Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/z8K_3bHDXhYjzXlkqpVsMatQpq0.roa
File:                     z8K_3bHDXhYjzXlkqpVsMatQpq0.roa (raw, json)
Hash identifier:          rhXGVs3mvrx0s1GNuUZ1TxOHpy7wum8kViAzlImlJME=
Subject key identifier:   CF:C2:BF:DD:B1:C3:5E:16:23:CD:79:64:AA:95:6C:31:AB:50:A6:AD
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018B71523B22866B78F24068447EEB991F08
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/z8K_3bHDXhYjzXlkqpVsMatQpq0.roa
Signing time:             Fri 27 Oct 2023 13:28:16 +0000
ROA not before:           Fri 27 Oct 2023 13:28:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212552
IP address blocks:        212.90.102.0/23 maxlen: 24
                          185.215.244.0/23 maxlen: 24
                          103.75.196.0/22 maxlen: 24
                          46.249.98.0/23 maxlen: 24
                          82.115.17.0/24 maxlen: 24
                          82.115.16.0/24 maxlen: 24
                          193.36.84.0/23 maxlen: 24
                          82.115.24.0/22 maxlen: 24
                          82.115.20.0/23 maxlen: 24
                          46.249.100.0/22 maxlen: 24
                          82.115.19.0/24 maxlen: 24
                          82.115.18.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:71:52:3b:22:86:6b:78:f2:40:68:44:7e:eb:99:1f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Oct 27 13:28:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cfc2bfddb1c35e1623cd7964aa956c31ab50a6ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:69:1b:fb:ad:26:9b:9d:90:85:64:59:bc:56:
                    0d:5f:4a:42:f6:31:83:54:02:c4:da:ec:49:9d:30:
                    05:65:0c:f2:52:bd:1a:48:70:7b:8b:65:cf:b3:1c:
                    82:8c:ff:8f:87:96:aa:85:fd:b2:6e:42:b1:d4:33:
                    39:ee:02:1b:0f:a6:bc:d4:d3:9e:6f:62:3a:df:28:
                    8e:5b:40:67:2c:eb:8e:f2:9b:c6:6e:90:e6:54:37:
                    a2:d7:38:8b:79:77:28:95:6b:7b:58:8e:84:7b:e2:
                    ca:c9:c5:ab:ef:bc:c3:03:fb:9f:55:14:78:b1:f2:
                    21:44:58:b7:2e:6c:a4:f5:bf:3f:d1:bf:b5:08:83:
                    3e:2d:3f:3b:fc:bd:32:1b:87:6c:81:71:b2:01:fd:
                    6e:d8:9f:02:fa:68:18:13:73:b3:d6:1d:d0:49:a5:
                    da:1b:c1:70:90:36:4c:7c:d9:e5:7b:94:af:22:f1:
                    1b:12:d0:76:85:97:c7:e6:45:38:fc:ea:61:03:cd:
                    92:22:7c:6b:f5:6c:af:91:e2:3f:3d:6c:89:e1:51:
                    7e:1a:98:5d:c2:96:3d:f0:d9:96:81:1c:54:56:f4:
                    8e:4b:8b:66:bd:13:56:be:47:7a:8e:d5:da:f4:3d:
                    5f:38:d6:d3:ee:26:54:79:31:54:7b:5c:ff:bb:01:
                    06:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C2:BF:DD:B1:C3:5E:16:23:CD:79:64:AA:95:6C:31:AB:50:A6:AD
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/z8K_3bHDXhYjzXlkqpVsMatQpq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.98.0-46.249.103.255
                  82.115.16.0-82.115.21.255
                  82.115.24.0/22
                  103.75.196.0/22
                  185.215.244.0/23
                  193.36.84.0/23
                  212.90.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:e1:35:c5:b3:4a:d1:da:d6:c1:e8:66:c0:39:f4:c6:d0:bd:
         3b:d9:9f:57:d9:22:df:70:3b:e7:bc:e7:2a:c7:3e:33:87:b8:
         95:b4:db:ed:01:f9:ad:37:40:13:e3:da:10:4f:75:c8:c5:1f:
         bc:73:30:8a:3f:1e:7a:03:06:6a:c0:a6:ae:9a:c2:3f:0c:93:
         54:8b:34:94:f5:91:1d:21:9b:e9:d0:13:58:c3:85:2d:f3:69:
         66:ac:0f:21:d8:b6:8a:91:a6:87:44:72:18:e6:77:f1:18:35:
         96:38:3b:fb:48:e6:95:93:c0:40:e1:14:fb:05:fa:b2:7c:9a:
         9e:ae:2b:69:05:f9:37:62:4a:34:fa:f5:04:37:67:54:06:e7:
         d4:66:05:54:46:fb:d2:e1:13:36:74:3e:a4:81:76:24:f9:0a:
         95:39:bf:41:c6:46:5c:b4:d9:05:19:ea:d4:6a:15:0e:c6:23:
         08:3d:58:19:7b:64:d9:c7:1e:f2:51:f5:d3:20:45:7a:39:eb:
         63:d8:12:79:6d:6c:0b:f1:c1:0c:c9:b0:7a:39:d0:e8:b0:8e:
         cb:cc:d9:12:93:a4:7c:14:01:a0:48:8c:0e:97:7e:f7:11:89:
         47:65:11:db:cc:21:9e:66:d7:04:88:c5:39:f7:ce:6d:dc:54:
         65:ce:c3:18
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYtxUjsihmt48kBoRH7rmR8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMxMDI3MTMyODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmMyYmZkZGIxYzM1ZTE2MjNjZDc5NjRhYTk1NmMzMWFiNTBhNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Wkb+60mm52QhWRZvFYNX0pC9jGD
VALE2uxJnTAFZQzyUr0aSHB7i2XPsxyCjP+Ph5aqhf2ybkKx1DM57gIbD6a81NOe
b2I63yiOW0BnLOuO8pvGbpDmVDei1ziLeXcolWt7WI6Ee+LKycWr77zDA/ufVRR4
sfIhRFi3Lmyk9b8/0b+1CIM+LT87/L0yG4dsgXGyAf1u2J8C+mgYE3Oz1h3QSaXa
G8FwkDZMfNnle5SvIvEbEtB2hZfH5kU4/OphA82SInxr9WyvkeI/PWyJ4VF+Gphd
wpY98NmWgRxUVvSOS4tmvRNWvkd6jtXa9D1fONbT7iZUeTFUe1z/uwEGSQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFM/Cv92xw14WI815ZKqVbDGrUKatMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvejhLXzNiSERYaFlqelhsa3FwVnNNYXRRcHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6MAwDBAEu+WID
BAMu+WAwDAMEBFJzEAMEAVJzFAMEAlJzGAMEAmdLxAMEAbnX9AMEAcEkVAMEAdRa
ZjANBgkqhkiG9w0BAQsFAAOCAQEAHuE1xbNK0drWwehmwDn0xtC9O9mfV9ki33A7
57znKsc+M4e4lbTb7QH5rTdAE+PaEE91yMUfvHMwij8eegMGasCmrprCPwyTVIs0
lPWRHSGb6dATWMOFLfNpZqwPIdi2ipGmh0RyGOZ38Rg1ljg7+0jmlZPAQOEU+wX6
snyanq4raQX5N2JKNPr1BDdnVAbn1GYFVEb70uETNnQ+pIF2JPkKlTm/QcZGXLTZ
BRnq1GoVDsYjCD1YGXtk2cce8lH10yBFejnrY9gSeW1sC/HBDMmwejnQ6LCOy8zZ
EpOkfBQBoEiMDpd+9xGJR2UR28whnmbXBIjFOffObdxUZc7DGA==
-----END CERTIFICATE-----