Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OGxC0efgRRFTsGEnbgo1GYzpdOs.roa
File:                     OGxC0efgRRFTsGEnbgo1GYzpdOs.roa (raw, json)
Hash identifier:          uGPlw6oUntPEqjuf3ZNe5Hsjmk3nChFjw/yZXD84Ekc=
Subject key identifier:   38:6C:42:D1:E7:E0:45:11:53:B0:61:27:6E:0A:35:19:8C:E9:74:EB
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018B8A6C509525102E144839880BA00485E2
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OGxC0efgRRFTsGEnbgo1GYzpdOs.roa
Signing time:             Wed 01 Nov 2023 10:27:16 +0000
ROA not before:           Wed 01 Nov 2023 10:27:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43357
IP address blocks:        92.60.40.0/24 maxlen: 24
                          45.130.20.0/22 maxlen: 32
                          45.147.51.0/24 maxlen: 32
                          45.147.50.0/24 maxlen: 32
                          194.36.25.0/24 maxlen: 24
                          185.248.85.0/24 maxlen: 24
                          185.254.75.0/24 maxlen: 32
                          185.194.52.0/22 maxlen: 24
                          2a07:fe00:1::/48 maxlen: 48
                          2a03:d9c0:3000::/48 maxlen: 48
                          2a09:7:2007::/48 maxlen: 48
                          2a0c:59c0:18::/48 maxlen: 48
                          2a0b:89c1:3::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:8a:6c:50:95:25:10:2e:14:48:39:88:0b:a0:04:85:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Nov  1 10:27:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=386c42d1e7e0451153b061276e0a35198ce974eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:23:1a:59:9d:90:9c:7c:b3:36:68:e1:6d:6d:
                    de:b1:c8:c3:58:9e:a9:62:79:3e:72:76:71:30:2d:
                    b8:eb:22:e7:49:cb:ff:6c:88:df:be:93:9e:09:24:
                    c1:3e:52:e5:f3:ce:0f:23:ed:98:5d:68:4f:93:65:
                    c5:b8:43:42:14:b2:9d:bd:e0:99:1d:13:c1:b8:82:
                    c7:fe:27:dd:22:31:ad:b7:ff:f1:6b:96:a2:f7:fc:
                    3a:47:47:77:8f:96:08:18:5e:d4:32:e9:52:74:97:
                    73:43:17:84:01:0a:e6:59:74:76:3a:97:76:ba:92:
                    64:92:6c:5e:74:d5:ae:24:3c:af:26:ff:1a:eb:06:
                    dd:4f:4b:26:1c:48:2d:ff:08:a6:8c:34:f2:49:cb:
                    de:7a:ea:7d:b7:b2:c5:7d:cc:d8:9b:5a:bc:71:fc:
                    fa:d2:27:db:77:36:92:58:fc:cb:d4:97:39:ab:e8:
                    a7:38:70:49:79:03:da:0b:17:82:0a:88:92:33:e8:
                    80:23:86:6d:8b:8c:d2:af:4d:96:2f:21:7a:b2:cc:
                    71:03:76:97:10:a8:23:cd:31:f3:79:26:ff:4f:c8:
                    52:10:5a:49:66:c6:64:5e:fa:95:d4:e2:a2:28:f5:
                    22:5f:fc:64:1b:c5:10:24:b6:9a:4c:f1:3c:b3:a7:
                    79:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6C:42:D1:E7:E0:45:11:53:B0:61:27:6E:0A:35:19:8C:E9:74:EB
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OGxC0efgRRFTsGEnbgo1GYzpdOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.20.0/22
                  45.147.50.0/23
                  92.60.40.0/24
                  185.194.52.0/22
                  185.248.85.0/24
                  185.254.75.0/24
                  194.36.25.0/24
                IPv6:
                  2a03:d9c0:3000::/48
                  2a07:fe00:1::/48
                  2a09:7:2007::/48
                  2a0b:89c1:3::/48
                  2a0c:59c0:18::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:d1:75:7e:9a:06:e0:6d:d3:c1:6b:bf:1a:01:a1:a8:74:b7:
         3a:b7:f8:e6:41:a5:d9:0d:55:d6:27:49:59:e7:c3:d8:9e:c6:
         59:9b:75:33:12:18:c4:7a:63:19:a8:b7:75:60:40:70:2d:a2:
         3b:bc:b2:fa:c4:12:d7:6d:2c:55:36:46:91:13:92:99:25:7c:
         73:23:42:77:24:88:94:67:ff:4e:c2:28:a4:7e:0e:5d:ad:62:
         7e:cc:94:9e:01:6e:46:56:76:b6:39:78:04:55:d2:07:08:3d:
         c1:e5:4a:bf:96:a8:9b:73:1a:5b:a8:b0:d2:c4:aa:54:a5:10:
         7c:ca:b2:f2:6b:d5:af:2b:7b:f7:4f:93:17:9e:e0:36:dd:20:
         fd:47:45:04:5d:bb:8a:3d:c1:64:37:c6:8d:3c:97:11:ea:1c:
         68:3c:7b:d1:c0:42:1b:c7:d7:6e:a0:e4:6a:00:46:45:94:33:
         fd:63:78:54:76:91:af:0c:83:07:a6:ec:c2:18:fb:87:57:81:
         94:53:14:77:7e:da:4c:78:e8:76:d9:34:2d:08:09:a8:8f:64:
         f3:c3:21:23:e1:95:60:c8:5a:99:98:73:05:b3:76:87:cf:d0:
         f3:33:6c:7a:86:48:76:93:05:15:69:7f:83:a6:b5:12:a0:ae:
         2a:bd:82:89
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYuKbFCVJRAuFEg5iAugBIXiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjMxMTAxMTAyNzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZjNDJkMWU3ZTA0NTExNTNiMDYxMjc2ZTBhMzUxOThjZTk3NGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriMaWZ2QnHyzNmjhbW3escjDWJ6p
Ynk+cnZxMC246yLnScv/bIjfvpOeCSTBPlLl884PI+2YXWhPk2XFuENCFLKdveCZ
HRPBuILH/ifdIjGtt//xa5ai9/w6R0d3j5YIGF7UMulSdJdzQxeEAQrmWXR2Opd2
upJkkmxedNWuJDyvJv8a6wbdT0smHEgt/wimjDTyScveeup9t7LFfczYm1q8cfz6
0ifbdzaSWPzL1Jc5q+inOHBJeQPaCxeCCoiSM+iAI4Zti4zSr02WLyF6ssxxA3aX
EKgjzTHzeSb/T8hSEFpJZsZkXvqV1OKiKPUiX/xkG8UQJLaaTPE8s6d5CwIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFDhsQtHn4EURU7BhJ24KNRmM6XTrMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvT0d4QzBlZmdSUkZUc0dFbmJnbzFHWXpwZE9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzAwBAIAATAqAwQCLYIUAwQB
LZMyAwQAXDwoAwQCucI0AwQAufhVAwQAuf5LAwQAwiQZMDMEAgACMC0DBwAqA9nA
MAADBwAqB/4AAAEDBwAqCQAHIAcDBwAqC4nBAAMDBwAqDFnAABgwDQYJKoZIhvcN
AQELBQADggEBADXRdX6aBuBt08FrvxoBoah0tzq3+OZBpdkNVdYnSVnnw9iexlmb
dTMSGMR6Yxmot3VgQHAtoju8svrEEtdtLFU2RpETkpklfHMjQnckiJRn/07CKKR+
Dl2tYn7MlJ4BbkZWdrY5eARV0gcIPcHlSr+WqJtzGluosNLEqlSlEHzKsvJr1a8r
e/dPkxee4DbdIP1HRQRdu4o9wWQ3xo08lxHqHGg8e9HAQhvH126g5GoARkWUM/1j
eFR2ka8Mgwem7MIY+4dXgZRTFHd+2kx46HbZNC0ICaiPZPPDISPhlWDIWpmYcwWz
dofP0PMzbHqGSHaTBRVpf4OmtRKgriq9gok=
-----END CERTIFICATE-----