Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/sfZwEAQguOQZQUvg0UYlIOMPF3U.roa
File:                     sfZwEAQguOQZQUvg0UYlIOMPF3U.roa (raw, json)
Hash identifier:          Vs4mr1XgqG3isY9mjTEmA15MMiIlhz3UUpOxVaeM6y4=
Subject key identifier:   B1:F6:70:10:04:20:B8:E4:19:41:4B:E0:D1:46:25:20:E3:0F:17:75
Certificate issuer:       /CN=086282e751286fbbecc75ea6edcc254192c55c76
Certificate serial:       01857169DB929A618B9A2C2DD893FB1B4DE3
Authority key identifier: 08:62:82:E7:51:28:6F:BB:EC:C7:5E:A6:ED:CC:25:41:92:C5:5C:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGKC51Eob7vsx16m7cwlQZLFXHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/sfZwEAQguOQZQUvg0UYlIOMPF3U.roa
Signing time:             Mon 02 Jan 2023 07:37:21 +0000
ROA not before:           Mon 02 Jan 2023 07:37:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34086
IP address blocks:        160.44.0.0/16 maxlen: 24
                          217.150.144.0/20 maxlen: 24
                          94.100.240.0/20 maxlen: 24
                          46.29.96.0/21 maxlen: 24
                          93.188.240.0/21 maxlen: 24
                          82.192.98.0/23 maxlen: 24
                          160.44.192.0/20 maxlen: 24
                          160.44.192.0/21 maxlen: 21
                          160.44.200.0/21 maxlen: 21
                          185.9.216.0/22 maxlen: 24
                          2a00:da8:fffb::/48 maxlen: 48
                          2a00:da8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:30:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:69:db:92:9a:61:8b:9a:2c:2d:d8:93:fb:1b:4d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=086282e751286fbbecc75ea6edcc254192c55c76
        Validity
            Not Before: Jan  2 07:37:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b1f670100420b8e419414be0d1462520e30f1775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:58:fb:60:33:8a:50:47:db:61:63:23:e0:8d:
                    84:0e:67:19:75:36:13:23:8b:df:9b:2f:1e:3e:83:
                    16:bb:84:19:c6:af:84:87:3f:93:d0:72:95:60:87:
                    54:cc:84:ea:1e:c0:b9:0b:42:bf:4b:1e:5b:f2:c9:
                    c0:2a:0b:23:2a:0c:99:d5:67:d5:59:ee:a4:6c:fa:
                    cd:f7:b0:21:65:b8:2d:46:50:3b:53:7e:11:29:9d:
                    f2:3b:fc:d0:02:1a:e1:5b:8a:a2:5d:e5:6e:9b:c6:
                    ba:32:29:54:33:dc:70:d3:10:e7:89:20:40:f0:a1:
                    18:9e:c0:ef:b0:5b:cd:c5:b7:40:c8:cb:98:c6:d5:
                    c6:17:b0:19:b0:41:e4:e5:f5:cc:68:6a:31:2c:d2:
                    30:45:b1:22:41:04:14:55:0b:e3:19:d7:67:e4:26:
                    c1:ef:4d:9a:fb:51:b8:5c:91:e4:18:83:56:df:fa:
                    1e:17:84:b4:17:a5:11:d8:d4:9f:7f:83:15:96:dc:
                    54:27:f9:ec:36:34:f1:b1:2c:42:ad:f3:d9:50:35:
                    d9:29:66:c3:b0:3c:2a:31:3f:1a:9b:b7:9d:5b:21:
                    b3:8d:9e:47:70:fc:7e:17:cd:90:3c:5e:f5:0c:82:
                    92:93:a0:e6:5a:b2:4a:43:c9:2d:07:b3:7e:79:47:
                    47:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F6:70:10:04:20:B8:E4:19:41:4B:E0:D1:46:25:20:E3:0F:17:75
            X509v3 Authority Key Identifier:
                keyid:08:62:82:E7:51:28:6F:BB:EC:C7:5E:A6:ED:CC:25:41:92:C5:5C:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGKC51Eob7vsx16m7cwlQZLFXHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/sfZwEAQguOQZQUvg0UYlIOMPF3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/9d8598-e9e2-4709-b535-6b04aadeef10/1/CGKC51Eob7vsx16m7cwlQZLFXHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.96.0/21
                  82.192.98.0/23
                  93.188.240.0/21
                  94.100.240.0/20
                  160.44.0.0/16
                  185.9.216.0/22
                  217.150.144.0/20
                IPv6:
                  2a00:da8::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:98:0e:8d:3b:ab:12:cb:ed:76:23:df:fc:6d:d1:cc:33:53:
         33:45:20:7d:b9:4a:b0:1f:54:7d:a9:bb:78:48:ee:14:cf:df:
         fb:19:21:64:c2:af:0a:25:dc:6c:32:18:91:0c:18:d6:ef:ed:
         09:26:38:5c:ff:e2:69:51:74:1d:45:4a:36:2e:c8:62:84:c9:
         4a:1a:49:33:be:1a:eb:22:2a:94:8d:b7:c0:8b:f0:ac:42:33:
         bd:ed:0b:ed:20:d9:31:bb:dc:dd:94:55:3e:a8:f1:6a:8d:01:
         d3:49:d7:18:1e:8f:8b:33:21:42:27:a3:1b:ca:e4:46:89:a7:
         df:8d:a9:ac:01:ab:d9:e3:65:2d:10:47:a7:76:58:fc:0e:f6:
         bd:32:d2:23:c4:05:c5:14:e7:87:79:bb:7d:0a:2f:5d:e8:9f:
         0c:b6:a1:84:89:6d:a6:c6:ac:b9:31:a6:d8:fc:c5:07:57:3c:
         ec:16:f2:61:36:9b:99:7f:8d:cb:38:5f:38:a8:5f:fd:10:1f:
         05:5c:76:b4:4c:62:7f:90:1a:ee:8b:06:50:0f:9a:f7:4e:50:
         64:b9:a7:66:28:da:07:cc:a1:d6:d4:bf:7e:99:07:9b:47:27:
         6b:37:76:e6:8d:df:15:f9:91:95:07:e0:e6:10:f2:db:83:b7:
         6a:60:a8:cb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVxaduSmmGLmiwt2JP7G03jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjI4MmU3NTEyODZmYmJlY2M3NWVhNmVkY2MyNTQxOTJj
NTVjNzYwHhcNMjMwMTAyMDczNzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWY2NzAxMDA0MjBiOGU0MTk0MTRiZTBkMTQ2MjUyMGUzMGYxNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVj7YDOKUEfbYWMj4I2EDmcZdTYT
I4vfmy8ePoMWu4QZxq+Ehz+T0HKVYIdUzITqHsC5C0K/Sx5b8snAKgsjKgyZ1WfV
We6kbPrN97AhZbgtRlA7U34RKZ3yO/zQAhrhW4qiXeVum8a6MilUM9xw0xDniSBA
8KEYnsDvsFvNxbdAyMuYxtXGF7AZsEHk5fXMaGoxLNIwRbEiQQQUVQvjGddn5CbB
702a+1G4XJHkGINW3/oeF4S0F6UR2NSff4MVltxUJ/nsNjTxsSxCrfPZUDXZKWbD
sDwqMT8am7edWyGzjZ5HcPx+F82QPF71DIKSk6DmWrJKQ8ktB7N+eUdHowIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFLH2cBAEILjkGUFL4NFGJSDjDxd1MB8GA1UdIwQY
MBaAFAhigudRKG+77Mdepu3MJUGSxVx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0dLQzUxRW9iN3ZzeDE2bTdjd2xRWkxGWEhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS85ZDg1OTgtZTllMi00NzA5LWI1MzUt
NmIwNGFhZGVlZjEwLzEvc2Zad0VBUWd1T1FaUVV2ZzBVWWxJT01QRjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS85ZDg1OTgtZTllMi00NzA5LWI1MzUtNmIwNGFhZGVlZjEw
LzEvQ0dLQzUxRW9iN3ZzeDE2bTdjd2xRWkxGWEhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAvBAIAATApAwQDLh1gAwQB
UsBiAwQDXbzwAwQEXmTwAwMAoCwDBAK5CdgDBATZlpAwDQQCAAIwBwMFACoADagw
DQYJKoZIhvcNAQELBQADggEBAH2YDo07qxLL7XYj3/xt0cwzUzNFIH25SrAfVH2p
u3hI7hTP3/sZIWTCrwol3GwyGJEMGNbv7QkmOFz/4mlRdB1FSjYuyGKEyUoaSTO+
GusiKpSNt8CL8KxCM73tC+0g2TG73N2UVT6o8WqNAdNJ1xgej4szIUInoxvK5EaJ
p9+NqawBq9njZS0QR6d2WPwO9r0y0iPEBcUU54d5u30KL13onwy2oYSJbabGrLkx
ptj8xQdXPOwW8mE2m5l/jcs4XzioX/0QHwVcdrRMYn+QGu6LBlAPmvdOUGS5p2Yo
2gfModbUv36ZB5tHJ2s3duaN3xX5kZUH4OYQ8tuDt2pgqMs=
-----END CERTIFICATE-----