Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/1f4ZWWm2Ido3oDXj_o5gkBsTB24.roa
File:                     1f4ZWWm2Ido3oDXj_o5gkBsTB24.roa (raw, json)
Hash identifier:          o9LuajT9svdR3CiUoo1DstcYoh8XnXbudWIGXFrFDTA=
Subject key identifier:   D5:FE:19:59:69:B6:21:DA:37:A0:35:E3:FE:8E:60:90:1B:13:07:6E
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       018607A83F5E9714F7E1AF817F2D53A813A9
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/1f4ZWWm2Ido3oDXj_o5gkBsTB24.roa
Signing time:             Tue 31 Jan 2023 11:48:32 +0000
ROA not before:           Tue 31 Jan 2023 11:48:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3316
IP address blocks:        194.190.138.0/24 maxlen: 24
                          194.190.141.0/24 maxlen: 24
                          194.190.142.0/24 maxlen: 24
                          194.190.145.0/24 maxlen: 24
                          194.190.148.0/24 maxlen: 24
                          193.232.85.0/24 maxlen: 24
                          194.85.105.0/24 maxlen: 24
                          194.85.106.0/24 maxlen: 24
                          194.85.117.0/24 maxlen: 24
                          194.226.29.0/24 maxlen: 24
                          194.85.31.0/24 maxlen: 24
                          194.226.44.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 31 Jan 2023 13:16:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:07:a8:3f:5e:97:14:f7:e1:af:81:7f:2d:53:a8:13:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Jan 31 11:48:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d5fe195969b621da37a035e3fe8e60901b13076e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:2d:4b:99:90:86:d7:32:16:1f:90:3d:05:67:
                    00:e7:ce:e8:5a:09:79:60:b1:9d:f0:86:a1:74:f8:
                    a6:66:06:39:ac:4c:1f:4e:68:f7:86:6c:dc:2b:f4:
                    9d:e8:f2:85:b8:f1:40:bf:b7:1c:48:ce:63:21:05:
                    94:b0:68:85:b6:35:a5:15:80:37:f5:66:38:24:1f:
                    6e:4a:6f:17:bc:e8:73:e5:0a:03:e0:9b:37:fd:4d:
                    5a:96:d2:0f:1d:fd:f5:78:c7:1b:1c:c4:9d:c7:f9:
                    02:cb:4f:c1:01:4d:dc:e3:c1:54:39:e2:28:b9:c8:
                    c0:b9:b8:bf:b3:ed:fa:f2:a5:48:13:6c:40:35:09:
                    d9:95:ed:26:31:cf:f4:f8:f3:61:8a:0c:42:90:38:
                    3d:93:b1:83:a2:a8:d8:2f:97:89:28:b2:eb:bd:1f:
                    35:6b:99:07:d9:44:ca:d7:35:24:a7:ee:0e:20:44:
                    fd:a4:8b:64:8d:02:be:19:50:4b:87:aa:9e:1f:95:
                    21:01:00:47:3c:2f:30:10:f0:84:1b:0f:9b:47:63:
                    09:26:e2:ff:98:7f:d6:2e:89:d3:7b:ea:8c:15:24:
                    28:23:3e:8e:42:17:40:c2:6d:38:0e:c5:c0:a4:f2:
                    7f:5b:32:b7:3c:dc:84:f2:cd:3f:41:dd:00:a4:14:
                    61:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:FE:19:59:69:B6:21:DA:37:A0:35:E3:FE:8E:60:90:1B:13:07:6E
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/1f4ZWWm2Ido3oDXj_o5gkBsTB24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.85.0/24
                  194.85.31.0/24
                  194.85.105.0-194.85.106.255
                  194.85.117.0/24
                  194.190.138.0/24
                  194.190.141.0-194.190.142.255
                  194.190.145.0/24
                  194.190.148.0/24
                  194.226.29.0/24
                  194.226.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:60:c6:5d:41:b4:43:08:c3:86:a7:f9:af:66:4d:f6:d7:c5:
         f7:cf:f2:9f:5b:bf:d2:0f:3c:65:49:4f:45:66:cf:8f:08:91:
         f6:01:be:3c:d6:fa:8f:6b:dd:78:a3:cf:b1:7c:5d:88:32:44:
         81:d2:fc:78:43:51:33:90:e3:9a:95:2c:01:e7:91:df:62:69:
         45:6b:2c:29:90:e9:16:dd:e2:65:d5:a2:73:58:db:ea:59:f7:
         e4:14:e5:87:bc:98:c7:0b:dd:54:b2:1c:42:75:5e:1e:4f:8b:
         0b:14:b8:9e:58:4a:bc:04:85:56:07:42:3e:af:4d:55:84:a7:
         ff:bf:7b:6b:29:09:b7:da:c8:41:fb:1e:98:0e:3d:9f:ea:6a:
         e9:6a:eb:e0:dd:66:ad:3c:fe:d2:c1:ce:bc:2b:e4:20:49:c2:
         35:af:df:63:de:78:3a:6c:8d:c0:f8:23:a1:44:f3:64:6e:e1:
         bf:db:46:ba:eb:6d:29:a9:35:4b:59:aa:f1:a4:71:fe:c2:38:
         ea:27:53:ef:a4:8a:23:d1:7b:8a:8a:dc:2c:d5:a4:c0:52:d9:
         7b:10:fc:db:1f:9e:3c:35:7b:fa:ab:52:c6:1c:dd:12:d3:46:
         fd:7e:15:ec:67:08:85:11:5a:d6:42:cc:39:3b:3c:48:67:99:
         e0:a4:13:ed
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYYHqD9elxT34a+Bfy1TqBOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjMwMTMxMTE0ODMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWZlMTk1OTY5YjYyMWRhMzdhMDM1ZTNmZThlNjA5MDFiMTMwNzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgi1LmZCG1zIWH5A9BWcA587oWgl5
YLGd8IahdPimZgY5rEwfTmj3hmzcK/Sd6PKFuPFAv7ccSM5jIQWUsGiFtjWlFYA3
9WY4JB9uSm8XvOhz5QoD4Js3/U1altIPHf31eMcbHMSdx/kCy0/BAU3c48FUOeIo
ucjAubi/s+368qVIE2xANQnZle0mMc/0+PNhigxCkDg9k7GDoqjYL5eJKLLrvR81
a5kH2UTK1zUkp+4OIET9pItkjQK+GVBLh6qeH5UhAQBHPC8wEPCEGw+bR2MJJuL/
mH/WLonTe+qMFSQoIz6OQhdAwm04DsXApPJ/WzK3PNyE8s0/Qd0ApBRhwwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFNX+GVlptiHaN6A14/6OYJAbEwduMB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvMWY0WldXbTJJZG8zb0RYal9vNWdrQnNUQjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAwehVAwQA
wlUfMAwDBADCVWkDBADCVWoDBADCVXUDBADCvoowDAMEAMK+jQMEAMK+jgMEAMK+
kQMEAMK+lAMEAMLiHQMEAMLiLDANBgkqhkiG9w0BAQsFAAOCAQEAL2DGXUG0QwjD
hqf5r2ZN9tfF98/yn1u/0g88ZUlPRWbPjwiR9gG+PNb6j2vdeKPPsXxdiDJEgdL8
eENRM5DjmpUsAeeR32JpRWssKZDpFt3iZdWic1jb6ln35BTlh7yYxwvdVLIcQnVe
Hk+LCxS4nlhKvASFVgdCPq9NVYSn/797aykJt9rIQfsemA49n+pq6Wrr4N1mrTz+
0sHOvCvkIEnCNa/fY954OmyNwPgjoUTzZG7hv9tGuuttKak1S1mq8aRx/sI46idT
76SKI9F7iorcLNWkwFLZexD82x+ePDV7+qtSxhzdEtNG/X4V7GcIhRFa1kLMOTs8
SGeZ4KQT7Q==
-----END CERTIFICATE-----