Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/ekTqaxVZjPazXLkE5UWpl_2PLNo.roa
File:                     ekTqaxVZjPazXLkE5UWpl_2PLNo.roa (raw, json)
Hash identifier:          KjAbfllZ3+g+onSyDICF607oLM2Qt0muYNHfbdKalyM=
Subject key identifier:   7A:44:EA:6B:15:59:8C:F6:B3:5C:B9:04:E5:45:A9:97:FD:8F:2C:DA
Certificate issuer:       /CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
Certificate serial:       018571B0EC7617F1AF6BEB07E3A5FF96ECD2
Authority key identifier: 99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/ekTqaxVZjPazXLkE5UWpl_2PLNo.roa
Signing time:             Mon 02 Jan 2023 08:54:58 +0000
ROA not before:           Mon 02 Jan 2023 08:54:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202623
IP address blocks:        141.101.91.0/24 maxlen: 24
                          2a06:98c0:3604::/48 maxlen: 48
                          2a06:98c0:3607::/48 maxlen: 48
                          2a06:98c0:3612::/48 maxlen: 48
                          2a06:98c0:3602::/48 maxlen: 48
                          2a06:98c0:3605::/48 maxlen: 48
                          2a06:98c0:1400::/48 maxlen: 48
                          2a06:98c0:3603::/48 maxlen: 48
                          2a06:98c0:360e::/48 maxlen: 48
                          2a06:98c0:3606::/48 maxlen: 48
                          2a06:98c0:1401::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 09 Jan 2023 18:27:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:b0:ec:76:17:f1:af:6b:eb:07:e3:a5:ff:96:ec:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
        Validity
            Not Before: Jan  2 08:54:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7a44ea6b15598cf6b35cb904e545a997fd8f2cda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:28:52:7a:ca:42:2d:84:28:37:fc:68:05:a3:
                    07:4d:29:a5:d4:18:4f:d0:12:c2:0d:65:58:98:de:
                    74:92:20:a7:8e:25:70:0b:5a:da:fc:c0:08:c3:dc:
                    06:dd:16:0d:52:86:74:5f:82:6e:ac:05:8b:d9:5a:
                    9b:82:73:b8:6f:8c:53:46:bc:44:bd:20:c5:f9:c5:
                    a9:d8:4e:ac:a2:35:50:14:52:e7:06:3e:1c:ee:14:
                    18:79:dc:1e:5d:fc:fc:8f:ba:14:5b:26:8d:b6:ee:
                    61:e8:1e:91:45:eb:be:9b:1d:8f:fd:e8:90:18:ec:
                    6b:ab:0a:75:35:96:76:9e:a0:e6:fe:ca:6f:bc:cc:
                    a8:90:62:c5:aa:b5:38:26:a6:bc:22:6e:4c:d8:ad:
                    f9:fd:bf:3e:25:08:c5:e9:62:94:3c:5f:e2:9a:82:
                    04:2c:ca:11:6e:13:f4:89:e8:e2:98:11:7c:29:ab:
                    ca:6e:a3:5c:2a:78:76:8d:bc:48:1e:17:dd:de:5b:
                    2e:a2:6c:8d:95:79:5a:c8:82:67:e0:a7:b1:7a:4f:
                    28:05:1c:ed:d4:8b:e7:7d:06:fc:af:fc:c9:d7:a2:
                    60:fa:34:0a:76:be:69:ed:c2:ec:54:f5:1a:4e:94:
                    40:85:59:0e:a7:ae:1e:29:c0:80:ff:8d:b7:f8:e7:
                    39:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:44:EA:6B:15:59:8C:F6:B3:5C:B9:04:E5:45:A9:97:FD:8F:2C:DA
            X509v3 Authority Key Identifier:
                keyid:99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/ekTqaxVZjPazXLkE5UWpl_2PLNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.91.0/24
                IPv6:
                  2a06:98c0:1400::/47
                  2a06:98c0:3602::-2a06:98c0:3607:ffff:ffff:ffff:ffff:ffff
                  2a06:98c0:360e::/48
                  2a06:98c0:3612::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:3f:a6:1f:31:d8:dd:35:f4:60:ee:da:2b:79:8e:61:7a:ea:
         aa:c3:35:4a:0a:a6:e2:3a:90:25:eb:db:5a:65:f1:a1:2e:02:
         80:e2:10:fd:8d:34:35:9a:b2:4b:fa:dd:bf:02:41:95:2c:f3:
         bf:f3:a5:ea:38:e4:fd:89:54:c4:40:d0:b1:b1:90:35:ef:78:
         5a:76:05:eb:59:02:fd:91:66:18:4e:c6:85:79:5d:be:d6:cc:
         e5:b7:4e:4c:d4:6a:a0:40:64:e5:17:76:fd:1e:c8:b2:e5:11:
         4e:66:3f:a2:ac:bc:8d:5b:d6:50:fa:a6:b1:62:d5:93:0e:a1:
         9a:f5:5f:f1:5f:dd:ca:ed:4f:06:e1:b5:af:b9:db:76:e9:ea:
         0f:19:58:82:d8:ed:f9:95:25:9a:ab:1d:7c:99:52:c5:c7:c9:
         58:d7:c9:42:26:53:83:36:e6:73:35:bf:0c:e9:4f:04:2b:55:
         66:af:73:0a:16:5a:82:df:11:67:3b:0d:39:7d:56:7d:33:66:
         51:76:64:0e:a4:e1:72:46:83:58:56:9d:cf:96:d2:3c:2e:af:
         95:a3:bd:71:ac:00:e0:bc:5c:f5:26:f7:ef:99:5f:c1:6b:2e:
         e7:90:05:4c:e6:70:df:fd:f5:2d:99:df:1e:3a:83:74:49:b3:
         82:4f:c1:37
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYVxsOx2F/Gva+sH46X/luzSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZDViZmFkNDVkN2M2NWE2ZTM0MzAyODUwOWZkMTg5MmU5
N2I5ZDAwHhcNMjMwMTAyMDg1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTQ0ZWE2YjE1NTk4Y2Y2YjM1Y2I5MDRlNTQ1YTk5N2ZkOGYyY2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgihSespCLYQoN/xoBaMHTSml1BhP
0BLCDWVYmN50kiCnjiVwC1ra/MAIw9wG3RYNUoZ0X4JurAWL2VqbgnO4b4xTRrxE
vSDF+cWp2E6sojVQFFLnBj4c7hQYedweXfz8j7oUWyaNtu5h6B6RReu+mx2P/eiQ
GOxrqwp1NZZ2nqDm/spvvMyokGLFqrU4Jqa8Im5M2K35/b8+JQjF6WKUPF/imoIE
LMoRbhP0iejimBF8KavKbqNcKnh2jbxIHhfd3lsuomyNlXlayIJn4Kexek8oBRzt
1IvnfQb8r/zJ16Jg+jQKdr5p7cLsVPUaTpRAhVkOp64eKcCA/423+Oc5FQIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFHpE6msVWYz2s1y5BOVFqZf9jyzaMB8GA1UdIwQY
MBaAFJnVv61F18ZabjQwKFCf0Ykul7nQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQt
NzU1MTgwOWNiNzMxLzEvZWtUcWF4VlpqUGF6WExrRTVVV3BsXzJQTE5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQtNzU1MTgwOWNiNzMx
LzEvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAMBAIAATAGAwQAjWVbMDUE
AgACMC8DBwEqBpjAFAAwEgMHASoGmMA2AgMHAyoGmMA2AAMHACoGmMA2DgMHACoG
mMA2EjANBgkqhkiG9w0BAQsFAAOCAQEAWD+mHzHY3TX0YO7aK3mOYXrqqsM1Sgqm
4jqQJevbWmXxoS4CgOIQ/Y00NZqyS/rdvwJBlSzzv/Ol6jjk/YlUxEDQsbGQNe94
WnYF61kC/ZFmGE7GhXldvtbM5bdOTNRqoEBk5Rd2/R7IsuURTmY/oqy8jVvWUPqm
sWLVkw6hmvVf8V/dyu1PBuG1r7nbdunqDxlYgtjt+ZUlmqsdfJlSxcfJWNfJQiZT
gzbmczW/DOlPBCtVZq9zChZagt8RZzsNOX1WfTNmUXZkDqThckaDWFadz5bSPC6v
laO9cawA4Lxc9Sb375lfwWsu55AFTOZw3/31LZnfHjqDdEmzgk/BNw==
-----END CERTIFICATE-----