Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/h8m7tMneh3Q7qliG7J-QuLOCHcI.roa
File:                     h8m7tMneh3Q7qliG7J-QuLOCHcI.roa (raw, json)
Hash identifier:          2uwtw2eceYqksjWwJqzqUnu7pjI2ORb31FMBKuuyZPk=
Subject key identifier:   87:C9:BB:B4:C9:DE:87:74:3B:AA:58:86:EC:9F:90:B8:B3:82:1D:C2
Certificate issuer:       /CN=9812e491aaa655b6324dbcc0cff00a8d63191076
Certificate serial:       018906915F9BD9F3F0CB08DBA4B2D768FD6C
Authority key identifier: 98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/h8m7tMneh3Q7qliG7J-QuLOCHcI.roa
Signing time:             Thu 29 Jun 2023 09:52:17 +0000
ROA not before:           Thu 29 Jun 2023 09:52:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29286
IP address blocks:        37.72.192.0/19 maxlen: 19
                          213.151.176.0/21 maxlen: 21
                          213.151.184.0/22 maxlen: 22
                          37.72.225.0/24 maxlen: 24
                          37.72.226.0/24 maxlen: 24
                          37.72.224.0/24 maxlen: 24
                          37.72.229.0/24 maxlen: 24
                          37.72.228.0/24 maxlen: 24
                          37.72.227.0/24 maxlen: 24
                          37.72.240.0/24 maxlen: 24
                          37.72.243.0/24 maxlen: 24
                          37.72.242.0/24 maxlen: 24
                          37.72.244.0/22 maxlen: 22
                          37.72.248.0/24 maxlen: 24
                          37.72.252.0/22 maxlen: 22
                          37.72.250.0/23 maxlen: 23
                          37.72.249.0/24 maxlen: 24
                          81.20.208.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:06:91:5f:9b:d9:f3:f0:cb:08:db:a4:b2:d7:68:fd:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9812e491aaa655b6324dbcc0cff00a8d63191076
        Validity
            Not Before: Jun 29 09:52:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=87c9bbb4c9de87743baa5886ec9f90b8b3821dc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:27:b5:f9:b4:cc:bf:b4:a0:98:6c:fb:c6:4e:
                    0f:c9:20:71:b2:09:42:a1:f3:eb:a5:71:56:27:47:
                    94:ab:1f:f5:fb:5e:4b:92:c4:ef:e3:ff:43:bb:9d:
                    12:b9:4f:81:32:76:e2:1c:b5:43:3d:d8:ae:f1:05:
                    44:51:2a:c4:8a:d7:fc:20:eb:bd:ca:22:8a:e3:8f:
                    e6:77:0f:af:e6:78:a1:41:ba:3d:f7:29:4c:88:ed:
                    ef:60:10:c4:53:d4:56:38:f1:8d:55:74:e6:4a:41:
                    93:5f:88:07:82:f8:c8:11:a8:4f:bb:cf:ed:dd:1f:
                    57:71:d0:d5:d6:d8:85:34:35:57:16:59:60:cb:ef:
                    5a:57:67:fc:1b:76:3c:41:3c:ec:73:de:b0:fc:f0:
                    65:a2:5f:97:c6:0d:44:f9:89:ff:ea:68:0a:d8:a0:
                    7f:fe:3b:4e:83:f3:34:d2:e1:64:6f:4b:c6:0b:f2:
                    64:27:81:6d:7a:5b:55:0a:74:ce:f4:e1:a6:b0:85:
                    65:74:c4:e0:c3:59:06:80:5d:38:e3:48:53:0f:fd:
                    84:34:5a:e1:84:33:f3:9a:d7:c8:be:ad:96:d0:9e:
                    c8:50:91:66:bf:f2:74:d9:54:0c:11:14:a4:53:67:
                    29:96:f7:fc:72:6f:e0:52:0d:d3:a4:38:06:12:04:
                    1a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:C9:BB:B4:C9:DE:87:74:3B:AA:58:86:EC:9F:90:B8:B3:82:1D:C2
            X509v3 Authority Key Identifier:
                keyid:98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/h8m7tMneh3Q7qliG7J-QuLOCHcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.192.0-37.72.229.255
                  37.72.240.0/24
                  37.72.242.0-37.72.255.255
                  81.20.208.0/20
                  213.151.176.0-213.151.187.255

    Signature Algorithm: sha256WithRSAEncryption
         cc:6e:2d:cb:da:48:b5:4f:37:6b:da:6a:12:8b:e5:3d:6c:87:
         07:f7:93:60:dd:23:9c:c7:ab:59:dc:69:a9:6d:36:26:2c:aa:
         8a:02:d6:36:b0:80:54:4e:a4:1a:1f:08:bb:09:15:35:9b:5e:
         73:0a:48:24:8f:35:f2:b0:ff:36:38:27:7a:be:7a:40:a2:83:
         07:23:cf:eb:07:f0:10:98:66:13:6f:10:6a:e9:3c:63:14:c3:
         72:87:0b:9a:1a:fe:cf:76:a0:58:fb:0b:c6:37:7e:e3:d4:ba:
         29:14:4f:2e:ab:fb:4a:94:e5:bc:c7:2b:3b:6a:82:ff:f8:93:
         be:8c:eb:27:74:05:69:7f:89:21:9e:91:79:50:75:1a:9f:f0:
         a6:95:f0:8d:fa:b4:5d:af:6c:20:7d:c3:18:64:db:8a:cc:a6:
         42:3d:f1:d7:88:07:47:4f:45:5c:4b:cd:97:ab:1e:64:ba:d6:
         84:f8:2a:28:64:17:51:c6:5b:0e:7d:6f:e5:9b:1d:7f:fe:d4:
         23:fd:88:13:2d:9d:82:ca:6f:bf:f9:5e:36:66:14:28:4d:25:
         98:b4:3b:ab:c2:25:61:83:af:02:95:1d:87:eb:92:b2:7e:74:
         6e:0b:87:81:09:9b:fd:2e:7f:be:62:13:54:23:cb:9a:55:a7:
         40:e7:8f:76
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYkGkV+b2fPwywjbpLLXaP1sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTJlNDkxYWFhNjU1YjYzMjRkYmNjMGNmZjAwYThkNjMx
OTEwNzYwHhcNMjMwNjI5MDk1MjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2M5YmJiNGM5ZGU4Nzc0M2JhYTU4ODZlYzlmOTBiOGIzODIxZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCe1+bTMv7SgmGz7xk4PySBxsglC
ofPrpXFWJ0eUqx/1+15LksTv4/9Du50SuU+BMnbiHLVDPdiu8QVEUSrEitf8IOu9
yiKK44/mdw+v5nihQbo99ylMiO3vYBDEU9RWOPGNVXTmSkGTX4gHgvjIEahPu8/t
3R9XcdDV1tiFNDVXFllgy+9aV2f8G3Y8QTzsc96w/PBlol+Xxg1E+Yn/6mgK2KB/
/jtOg/M00uFkb0vGC/JkJ4FteltVCnTO9OGmsIVldMTgw1kGgF0440hTD/2ENFrh
hDPzmtfIvq2W0J7IUJFmv/J02VQMERSkU2cplvf8cm/gUg3TpDgGEgQaNwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFIfJu7TJ3od0O6pYhuyfkLizgh3CMB8GA1UdIwQY
MBaAFJgS5JGqplW2Mk28wM/wCo1jGRB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUt
ZGZmZTE3ZjNkYjU0LzEvaDhtN3RNbmVoM1E3cWxpRzdKLVF1TE9DSGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUtZGZmZTE3ZjNkYjU0
LzEvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTA7BAIAATA1MAwDBAYlSMAD
BAElSOQDBAAlSPAwCwMEASVI8gMDACVIAwQEURTQMAwDBATVl7ADBALVl7gwDQYJ
KoZIhvcNAQELBQADggEBAMxuLcvaSLVPN2vaahKL5T1shwf3k2DdI5zHq1ncaalt
NiYsqooC1jawgFROpBofCLsJFTWbXnMKSCSPNfKw/zY4J3q+ekCigwcjz+sH8BCY
ZhNvEGrpPGMUw3KHC5oa/s92oFj7C8Y3fuPUuikUTy6r+0qU5bzHKztqgv/4k76M
6yd0BWl/iSGekXlQdRqf8KaV8I36tF2vbCB9wxhk24rMpkI98deIB0dPRVxLzZer
HmS61oT4KihkF1HGWw59b+WbHX/+1CP9iBMtnYLKb7/5XjZmFChNJZi0O6vCJWGD
rwKVHYfrkrJ+dG4Lh4EJm/0uf75iE1Qjy5pVp0Dnj3Y=
-----END CERTIFICATE-----