Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/PzpLVcIOcrD_BFzbPSkcQrcCF5A.roa
File:                     PzpLVcIOcrD_BFzbPSkcQrcCF5A.roa (raw, json)
Hash identifier:          WXkLqOSFF0RQSzQvMot4IaWtr5tj2/REkdf/kL45SdE=
Subject key identifier:   3F:3A:4B:55:C2:0E:72:B0:FF:04:5C:DB:3D:29:1C:42:B7:02:17:90
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018C7877A76126EF1FB039181C6BDA55D9BB
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/PzpLVcIOcrD_BFzbPSkcQrcCF5A.roa
Signing time:             Sun 17 Dec 2023 15:49:16 +0000
ROA not before:           Sun 17 Dec 2023 15:49:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        193.3.174.0/24 maxlen: 24
                          91.213.17.0/24 maxlen: 24
                          146.19.112.0/24 maxlen: 24
                          185.255.54.0/24 maxlen: 24
                          213.232.238.0/24 maxlen: 24
                          178.212.76.0/24 maxlen: 24
                          62.133.34.0/24 maxlen: 24
                          79.110.231.0/24 maxlen: 24
                          212.23.197.0/24 maxlen: 24
                          2a0b:4080::/32 maxlen: 48

Validation:               Failed, certificate revoked on Fri 22 Dec 2023 00:53:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:78:77:a7:61:26:ef:1f:b0:39:18:1c:6b:da:55:d9:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Dec 17 15:49:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f3a4b55c20e72b0ff045cdb3d291c42b7021790
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:62:71:2e:80:66:e9:ee:2a:00:2d:01:d4:f2:
                    06:5d:3e:c8:b3:a8:ad:4d:1e:d2:61:33:6c:34:63:
                    36:cb:0c:e0:f2:c6:0f:65:2d:45:07:b9:1d:eb:29:
                    63:76:a9:8b:54:cd:52:65:5a:be:ed:fb:51:89:c9:
                    8f:70:db:62:e8:91:e3:e5:31:67:91:2b:6d:51:28:
                    53:67:72:b0:74:37:ab:aa:69:67:98:b2:e4:4f:68:
                    00:82:10:3d:9c:c6:9e:fb:aa:6a:c3:bd:0f:d3:d6:
                    7f:e6:8a:2b:31:57:73:e4:7f:fb:3f:60:60:e8:16:
                    e8:f8:0a:a5:6a:dd:f6:ef:8e:95:ce:4c:d3:4d:ee:
                    a9:91:68:ea:c2:03:34:da:58:c3:8b:81:8e:17:f1:
                    49:94:68:ed:9d:b4:b9:27:dd:6a:b2:01:9c:1f:28:
                    15:2a:dc:93:1a:3b:4a:18:4c:05:5a:ec:66:1b:36:
                    3b:c8:55:9e:ee:0f:79:33:25:70:e8:9b:0e:35:52:
                    f0:0e:bb:4a:be:3e:7f:e1:aa:48:60:ed:72:54:b0:
                    c3:f1:ce:7e:0e:49:69:22:f6:ca:0d:df:0f:c8:81:
                    85:9c:ec:93:f9:1e:24:f0:ac:51:89:94:0e:40:e5:
                    89:e6:b5:9a:c5:82:54:5b:60:06:b6:60:16:4a:28:
                    39:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:3A:4B:55:C2:0E:72:B0:FF:04:5C:DB:3D:29:1C:42:B7:02:17:90
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/PzpLVcIOcrD_BFzbPSkcQrcCF5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.133.34.0/24
                  79.110.231.0/24
                  91.213.17.0/24
                  146.19.112.0/24
                  178.212.76.0/24
                  185.255.54.0/24
                  193.3.174.0/24
                  212.23.197.0/24
                  213.232.238.0/24
                IPv6:
                  2a0b:4080::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:f0:36:cf:dd:63:fe:c9:f4:1f:69:48:35:ae:5a:df:3e:55:
         30:25:42:3f:36:3f:07:45:bd:18:25:3d:54:c2:11:2e:5a:0c:
         05:88:db:e5:3b:46:fc:37:c1:ac:c9:82:38:b0:4b:65:d3:19:
         0f:36:39:ba:e4:31:5d:82:d1:73:63:f5:77:20:5a:0d:62:5d:
         81:e3:b2:4b:3f:1b:1b:5e:94:0e:23:35:54:47:fa:42:7a:bc:
         33:74:56:0c:d4:78:7e:e6:24:61:d9:04:d5:94:ce:d6:4f:d0:
         24:f9:3c:7f:64:27:56:4d:eb:1c:c3:dc:ba:fd:06:73:ea:b8:
         74:17:d3:ab:1f:86:78:eb:35:ce:91:5b:66:da:0b:65:51:a4:
         bb:b2:4f:e4:03:31:34:2b:88:0a:1f:97:07:6c:d0:a7:16:3b:
         8f:6c:0c:e0:99:91:7e:ac:90:76:1e:b7:30:6f:92:ba:96:7a:
         57:06:e6:ef:46:5f:02:ee:71:17:3e:d5:b0:15:23:2b:89:e0:
         54:bc:e3:43:74:4f:79:af:c8:98:50:7b:d7:8a:54:b7:ab:f4:
         a1:4b:86:d7:73:c4:b8:96:5c:65:e3:6a:11:cd:b2:f2:93:d2:
         3b:a8:a8:5e:4c:6c:a7:28:11:ee:9d:91:9d:88:d9:c5:4d:11:
         b8:6e:90:1a
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYx4d6dhJu8fsDkYHGvaVdm7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjMxMjE3MTU0OTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjNhNGI1NWMyMGU3MmIwZmYwNDVjZGIzZDI5MWM0MmI3MDIxNzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmJxLoBm6e4qAC0B1PIGXT7Is6it
TR7SYTNsNGM2ywzg8sYPZS1FB7kd6yljdqmLVM1SZVq+7ftRicmPcNti6JHj5TFn
kSttUShTZ3KwdDerqmlnmLLkT2gAghA9nMae+6pqw70P09Z/5oorMVdz5H/7P2Bg
6Bbo+Aqlat32746VzkzTTe6pkWjqwgM02ljDi4GOF/FJlGjtnbS5J91qsgGcHygV
KtyTGjtKGEwFWuxmGzY7yFWe7g95MyVw6JsONVLwDrtKvj5/4apIYO1yVLDD8c5+
DklpIvbKDd8PyIGFnOyT+R4k8KxRiZQOQOWJ5rWaxYJUW2AGtmAWSig5+QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFD86S1XCDnKw/wRc2z0pHEK3AheQMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvUHpwTFZjSU9jckRfQkZ6YlBTa2NRcmNDRjVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQAPoUiAwQA
T27nAwQAW9URAwQAkhNwAwQAstRMAwQAuf82AwQAwQOuAwQA1BfFAwQA1ejuMA0E
AgACMAcDBQAqC0CAMA0GCSqGSIb3DQEBCwUAA4IBAQBU8DbP3WP+yfQfaUg1rlrf
PlUwJUI/Nj8HRb0YJT1UwhEuWgwFiNvlO0b8N8GsyYI4sEtl0xkPNjm65DFdgtFz
Y/V3IFoNYl2B47JLPxsbXpQOIzVUR/pCerwzdFYM1Hh+5iRh2QTVlM7WT9Ak+Tx/
ZCdWTescw9y6/QZz6rh0F9OrH4Z46zXOkVtm2gtlUaS7sk/kAzE0K4gKH5cHbNCn
FjuPbAzgmZF+rJB2Hrcwb5K6lnpXBubvRl8C7nEXPtWwFSMrieBUvONDdE95r8iY
UHvXilS3q/ShS4bXc8S4llxl42oRzbLyk9I7qKheTGynKBHunZGdiNnFTRG4bpAa
-----END CERTIFICATE-----