Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/d5tWbvIBoHRFI0FdnFdkU6-ss5A.roa
File:                     d5tWbvIBoHRFI0FdnFdkU6-ss5A.roa (raw, json)
Hash identifier:          PvdGbS3XVEt1HB65G0xUaGV4RsC4ztoqfxoD03HcM6o=
Subject key identifier:   77:9B:56:6E:F2:01:A0:74:45:23:41:5D:9C:57:64:53:AF:AC:B3:90
Certificate issuer:       /CN=ddead919b85a13051d0208b7e28ddccb398b14d6
Certificate serial:       0189E013744F77E18D4521070565313FE762
Authority key identifier: DD:EA:D9:19:B8:5A:13:05:1D:02:08:B7:E2:8D:DC:CB:39:8B:14:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/d5tWbvIBoHRFI0FdnFdkU6-ss5A.roa
Signing time:             Thu 10 Aug 2023 15:31:58 +0000
ROA not before:           Thu 10 Aug 2023 15:31:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42845
IP address blocks:        193.28.233.0/24 maxlen: 24
                          45.137.144.0/22 maxlen: 22
                          77.74.208.0/21 maxlen: 24
                          185.135.124.0/22 maxlen: 22
                          37.157.224.0/21 maxlen: 24
                          185.40.224.0/22 maxlen: 22
                          185.232.224.0/22 maxlen: 22
                          194.150.92.0/22 maxlen: 22
                          89.46.96.0/22 maxlen: 24
                          95.128.144.0/21 maxlen: 24
                          185.185.116.0/22 maxlen: 22
                          2a00:7200::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e0:13:74:4f:77:e1:8d:45:21:07:05:65:31:3f:e7:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddead919b85a13051d0208b7e28ddccb398b14d6
        Validity
            Not Before: Aug 10 15:31:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=779b566ef201a0744523415d9c576453afacb390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f7:2a:12:b9:98:ae:30:f8:f0:5b:17:da:b8:
                    3c:b1:ac:e7:af:15:d4:37:a4:39:1c:c4:35:6d:e1:
                    7c:21:6c:d6:29:cd:b6:3e:0a:20:98:08:fa:b0:34:
                    b9:d4:92:75:a9:97:5d:44:b8:0a:fa:33:13:54:aa:
                    38:0f:be:15:7a:49:8b:03:2f:36:2c:e7:5d:a3:e6:
                    1a:b6:7a:11:5f:6e:51:c9:b8:a4:a4:d2:13:2e:7d:
                    b1:ea:45:26:f3:2d:c6:2b:98:99:ce:88:95:a5:d0:
                    16:65:78:94:04:73:5b:58:3a:c3:41:48:bd:9a:b0:
                    85:f4:76:7f:4f:47:58:4a:f0:db:b3:5d:f3:ae:0c:
                    58:4c:0b:59:db:c5:4d:2a:4d:4c:44:60:57:7d:6c:
                    5d:07:43:c8:9a:06:6f:65:dc:b3:1c:e8:1d:f0:4f:
                    dd:a4:81:c4:94:cc:4d:46:54:d7:1d:71:ac:ab:46:
                    de:ec:b3:f9:a1:7f:dd:32:42:ac:77:26:28:fd:2c:
                    84:64:8e:9d:b0:a2:b5:f9:f5:c2:cb:13:2c:f4:4c:
                    62:d9:61:9a:7a:0f:15:0f:91:99:fe:37:36:8a:55:
                    d1:79:f0:a2:0f:2d:e1:a7:3b:e3:86:ba:99:06:28:
                    1a:c4:a3:6c:95:5d:0d:3d:e6:ba:b3:2d:32:f0:dd:
                    af:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:9B:56:6E:F2:01:A0:74:45:23:41:5D:9C:57:64:53:AF:AC:B3:90
            X509v3 Authority Key Identifier:
                keyid:DD:EA:D9:19:B8:5A:13:05:1D:02:08:B7:E2:8D:DC:CB:39:8B:14:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3erZGbhaEwUdAgi34o3cyzmLFNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/d5tWbvIBoHRFI0FdnFdkU6-ss5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8effe4-edbb-4dd4-85d4-48b8b5a9b411/1/3erZGbhaEwUdAgi34o3cyzmLFNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.224.0/21
                  45.137.144.0/22
                  77.74.208.0/21
                  89.46.96.0/22
                  95.128.144.0/21
                  185.40.224.0/22
                  185.135.124.0/22
                  185.185.116.0/22
                  185.232.224.0/22
                  193.28.233.0/24
                  194.150.92.0/22
                IPv6:
                  2a00:7200::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:d8:8b:44:b5:82:18:0d:9c:1a:b8:7f:d0:fa:8a:23:08:a4:
         f8:23:29:ca:89:ac:2a:95:7b:da:74:91:15:7c:ed:ad:c8:db:
         4b:a8:b9:cd:ec:47:82:ed:49:ab:83:03:12:e6:86:08:65:6b:
         a1:12:1c:51:80:c6:f6:26:35:b6:e2:3c:be:b2:77:9d:f8:46:
         35:21:91:22:7e:1b:7e:01:d1:54:b1:79:98:5b:e4:25:f4:8c:
         77:4f:df:e4:0e:69:c5:21:c7:f4:ad:91:7c:2f:73:48:72:0c:
         13:39:7f:ed:c3:f9:21:f9:88:a7:d7:a0:50:b9:7f:4f:2a:63:
         59:42:7f:c2:9c:b1:fb:73:e6:c5:cb:bd:bc:8d:86:8b:56:2f:
         5c:f2:3f:99:c4:a3:83:dc:5f:2f:63:8a:ac:c9:b2:0f:4f:0f:
         a9:57:e1:ab:b1:8b:03:54:83:24:c2:dd:62:f3:1a:f3:6c:59:
         60:ca:90:f9:ef:cb:cd:4f:eb:81:a7:ee:a5:4b:8b:1c:0a:d6:
         e7:73:b4:04:be:cf:18:b7:63:97:a8:03:80:ee:03:5d:2d:1c:
         c5:be:68:5c:53:ae:33:29:3d:ae:4c:ae:10:a5:97:61:17:21:
         32:79:8e:b1:b1:ca:00:7f:81:a9:e6:43:ec:43:89:e7:dc:cb:
         cb:63:29:ec
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYngE3RPd+GNRSEHBWUxP+diMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZWFkOTE5Yjg1YTEzMDUxZDAyMDhiN2UyOGRkY2NiMzk4
YjE0ZDYwHhcNMjMwODEwMTUzMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzliNTY2ZWYyMDFhMDc0NDUyMzQxNWQ5YzU3NjQ1M2FmYWNiMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfcqErmYrjD48FsX2rg8saznrxXU
N6Q5HMQ1beF8IWzWKc22PgogmAj6sDS51JJ1qZddRLgK+jMTVKo4D74VekmLAy82
LOddo+YatnoRX25RybikpNITLn2x6kUm8y3GK5iZzoiVpdAWZXiUBHNbWDrDQUi9
mrCF9HZ/T0dYSvDbs13zrgxYTAtZ28VNKk1MRGBXfWxdB0PImgZvZdyzHOgd8E/d
pIHElMxNRlTXHXGsq0be7LP5oX/dMkKsdyYo/SyEZI6dsKK1+fXCyxMs9Exi2WGa
eg8VD5GZ/jc2ilXRefCiDy3hpzvjhrqZBigaxKNslV0NPea6sy0y8N2vxQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFHebVm7yAaB0RSNBXZxXZFOvrLOQMB8GA1UdIwQY
MBaAFN3q2Rm4WhMFHQIIt+KN3Ms5ixTWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2VyWkdiaGFFd1VkQWdpMzRvM2N5em1MRk5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84ZWZmZTQtZWRiYi00ZGQ0LTg1ZDQt
NDhiOGI1YTliNDExLzEvZDV0V2J2SUJvSFJGSTBGZG5GZGtVNi1zczVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84ZWZmZTQtZWRiYi00ZGQ0LTg1ZDQtNDhiOGI1YTliNDEx
LzEvM2VyWkdiaGFFd1VkQWdpMzRvM2N5em1MRk5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDJZ3gAwQC
LYmQAwQDTUrQAwQCWS5gAwQDX4CQAwQCuSjgAwQCuYd8AwQCubl0AwQCuejgAwQA
wRzpAwQCwpZcMA0EAgACMAcDBQAqAHIAMA0GCSqGSIb3DQEBCwUAA4IBAQBh2ItE
tYIYDZwauH/Q+oojCKT4IynKiawqlXvadJEVfO2tyNtLqLnN7EeC7UmrgwMS5oYI
ZWuhEhxRgMb2JjW24jy+sned+EY1IZEifht+AdFUsXmYW+Ql9Ix3T9/kDmnFIcf0
rZF8L3NIcgwTOX/tw/kh+Yin16BQuX9PKmNZQn/CnLH7c+bFy728jYaLVi9c8j+Z
xKOD3F8vY4qsybIPTw+pV+GrsYsDVIMkwt1i8xrzbFlgypD578vNT+uBp+6lS4sc
Ctbnc7QEvs8Yt2OXqAOA7gNdLRzFvmhcU64zKT2uTK4QpZdhFyEyeY6xscoAf4Gp
5kPsQ4nn3MvLYyns
-----END CERTIFICATE-----