Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/O8p47U2KpyMOjFzktEmrBa2w9U4.roa
File:                     O8p47U2KpyMOjFzktEmrBa2w9U4.roa (raw, json)
Hash identifier:          0wEvf6gJe3JUW/FFpakTGiyzbs1u8tcysZUz9YTc/WI=
Subject key identifier:   3B:CA:78:ED:4D:8A:A7:23:0E:8C:5C:E4:B4:49:AB:05:AD:B0:F5:4E
Certificate issuer:       /CN=ecf42776be532bd0575332855d8c42c4952ed931
Certificate serial:       0185729EDAF3D4CA849F3133CAE4EC289D1E
Authority key identifier: EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/O8p47U2KpyMOjFzktEmrBa2w9U4.roa
Signing time:             Mon 02 Jan 2023 13:14:51 +0000
ROA not before:           Mon 02 Jan 2023 13:14:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9042
IP address blocks:        193.5.66.0/24 maxlen: 24
                          193.5.76.0/22 maxlen: 22
                          146.109.0.0/16 maxlen: 24
                          193.247.180.0/24 maxlen: 24
                          2a01:4642:200::/40 maxlen: 40
                          2a01:4642:100::/40 maxlen: 40
                          2a01:4640:c800::/40 maxlen: 40
                          2a01:4640:200::/40 maxlen: 40
                          2a01:4640:100::/40 maxlen: 40

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:9e:da:f3:d4:ca:84:9f:31:33:ca:e4:ec:28:9d:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf42776be532bd0575332855d8c42c4952ed931
        Validity
            Not Before: Jan  2 13:14:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3bca78ed4d8aa7230e8c5ce4b449ab05adb0f54e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ab:ec:bb:30:8f:3d:92:3c:08:17:55:b3:52:
                    13:66:4e:bd:26:10:b6:cd:51:ff:af:49:5a:17:67:
                    5b:dc:ca:61:d0:2e:41:1b:6d:51:f6:df:93:02:23:
                    44:8e:b1:ee:2f:ef:7c:0a:b8:ed:5e:6e:73:02:c0:
                    74:5d:89:d2:20:6b:ad:f4:37:af:1a:2f:32:40:f8:
                    15:b7:bb:47:39:c7:ad:c1:b2:df:d9:41:b4:8a:56:
                    6f:b4:fc:3a:0d:41:9d:a9:c7:9e:47:4b:0c:3b:41:
                    f2:c0:1f:6e:31:24:8d:1f:29:56:2f:6a:79:81:f5:
                    b9:f4:70:1b:a5:b8:ce:94:5c:58:b8:6f:45:9e:95:
                    f0:25:b3:12:b5:bd:1f:0b:3e:74:77:18:bf:c0:e4:
                    95:b5:b6:18:f3:b5:0e:ba:52:5d:05:83:51:50:c6:
                    d3:03:3b:2a:a4:35:8d:f3:8e:3a:2e:08:1c:10:4d:
                    be:71:13:78:49:82:55:59:c0:ca:b0:c9:df:f0:19:
                    19:18:83:ff:28:3f:05:13:50:fa:7d:8d:f9:08:7b:
                    6c:8b:76:2b:59:61:37:a5:82:ac:82:71:5b:d8:a9:
                    28:d3:b1:86:89:92:c7:e3:77:c0:95:25:33:64:3c:
                    37:aa:22:72:e2:32:92:c5:9f:f5:0c:a0:08:b1:55:
                    f9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:CA:78:ED:4D:8A:A7:23:0E:8C:5C:E4:B4:49:AB:05:AD:B0:F5:4E
            X509v3 Authority Key Identifier:
                keyid:EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/O8p47U2KpyMOjFzktEmrBa2w9U4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.109.0.0/16
                  193.5.66.0/24
                  193.5.76.0/22
                  193.247.180.0/24
                IPv6:
                  2a01:4640:100::-2a01:4640:2ff:ffff:ffff:ffff:ffff:ffff
                  2a01:4640:c800::/40
                  2a01:4642:100::-2a01:4642:2ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         22:db:42:cb:ca:4a:1f:71:75:21:0a:22:2a:6d:61:23:70:78:
         88:ab:bc:60:bb:2f:5c:e5:9f:de:70:4e:32:5c:25:dd:e4:cc:
         32:4e:10:78:5e:68:c6:09:00:0c:c6:3c:fb:9f:ba:97:b0:60:
         be:db:82:d1:e7:28:81:71:3e:df:8c:f5:d0:60:fc:e5:28:93:
         67:0b:d8:24:a2:3d:a8:a5:65:f0:4a:43:82:ca:20:f1:1b:8b:
         d6:6a:b8:f8:27:72:c2:e7:e3:54:11:36:08:0f:3f:0c:b3:c2:
         c0:2c:6f:70:6c:df:d1:ae:41:dc:cc:f8:74:a6:2e:0c:6d:49:
         58:2f:23:67:12:f1:06:dd:7c:bf:b3:e8:10:2a:ee:36:55:67:
         b3:6a:c2:f0:cd:aa:1c:a7:01:7a:ce:05:cd:76:23:ec:93:ec:
         97:cf:7d:8f:84:5c:00:08:b7:b0:23:d1:98:70:5c:b3:55:5d:
         5d:40:70:cd:41:14:f8:17:b0:50:41:8c:28:51:19:ea:59:1b:
         1d:c0:08:6b:3e:ac:e5:4e:5e:32:2d:d5:40:01:63:8d:33:94:
         d8:39:63:b6:50:3e:2b:0c:d7:ca:75:c4:b5:26:f6:e4:15:33:
         4b:29:40:37:a0:6c:74:56:34:33:2f:98:ab:49:fd:1d:cd:eb:
         a3:c8:3e:22
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYVyntrz1MqEnzEzyuTsKJ0eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZjQyNzc2YmU1MzJiZDA1NzUzMzI4NTVkOGM0MmM0OTUy
ZWQ5MzEwHhcNMjMwMTAyMTMxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmNhNzhlZDRkOGFhNzIzMGU4YzVjZTRiNDQ5YWIwNWFkYjBmNTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsavsuzCPPZI8CBdVs1ITZk69JhC2
zVH/r0laF2db3Mph0C5BG21R9t+TAiNEjrHuL+98CrjtXm5zAsB0XYnSIGut9Dev
Gi8yQPgVt7tHOcetwbLf2UG0ilZvtPw6DUGdqceeR0sMO0HywB9uMSSNHylWL2p5
gfW59HAbpbjOlFxYuG9FnpXwJbMStb0fCz50dxi/wOSVtbYY87UOulJdBYNRUMbT
AzsqpDWN8446LggcEE2+cRN4SYJVWcDKsMnf8BkZGIP/KD8FE1D6fY35CHtsi3Yr
WWE3pYKsgnFb2Kko07GGiZLH43fAlSUzZDw3qiJy4jKSxZ/1DKAIsVX5bwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFDvKeO1NiqcjDoxc5LRJqwWtsPVOMB8GA1UdIwQY
MBaAFOz0J3a+UyvQV1MyhV2MQsSVLtkxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BRbmRyNVRLOUJYVXpLRlhZeEN4SlV1MlRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9lYmQ0OWYtZjU2OS00MTUyLWIwYjgt
NWU1M2MyM2I1NWIwLzEvTzhwNDdVMktweU1PakZ6a3RFbXJCYTJ3OVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9lYmQ0OWYtZjU2OS00MTUyLWIwYjgtNWU1M2MyM2I1NWIw
LzEvN1BRbmRyNVRLOUJYVXpLRlhZeEN4SlV1MlRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzAdBAIAATAXAwMAkm0DBADB
BUIDBALBBUwDBADB97QwMgQCAAIwLDAQAwYAKgFGQAEDBgAqAUZAAgMGACoBRkDI
MBADBgAqAUZCAQMGACoBRkICMA0GCSqGSIb3DQEBCwUAA4IBAQAi20LLykofcXUh
CiIqbWEjcHiIq7xguy9c5Z/ecE4yXCXd5MwyThB4XmjGCQAMxjz7n7qXsGC+24LR
5yiBcT7fjPXQYPzlKJNnC9gkoj2opWXwSkOCyiDxG4vWarj4J3LC5+NUETYIDz8M
s8LALG9wbN/RrkHczPh0pi4MbUlYLyNnEvEG3Xy/s+gQKu42VWezasLwzaocpwF6
zgXNdiPsk+yXz32PhFwACLewI9GYcFyzVV1dQHDNQRT4F7BQQYwoURnqWRsdwAhr
PqzlTl4yLdVAAWONM5TYOWO2UD4rDNfKdcS1JvbkFTNLKUA3oGx0VjQzL5irSf0d
zeujyD4i
-----END CERTIFICATE-----