Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/rtmt1oFiZDKXZZ3Fw8qXDZCXQx8.roa
File:                     rtmt1oFiZDKXZZ3Fw8qXDZCXQx8.roa (raw, json)
Hash identifier:          YrlUQrKjTLWbD7dQqOfnVlXGjIaTM5cric5vuaCy1lU=
Subject key identifier:   AE:D9:AD:D6:81:62:64:32:97:65:9D:C5:C3:CA:97:0D:90:97:43:1F
Certificate issuer:       /CN=dbd4f8e4762377f86b07a8753f6e98f6f4b6b792
Certificate serial:       018736D2C0DB2DD42D1E8EC9CC58E839F75D
Authority key identifier: DB:D4:F8:E4:76:23:77:F8:6B:07:A8:75:3F:6E:98:F6:F4:B6:B7:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/29T45HYjd_hrB6h1P26Y9vS2t5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/rtmt1oFiZDKXZZ3Fw8qXDZCXQx8.roa
Signing time:             Fri 31 Mar 2023 08:39:54 +0000
ROA not before:           Fri 31 Mar 2023 08:39:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59675
IP address blocks:        213.185.78.0/23 maxlen: 23
                          213.185.80.0/22 maxlen: 22
                          213.185.84.0/23 maxlen: 23
                          31.220.150.0/24 maxlen: 24
                          185.5.10.0/23 maxlen: 23
                          185.5.8.0/23 maxlen: 23
                          128.0.144.0/23 maxlen: 23
                          128.0.150.0/24 maxlen: 24
                          128.0.151.0/24 maxlen: 24
                          128.0.152.0/24 maxlen: 24
                          128.0.148.0/23 maxlen: 23
                          128.0.146.0/23 maxlen: 23
                          128.0.154.0/24 maxlen: 24
                          128.0.153.0/24 maxlen: 24
                          2a02:45c0::/32 maxlen: 32
                          2a02:45c0:10::/48 maxlen: 48
                          2a02:45c0:13::/48 maxlen: 48
                          2a02:45c0:9::/48 maxlen: 48
                          2a02:45c0:7::/48 maxlen: 48
                          2a02:45c0:18::/48 maxlen: 48
                          2a02:45c0:8::/48 maxlen: 48
                          2a02:45c0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Sep 2023 06:17:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:36:d2:c0:db:2d:d4:2d:1e:8e:c9:cc:58:e8:39:f7:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbd4f8e4762377f86b07a8753f6e98f6f4b6b792
        Validity
            Not Before: Mar 31 08:39:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aed9add68162643297659dc5c3ca970d9097431f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ea:7d:6e:07:9d:eb:5a:dc:94:8a:61:4f:4b:
                    a9:b4:3a:24:90:69:d7:08:ad:fd:e0:10:0a:c1:55:
                    92:91:df:4a:96:5e:77:c7:92:60:b0:78:f1:b7:f7:
                    9e:9a:bc:5d:69:95:9a:35:6d:1b:03:0a:c8:85:54:
                    f8:0a:7c:19:58:02:16:df:f0:90:ca:e4:4a:40:e6:
                    69:08:f6:0c:1a:36:29:57:6f:77:37:7c:25:ef:a9:
                    3c:1c:2f:bb:e9:19:98:fd:2a:19:2f:ad:39:2f:31:
                    b1:92:4d:ec:66:2c:a0:53:48:76:fd:54:60:b6:d8:
                    e4:de:f0:50:ca:00:b9:6c:81:ae:d4:fe:a8:fe:c5:
                    15:5d:ba:85:8b:23:b0:fb:9b:f3:f0:47:8f:21:4a:
                    e1:d8:63:fe:7d:97:dc:91:04:19:fa:25:4c:5e:70:
                    d6:94:0a:6c:8a:0b:9d:88:f2:00:d8:37:21:db:2a:
                    a5:d5:bc:fe:a9:22:b0:5b:d8:72:35:7b:52:2e:e4:
                    b4:03:e1:8f:19:17:7f:05:67:59:25:50:9e:61:3d:
                    1e:ee:68:ca:ec:49:17:fa:8f:66:2f:84:ef:ee:d4:
                    5e:35:ff:d1:f7:d2:a8:41:d1:90:cb:91:cf:76:fb:
                    7c:98:68:87:ca:bd:da:01:90:d7:b5:22:ca:74:40:
                    d5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D9:AD:D6:81:62:64:32:97:65:9D:C5:C3:CA:97:0D:90:97:43:1F
            X509v3 Authority Key Identifier:
                keyid:DB:D4:F8:E4:76:23:77:F8:6B:07:A8:75:3F:6E:98:F6:F4:B6:B7:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/29T45HYjd_hrB6h1P26Y9vS2t5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/rtmt1oFiZDKXZZ3Fw8qXDZCXQx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/29T45HYjd_hrB6h1P26Y9vS2t5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.150.0/24
                  128.0.144.0-128.0.154.255
                  185.5.8.0/22
                  213.185.78.0-213.185.85.255
                IPv6:
                  2a02:45c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:e7:71:d1:d2:2b:c2:c8:4f:67:1f:ac:27:9d:21:42:72:fc:
         2d:16:a0:67:19:63:23:66:58:6e:7d:33:54:16:55:76:4a:52:
         da:b3:02:51:0c:b3:7f:e5:48:1f:2d:49:ff:c0:c3:38:fb:61:
         a0:92:b3:a6:07:29:f0:98:21:a7:6e:a8:d4:31:b0:92:e0:11:
         b5:95:24:1e:84:97:89:cd:5a:20:bd:9e:c7:38:35:6c:34:40:
         a4:03:37:b5:87:fc:0c:e0:f1:6d:fb:4b:b6:1f:32:9e:38:ef:
         ad:0a:82:7c:44:c9:8f:ed:71:51:7a:84:44:8d:ce:2c:09:85:
         75:93:96:64:fd:ef:33:76:a2:c2:cd:2f:50:ce:66:35:23:83:
         26:b3:98:a5:f3:47:74:d8:9e:60:2b:d8:95:d7:08:de:5f:e5:
         e0:b4:1b:a5:99:2e:33:d7:74:a9:b5:74:f1:32:a4:bb:17:c3:
         c8:3f:e2:dc:44:6b:d4:4a:8e:2e:6a:80:cf:08:1b:f9:cb:74:
         ef:ce:d8:d1:e7:04:35:89:a0:0b:96:9c:96:16:b9:98:cc:0f:
         89:5b:bc:7a:4b:37:d0:69:0e:9e:f2:f4:2f:06:4c:92:f9:79:
         31:47:d9:a1:64:35:2b:48:30:02:41:8b:60:09:37:3d:ae:b2:
         62:14:fa:38
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYc20sDbLdQtHo7JzFjoOfddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZDRmOGU0NzYyMzc3Zjg2YjA3YTg3NTNmNmU5OGY2ZjRi
NmI3OTIwHhcNMjMwMzMxMDgzOTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQ5YWRkNjgxNjI2NDMyOTc2NTlkYzVjM2NhOTcwZDkwOTc0MzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOp9bged61rclIphT0uptDokkGnX
CK394BAKwVWSkd9Kll53x5JgsHjxt/eemrxdaZWaNW0bAwrIhVT4CnwZWAIW3/CQ
yuRKQOZpCPYMGjYpV293N3wl76k8HC+76RmY/SoZL605LzGxkk3sZiygU0h2/VRg
ttjk3vBQygC5bIGu1P6o/sUVXbqFiyOw+5vz8EePIUrh2GP+fZfckQQZ+iVMXnDW
lApsigudiPIA2Dch2yql1bz+qSKwW9hyNXtSLuS0A+GPGRd/BWdZJVCeYT0e7mjK
7EkX+o9mL4Tv7tReNf/R99KoQdGQy5HPdvt8mGiHyr3aAZDXtSLKdEDVwQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFK7ZrdaBYmQyl2WdxcPKlw2Ql0MfMB8GA1UdIwQY
MBaAFNvU+OR2I3f4aweodT9umPb0treSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjlUNDVIWWpkX2hyQjZoMVAyNlk5dlMydDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kM2Y2NWQtYWZhYi00ZDI4LWI0NmUt
NjIwYTc5Y2Y3OTJiLzEvcnRtdDFvRmlaREtYWlozRnc4cVhEWkNYUXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kM2Y2NWQtYWZhYi00ZDI4LWI0NmUtNjIwYTc5Y2Y3OTJi
LzEvMjlUNDVIWWpkX2hyQjZoMVAyNlk5dlMydDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwQAH9yWMAwD
BASAAJADBACAAJoDBAK5BQgwDAMEAdW5TgMEAdW5VDANBAIAAjAHAwUAKgJFwDAN
BgkqhkiG9w0BAQsFAAOCAQEAQedx0dIrwshPZx+sJ50hQnL8LRagZxljI2ZYbn0z
VBZVdkpS2rMCUQyzf+VIHy1J/8DDOPthoJKzpgcp8Jghp26o1DGwkuARtZUkHoSX
ic1aIL2exzg1bDRApAM3tYf8DODxbftLth8ynjjvrQqCfETJj+1xUXqERI3OLAmF
dZOWZP3vM3aiws0vUM5mNSODJrOYpfNHdNieYCvYldcI3l/l4LQbpZkuM9d0qbV0
8TKkuxfDyD/i3ERr1EqOLmqAzwgb+ct0787Y0ecENYmgC5aclha5mMwPiVu8eks3
0GkOnvL0LwZMkvl5MUfZoWQ1K0gwAkGLYAk3Pa6yYhT6OA==
-----END CERTIFICATE-----