Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/XoKOsJGWiy_UwWv2MaXzpA0oq74.roa
File:                     XoKOsJGWiy_UwWv2MaXzpA0oq74.roa (raw, json)
Hash identifier:          +1mw3rbeOTvMxX+2+HYQi1O6xBVqeH9oPo11x9OG/wY=
Subject key identifier:   5E:82:8E:B0:91:96:8B:2F:D4:C1:6B:F6:31:A5:F3:A4:0D:28:AB:BE
Certificate issuer:       /CN=2c571d688aa503a2e566bbc876df0ba455c577ed
Certificate serial:       018572B4364C882B006C57BC41A49B29D0CE
Authority key identifier: 2C:57:1D:68:8A:A5:03:A2:E5:66:BB:C8:76:DF:0B:A4:55:C5:77:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LFcdaIqlA6LlZrvIdt8LpFXFd-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/XoKOsJGWiy_UwWv2MaXzpA0oq74.roa
Signing time:             Mon 02 Jan 2023 13:38:11 +0000
ROA not before:           Mon 02 Jan 2023 13:38:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15796
IP address blocks:        213.55.206.0/24 maxlen: 24
                          213.55.147.0/24 maxlen: 24
                          213.55.192.0/24 maxlen: 24
                          213.55.193.0/24 maxlen: 24
                          213.55.194.0/24 maxlen: 24
                          213.55.195.0/24 maxlen: 24
                          213.55.128.0/17 maxlen: 24
                          213.55.131.0/24 maxlen: 24
                          213.55.132.0/24 maxlen: 24
                          51.154.0.0/16 maxlen: 16
                          213.55.128.0/24 maxlen: 24
                          213.55.141.0/24 maxlen: 24
                          2a04:ee42:53::/64 maxlen: 64
                          2a04:ee40::/29 maxlen: 29
                          2a04:ee42:2::/64 maxlen: 64
                          2a04:ee42:1::/64 maxlen: 64

Validation:               Failed, certificate revoked on Fri 31 Mar 2023 13:17:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:b4:36:4c:88:2b:00:6c:57:bc:41:a4:9b:29:d0:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c571d688aa503a2e566bbc876df0ba455c577ed
        Validity
            Not Before: Jan  2 13:38:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e828eb091968b2fd4c16bf631a5f3a40d28abbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:34:b3:88:49:e4:77:3d:37:eb:59:48:1b:82:
                    c8:2f:6a:dc:1f:b6:69:d2:7b:09:f6:b7:d7:2e:0e:
                    4e:b1:6c:29:2f:0c:94:8f:1f:99:ab:5d:07:3c:6f:
                    cc:eb:c6:01:3b:48:5e:a4:d8:4d:fd:b0:0c:d9:62:
                    eb:6c:60:8d:5a:5e:c0:57:85:ea:9a:37:7c:70:d5:
                    c1:b2:ba:82:27:54:56:4d:ac:82:23:04:9b:c4:1d:
                    40:eb:31:fc:df:0d:7e:d7:00:2c:79:57:76:12:1b:
                    46:bb:bf:dd:f2:9a:1e:0f:50:47:c2:6c:fd:de:81:
                    79:d2:eb:fd:3a:a1:2b:2c:e8:9a:1b:c4:02:94:f0:
                    5c:0b:97:00:13:ba:3e:f6:c8:f4:5b:f0:d3:43:c6:
                    f3:8f:a8:19:ef:37:5e:94:8f:34:a4:14:01:54:53:
                    68:c5:f8:52:9e:73:8b:cd:49:24:12:0f:e4:8a:8f:
                    32:9b:13:00:b4:28:ba:1f:b5:b1:91:e3:d5:e8:ae:
                    8a:32:c5:25:5f:14:2f:50:2d:0d:18:38:53:cf:ab:
                    72:ef:7e:dd:17:d0:b8:9c:85:d3:a5:04:3a:ac:f8:
                    8a:c5:db:d1:36:3b:4d:f9:81:43:80:10:4f:ca:92:
                    b2:b2:35:63:2b:5c:af:38:ca:c1:83:7f:1c:28:c4:
                    65:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:82:8E:B0:91:96:8B:2F:D4:C1:6B:F6:31:A5:F3:A4:0D:28:AB:BE
            X509v3 Authority Key Identifier:
                keyid:2C:57:1D:68:8A:A5:03:A2:E5:66:BB:C8:76:DF:0B:A4:55:C5:77:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LFcdaIqlA6LlZrvIdt8LpFXFd-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/XoKOsJGWiy_UwWv2MaXzpA0oq74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/63eb42-a0e1-4f1c-bcc9-87524014dbfb/1/LFcdaIqlA6LlZrvIdt8LpFXFd-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.154.0.0/16
                  213.55.128.0/17
                IPv6:
                  2a04:ee40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:e5:50:d9:b3:f3:2b:df:09:b1:cd:14:db:56:22:e7:9c:df:
         8d:a9:73:d5:41:e6:36:7b:4a:2c:8c:88:7c:7f:9f:b5:d7:ad:
         74:9f:af:a4:7e:a8:b2:a8:0b:08:de:7d:69:4b:3d:a8:73:99:
         1b:ae:88:48:33:ea:07:94:0d:5e:74:02:b8:e4:ff:1c:f8:45:
         67:23:6b:97:7c:f2:fd:7d:1f:40:14:63:ee:35:fb:ca:f3:42:
         b5:30:22:70:6e:25:71:be:50:c6:0d:39:3e:1f:0e:ef:fe:e9:
         10:0f:f3:5a:d5:dc:0d:fc:cd:f7:30:08:b3:f4:05:f3:60:82:
         98:ce:38:5d:a9:8b:9f:4c:06:66:6d:3e:3c:c8:31:0e:8b:6f:
         4d:86:44:39:ca:c1:37:61:a5:fb:f5:4d:63:24:27:c9:53:d9:
         ba:15:f6:78:12:05:59:e4:44:f1:1f:fc:63:1b:4a:d6:45:8d:
         4a:d1:d3:28:c9:52:6c:7b:c3:12:8f:f9:ef:e3:1b:ec:33:15:
         e8:3b:51:ab:5a:91:c7:60:1f:18:ee:98:8a:ae:c0:c7:82:5c:
         8f:2a:19:03:d1:62:1f:d2:7e:ab:aa:10:13:9d:c4:4d:0c:b8:
         86:9f:62:4c:28:9e:34:4e:11:28:b1:9b:04:59:d9:21:64:a9:
         7a:30:be:99
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVytDZMiCsAbFe8QaSbKdDOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNTcxZDY4OGFhNTAzYTJlNTY2YmJjODc2ZGYwYmE0NTVj
NTc3ZWQwHhcNMjMwMTAyMTMzODExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTgyOGViMDkxOTY4YjJmZDRjMTZiZjYzMWE1ZjNhNDBkMjhhYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujSziEnkdz0361lIG4LIL2rcH7Zp
0nsJ9rfXLg5OsWwpLwyUjx+Zq10HPG/M68YBO0hepNhN/bAM2WLrbGCNWl7AV4Xq
mjd8cNXBsrqCJ1RWTayCIwSbxB1A6zH83w1+1wAseVd2EhtGu7/d8poeD1BHwmz9
3oF50uv9OqErLOiaG8QClPBcC5cAE7o+9sj0W/DTQ8bzj6gZ7zdelI80pBQBVFNo
xfhSnnOLzUkkEg/kio8ymxMAtCi6H7WxkePV6K6KMsUlXxQvUC0NGDhTz6ty737d
F9C4nIXTpQQ6rPiKxdvRNjtN+YFDgBBPypKysjVjK1yvOMrBg38cKMRljQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFF6CjrCRlosv1MFr9jGl86QNKKu+MB8GA1UdIwQY
MBaAFCxXHWiKpQOi5Wa7yHbfC6RVxXftMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEZjZGFJcWxBNkxsWnJ2SWR0OExwRlhGZC0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82M2ViNDItYTBlMS00ZjFjLWJjYzkt
ODc1MjQwMTRkYmZiLzEvWG9LT3NKR1dpeV9Vd1d2Mk1hWHpwQTBvcTc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82M2ViNDItYTBlMS00ZjFjLWJjYzktODc1MjQwMTRkYmZi
LzEvTEZjZGFJcWxBNkxsWnJ2SWR0OExwRlhGZC0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAM5oDBAfV
N4AwDQQCAAIwBwMFAyoE7kAwDQYJKoZIhvcNAQELBQADggEBAKDlUNmz8yvfCbHN
FNtWIuec342pc9VB5jZ7SiyMiHx/n7XXrXSfr6R+qLKoCwjefWlLPahzmRuuiEgz
6geUDV50Arjk/xz4RWcja5d88v19H0AUY+41+8rzQrUwInBuJXG+UMYNOT4fDu/+
6RAP81rV3A38zfcwCLP0BfNggpjOOF2pi59MBmZtPjzIMQ6Lb02GRDnKwTdhpfv1
TWMkJ8lT2boV9ngSBVnkRPEf/GMbStZFjUrR0yjJUmx7wxKP+e/jG+wzFeg7Uata
kcdgHxjumIquwMeCXI8qGQPRYh/SfquqEBOdxE0MuIafYkwonjROESixmwRZ2SFk
qXowvpk=
-----END CERTIFICATE-----