Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/XO0EqOePX8xlfsrLNKTH1DhCZbo.roa
File:                     XO0EqOePX8xlfsrLNKTH1DhCZbo.roa (raw, json)
Hash identifier:          ZKqv8VbGxYmhLN8wmPo7pzAj1+cROSmySd7OSBlizlY=
Subject key identifier:   5C:ED:04:A8:E7:8F:5F:CC:65:7E:CA:CB:34:A4:C7:D4:38:42:65:BA
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0188977D025B77CE7A7F6298249D0D30B741
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/XO0EqOePX8xlfsrLNKTH1DhCZbo.roa
Signing time:             Wed 07 Jun 2023 20:12:11 +0000
ROA not before:           Wed 07 Jun 2023 20:12:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     397373
IP address blocks:        104.249.24.0/24 maxlen: 24
                          216.173.83.0/24 maxlen: 24
                          104.249.28.0/24 maxlen: 24
                          104.249.27.0/24 maxlen: 24
                          104.249.26.0/24 maxlen: 24
                          104.143.228.0/24 maxlen: 24
                          216.173.101.0/24 maxlen: 24
                          104.249.56.0/22 maxlen: 22
                          216.173.118.0/24 maxlen: 24
                          104.143.253.0/24 maxlen: 24
                          45.43.128.0/21 maxlen: 21
                          45.43.128.0/22 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:97:7d:02:5b:77:ce:7a:7f:62:98:24:9d:0d:30:b7:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jun  7 20:12:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5ced04a8e78f5fcc657ecacb34a4c7d4384265ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ab:cc:80:b9:57:3b:41:8c:2a:2e:62:fc:31:
                    92:a4:b6:2d:7a:1a:94:9f:d7:d1:dd:46:60:db:25:
                    17:68:e0:45:91:0f:b4:f7:85:0f:59:c1:7b:a5:03:
                    c9:73:81:dd:aa:95:ab:dc:a9:45:d5:00:4c:1f:e6:
                    ac:a2:a5:5d:4b:c2:2d:8f:2d:59:2a:c3:d3:bd:6b:
                    29:1a:c1:70:96:be:07:b5:f9:d5:4e:e5:49:82:be:
                    33:43:58:c6:7c:8b:0f:31:60:4e:19:ef:a7:93:e4:
                    7f:0c:c0:c9:0d:87:3f:38:8c:58:51:64:92:c2:41:
                    8c:24:10:33:16:16:79:61:cc:b1:e7:c5:17:cb:0d:
                    c3:87:5d:57:78:f5:ce:1c:36:22:96:06:79:79:51:
                    43:be:9a:6f:0f:99:cf:32:83:bc:a4:52:c4:32:0a:
                    c5:da:5d:c2:34:a7:49:c1:79:3c:c1:9d:a7:d2:36:
                    9d:20:7a:ee:10:34:64:e9:05:2f:6a:93:f7:f6:5f:
                    ad:13:cc:69:64:8f:65:e2:c4:b3:a5:25:68:94:0c:
                    29:78:92:2a:c9:78:d2:cb:d6:31:60:ab:19:5d:7e:
                    93:7a:cf:a3:86:a0:ad:84:4e:9c:3b:49:eb:bd:c6:
                    cf:23:d5:4e:4b:2d:fc:83:0f:0c:9f:b4:97:7c:28:
                    9e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:ED:04:A8:E7:8F:5F:CC:65:7E:CA:CB:34:A4:C7:D4:38:42:65:BA
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/XO0EqOePX8xlfsrLNKTH1DhCZbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.128.0/21
                  104.143.228.0/24
                  104.143.253.0/24
                  104.249.24.0/24
                  104.249.26.0-104.249.28.255
                  104.249.56.0/22
                  216.173.83.0/24
                  216.173.101.0/24
                  216.173.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:41:9f:21:3a:47:62:2b:c5:c8:cb:02:db:ed:1e:19:1e:ab:
         34:fb:2f:24:58:54:8e:c0:0b:0a:33:26:ad:1a:e2:4e:b1:8b:
         1d:04:ad:ef:d4:f6:3c:c0:0f:f8:ce:56:cc:8b:ca:53:83:91:
         2f:0d:59:cc:8a:a8:2f:a0:91:bd:95:60:12:57:04:7d:5c:a0:
         82:28:6d:ba:d8:25:64:ac:83:b4:fd:51:ef:3e:88:21:8c:1a:
         f0:8b:36:ff:6a:e4:c1:d3:f4:69:04:d1:51:ab:c3:f7:9b:31:
         f9:2d:14:42:7e:18:d4:c6:aa:01:4e:3e:d4:5c:76:81:c1:2b:
         f6:a0:82:9b:b7:ce:59:82:73:73:b3:6c:e9:f1:69:d5:f6:03:
         68:a0:e5:18:9f:ac:da:be:b2:3a:7d:76:36:27:35:dd:a1:09:
         d0:d1:11:a1:d5:13:48:54:b5:11:29:80:66:17:7a:a6:a8:e0:
         45:eb:b7:54:7e:6c:11:7d:e7:97:cc:bd:89:7f:dd:43:28:a5:
         d0:09:ad:c6:3e:f6:a9:cf:c5:cd:2c:8b:f3:29:2b:3b:b3:f7:
         7d:9c:8a:03:0d:6e:15:cb:28:0d:09:c3:dc:47:b1:2c:8c:90:
         f8:33:e5:19:16:a7:af:b9:1e:9b:62:d1:a4:74:b9:ee:c0:f1:
         9f:11:96:35
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYiXfQJbd856f2KYJJ0NMLdBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwNjA3MjAxMjExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2VkMDRhOGU3OGY1ZmNjNjU3ZWNhY2IzNGE0YzdkNDM4NDI2NWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApavMgLlXO0GMKi5i/DGSpLYtehqU
n9fR3UZg2yUXaOBFkQ+094UPWcF7pQPJc4HdqpWr3KlF1QBMH+asoqVdS8Itjy1Z
KsPTvWspGsFwlr4HtfnVTuVJgr4zQ1jGfIsPMWBOGe+nk+R/DMDJDYc/OIxYUWSS
wkGMJBAzFhZ5Ycyx58UXyw3Dh11XePXOHDYilgZ5eVFDvppvD5nPMoO8pFLEMgrF
2l3CNKdJwXk8wZ2n0jadIHruEDRk6QUvapP39l+tE8xpZI9l4sSzpSVolAwpeJIq
yXjSy9YxYKsZXX6Tes+jhqCthE6cO0nrvcbPI9VOSy38gw8Mn7SXfCieawIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFFztBKjnj1/MZX7KyzSkx9Q4QmW6MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvWE8wRXFPZVBYOHhsZnNyTE5LVEgxRGhDWmJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQDLSuAAwQA
aI/kAwQAaI/9AwQAaPkYMAwDBAFo+RoDBABo+RwDBAJo+TgDBADYrVMDBADYrWUD
BADYrXYwDQYJKoZIhvcNAQELBQADggEBAFZBnyE6R2IrxcjLAtvtHhkeqzT7LyRY
VI7ACwozJq0a4k6xix0Ere/U9jzAD/jOVsyLylODkS8NWcyKqC+gkb2VYBJXBH1c
oIIobbrYJWSsg7T9Ue8+iCGMGvCLNv9q5MHT9GkE0VGrw/ebMfktFEJ+GNTGqgFO
PtRcdoHBK/aggpu3zlmCc3OzbOnxadX2A2ig5RifrNq+sjp9djYnNd2hCdDREaHV
E0hUtREpgGYXeqao4EXrt1R+bBF955fMvYl/3UMopdAJrcY+9qnPxc0si/MpKzuz
932cigMNbhXLKA0Jw9xHsSyMkPgz5RkWp6+5Hpti0aR0ue7A8Z8RljU=
-----END CERTIFICATE-----