Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/4ISC8JWtIW_6StvlruizcqedTNM.roa
File:                     4ISC8JWtIW_6StvlruizcqedTNM.roa (raw, json)
Hash identifier:          F4d47jxAprbamJ7wWVTECuwHEi802PN+MaPsRI8ttDU=
Subject key identifier:   E0:84:82:F0:95:AD:21:6F:FA:4A:DB:E5:AE:E8:B3:72:A7:9D:4C:D3
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018B43889562530C8DD97AEDA3BEA8C21DF9
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/4ISC8JWtIW_6StvlruizcqedTNM.roa
Signing time:             Wed 18 Oct 2023 16:05:06 +0000
ROA not before:           Wed 18 Oct 2023 16:05:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     40676
IP address blocks:        192.95.93.0/24 maxlen: 24
                          192.95.94.0/24 maxlen: 24
                          192.95.95.0/24 maxlen: 24
                          192.95.92.0/24 maxlen: 24
                          92.50.0.0/24 maxlen: 24
                          92.50.1.0/24 maxlen: 24
                          92.50.2.0/24 maxlen: 24
                          92.50.3.0/24 maxlen: 24
                          92.50.4.0/24 maxlen: 24
                          92.50.10.0/24 maxlen: 24
                          92.50.11.0/24 maxlen: 24
                          92.50.7.0/24 maxlen: 24
                          92.50.8.0/24 maxlen: 24
                          92.50.9.0/24 maxlen: 24
                          92.50.5.0/24 maxlen: 24
                          92.50.6.0/24 maxlen: 24
                          92.50.12.0/24 maxlen: 24
                          92.50.13.0/24 maxlen: 24
                          147.136.72.0/22 maxlen: 24
                          147.136.80.0/22 maxlen: 24
                          147.136.92.0/22 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:43:88:95:62:53:0c:8d:d9:7a:ed:a3:be:a8:c2:1d:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Oct 18 16:05:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e08482f095ad216ffa4adbe5aee8b372a79d4cd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d2:66:68:9c:62:4c:9d:0c:9f:06:63:74:1a:
                    a1:2b:4b:da:1e:09:99:70:63:82:30:34:53:88:1a:
                    83:2c:6d:b0:3a:96:91:87:bd:7d:5b:a5:30:88:ff:
                    40:2d:46:ce:1b:b0:65:ff:24:82:bc:e6:59:e7:dc:
                    de:c5:09:7b:ad:3f:44:a4:eb:0a:b3:49:b5:76:6f:
                    26:4c:b7:42:11:a9:03:07:1f:01:0f:50:9e:44:1c:
                    b5:65:76:d9:e3:f4:f1:df:0e:7d:b8:30:e4:a1:5a:
                    8b:6e:d0:38:9d:70:9e:6d:bb:8f:60:d5:70:fe:b1:
                    0b:de:27:5f:ed:a3:87:cd:db:37:0b:1d:4b:d1:c7:
                    dc:71:7b:c6:53:bb:43:9e:8e:10:15:73:da:05:90:
                    57:00:22:4b:27:e6:f4:5f:4e:a2:d8:78:03:97:e7:
                    55:65:4e:6b:52:3a:61:bd:72:65:45:11:28:23:f0:
                    fe:e9:8b:db:eb:80:bb:51:0c:a0:35:7d:d7:55:d4:
                    30:47:d2:21:43:6c:85:30:07:00:41:96:d9:59:b3:
                    d4:00:d6:ef:bb:ed:c6:20:4e:a8:93:88:6d:2c:3d:
                    57:0b:41:0b:09:a2:c3:82:b1:58:14:aa:f4:6b:92:
                    c0:cf:7c:69:49:f4:dd:3d:b2:c6:8f:c2:76:24:71:
                    0a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:84:82:F0:95:AD:21:6F:FA:4A:DB:E5:AE:E8:B3:72:A7:9D:4C:D3
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/4ISC8JWtIW_6StvlruizcqedTNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.50.0.0-92.50.13.255
                  147.136.72.0/22
                  147.136.80.0/22
                  147.136.92.0/22
                  192.95.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:fd:3c:90:d3:71:1f:67:93:8f:96:2a:81:91:81:dd:75:0c:
         9a:96:44:bb:61:e0:15:e1:70:70:9e:25:f1:d8:b8:77:08:ba:
         cc:43:25:38:2a:36:02:84:0d:79:ff:21:3e:c3:02:90:a1:96:
         dd:3c:ee:cc:c4:6c:05:bb:c1:1c:92:db:9b:7e:f9:73:78:f8:
         c5:b9:db:20:b7:f8:f0:bd:38:30:55:23:ef:a4:bc:1d:52:c6:
         42:b6:d5:b6:30:cc:b2:4d:35:7a:40:46:a8:22:b6:b3:40:b7:
         d0:8c:f2:76:8a:25:d3:fc:d3:bf:15:7d:7d:64:09:77:ac:d3:
         9a:73:4c:5b:4a:57:48:f3:a5:18:c7:6b:89:7a:6b:07:8d:ba:
         07:fc:56:9a:de:7b:3c:90:ed:cc:9f:74:b2:c0:fb:ef:9c:1a:
         82:24:34:24:3a:82:dc:d1:5c:23:76:d5:13:61:09:6a:da:c3:
         f1:ed:e2:ba:1e:88:f4:da:e9:21:c1:64:b6:ee:eb:b1:85:80:
         a3:eb:de:d8:c2:3a:38:fa:38:8c:c7:85:1d:29:f9:30:da:53:
         be:de:e0:b9:25:ab:24:f3:ff:14:63:86:ac:57:f6:54:e2:5c:
         33:b8:4a:03:60:e0:ed:0e:bb:ea:7c:df:bc:a9:79:0d:e9:b8:
         66:5a:81:24
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYtDiJViUwyN2Xrto76owh35MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjMxMDE4MTYwNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDg0ODJmMDk1YWQyMTZmZmE0YWRiZTVhZWU4YjM3MmE3OWQ0Y2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNJmaJxiTJ0MnwZjdBqhK0vaHgmZ
cGOCMDRTiBqDLG2wOpaRh719W6UwiP9ALUbOG7Bl/ySCvOZZ59zexQl7rT9EpOsK
s0m1dm8mTLdCEakDBx8BD1CeRBy1ZXbZ4/Tx3w59uDDkoVqLbtA4nXCebbuPYNVw
/rEL3idf7aOHzds3Cx1L0cfccXvGU7tDno4QFXPaBZBXACJLJ+b0X06i2HgDl+dV
ZU5rUjphvXJlRREoI/D+6Yvb64C7UQygNX3XVdQwR9IhQ2yFMAcAQZbZWbPUANbv
u+3GIE6ok4htLD1XC0ELCaLDgrFYFKr0a5LAz3xpSfTdPbLGj8J2JHEKkQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFOCEgvCVrSFv+krb5a7os3KnnUzTMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvNElTQzhKV3RJV182U3R2bHJ1aXpjcWVkVE5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAATAlMAsDAwFcMgME
AVwyDAMEApOISAMEApOIUAMEApOIXAMEAsBfXDANBgkqhkiG9w0BAQsFAAOCAQEA
cP08kNNxH2eTj5YqgZGB3XUMmpZEu2HgFeFwcJ4l8di4dwi6zEMlOCo2AoQNef8h
PsMCkKGW3TzuzMRsBbvBHJLbm375c3j4xbnbILf48L04MFUj76S8HVLGQrbVtjDM
sk01ekBGqCK2s0C30Izydool0/zTvxV9fWQJd6zTmnNMW0pXSPOlGMdriXprB426
B/xWmt57PJDtzJ90ssD775wagiQ0JDqC3NFcI3bVE2EJatrD8e3iuh6I9NrpIcFk
tu7rsYWAo+ve2MI6OPo4jMeFHSn5MNpTvt7guSWrJPP/FGOGrFf2VOJcM7hKA2Dg
7Q676nzfvKl5Dem4ZlqBJA==
-----END CERTIFICATE-----