Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/UQB9sEXCRlgMMBRT6MNERp6sMt0.roa
File:                     UQB9sEXCRlgMMBRT6MNERp6sMt0.roa (raw, json)
Hash identifier:          cwSrPAjIsQFhRJIVu5+hn4RORsmKfiAqEHf0LFTB0yw=
Subject key identifier:   51:00:7D:B0:45:C2:46:58:0C:30:14:53:E8:C3:44:46:9E:AC:32:DD
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7AA08AE24DD19508E9DA64669576E6BC
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/UQB9sEXCRlgMMBRT6MNERp6sMt0.roa
Signing time:             Tue 26 Mar 2024 11:58:45 +0000
ROA not before:           Tue 26 Mar 2024 11:58:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6762
IP address blocks:        88.221.28.0/22 maxlen: 22
                          88.221.100.0/22 maxlen: 22
                          92.122.68.0/22 maxlen: 22
                          92.122.225.0/24 maxlen: 24
                          92.122.248.0/22 maxlen: 22
                          92.123.48.0/24 maxlen: 24
                          95.100.128.0/22 maxlen: 22
                          95.101.68.0/22 maxlen: 22
                          95.101.114.0/24 maxlen: 24
                          95.101.156.0/22 maxlen: 22
                          2a02:26f0:9700::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 26 Mar 2024 13:22:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7a:a0:8a:e2:4d:d1:95:08:e9:da:64:66:95:76:e6:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 26 11:58:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51007db045c246580c301453e8c344469eac32dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:03:f1:33:cc:10:70:63:2e:35:b6:9e:a3:05:
                    2c:f7:00:33:6f:a7:d1:88:cd:f1:2f:ad:43:f3:65:
                    48:d6:1c:57:23:7e:65:d6:4b:5a:ed:74:7f:4c:39:
                    05:56:11:0c:e2:2a:7a:b1:18:82:11:e2:58:1b:7d:
                    e0:a0:2b:7d:ff:39:5e:06:af:18:96:c6:43:b6:70:
                    cb:93:42:e4:c6:11:1f:b0:32:4d:de:0d:3e:a5:d2:
                    f7:2e:2b:11:b0:43:ee:20:03:74:b1:de:51:03:85:
                    73:c6:b2:b9:b7:4c:ae:c5:11:9e:dc:8a:49:90:8b:
                    4a:43:84:29:cc:37:71:f7:ef:69:0c:a2:23:f9:19:
                    ff:dc:97:b6:77:94:93:44:cc:41:af:0f:d3:ee:cf:
                    59:36:65:75:53:f9:0b:ee:cc:6c:64:db:9a:43:29:
                    24:3b:5f:c3:aa:cd:ca:50:01:50:0d:fa:05:04:96:
                    e9:64:c1:eb:5a:dd:88:25:09:bc:c7:8f:5c:71:71:
                    5a:1d:b0:51:0b:50:f2:dd:17:6c:12:c8:64:b2:7a:
                    9a:b4:99:b5:33:cb:7f:47:f5:e2:af:c0:02:98:0a:
                    f4:0b:99:53:a7:12:64:51:34:b3:5f:c7:06:39:8d:
                    a0:bf:27:dc:03:cf:c9:1d:34:c4:b9:3e:ff:c1:73:
                    a7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:00:7D:B0:45:C2:46:58:0C:30:14:53:E8:C3:44:46:9E:AC:32:DD
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/UQB9sEXCRlgMMBRT6MNERp6sMt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.221.28.0/22
                  88.221.100.0/22
                  92.122.68.0/22
                  92.122.225.0/24
                  92.122.248.0/22
                  92.123.48.0/24
                  95.100.128.0/22
                  95.101.68.0/22
                  95.101.114.0/24
                  95.101.156.0/22
                IPv6:
                  2a02:26f0:9700::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:4c:6e:da:dd:22:83:e4:5a:5a:35:22:7e:a5:1b:6e:b7:9a:
         8a:04:48:fb:49:6c:c8:5a:a9:38:f0:93:7f:4c:3f:40:21:57:
         b3:50:3b:03:a9:82:f1:3b:bd:94:78:f8:f4:90:50:03:6c:90:
         59:16:07:84:76:b8:e4:b0:3b:4a:79:15:2e:be:62:fb:6d:91:
         a8:66:f4:c9:e6:87:6e:6c:e2:23:85:fb:af:d1:e2:02:17:55:
         3c:7b:3a:77:24:65:e9:5e:f7:b7:db:f7:a7:b5:0c:58:bb:8a:
         6b:89:d7:81:ef:55:09:92:8e:92:fb:bf:26:a7:5d:0f:05:f7:
         44:cf:b0:00:09:7a:27:e9:a9:5c:0a:c0:da:bd:44:94:3a:74:
         c2:f7:5b:08:11:b7:af:e4:bf:3f:8c:35:1b:78:f8:22:cd:ee:
         3c:7d:b6:7d:07:c6:14:0b:26:cf:a5:32:b9:1d:1f:09:c8:69:
         b5:6e:14:1f:64:8c:0d:89:74:7b:27:5e:1a:a6:2a:7d:e6:53:
         91:70:90:47:ff:98:2f:1d:50:94:59:d0:1b:55:e0:70:7a:db:
         55:1d:69:5e:20:a6:ac:9b:ad:0b:f4:f7:2b:83:ca:ac:20:66:
         59:25:84:67:d5:83:04:b1:8f:28:50:eb:9f:12:f5:84:0c:4f:
         75:b3:7c:6d
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAY56oIriTdGVCOnaZGaVdua8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI2MTE1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTAwN2RiMDQ1YzI0NjU4MGMzMDE0NTNlOGMzNDQ0NjllYWMzMmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgPxM8wQcGMuNbaeowUs9wAzb6fR
iM3xL61D82VI1hxXI35l1kta7XR/TDkFVhEM4ip6sRiCEeJYG33goCt9/zleBq8Y
lsZDtnDLk0LkxhEfsDJN3g0+pdL3LisRsEPuIAN0sd5RA4VzxrK5t0yuxRGe3IpJ
kItKQ4QpzDdx9+9pDKIj+Rn/3Je2d5STRMxBrw/T7s9ZNmV1U/kL7sxsZNuaQykk
O1/Dqs3KUAFQDfoFBJbpZMHrWt2IJQm8x49ccXFaHbBRC1Dy3RdsEshksnqatJm1
M8t/R/Xir8ACmAr0C5lTpxJkUTSzX8cGOY2gvyfcA8/JHTTEuT7/wXOnTwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFFEAfbBFwkZYDDAUU+jDREaerDLdMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvVVFCOXNFWENSbGdNTUJSVDZNTkVScDZzTXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBCBAIAATA8AwQCWN0cAwQC
WN1kAwQCXHpEAwQAXHrhAwQCXHr4AwQAXHswAwQCX2SAAwQCX2VEAwQAX2VyAwQC
X2WcMA8EAgACMAkDBwAqAibwlwAwDQYJKoZIhvcNAQELBQADggEBABlMbtrdIoPk
Wlo1In6lG263mooESPtJbMhaqTjwk39MP0AhV7NQOwOpgvE7vZR4+PSQUANskFkW
B4R2uOSwO0p5FS6+Yvttkahm9Mnmh25s4iOF+6/R4gIXVTx7OnckZele97fb96e1
DFi7imuJ14HvVQmSjpL7vyanXQ8F90TPsAAJeifpqVwKwNq9RJQ6dML3WwgRt6/k
vz+MNRt4+CLN7jx9tn0HxhQLJs+lMrkdHwnIabVuFB9kjA2JdHsnXhqmKn3mU5Fw
kEf/mC8dUJRZ0BtV4HB621UdaV4gpqybrQv09yuDyqwgZlklhGfVgwSxjyhQ658S
9YQMT3WzfG0=
-----END CERTIFICATE-----