Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/rR5uIVXZAAyvu77ZqCDVluIhzMM.roa
File:                     rR5uIVXZAAyvu77ZqCDVluIhzMM.roa (raw, json)
Hash identifier:          jUxHDL236y6cr97V49XTp2dWBA0sa3ZU4QaqSvVbsyM=
Subject key identifier:   AD:1E:6E:21:55:D9:00:0C:AF:BB:BE:D9:A8:20:D5:96:E2:21:CC:C3
Certificate issuer:       /CN=b986028c9feb6f142b3fecb64667f48874ba9c37
Certificate serial:       0185704BCA3018F1C3EEFA4540FEF90DC6C9
Authority key identifier: B9:86:02:8C:9F:EB:6F:14:2B:3F:EC:B6:46:67:F4:88:74:BA:9C:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/rR5uIVXZAAyvu77ZqCDVluIhzMM.roa
Signing time:             Mon 02 Jan 2023 02:24:53 +0000
ROA not before:           Mon 02 Jan 2023 02:24:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34362
IP address blocks:        85.94.84.0/22 maxlen: 22
                          85.94.80.0/22 maxlen: 22
                          85.94.88.0/22 maxlen: 22
                          85.94.92.0/22 maxlen: 22
                          176.62.30.0/24 maxlen: 24
                          176.62.28.0/24 maxlen: 24
                          176.62.29.0/24 maxlen: 24
                          176.62.32.0/22 maxlen: 22
                          176.62.36.0/22 maxlen: 22
                          176.62.40.0/22 maxlen: 22
                          176.62.44.0/22 maxlen: 22
                          85.94.64.0/22 maxlen: 22
                          85.94.68.0/22 maxlen: 22
                          85.94.76.0/22 maxlen: 22
                          85.94.72.0/22 maxlen: 22
                          176.62.4.0/22 maxlen: 22
                          176.62.0.0/22 maxlen: 22
                          176.62.8.0/22 maxlen: 22
                          176.62.12.0/22 maxlen: 22
                          176.62.16.0/22 maxlen: 22
                          176.62.20.0/22 maxlen: 22
                          176.62.24.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:4b:ca:30:18:f1:c3:ee:fa:45:40:fe:f9:0d:c6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b986028c9feb6f142b3fecb64667f48874ba9c37
        Validity
            Not Before: Jan  2 02:24:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad1e6e2155d9000cafbbbed9a820d596e221ccc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:50:15:45:b5:5c:dc:b2:53:06:0e:31:27:b2:
                    a0:1b:d2:3f:60:a0:29:92:cf:6b:6c:3a:7b:ab:4f:
                    b9:fe:d9:7a:3a:d7:9d:c1:32:e9:2f:17:27:16:35:
                    cd:09:2a:10:2a:03:b3:bf:d2:67:ce:f1:a3:79:27:
                    e3:4b:f8:f3:dd:a5:7f:2d:13:19:e1:0f:92:e4:07:
                    bc:45:4c:22:cb:9f:4a:3b:00:0c:7f:e5:fc:92:13:
                    33:9c:d8:13:fa:84:17:78:33:45:ba:cf:5c:52:10:
                    bb:83:51:d7:25:fc:2f:ad:a0:89:f6:46:31:15:fc:
                    20:d9:5d:57:f8:20:18:85:6a:aa:6e:a7:02:d2:32:
                    78:e9:b7:4b:72:9b:59:3d:27:8f:ba:2b:f3:ce:cb:
                    8c:23:25:ed:29:56:c4:2d:cd:da:17:1b:36:76:2a:
                    f6:a9:52:2b:82:83:e3:32:f5:9d:a9:bd:6a:67:df:
                    06:40:c0:23:fb:7c:56:56:88:f4:24:a6:3e:8a:01:
                    a6:89:b5:a5:f7:99:a6:eb:2b:5c:03:7b:b3:36:63:
                    6f:f4:26:7c:a1:42:33:e2:90:f4:05:43:c0:16:4a:
                    c2:88:f9:b5:a2:8f:59:1e:f5:7b:d2:eb:29:1e:7e:
                    d6:23:08:b8:99:e4:35:80:c1:a5:13:16:4b:55:5b:
                    16:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:1E:6E:21:55:D9:00:0C:AF:BB:BE:D9:A8:20:D5:96:E2:21:CC:C3
            X509v3 Authority Key Identifier:
                keyid:B9:86:02:8C:9F:EB:6F:14:2B:3F:EC:B6:46:67:F4:88:74:BA:9C:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/rR5uIVXZAAyvu77ZqCDVluIhzMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/285850-7551-4229-87b6-3a4468c4dfdf/1/uYYCjJ_rbxQrP-y2Rmf0iHS6nDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.94.64.0/19
                  176.62.0.0-176.62.30.255
                  176.62.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         51:82:72:2f:98:52:66:c3:0a:f4:a0:aa:ae:e0:73:7c:c6:30:
         fb:b7:fb:fc:68:e4:ab:65:54:73:b0:ac:fc:05:ff:b2:76:51:
         00:86:73:93:2d:58:35:59:17:a7:2b:1e:51:79:d1:87:29:63:
         f5:ca:55:f3:9c:d4:c7:74:8f:66:73:19:9a:e8:e9:d0:37:2b:
         c7:86:66:df:f8:32:0d:d9:5e:26:75:04:a6:1a:3a:be:1e:58:
         30:d4:25:d0:d8:7a:10:12:63:d2:cb:3f:c7:89:21:60:54:6e:
         88:f8:09:6d:08:7e:c5:4f:24:21:5d:26:86:bd:95:25:c8:4e:
         c7:8b:4d:9e:6e:72:de:fe:59:ec:ff:da:ea:b7:60:a3:cc:43:
         7c:32:e8:c9:79:d4:24:6d:ed:24:8c:e8:1a:b5:24:9b:46:f0:
         bf:87:ee:15:e2:c9:bc:c4:0f:c3:f4:b9:64:21:e2:b4:73:0b:
         9f:3b:a7:f2:bb:87:f3:0d:41:f1:1b:a5:dd:d2:97:09:c2:41:
         d6:8d:63:82:ae:0f:b6:5a:a7:84:9b:01:c2:93:94:a6:82:e1:
         b2:c9:ba:9a:6b:7a:45:b8:95:09:68:bc:c4:58:71:d7:5d:37:
         67:60:3a:16:62:c7:c3:91:dc:6e:61:6a:ad:09:5f:c0:c6:5d:
         a1:36:b2:d1
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYVwS8owGPHD7vpFQP75DcbJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ODYwMjhjOWZlYjZmMTQyYjNmZWNiNjQ2NjdmNDg4NzRi
YTljMzcwHhcNMjMwMTAyMDIyNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDFlNmUyMTU1ZDkwMDBjYWZiYmJlZDlhODIwZDU5NmUyMjFjY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1AVRbVc3LJTBg4xJ7KgG9I/YKAp
ks9rbDp7q0+5/tl6OtedwTLpLxcnFjXNCSoQKgOzv9JnzvGjeSfjS/jz3aV/LRMZ
4Q+S5Ae8RUwiy59KOwAMf+X8khMznNgT+oQXeDNFus9cUhC7g1HXJfwvraCJ9kYx
Ffwg2V1X+CAYhWqqbqcC0jJ46bdLcptZPSePuivzzsuMIyXtKVbELc3aFxs2dir2
qVIrgoPjMvWdqb1qZ98GQMAj+3xWVoj0JKY+igGmibWl95mm6ytcA3uzNmNv9CZ8
oUIz4pD0BUPAFkrCiPm1oo9ZHvV70uspHn7WIwi4meQ1gMGlExZLVVsW3wIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFK0ebiFV2QAMr7u+2agg1ZbiIczDMB8GA1UdIwQY
MBaAFLmGAoyf628UKz/stkZn9Ih0upw3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVlZQ2pKX3JieFFyUC15MlJtZjBpSFM2bkRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8yODU4NTAtNzU1MS00MjI5LTg3YjYt
M2E0NDY4YzRkZmRmLzEvclI1dUlWWFpBQXl2dTc3WnFDRFZsdUloek1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8yODU4NTAtNzU1MS00MjI5LTg3YjYtM2E0NDY4YzRkZmRm
LzEvdVlZQ2pKX3JieFFyUC15MlJtZjBpSFM2bkRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAATAZAwQFVV5AMAsD
AwGwPgMEALA+HgMEBLA+IDANBgkqhkiG9w0BAQsFAAOCAQEAUYJyL5hSZsMK9KCq
ruBzfMYw+7f7/Gjkq2VUc7Cs/AX/snZRAIZzky1YNVkXpyseUXnRhylj9cpV85zU
x3SPZnMZmujp0Dcrx4Zm3/gyDdleJnUEpho6vh5YMNQl0Nh6EBJj0ss/x4khYFRu
iPgJbQh+xU8kIV0mhr2VJchOx4tNnm5y3v5Z7P/a6rdgo8xDfDLoyXnUJG3tJIzo
GrUkm0bwv4fuFeLJvMQPw/S5ZCHitHMLnzun8ruH8w1B8Rul3dKXCcJB1o1jgq4P
tlqnhJsBwpOUpoLhssm6mmt6RbiVCWi8xFhx1103Z2A6FmLHw5HcbmFqrQlfwMZd
oTay0Q==
-----END CERTIFICATE-----