f6:21:db:ab:7d:bb:f0:97:7c:01:2f:2f:8a:97:b2:4c:7b:
         4b:bb:cc:65:f1:7f:27:cc:9c:94:e2:8c:5b:ed:57:a3:a9:05:
         fc:fe:b8:e6:06:93:12:12:b9:34:d2:eb:11:9c:30:79:25:7a:
         46:cb:a2:93:79:88:49:dc:cb:35:13:dc:a0:ae:5c:4a:7c:49:
         c4:77:4b:50:8f:7f:73:00:91:52:f6:31:d5:92:db:54:53:8d:
         40:26:df:b6:77:60:66:1e:dd:6b:52:52:de:f1:c4:b9:df:81:
         57:ca:63:2f:04:6c:be:ad:a0:45:cc:21:dc:29:1a:cc:5c:49:
         d6:0d:b4:8a:95:e3:b5:17:67:d3:fb:22:30:cd:23:9d:77:42:
         8c:15:6c:2e:41:ca:04:0e:24:84:d1:7f:95:3e:87:9a:93:0a:
         4c:ea:58:62:ef:ad:0c:95:c7:0c:2e:05:0e:f0:22:3a:e2:a4:
         cf:2f:59:89:d5:60:43:24:3f:82:3e:8a:c5:af:5c:f3:9c:80:
         f2:fe:27:0c:64:16:55:f5:8e:68:0d:77:93:87:9d:a5:ca:58:
         3e:1f:17:61:7a:61:d6:8e:b9:53:4d:0c:15:ab:c8:07:c6:7b:
         94:86:1f:f6
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYVsZeR7lNBD52v5JIuRJRY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2N2YxYjg3ZTY3NTJmNDU0MzliODUyOGNjOTY4YjQ3NzBh
NWEwZmIwHhcNMjMwMTAxMDgxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWE3MTdiMTcyODlmMmJlY2Y3YjFlNWVjZGJkNjBlY2RjMmZmZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1yyN+4BGHYu936aUSpwqwncCPMg
+b4bL5JJ2sBhVMikyD73UijL7IybnjjEuIAOEfSa39+dtNxkQ3brRWs7Beixl+Xj
yGDt1ZGxfIAGWePJdDgJwW1zcrrQTvPGdL49qo5khbchKq/BIapq17+m436kTTyx
jGDuvqDGlQ4CPQh4wfQoS/oQmxEOxyUEk9cK3ZKZ3TAZHL0E6h7cfMSvP6Zhr5bK
69i9nCBRB08/yrrxKz8q3c6x76azv92iZdNvQPE+4Yp4bjgnx/p5rOlm8ign3LFN
SnP6DQiBcx+x3ws1RXzqXFF18yBzMKLz1zkEUe/r+dC6U7IiJczzbQnNfwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFOGnF7FyifK+z3seXs29YOzcL/6WMB8GA1UdIwQY
MBaAFLZ/G4fmdS9FQ5uFKMyWi0dwpaD7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG44YmgtWjFMMFZEbTRVb3pKYUxSM0Nsb1BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi85ZmY0M2UtZjgxNy00ZWJlLWEwZDkt
N2ExODkzMWQ5ODViLzEvNGFjWHNYS0o4cjdQZXg1ZXpiMWc3Tnd2X3BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi85ZmY0M2UtZjgxNy00ZWJlLWEwZDktN2ExODkzMWQ5ODVi
LzEvdG44YmgtWjFMMFZEbTRVb3pKYUxSM0Nsb1BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQCuZgQMAwD
BADD8qMDBAHD8qQwDQQCAAIwBwMFAyoHfMAwDQYJKoZIhvcNAQELBQADggEBABMX
OfsBFUmVjp3ShV6/3m0icur2Idurfbvwl3wBLy+Kl7JMe0u7zGXxfyfMnJTijFvt
V6OpBfz+uOYGkxISuTTS6xGcMHklekbLopN5iEncyzUT3KCuXEp8ScR3S1CPf3MA
kVL2MdWS21RTjUAm37Z3YGYe3WtSUt7xxLnfgVfKYy8EbL6toEXMIdwpGsxcSdYN
tIqV47UXZ9P7IjDNI513QowVbC5BygQOJITRf5U+h5qTCkzqWGLvrQyVxwwuBQ7w
IjripM8vWYnVYEMkP4I+isWvXPOcgPL+JwxkFlX1jmgNd5OHnaXKWD4fF2F6YdaO
uVNNDBWryAfGe5SGH/Y=
-----END CERTIFICATE-----