Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/jX6Vt6P2gl7xYcBf3_6m02AjZ8c.roa
File:                     jX6Vt6P2gl7xYcBf3_6m02AjZ8c.roa (raw, json)
Hash identifier:          eF3TduzeN5wKOja6DbMaPAtWhULN5w0VZg6eqoWyA4A=
Subject key identifier:   8D:7E:95:B7:A3:F6:82:5E:F1:61:C0:5F:DF:FE:A6:D3:60:23:67:C7
Certificate issuer:       /CN=168600dfac9d3d1a75e6630d697102f2f2132c48
Certificate serial:       0185707975A665E93D38126CD3C148F87E4D
Authority key identifier: 16:86:00:DF:AC:9D:3D:1A:75:E6:63:0D:69:71:02:F2:F2:13:2C:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FoYA36ydPRp15mMNaXEC8vITLEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/jX6Vt6P2gl7xYcBf3_6m02AjZ8c.roa
Signing time:             Mon 02 Jan 2023 03:14:46 +0000
ROA not before:           Mon 02 Jan 2023 03:14:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51559
IP address blocks:        89.252.189.0/24 maxlen: 24
                          185.126.217.0/24 maxlen: 24
                          185.126.219.0/24 maxlen: 24
                          2a06:c400::/48 maxlen: 48
                          2a06:c400:b::/48 maxlen: 48
                          2a06:c400:6::/48 maxlen: 48
                          2a06:c400:1::/48 maxlen: 48
                          2a06:c400:4::/48 maxlen: 48
                          2a06:c400:f::/48 maxlen: 48
                          2a06:c400:a::/48 maxlen: 48
                          2a06:c400:5::/48 maxlen: 48
                          2a06:c400:8::/48 maxlen: 48
                          2a06:c400:3::/48 maxlen: 48
                          2a06:c400:e::/48 maxlen: 48
                          2a06:c400:9::/48 maxlen: 48
                          2a06:c400:c::/48 maxlen: 48
                          2a06:c400:7::/48 maxlen: 48
                          2a06:c400:2::/48 maxlen: 48
                          2a06:c400:d::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:79:75:a6:65:e9:3d:38:12:6c:d3:c1:48:f8:7e:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=168600dfac9d3d1a75e6630d697102f2f2132c48
        Validity
            Not Before: Jan  2 03:14:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8d7e95b7a3f6825ef161c05fdffea6d3602367c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f2:a0:97:f2:c9:15:4f:19:68:f2:66:d4:47:
                    56:c4:d3:e4:a3:23:d0:91:37:56:ba:da:5e:d2:88:
                    8d:a2:d7:a9:b0:2d:d3:85:80:ba:2f:bf:1c:fc:47:
                    78:9b:1f:71:0e:e8:b1:90:aa:ac:4f:0b:11:18:d2:
                    df:f1:91:93:74:f4:f7:c4:29:f9:ce:1c:d4:11:b5:
                    8b:6c:5e:6f:de:35:81:69:cc:4e:3f:fb:1b:a5:fb:
                    03:14:98:ac:3f:e3:18:74:2d:f7:5d:ea:44:c2:3b:
                    84:4c:92:29:39:a8:17:eb:b8:ba:51:46:eb:25:16:
                    0d:28:23:ef:31:e1:52:66:1a:ca:4e:39:ad:58:1c:
                    57:9a:35:43:7e:1a:2b:fd:88:16:52:a1:2a:db:d8:
                    95:7e:24:da:f1:fc:d8:fe:84:85:60:ee:cf:3b:12:
                    d3:93:29:31:ff:31:fb:9e:02:3d:66:68:75:34:53:
                    b8:e1:d9:eb:29:3c:13:2d:4a:d1:30:f4:86:23:c7:
                    17:81:cf:94:37:45:e1:20:a3:ac:8e:aa:90:c0:c5:
                    4f:52:79:33:d3:40:af:3f:5a:2d:56:cb:96:af:4f:
                    f4:41:71:1e:e7:3f:ed:70:94:35:ca:f3:e6:3e:90:
                    8c:22:19:7c:b1:6c:f1:b4:89:cf:6f:ec:b3:0c:42:
                    70:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:7E:95:B7:A3:F6:82:5E:F1:61:C0:5F:DF:FE:A6:D3:60:23:67:C7
            X509v3 Authority Key Identifier:
                keyid:16:86:00:DF:AC:9D:3D:1A:75:E6:63:0D:69:71:02:F2:F2:13:2C:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FoYA36ydPRp15mMNaXEC8vITLEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/jX6Vt6P2gl7xYcBf3_6m02AjZ8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/FoYA36ydPRp15mMNaXEC8vITLEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.189.0/24
                  185.126.217.0/24
                  185.126.219.0/24
                IPv6:
                  2a06:c400::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:78:c1:20:ee:e2:21:72:3a:4a:e7:8b:93:97:7e:f9:22:c2:
         40:7e:62:1e:b4:b5:af:11:3a:5c:24:58:57:6d:d1:6a:de:e3:
         27:eb:15:3f:6d:3e:c3:c8:ec:a9:8e:9d:e8:d7:14:26:b9:73:
         29:1f:6f:b0:d5:df:24:f2:b8:3c:cc:ea:8b:d7:81:26:6c:0f:
         7a:6d:b8:6d:6a:47:f6:4a:94:2c:13:71:e4:40:f5:05:c2:e7:
         44:73:05:cb:7b:a4:11:98:18:56:c9:eb:0b:36:c8:46:fb:78:
         3e:8f:d9:73:36:ac:37:26:b3:f1:9e:90:5a:57:78:f7:ac:6d:
         77:9d:b0:bf:84:a1:6d:ed:0e:cc:b0:ed:4e:81:5b:5e:1b:52:
         25:35:9a:5e:5c:8d:98:06:34:a5:fb:ef:f9:ca:5c:e5:8c:33:
         7a:78:04:70:c8:fd:a3:73:57:c6:ad:88:2f:38:ad:c1:bf:f2:
         00:72:9f:ea:12:30:62:2e:6a:c0:ef:f4:13:5d:e0:7e:eb:5c:
         2e:9a:f5:50:5b:2c:98:6d:91:d6:7b:63:8a:dd:0b:f2:74:3d:
         3c:bf:69:99:80:38:9c:6e:6f:0e:35:14:58:64:3e:d5:ec:9e:
         84:32:34:31:15:75:57:64:fd:80:19:67:3b:cc:83:a4:29:57:
         70:ca:24:3c
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYVweXWmZek9OBJs08FI+H5NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ODYwMGRmYWM5ZDNkMWE3NWU2NjMwZDY5NzEwMmYyZjIx
MzJjNDgwHhcNMjMwMTAyMDMxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDdlOTViN2EzZjY4MjVlZjE2MWMwNWZkZmZlYTZkMzYwMjM2N2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPKgl/LJFU8ZaPJm1EdWxNPkoyPQ
kTdWutpe0oiNotepsC3ThYC6L78c/Ed4mx9xDuixkKqsTwsRGNLf8ZGTdPT3xCn5
zhzUEbWLbF5v3jWBacxOP/sbpfsDFJisP+MYdC33XepEwjuETJIpOagX67i6UUbr
JRYNKCPvMeFSZhrKTjmtWBxXmjVDfhor/YgWUqEq29iVfiTa8fzY/oSFYO7POxLT
kykx/zH7ngI9Zmh1NFO44dnrKTwTLUrRMPSGI8cXgc+UN0XhIKOsjqqQwMVPUnkz
00CvP1otVsuWr0/0QXEe5z/tcJQ1yvPmPpCMIhl8sWzxtInPb+yzDEJwtQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFI1+lbej9oJe8WHAX9/+ptNgI2fHMB8GA1UdIwQY
MBaAFBaGAN+snT0adeZjDWlxAvLyEyxIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm9ZQTM2eWRQUnAxNW1NTmFYRUM4dklUTEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9hZjM1YzMtN2Y4MS00ODI5LThkYmEt
MThkYmU2NTA0YmI0LzEvalg2VnQ2UDJnbDd4WWNCZjNfNm0wMkFqWjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9hZjM1YzMtN2Y4MS00ODI5LThkYmEtMThkYmU2NTA0YmI0
LzEvRm9ZQTM2eWRQUnAxNW1NTmFYRUM4dklUTEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAWfy9AwQA
uX7ZAwQAuX7bMA8EAgACMAkDBwQqBsQAAAAwDQYJKoZIhvcNAQELBQADggEBAE14
wSDu4iFyOkrni5OXfvkiwkB+Yh60ta8ROlwkWFdt0Wre4yfrFT9tPsPI7KmOnejX
FCa5cykfb7DV3yTyuDzM6ovXgSZsD3ptuG1qR/ZKlCwTceRA9QXC50RzBct7pBGY
GFbJ6ws2yEb7eD6P2XM2rDcms/GekFpXePesbXedsL+EoW3tDsyw7U6BW14bUiU1
ml5cjZgGNKX77/nKXOWMM3p4BHDI/aNzV8atiC84rcG/8gByn+oSMGIuasDv9BNd
4H7rXC6a9VBbLJhtkdZ7Y4rdC/J0PTy/aZmAOJxubw41FFhkPtXsnoQyNDEVdVdk
/YAZZzvMg6QpV3DKJDw=
-----END CERTIFICATE-----