Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/tyrR6OULaflHJlrWfxWOf6Mf-KU.roa
File:                     tyrR6OULaflHJlrWfxWOf6Mf-KU.roa (raw, json)
Hash identifier:          q0Qx/PCalg2yisc4/SdA4D0uKTse1pvnABpNy5SX/fc=
Subject key identifier:   B7:2A:D1:E8:E5:0B:69:F9:47:26:5A:D6:7F:15:8E:7F:A3:1F:F8:A5
Certificate issuer:       /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial:       0187DD04A9658CE7BE2438DC933B10334C57
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/tyrR6OULaflHJlrWfxWOf6Mf-KU.roa
Signing time:             Tue 02 May 2023 15:11:22 +0000
ROA not before:           Tue 02 May 2023 15:11:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5398
IP address blocks:        31.44.32.0/20 maxlen: 20
                          193.221.216.0/23 maxlen: 23
                          31.44.46.0/23 maxlen: 23
                          46.21.16.0/23 maxlen: 23
                          46.21.22.0/24 maxlen: 24
                          46.21.18.0/23 maxlen: 23
                          46.21.21.0/24 maxlen: 24
                          46.21.29.0/24 maxlen: 24
                          46.21.31.0/24 maxlen: 24
                          193.222.104.0/23 maxlen: 23
                          185.155.176.0/22 maxlen: 22
                          185.155.184.0/23 maxlen: 23
                          77.220.64.0/19 maxlen: 19
                          2a00:bd00::/32 maxlen: 32
                          2a0f:e880::/29 maxlen: 29
                          2a02:210::/32 maxlen: 32

Validation:               Failed, certificate revoked on Sat 04 Nov 2023 17:14:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:dd:04:a9:65:8c:e7:be:24:38:dc:93:3b:10:33:4c:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
        Validity
            Not Before: May  2 15:11:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b72ad1e8e50b69f947265ad67f158e7fa31ff8a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:01:c1:86:6c:c2:ec:25:22:a9:be:cc:c3:c1:
                    97:6a:fd:69:fc:66:20:c9:12:6a:7e:fe:f4:3d:c7:
                    87:27:6d:40:4b:02:2e:86:2d:66:42:96:98:f4:47:
                    93:a6:f0:c8:e4:ea:79:ac:93:78:50:d2:2a:8f:3e:
                    69:82:99:ee:5e:7e:f6:8b:c4:0e:d7:67:22:e4:cf:
                    c1:13:6d:1d:10:4a:f4:ac:81:22:d3:18:ce:a5:fc:
                    be:8c:1c:ca:73:eb:8c:36:e2:ba:52:fb:e9:bb:fd:
                    d2:b2:52:23:69:e6:ab:ff:dc:37:f5:a7:14:f0:38:
                    9e:ed:3b:85:74:29:b5:58:9d:2f:d0:48:e3:99:e2:
                    a0:06:d9:2b:d0:dc:96:25:68:6a:bc:a9:3a:e8:3b:
                    65:f4:6b:80:93:64:94:52:f6:3e:d0:f0:8e:7e:36:
                    59:39:b8:e7:82:bb:67:b7:7f:53:24:ee:d5:9b:ba:
                    af:61:81:35:45:25:cb:9c:b1:3e:4f:04:5d:94:4d:
                    06:78:ec:e3:b3:ee:dc:a4:2c:31:01:51:67:29:2f:
                    b0:7a:4d:75:07:d3:93:63:a4:d5:32:ff:3b:f0:40:
                    62:52:fc:b1:43:75:91:8f:d6:65:78:91:93:60:b9:
                    c0:87:61:c8:de:70:67:2d:96:78:7d:b1:3b:7d:67:
                    9f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:2A:D1:E8:E5:0B:69:F9:47:26:5A:D6:7F:15:8E:7F:A3:1F:F8:A5
            X509v3 Authority Key Identifier:
                keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/tyrR6OULaflHJlrWfxWOf6Mf-KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.32.0/20
                  46.21.16.0/22
                  46.21.21.0-46.21.22.255
                  46.21.29.0/24
                  46.21.31.0/24
                  77.220.64.0/19
                  185.155.176.0/22
                  185.155.184.0/23
                  193.221.216.0/23
                  193.222.104.0/23
                IPv6:
                  2a00:bd00::/32
                  2a02:210::/32
                  2a0f:e880::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:b1:34:7d:da:53:11:1f:f6:31:c3:62:5f:a6:71:db:c3:9f:
         f7:46:60:de:47:ad:41:64:ed:d7:d1:23:b1:84:6f:2c:0e:01:
         5d:bf:55:cd:7f:75:99:ff:d3:36:f7:55:95:84:67:c4:64:56:
         85:01:50:7e:b0:97:31:e0:39:45:95:9e:f4:1f:da:8c:39:b4:
         b1:89:17:f4:53:dd:cc:38:41:71:b8:54:67:42:a8:a3:04:35:
         61:ad:56:e7:4c:3b:00:6d:46:26:39:13:fc:6b:a5:58:19:f9:
         0f:58:ab:44:ac:6f:0e:4c:ce:ca:6c:e8:1d:eb:d6:ab:9c:63:
         64:13:7f:10:d4:74:69:a7:37:8c:c5:b4:bc:78:e3:6f:14:ad:
         e6:35:a2:3b:fa:f7:36:a9:fd:e2:36:0c:41:0d:a6:c1:10:c2:
         fa:5d:cf:9c:ea:0f:fc:d6:c1:34:df:79:3c:94:99:dd:09:09:
         5c:70:69:b7:25:f4:14:88:cc:d9:d5:6f:de:98:8a:eb:79:ec:
         f0:22:a8:bf:83:5e:5e:62:71:82:98:70:d8:d1:ca:6b:3c:e2:
         cb:3b:b8:22:31:be:cd:43:96:ea:fa:a5:3f:86:be:cf:46:73:
         74:7a:3c:6c:97:46:82:e5:61:0a:f0:3c:aa:44:b2:8a:cd:b8:
         53:73:9c:d1
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAYfdBKlljOe+JDjckzsQM0xXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMwNTAyMTUxMTIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzJhZDFlOGU1MGI2OWY5NDcyNjVhZDY3ZjE1OGU3ZmEzMWZmOGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgHBhmzC7CUiqb7Mw8GXav1p/GYg
yRJqfv70PceHJ21ASwIuhi1mQpaY9EeTpvDI5Op5rJN4UNIqjz5pgpnuXn72i8QO
12ci5M/BE20dEEr0rIEi0xjOpfy+jBzKc+uMNuK6Uvvpu/3SslIjaear/9w39acU
8Die7TuFdCm1WJ0v0EjjmeKgBtkr0NyWJWhqvKk66Dtl9GuAk2SUUvY+0PCOfjZZ
Objngrtnt39TJO7Vm7qvYYE1RSXLnLE+TwRdlE0GeOzjs+7cpCwxAVFnKS+wek11
B9OTY6TVMv878EBiUvyxQ3WRj9ZleJGTYLnAh2HI3nBnLZZ4fbE7fWefwwIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFLcq0ejlC2n5RyZa1n8Vjn+jH/ilMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvdHlyUjZPVUxhZmxISmxyV2Z4V09mNk1mLUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBKBAIAATBEAwQEHywgAwQC
LhUQMAwDBAAuFRUDBAAuFRYDBAAuFR0DBAAuFR8DBAVN3EADBAK5m7ADBAG5m7gD
BAHB3dgDBAHB3mgwGwQCAAIwFQMFACoAvQADBQAqAgIQAwUDKg/ogDANBgkqhkiG
9w0BAQsFAAOCAQEAK7E0fdpTER/2McNiX6Zx28Of90Zg3ketQWTt19EjsYRvLA4B
Xb9VzX91mf/TNvdVlYRnxGRWhQFQfrCXMeA5RZWe9B/ajDm0sYkX9FPdzDhBcbhU
Z0KoowQ1Ya1W50w7AG1GJjkT/GulWBn5D1irRKxvDkzOymzoHevWq5xjZBN/ENR0
aac3jMW0vHjjbxSt5jWiO/r3Nqn94jYMQQ2mwRDC+l3PnOoP/NbBNN95PJSZ3QkJ
XHBptyX0FIjM2dVv3piK63ns8CKov4NeXmJxgphw2NHKazziyzu4IjG+zUOW6vql
P4a+z0ZzdHo8bJdGguVhCvA8qkSyis24U3Oc0Q==
-----END CERTIFICATE-----