Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/BnTH7vIpZdI8PhXqgbocYa3n6A8.roa
File:                     BnTH7vIpZdI8PhXqgbocYa3n6A8.roa (raw, json)
Hash identifier:          /aEyH+YsRkad2+8/FhzyfJ/f4nH1dNfyfe2Ghs1J7Og=
Subject key identifier:   06:74:C7:EE:F2:29:65:D2:3C:3E:15:EA:81:BA:1C:61:AD:E7:E8:0F
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018921D712B6E5E724635E3470CC0D8D07A9
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/BnTH7vIpZdI8PhXqgbocYa3n6A8.roa
Signing time:             Tue 04 Jul 2023 16:58:10 +0000
ROA not before:           Tue 04 Jul 2023 16:58:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201106
IP address blocks:        194.124.218.0/23 maxlen: 32
                          194.124.224.0/23 maxlen: 32
                          45.142.156.0/24 maxlen: 32
                          45.142.157.0/24 maxlen: 32
                          45.142.158.0/23 maxlen: 32
                          194.147.98.0/23 maxlen: 32
                          194.147.100.0/23 maxlen: 32
                          45.150.226.0/23 maxlen: 32
                          193.218.200.0/23 maxlen: 32
                          45.154.212.0/22 maxlen: 32
                          45.150.164.0/22 maxlen: 32
                          193.221.94.0/23 maxlen: 32
                          45.151.132.0/22 maxlen: 32
                          45.145.74.0/23 maxlen: 32
                          45.145.72.0/23 maxlen: 32
                          2a0e:da40:4000::/34 maxlen: 128

Validation:               Failed, certificate revoked on Sun 24 Sep 2023 02:31:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:21:d7:12:b6:e5:e7:24:63:5e:34:70:cc:0d:8d:07:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jul  4 16:58:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0674c7eef22965d23c3e15ea81ba1c61ade7e80f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b4:f4:35:4f:94:f7:bb:0a:0f:61:89:f9:0d:
                    42:2f:91:b1:80:7a:14:a2:f3:c9:d4:9b:d4:0f:b8:
                    cd:10:2d:f5:db:87:1c:3a:bd:1e:47:18:e8:28:a6:
                    7d:27:e4:de:be:0e:70:a5:3b:ea:a4:59:6f:d2:61:
                    e2:85:af:3f:32:a4:6e:6e:99:05:01:3b:00:5a:d6:
                    9b:72:18:35:a8:8b:77:af:28:d7:70:62:c9:31:13:
                    32:4a:ff:7c:91:dc:78:80:22:0b:fb:c1:bb:92:82:
                    10:1a:d6:b7:c1:15:c8:d4:d3:e4:c1:78:9f:96:5f:
                    d5:c2:f6:4f:03:fe:63:b0:b7:83:94:b0:cb:a2:4a:
                    ee:7e:78:77:e3:0a:96:16:e7:fe:ef:10:38:f9:80:
                    9e:73:88:17:81:7d:45:24:f1:61:f7:55:56:60:78:
                    cd:dc:a6:a3:c9:6d:49:3f:f1:25:90:49:1d:c0:06:
                    f4:81:06:98:b3:1c:2c:e8:55:cf:91:ad:74:47:9e:
                    b7:bc:92:46:6c:54:fa:60:4e:30:30:cd:09:d7:36:
                    f3:1f:10:62:49:1c:e1:f7:d3:f7:93:3f:35:ac:73:
                    8f:98:73:b6:c1:d3:fb:68:78:b8:80:dc:87:e5:f1:
                    a1:b1:df:33:2b:1d:f7:1f:b7:6e:3e:87:3f:6f:03:
                    53:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:74:C7:EE:F2:29:65:D2:3C:3E:15:EA:81:BA:1C:61:AD:E7:E8:0F
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/BnTH7vIpZdI8PhXqgbocYa3n6A8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.156.0/22
                  45.145.72.0/22
                  45.150.164.0/22
                  45.150.226.0/23
                  45.151.132.0/22
                  45.154.212.0/22
                  193.218.200.0/23
                  193.221.94.0/23
                  194.124.218.0/23
                  194.124.224.0/23
                  194.147.98.0-194.147.101.255
                IPv6:
                  2a0e:da40:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         da:ec:f6:73:45:1d:1e:2f:c4:e6:60:b1:37:6e:ca:c6:2a:76:
         32:c6:a5:92:16:e1:ca:d1:15:5d:03:52:d3:b8:b8:de:18:7b:
         85:1f:f8:59:64:b6:22:77:2b:28:1a:fa:22:0b:4a:24:22:32:
         a6:28:f9:3d:d7:b8:9c:07:76:ad:9a:6e:72:2c:70:4f:7c:93:
         5e:26:4c:a6:41:9c:80:42:00:85:7a:3b:a0:d0:41:46:d7:10:
         79:f7:06:eb:7b:31:ad:54:24:ff:e7:df:ee:ed:55:ad:3f:0e:
         98:a3:b1:97:0c:0a:b1:e1:14:59:4a:b3:35:51:b1:06:59:71:
         f2:48:a0:e9:cd:b9:14:87:22:99:37:b0:1d:d7:33:c8:e8:90:
         8f:a6:4c:97:66:01:48:7a:67:77:58:48:4e:a2:69:4e:ad:e1:
         cf:8d:f6:f5:db:b4:53:5a:df:fb:3d:d2:62:d6:11:ba:79:73:
         b1:14:28:f5:24:fb:f0:be:a1:2c:df:61:6d:84:02:6f:a1:97:
         44:d8:6e:13:f4:ff:b5:0b:b8:cf:24:23:58:6e:58:c5:58:a7:
         70:64:ca:1c:50:3f:06:9b:24:65:05:b6:05:42:8b:fb:8b:f4:
         79:fb:7a:d0:6c:19:df:2d:7b:30:ea:3e:af:d2:f4:78:6f:1e:
         bb:00:25:0d
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYkh1xK25eckY140cMwNjQepMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjMwNzA0MTY1ODEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjc0YzdlZWYyMjk2NWQyM2MzZTE1ZWE4MWJhMWM2MWFkZTdlODBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrT0NU+U97sKD2GJ+Q1CL5GxgHoU
ovPJ1JvUD7jNEC3124ccOr0eRxjoKKZ9J+Tevg5wpTvqpFlv0mHiha8/MqRubpkF
ATsAWtabchg1qIt3ryjXcGLJMRMySv98kdx4gCIL+8G7koIQGta3wRXI1NPkwXif
ll/VwvZPA/5jsLeDlLDLokrufnh34wqWFuf+7xA4+YCec4gXgX1FJPFh91VWYHjN
3KajyW1JP/ElkEkdwAb0gQaYsxws6FXPka10R563vJJGbFT6YE4wMM0J1zbzHxBi
SRzh99P3kz81rHOPmHO2wdP7aHi4gNyH5fGhsd8zKx33H7duPoc/bwNT2wIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFAZ0x+7yKWXSPD4V6oG6HGGt5+gPMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvQm5USDd2SXBaZEk4UGhYcWdib2NZYTNuNkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBQBAIAATBKAwQCLY6cAwQC
LZFIAwQCLZakAwQBLZbiAwQCLZeEAwQCLZrUAwQBwdrIAwQBwd1eAwQBwnzaAwQB
wnzgMAwDBAHCk2IDBAHCk2QwDgQCAAIwCAMGBioO2kBAMA0GCSqGSIb3DQEBCwUA
A4IBAQDa7PZzRR0eL8TmYLE3bsrGKnYyxqWSFuHK0RVdA1LTuLjeGHuFH/hZZLYi
dysoGvoiC0okIjKmKPk917icB3atmm5yLHBPfJNeJkymQZyAQgCFejug0EFG1xB5
9wbrezGtVCT/59/u7VWtPw6Yo7GXDAqx4RRZSrM1UbEGWXHySKDpzbkUhyKZN7Ad
1zPI6JCPpkyXZgFIemd3WEhOomlOreHPjfb127RTWt/7PdJi1hG6eXOxFCj1JPvw
vqEs32FthAJvoZdE2G4T9P+1C7jPJCNYbljFWKdwZMocUD8GmyRlBbYFQov7i/R5
+3rQbBnfLXsw6j6v0vR4bx67ACUN
-----END CERTIFICATE-----