Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ZYm6gOO4DcuC24Ow-p_pP93oiUE.roa
File:                     ZYm6gOO4DcuC24Ow-p_pP93oiUE.roa (raw, json)
Hash identifier:          uX22x1HyzaXEQK+W1Gm6k8S3MMk/6QhXTNe8OLEZkVs=
Subject key identifier:   65:89:BA:80:E3:B8:0D:CB:82:DB:83:B0:FA:9F:E9:3F:DD:E8:89:41
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0186602895B78B26737363DFBA8A5E460B3B
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ZYm6gOO4DcuC24Ow-p_pP93oiUE.roa
Signing time:             Fri 17 Feb 2023 16:15:17 +0000
ROA not before:           Fri 17 Feb 2023 16:15:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        104.239.92.0/23 maxlen: 23
                          104.239.98.0/24 maxlen: 24
                          104.167.0.0/24 maxlen: 24
                          216.173.122.0/23 maxlen: 23
                          104.239.82.0/24 maxlen: 24
                          104.239.90.0/23 maxlen: 23
                          104.239.86.0/24 maxlen: 24
                          104.233.20.0/24 maxlen: 24
                          216.173.80.0/23 maxlen: 23
                          216.173.88.0/23 maxlen: 23
                          104.239.13.0/24 maxlen: 24
                          104.239.16.0/22 maxlen: 22
                          104.239.20.0/22 maxlen: 22
                          216.173.108.0/24 maxlen: 24
                          104.239.36.0/22 maxlen: 22
                          104.239.32.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Wed 22 Feb 2023 21:11:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:60:28:95:b7:8b:26:73:73:63:df:ba:8a:5e:46:0b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Feb 17 16:15:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6589ba80e3b80dcb82db83b0fa9fe93fdde88941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:38:b1:4f:3b:7e:0f:a9:dc:5b:73:af:d7:f6:
                    c6:98:c5:ab:e7:ae:cf:34:6b:8a:38:07:a1:0a:d6:
                    32:9f:2b:83:18:ef:e0:a7:3c:3d:98:cc:6d:6f:0f:
                    c3:1b:3b:0c:e4:8f:95:53:84:9c:f0:25:7e:df:25:
                    23:e2:ce:6c:64:2d:24:8e:2e:74:7e:19:f3:81:5e:
                    39:d8:e1:55:2f:9a:35:67:dd:b1:f9:d5:de:f0:89:
                    af:8a:27:ef:81:0a:76:b6:4e:a1:e2:08:80:5c:cf:
                    6f:e5:7e:f0:09:ba:ef:7d:82:11:91:52:91:d5:3f:
                    9f:2c:53:ea:43:99:0f:74:b0:ee:6d:95:2f:1f:7d:
                    8b:d3:e1:be:a5:d5:6f:a2:46:9f:67:2d:3f:06:5c:
                    c1:69:cb:6e:65:28:3c:1d:ca:86:9e:61:29:97:3f:
                    77:60:3a:c6:7a:02:ea:12:ae:ce:1d:52:aa:97:a9:
                    76:4c:2f:97:f4:d2:bd:be:7b:c6:91:66:0b:22:87:
                    9e:51:cb:67:97:37:0d:f7:28:61:da:df:42:c2:65:
                    5c:c8:d4:0e:f9:13:68:c8:64:4c:63:8e:41:d9:fa:
                    e6:c0:d4:1c:01:92:1f:ab:b2:6f:5d:db:0f:ef:f5:
                    64:b0:1b:72:a1:e1:b1:64:15:e4:78:6b:c5:e0:b6:
                    b4:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:89:BA:80:E3:B8:0D:CB:82:DB:83:B0:FA:9F:E9:3F:DD:E8:89:41
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ZYm6gOO4DcuC24Ow-p_pP93oiUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.167.0.0/24
                  104.233.20.0/24
                  104.239.13.0/24
                  104.239.16.0/21
                  104.239.32.0/21
                  104.239.82.0/24
                  104.239.86.0/24
                  104.239.90.0-104.239.93.255
                  104.239.98.0/24
                  216.173.80.0/23
                  216.173.88.0/23
                  216.173.108.0/24
                  216.173.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:cd:6b:ef:3c:7d:c0:63:5d:14:84:b6:24:3b:58:41:c5:14:
         76:2c:d2:53:24:99:92:78:a8:61:88:b3:7f:60:02:ae:a6:52:
         e3:28:df:c0:8e:93:70:bb:e9:21:2a:cc:2a:7b:d1:1d:0d:4a:
         d5:60:f2:32:6a:d1:b9:e2:f7:a5:5a:7c:97:57:61:2d:90:7a:
         68:f0:2d:0f:a8:32:93:01:85:34:bc:bf:c5:3d:57:79:d9:69:
         5d:e5:a6:11:cd:61:f2:5e:bc:7f:a0:2c:2f:59:cd:b1:f8:90:
         73:c5:b9:66:ff:c5:28:79:86:e0:7b:b4:d9:93:08:c1:5d:09:
         5c:e5:f4:6a:ad:dd:1c:c9:46:3a:d2:69:64:f4:47:ab:0d:e2:
         55:3f:cb:84:cc:af:d9:d5:b7:c5:33:8a:f4:91:ff:ba:2a:1f:
         0f:25:28:3a:37:2e:a8:a8:5f:f5:66:b5:e7:04:38:06:98:4b:
         44:76:a9:b3:eb:45:85:25:2c:66:42:d3:36:bb:45:d5:f5:de:
         99:02:f0:98:27:81:be:c1:2e:3c:1c:ec:d5:de:ba:e9:98:f3:
         bd:09:df:ee:01:cb:39:03:7b:8c:45:1a:ea:1d:ac:c0:8c:f1:
         6b:03:c5:2a:2b:77:99:3b:52:46:62:52:b0:9d:56:5b:b8:f5:
         28:2c:c9:61
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYZgKJW3iyZzc2PfuopeRgs7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwMjE3MTYxNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTg5YmE4MGUzYjgwZGNiODJkYjgzYjBmYTlmZTkzZmRkZTg4OTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDixTzt+D6ncW3Ov1/bGmMWr567P
NGuKOAehCtYynyuDGO/gpzw9mMxtbw/DGzsM5I+VU4Sc8CV+3yUj4s5sZC0kji50
fhnzgV452OFVL5o1Z92x+dXe8ImviifvgQp2tk6h4giAXM9v5X7wCbrvfYIRkVKR
1T+fLFPqQ5kPdLDubZUvH32L0+G+pdVvokafZy0/BlzBactuZSg8HcqGnmEplz93
YDrGegLqEq7OHVKql6l2TC+X9NK9vnvGkWYLIoeeUctnlzcN9yhh2t9CwmVcyNQO
+RNoyGRMY45B2frmwNQcAZIfq7JvXdsP7/VksBtyoeGxZBXkeGvF4La0pwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFGWJuoDjuA3LgtuDsPqf6T/d6IlBMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvWlltNmdPTzREY3VDMjRPdy1wX3BQOTNvaVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAaKcAAwQA
aOkUAwQAaO8NAwQDaO8QAwQDaO8gAwQAaO9SAwQAaO9WMAwDBAFo71oDBAFo71wD
BABo72IDBAHYrVADBAHYrVgDBADYrWwDBAHYrXowDQYJKoZIhvcNAQELBQADggEB
AAbNa+88fcBjXRSEtiQ7WEHFFHYs0lMkmZJ4qGGIs39gAq6mUuMo38COk3C76SEq
zCp70R0NStVg8jJq0bni96VafJdXYS2QemjwLQ+oMpMBhTS8v8U9V3nZaV3lphHN
YfJevH+gLC9ZzbH4kHPFuWb/xSh5huB7tNmTCMFdCVzl9Gqt3RzJRjrSaWT0R6sN
4lU/y4TMr9nVt8UzivSR/7oqHw8lKDo3LqioX/VmtecEOAaYS0R2qbPrRYUlLGZC
0za7RdX13pkC8Jgngb7BLjwc7NXeuumY870J3+4ByzkDe4xFGuodrMCM8WsDxSor
d5k7UkZiUrCdVlu49SgsyWE=
-----END CERTIFICATE-----