Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/PB_8voocBj6xiO4uO0dhIPCJ480.roa
File:                     PB_8voocBj6xiO4uO0dhIPCJ480.roa (raw, json)
Hash identifier:          cz+DwXgb7Eyagfv6i99MLuGmeaai2G0/nZnJ/Iql/WY=
Subject key identifier:   3C:1F:FC:BE:8A:1C:06:3E:B1:88:EE:2E:3B:47:61:20:F0:89:E3:CD
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018BCE6575F9066F291E27767C8515279D18
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/PB_8voocBj6xiO4uO0dhIPCJ480.roa
Signing time:             Tue 14 Nov 2023 15:13:57 +0000
ROA not before:           Tue 14 Nov 2023 15:13:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197540
IP address blocks:        185.232.68.0/22 maxlen: 22
                          188.172.228.0/23 maxlen: 24
                          194.36.144.0/22 maxlen: 22
                          94.16.104.0/22 maxlen: 24
                          94.16.108.0/22 maxlen: 24
                          94.16.112.0/21 maxlen: 24
                          94.16.120.0/22 maxlen: 24
                          193.26.156.0/22 maxlen: 22
                          94.16.30.0/23 maxlen: 23
                          2a00:11c0:60::/48 maxlen: 48
                          2a00:11c0:81::/56 maxlen: 64

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ce:65:75:f9:06:6f:29:1e:27:76:7c:85:15:27:9d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Nov 14 15:13:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c1ffcbe8a1c063eb188ee2e3b476120f089e3cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d6:02:2b:1e:29:16:88:77:19:68:04:9b:37:
                    4d:fa:aa:65:4d:03:f8:24:7f:9f:05:1d:de:d4:9c:
                    70:2f:58:7b:3c:f8:35:c5:e7:e9:2c:9e:a8:bb:e3:
                    a1:eb:bb:73:c3:f2:41:01:79:c5:8f:4a:79:a9:38:
                    40:84:f6:5f:93:1a:8d:f6:3a:5c:3f:b8:4c:dd:af:
                    05:56:53:d8:3f:28:80:51:ee:6c:3c:c2:10:68:5c:
                    4e:e4:4f:34:a6:e2:2d:f1:66:9b:00:75:f8:c0:32:
                    a3:b0:d7:23:62:0b:22:03:03:95:64:3a:c7:49:ed:
                    46:0d:4f:c0:81:40:31:e0:55:e8:40:dd:c6:fe:94:
                    7e:74:9c:0f:6e:97:4f:7e:e6:a0:b9:fc:bf:d4:af:
                    67:4c:70:85:ec:c9:da:9b:ae:f4:b8:07:4c:1c:d9:
                    26:19:69:ad:63:bf:b4:9a:ee:aa:da:7b:3f:17:f8:
                    76:35:a7:40:ba:62:85:7d:26:7a:75:cb:1b:85:19:
                    cb:54:9a:bc:f4:1e:39:2c:11:6c:2b:f2:79:25:55:
                    dd:3c:ed:6c:fc:31:01:1e:51:e3:d7:98:bb:10:28:
                    71:4b:5d:77:7d:31:33:19:2e:6f:b5:57:36:32:60:
                    3c:9f:dc:8c:2e:b4:6f:05:0e:87:77:e7:53:12:dd:
                    b5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:1F:FC:BE:8A:1C:06:3E:B1:88:EE:2E:3B:47:61:20:F0:89:E3:CD
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/PB_8voocBj6xiO4uO0dhIPCJ480.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.16.30.0/23
                  94.16.104.0-94.16.123.255
                  185.232.68.0/22
                  188.172.228.0/23
                  193.26.156.0/22
                  194.36.144.0/22
                IPv6:
                  2a00:11c0:60::/48
                  2a00:11c0:81::/56

    Signature Algorithm: sha256WithRSAEncryption
         4f:cc:41:8a:71:f8:f7:2e:1b:49:e1:c8:80:3e:c6:22:41:9a:
         b3:87:ea:66:61:98:64:d6:e0:34:36:25:e9:fc:7d:ed:03:f4:
         1b:a5:bd:95:b8:83:79:12:12:1f:a2:dc:64:41:30:a6:8b:db:
         34:b1:18:17:ed:2e:7f:2e:47:d4:21:5b:a3:ab:8e:1c:4f:b0:
         a8:5a:28:94:a8:9c:a4:86:e5:9e:38:cd:7f:5c:4e:52:28:a0:
         3a:5c:f3:40:bc:e8:be:64:22:3b:59:3d:3b:d3:7b:85:c8:52:
         b6:53:b6:33:be:10:81:4f:68:5f:3f:6f:78:6c:fe:00:10:57:
         9c:9e:58:1d:93:01:41:f3:b1:78:db:93:a3:ef:4b:0c:d0:91:
         03:a7:7b:17:b3:29:d0:e4:ec:d7:04:c9:86:ac:63:4a:94:3f:
         35:36:43:9c:f7:0a:c3:4b:5b:fe:08:0b:33:40:80:e4:63:a1:
         ee:ed:d2:1d:19:93:5d:23:ec:06:91:fa:68:79:a7:2e:28:e3:
         d6:76:1c:a1:52:98:30:38:3c:ac:f4:23:e3:d5:d4:61:f3:1c:
         46:f2:f8:2b:99:16:76:7d:f1:33:13:c2:bb:dc:bb:1a:0c:c0:
         48:d0:53:c1:a2:77:0d:dd:bf:00:aa:2d:60:3b:ca:8d:e2:71:
         e4:ab:50:c1
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYvOZXX5Bm8pHid2fIUVJ50YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjMxMTE0MTUxMzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzFmZmNiZThhMWMwNjNlYjE4OGVlMmUzYjQ3NjEyMGYwODllM2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotYCKx4pFoh3GWgEmzdN+qplTQP4
JH+fBR3e1JxwL1h7PPg1xefpLJ6ou+Oh67tzw/JBAXnFj0p5qThAhPZfkxqN9jpc
P7hM3a8FVlPYPyiAUe5sPMIQaFxO5E80puIt8WabAHX4wDKjsNcjYgsiAwOVZDrH
Se1GDU/AgUAx4FXoQN3G/pR+dJwPbpdPfuagufy/1K9nTHCF7Mnam670uAdMHNkm
GWmtY7+0mu6q2ns/F/h2NadAumKFfSZ6dcsbhRnLVJq89B45LBFsK/J5JVXdPO1s
/DEBHlHj15i7EChxS113fTEzGS5vtVc2MmA8n9yMLrRvBQ6Hd+dTEt21qQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDwf/L6KHAY+sYjuLjtHYSDwiePNMB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvUEJfOHZvb2NCajZ4aU80dU8wZGhJUENKNDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAyBAIAATAsAwQBXhAeMAwD
BANeEGgDBAJeEHgDBAK56EQDBAG8rOQDBALBGpwDBALCJJAwGQQCAAIwEwMHACoA
EcAAYAMIACoAEcAAgQAwDQYJKoZIhvcNAQELBQADggEBAE/MQYpx+PcuG0nhyIA+
xiJBmrOH6mZhmGTW4DQ2Jen8fe0D9BulvZW4g3kSEh+i3GRBMKaL2zSxGBftLn8u
R9QhW6OrjhxPsKhaKJSonKSG5Z44zX9cTlIooDpc80C86L5kIjtZPTvTe4XIUrZT
tjO+EIFPaF8/b3hs/gAQV5yeWB2TAUHzsXjbk6PvSwzQkQOnexezKdDk7NcEyYas
Y0qUPzU2Q5z3CsNLW/4ICzNAgORjoe7t0h0Zk10j7AaR+mh5py4o49Z2HKFSmDA4
PKz0I+PV1GHzHEby+CuZFnZ98TMTwrvcuxoMwEjQU8Gidw3dvwCqLWA7yo3iceSr
UME=
-----END CERTIFICATE-----