Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/_Jqxdz-CTP57NNRdquISkUGUXtc.roa
File:                     _Jqxdz-CTP57NNRdquISkUGUXtc.roa (raw, json)
Hash identifier:          7emsRh7ZrpN8g8c9N1RfJ+vxoWbVSDPM7ZUd4k2kGIk=
Subject key identifier:   FC:9A:B1:77:3F:82:4C:FE:7B:34:D4:5D:AA:E2:12:91:41:94:5E:D7
Certificate issuer:       /CN=3618be04417a6bcb9f33942a631518be533ffaf4
Certificate serial:       0187B85F8903D59817BED50B21C5BDE0677F
Authority key identifier: 36:18:BE:04:41:7A:6B:CB:9F:33:94:2A:63:15:18:BE:53:3F:FA:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/_Jqxdz-CTP57NNRdquISkUGUXtc.roa
Signing time:             Tue 25 Apr 2023 12:24:41 +0000
ROA not before:           Tue 25 Apr 2023 12:24:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42346
IP address blocks:        83.137.24.0/21 maxlen: 21
                          185.93.216.0/22 maxlen: 22
                          194.63.148.0/22 maxlen: 22
                          109.106.32.0/21 maxlen: 21
                          109.106.40.0/22 maxlen: 22
                          185.127.172.0/22 maxlen: 22
                          195.60.192.0/22 maxlen: 22
                          212.120.32.0/19 maxlen: 24
                          213.213.160.0/19 maxlen: 19
                          2a02:ab0::/29 maxlen: 29
                          2a00:5480::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b8:5f:89:03:d5:98:17:be:d5:0b:21:c5:bd:e0:67:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3618be04417a6bcb9f33942a631518be533ffaf4
        Validity
            Not Before: Apr 25 12:24:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fc9ab1773f824cfe7b34d45daae2129141945ed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b1:04:ce:25:b0:e4:15:1c:0d:dd:a6:fc:e1:
                    93:89:1c:46:3a:c5:98:fa:74:98:2d:92:c6:28:05:
                    68:01:a4:f8:36:47:4f:ab:30:a4:59:82:90:6c:60:
                    d5:49:fa:56:c7:b7:ae:58:16:4d:75:52:54:84:0a:
                    10:fc:63:e6:af:99:f0:72:01:6c:8e:21:c3:62:4e:
                    f7:89:d4:8e:f6:7c:b6:ce:2e:f3:e6:c3:a8:22:47:
                    80:9a:bb:e6:ff:70:84:4e:93:1e:13:8d:c2:0a:ef:
                    d8:d6:d4:cd:70:53:fe:7a:45:6b:3b:ca:64:5c:a9:
                    71:b5:a5:59:e5:75:b4:7a:76:b1:c8:92:14:10:6d:
                    d0:69:be:37:05:99:d8:4a:13:0e:4e:4b:00:16:ce:
                    09:70:4d:f1:94:2f:9e:21:14:e2:bf:fa:2e:82:27:
                    0e:f4:ee:50:06:8b:fa:25:0f:a2:bd:64:53:4e:a0:
                    93:18:10:15:95:b6:e9:e6:b7:f3:e9:ad:f8:fc:ff:
                    2c:71:37:17:e4:c0:b7:c1:12:2f:43:81:81:67:9d:
                    eb:f9:73:9a:46:99:d3:e2:d3:58:a6:c0:26:81:bb:
                    ce:74:79:11:a9:9c:de:5f:05:48:29:07:f2:0b:27:
                    89:6e:af:3b:66:a5:f1:f0:9f:33:4d:eb:0e:13:38:
                    8b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:9A:B1:77:3F:82:4C:FE:7B:34:D4:5D:AA:E2:12:91:41:94:5E:D7
            X509v3 Authority Key Identifier:
                keyid:36:18:BE:04:41:7A:6B:CB:9F:33:94:2A:63:15:18:BE:53:3F:FA:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/_Jqxdz-CTP57NNRdquISkUGUXtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/2061d9-649a-4136-8c93-2268e97a8bc1/1/Nhi-BEF6a8ufM5QqYxUYvlM_-vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.24.0/21
                  109.106.32.0-109.106.43.255
                  185.93.216.0/22
                  185.127.172.0/22
                  194.63.148.0/22
                  195.60.192.0/22
                  212.120.32.0/19
                  213.213.160.0/19
                IPv6:
                  2a00:5480::/29
                  2a02:ab0::/29

    Signature Algorithm: sha256WithRSAEncryption
         53:fc:70:62:d1:50:e6:7f:d9:df:5f:10:a9:95:4d:b6:90:77:
         bd:57:4a:c7:60:80:ba:47:93:d8:73:6b:55:4c:86:8b:27:5c:
         2b:cf:f3:8b:46:16:5c:e3:43:6c:2a:8b:11:a3:87:cc:ed:66:
         f7:4c:26:91:92:99:1f:7d:a8:f8:fc:58:42:c7:e9:b9:89:93:
         9c:d0:97:2a:8d:85:72:8e:ac:78:18:f3:96:fb:b5:9e:d6:34:
         27:aa:bc:80:d1:3d:92:b3:c4:1d:cc:f4:e5:52:64:a1:fa:0b:
         87:9a:17:05:03:c8:1c:ff:ba:4a:4f:98:58:97:05:c1:97:6a:
         b1:cd:ac:a9:ee:05:32:91:12:3e:dd:ae:68:44:7b:81:54:28:
         2c:f1:f5:87:7f:f8:27:5c:22:6e:9e:ab:02:81:9b:c8:59:84:
         a4:a1:ec:72:f4:c9:37:43:53:2d:39:c5:d9:1d:d3:ed:48:c8:
         12:12:cf:0d:4e:5e:1a:8f:50:55:a5:a9:70:58:50:57:af:60:
         83:14:02:61:28:95:07:72:4c:81:fc:92:c1:86:5e:21:91:66:
         13:8e:bf:54:63:39:6e:98:31:20:4b:eb:25:c5:39:1f:09:f1:
         3d:b6:ae:1d:01:66:c7:a3:3e:5a:92:41:94:0e:23:92:b0:23:
         1e:2e:cf:e4
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYe4X4kD1ZgXvtULIcW94Gd/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MThiZTA0NDE3YTZiY2I5ZjMzOTQyYTYzMTUxOGJlNTMz
ZmZhZjQwHhcNMjMwNDI1MTIyNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzlhYjE3NzNmODI0Y2ZlN2IzNGQ0NWRhYWUyMTI5MTQxOTQ1ZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7EEziWw5BUcDd2m/OGTiRxGOsWY
+nSYLZLGKAVoAaT4NkdPqzCkWYKQbGDVSfpWx7euWBZNdVJUhAoQ/GPmr5nwcgFs
jiHDYk73idSO9ny2zi7z5sOoIkeAmrvm/3CETpMeE43CCu/Y1tTNcFP+ekVrO8pk
XKlxtaVZ5XW0enaxyJIUEG3Qab43BZnYShMOTksAFs4JcE3xlC+eIRTiv/ougicO
9O5QBov6JQ+ivWRTTqCTGBAVlbbp5rfz6a34/P8scTcX5MC3wRIvQ4GBZ53r+XOa
RpnT4tNYpsAmgbvOdHkRqZzeXwVIKQfyCyeJbq87ZqXx8J8zTesOEziLTQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFPyasXc/gkz+ezTUXariEpFBlF7XMB8GA1UdIwQY
MBaAFDYYvgRBemvLnzOUKmMVGL5TP/r0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhpLUJFRjZhOHVmTTVRcVl4VVl2bE1fLXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8yMDYxZDktNjQ5YS00MTM2LThjOTMt
MjI2OGU5N2E4YmMxLzEvX0pxeGR6LUNUUDU3Tk5SZHF1SVNrVUdVWHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8yMDYxZDktNjQ5YS00MTM2LThjOTMtMjI2OGU5N2E4YmMx
LzEvTmhpLUJFRjZhOHVmTTVRcVl4VVl2bE1fLXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQDU4kYMAwD
BAVtaiADBAJtaigDBAK5XdgDBAK5f6wDBALCP5QDBALDPMADBAXUeCADBAXV1aAw
FAQCAAIwDgMFAyoAVIADBQMqAgqwMA0GCSqGSIb3DQEBCwUAA4IBAQBT/HBi0VDm
f9nfXxCplU22kHe9V0rHYIC6R5PYc2tVTIaLJ1wrz/OLRhZc40NsKosRo4fM7Wb3
TCaRkpkffaj4/FhCx+m5iZOc0JcqjYVyjqx4GPOW+7We1jQnqryA0T2Ss8QdzPTl
UmSh+guHmhcFA8gc/7pKT5hYlwXBl2qxzayp7gUykRI+3a5oRHuBVCgs8fWHf/gn
XCJunqsCgZvIWYSkoexy9Mk3Q1MtOcXZHdPtSMgSEs8NTl4aj1BVpalwWFBXr2CD
FAJhKJUHckyB/JLBhl4hkWYTjr9UYzlumDEgS+slxTkfCfE9tq4dAWbHoz5akkGU
DiOSsCMeLs/k
-----END CERTIFICATE-----