Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/DLNHoCekLkPj2gPFi3x7mjIo5Xg.roa
File:                     DLNHoCekLkPj2gPFi3x7mjIo5Xg.roa (raw, json)
Hash identifier:          Q3A7TwhW45RQs9ZMsq+Nvlc7OupRr06l39GDo0927KQ=
Subject key identifier:   0C:B3:47:A0:27:A4:2E:43:E3:DA:03:C5:8B:7C:7B:9A:32:28:E5:78
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018571C3288A7535CFE01053D1B0BBC69149
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/DLNHoCekLkPj2gPFi3x7mjIo5Xg.roa
Signing time:             Mon 02 Jan 2023 09:14:53 +0000
ROA not before:           Mon 02 Jan 2023 09:14:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210464
IP address blocks:        185.197.133.0/24 maxlen: 32
                          2a06:e881:8707::/48 maxlen: 128
                          2a06:e881:870c::/48 maxlen: 128
                          2a06:e881:870d::/48 maxlen: 128
                          2a06:e881:8702::/48 maxlen: 128
                          2a06:e881:8703::/48 maxlen: 128
                          2a06:e881:8708::/48 maxlen: 128
                          2a06:e881:8709::/48 maxlen: 128
                          2a06:e881:870e::/48 maxlen: 128
                          2a06:e881:870f::/48 maxlen: 128
                          2a06:e881:8704::/48 maxlen: 128
                          2a06:e881:8705::/48 maxlen: 128
                          2a06:e881:870a::/48 maxlen: 128
                          2a06:e881:870b::/48 maxlen: 128
                          2a06:e881:8700::/48 maxlen: 128
                          2a06:e881:8701::/48 maxlen: 128
                          2a06:e881:8706::/48 maxlen: 128

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:c3:28:8a:75:35:cf:e0:10:53:d1:b0:bb:c6:91:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 09:14:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0cb347a027a42e43e3da03c58b7c7b9a3228e578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7e:77:47:1c:45:57:7d:88:d6:4d:29:3d:58:
                    09:39:61:7b:d2:d5:07:89:99:98:60:1b:f7:87:61:
                    4c:cb:ed:3b:01:87:3c:73:91:bd:01:df:7a:5d:7a:
                    85:74:63:f1:64:0c:ec:39:cc:e4:81:9e:c3:f9:cd:
                    76:48:b7:2a:c5:94:27:ab:71:44:45:d5:4c:57:f2:
                    58:81:60:d0:3c:aa:00:ea:ff:4b:4a:5e:71:aa:4a:
                    0e:ac:dd:3b:69:04:0f:c3:79:82:be:08:30:20:ca:
                    f3:f5:55:81:a7:a3:3d:6c:94:a3:fb:63:3f:1f:c3:
                    72:9d:03:12:3a:8d:22:c2:88:55:57:c4:44:54:be:
                    d6:fc:24:4f:1f:37:04:ab:bc:52:01:b7:6b:b3:7e:
                    53:14:1e:8e:3f:a0:9d:29:ca:60:74:f2:66:08:c2:
                    12:45:81:5e:ec:72:c3:cd:19:55:a6:32:4f:e8:49:
                    72:24:84:7d:8f:e2:da:ec:ba:e2:8c:b7:b3:f5:c6:
                    d3:70:94:c2:74:31:b8:6f:c9:fa:9a:c8:34:85:64:
                    f2:a5:b1:41:85:81:68:11:a5:77:a1:02:03:be:01:
                    f4:e2:b7:fc:17:33:42:f0:b3:7f:6c:7a:46:d4:51:
                    1d:33:c2:fc:40:ee:44:6c:87:db:1c:36:02:38:15:
                    81:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:B3:47:A0:27:A4:2E:43:E3:DA:03:C5:8B:7C:7B:9A:32:28:E5:78
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/DLNHoCekLkPj2gPFi3x7mjIo5Xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.133.0/24
                IPv6:
                  2a06:e881:8700::/44

    Signature Algorithm: sha256WithRSAEncryption
         d0:2a:96:38:8a:24:5e:84:dd:73:b8:b4:a3:f8:b2:a7:50:71:
         da:6b:08:a1:a4:f3:ac:12:45:06:45:35:ac:8d:01:a2:d5:58:
         ea:43:23:5f:1d:a8:e7:54:67:12:3b:d0:d8:e0:6a:5c:35:a8:
         cc:40:f2:f5:d8:10:02:bd:14:62:10:0f:a5:1f:9f:c8:25:9f:
         71:03:4c:05:00:f3:6c:66:c0:80:7c:f9:f6:bb:24:37:0a:2d:
         09:1e:6e:8c:d2:fc:9b:9f:ee:c4:b5:6c:74:45:a3:5a:0f:9d:
         7a:49:a4:0a:8b:dd:df:58:29:59:64:15:75:ed:9b:b9:e6:6f:
         f4:ab:73:ae:ee:1a:33:06:1d:a2:4f:f5:a7:d6:ee:00:7b:4d:
         a4:7c:53:fe:b4:c7:b7:cd:ac:3d:5d:89:97:56:7f:b6:37:bb:
         b1:5b:7c:3e:37:b1:c7:bb:e3:b2:ba:78:1e:a1:43:8c:50:09:
         62:81:2d:73:f7:98:3c:eb:82:b4:25:09:c6:54:f8:e6:97:36:
         cf:74:13:0b:dc:81:71:da:87:ed:6e:f7:90:2b:40:76:85:ce:
         f1:a5:35:c3:2c:4c:da:70:7e:62:79:97:8b:d3:7c:71:77:22:
         a9:f8:8d:b5:a4:7f:4c:95:45:61:88:04:bd:b7:30:94:34:9b:
         f8:98:96:9c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVxwyiKdTXP4BBT0bC7xpFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjMwMTAyMDkxNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2IzNDdhMDI3YTQyZTQzZTNkYTAzYzU4YjdjN2I5YTMyMjhlNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj353RxxFV32I1k0pPVgJOWF70tUH
iZmYYBv3h2FMy+07AYc8c5G9Ad96XXqFdGPxZAzsOczkgZ7D+c12SLcqxZQnq3FE
RdVMV/JYgWDQPKoA6v9LSl5xqkoOrN07aQQPw3mCvggwIMrz9VWBp6M9bJSj+2M/
H8NynQMSOo0iwohVV8REVL7W/CRPHzcEq7xSAbdrs35TFB6OP6CdKcpgdPJmCMIS
RYFe7HLDzRlVpjJP6ElyJIR9j+La7LrijLez9cbTcJTCdDG4b8n6msg0hWTypbFB
hYFoEaV3oQIDvgH04rf8FzNC8LN/bHpG1FEdM8L8QO5EbIfbHDYCOBWBRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAyzR6AnpC5D49oDxYt8e5oyKOV4MB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvRExOSG9DZWtMa1BqMmdQRmkzeDdtaklvNVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAucWFMA8E
AgACMAkDBwQqBuiBhwAwDQYJKoZIhvcNAQELBQADggEBANAqljiKJF6E3XO4tKP4
sqdQcdprCKGk86wSRQZFNayNAaLVWOpDI18dqOdUZxI70Njgalw1qMxA8vXYEAK9
FGIQD6Ufn8gln3EDTAUA82xmwIB8+fa7JDcKLQkebozS/Juf7sS1bHRFo1oPnXpJ
pAqL3d9YKVlkFXXtm7nmb/Src67uGjMGHaJP9afW7gB7TaR8U/60x7fNrD1diZdW
f7Y3u7FbfD43sce747K6eB6hQ4xQCWKBLXP3mDzrgrQlCcZU+OaXNs90EwvcgXHa
h+1u95ArQHaFzvGlNcMsTNpwfmJ5l4vTfHF3Iqn4jbWkf0yVRWGIBL23MJQ0m/iY
lpw=
-----END CERTIFICATE-----