Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/68a7ea-d50a-4a30-9513-e909a77cda98/1/II7o7CfAb2cEn8TpX-7dR8neifs.roa
File:                     II7o7CfAb2cEn8TpX-7dR8neifs.roa (raw, json)
Hash identifier:          fMF7YCKE6C60FKugaHeERHysRKu/eOk4zVp2YEeiQPU=
Subject key identifier:   20:8E:E8:EC:27:C0:6F:67:04:9F:C4:E9:5F:EE:DD:47:C9:DE:89:FB
Certificate issuer:       /CN=c43c222fad2c27ca612c98c273d4f16506e1b2e5
Certificate serial:       01856F7968E9D3F3C80336D569774F9115EA
Authority key identifier: C4:3C:22:2F:AD:2C:27:CA:61:2C:98:C2:73:D4:F1:65:06:E1:B2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xDwiL60sJ8phLJjCc9TxZQbhsuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/68a7ea-d50a-4a30-9513-e909a77cda98/1/II7o7CfAb2cEn8TpX-7dR8neifs.roa
Signing time:             Sun 01 Jan 2023 22:35:05 +0000
ROA not before:           Sun 01 Jan 2023 22:35:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49718
IP address blocks:        176.100.112.0/22 maxlen: 22
                          176.100.108.0/22 maxlen: 22
                          176.100.116.0/22 maxlen: 22
                          176.100.124.0/22 maxlen: 22
                          176.100.120.0/22 maxlen: 22
                          213.108.168.0/21 maxlen: 21
                          213.108.169.0/24 maxlen: 24
                          213.108.168.0/24 maxlen: 24
                          213.108.171.0/24 maxlen: 24
                          213.108.170.0/24 maxlen: 24
                          176.100.64.0/22 maxlen: 22
                          213.108.172.0/24 maxlen: 24
                          213.108.175.0/24 maxlen: 24
                          176.100.64.0/18 maxlen: 18
                          176.100.68.0/22 maxlen: 22
                          213.108.174.0/24 maxlen: 24
                          213.108.173.0/24 maxlen: 24
                          176.100.72.0/22 maxlen: 22
                          176.100.76.0/22 maxlen: 22
                          176.100.84.0/22 maxlen: 22
                          176.100.80.0/22 maxlen: 22
                          176.100.88.0/22 maxlen: 22
                          176.100.96.0/22 maxlen: 22
                          176.100.92.0/22 maxlen: 22
                          176.100.100.0/22 maxlen: 22
                          176.100.104.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:79:68:e9:d3:f3:c8:03:36:d5:69:77:4f:91:15:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c43c222fad2c27ca612c98c273d4f16506e1b2e5
        Validity
            Not Before: Jan  1 22:35:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=208ee8ec27c06f67049fc4e95feedd47c9de89fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7a:2a:20:f7:30:e3:8e:25:05:0c:36:0b:5d:
                    b2:7b:6e:ac:f7:f1:89:01:50:56:1d:52:93:08:cb:
                    6d:cb:6f:42:df:60:41:65:be:38:dc:ea:e4:9b:14:
                    09:7f:de:a8:eb:a3:ef:f6:ec:71:75:45:c3:ce:5f:
                    fa:21:9f:5b:ec:04:1b:68:3c:f4:f4:68:b6:13:4f:
                    f2:a1:58:a1:c6:4f:db:22:8e:0f:b8:67:e2:a4:36:
                    1f:95:f4:b8:81:96:ce:d4:ca:4f:7c:17:b8:06:eb:
                    96:7a:54:2c:6e:a9:b4:f1:da:02:d0:2b:c6:3d:9b:
                    0e:a5:a7:ef:e3:86:cf:ce:25:7e:db:4e:b3:f5:95:
                    3b:14:31:4f:6d:1e:37:a7:29:d9:2e:01:89:44:6b:
                    72:54:c9:b8:71:6d:c3:e0:7e:46:2c:89:45:6d:7e:
                    e9:cf:95:48:8b:7f:d9:ba:ed:04:fc:b1:4e:d8:e8:
                    00:9b:a3:f6:c3:55:58:f8:6b:1b:1a:77:c9:92:45:
                    e9:5c:a4:ea:00:92:cc:c0:be:66:e0:5b:77:17:08:
                    23:dd:9c:95:f5:4b:f6:72:2f:c4:ad:e6:ce:01:41:
                    d2:cd:48:6c:0d:c5:3f:96:42:4d:ae:18:98:89:7a:
                    4e:93:1a:a0:a7:82:0e:d0:0d:1e:f1:91:aa:54:60:
                    de:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:8E:E8:EC:27:C0:6F:67:04:9F:C4:E9:5F:EE:DD:47:C9:DE:89:FB
            X509v3 Authority Key Identifier:
                keyid:C4:3C:22:2F:AD:2C:27:CA:61:2C:98:C2:73:D4:F1:65:06:E1:B2:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xDwiL60sJ8phLJjCc9TxZQbhsuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/68a7ea-d50a-4a30-9513-e909a77cda98/1/II7o7CfAb2cEn8TpX-7dR8neifs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/68a7ea-d50a-4a30-9513-e909a77cda98/1/xDwiL60sJ8phLJjCc9TxZQbhsuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.64.0/18
                  213.108.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         10:22:ef:97:1f:e0:28:0f:65:28:d0:db:5a:52:49:e1:59:2c:
         dd:6c:aa:26:b9:cb:f9:24:86:a2:fd:ca:00:b6:bc:cd:62:be:
         b1:17:f9:c3:d7:fb:31:e5:e8:d7:f1:68:2a:b3:75:81:f0:ca:
         e7:fb:80:21:a4:e2:b5:3c:c8:2b:4e:b3:6d:5e:23:6c:bf:2f:
         f5:7c:cf:cd:48:96:8b:28:84:e5:8e:67:53:e5:60:55:e5:b3:
         91:2e:c4:5c:b2:5e:77:8b:36:f8:e9:f0:ad:e3:78:1c:a4:b9:
         77:c7:cb:f0:45:29:b1:f1:54:79:40:1a:8c:99:60:95:d0:ba:
         fa:d7:8d:e4:71:e2:88:6f:c1:26:10:48:5a:de:fd:f3:cf:77:
         11:bc:73:4a:1f:9b:a6:7d:15:c3:52:d1:17:4b:73:d1:3d:d4:
         96:1d:69:15:8a:2a:6c:18:2f:de:bd:50:15:de:7c:48:e8:3d:
         54:81:a9:6c:76:be:c3:4c:25:b7:bc:51:d7:b7:75:64:a4:30:
         eb:ac:84:7e:8a:fb:2a:25:13:e1:22:1d:47:10:47:fd:ba:54:
         f4:5b:10:7c:06:7a:aa:01:38:30:a0:22:16:fd:34:14:6c:d4:
         d2:2f:c6:ae:ec:bd:95:ac:f0:1a:9c:c4:03:00:63:81:9a:16:
         e8:33:70:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVveWjp0/PIAzbVaXdPkRXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0M2MyMjJmYWQyYzI3Y2E2MTJjOThjMjczZDRmMTY1MDZl
MWIyZTUwHhcNMjMwMTAxMjIzNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDhlZThlYzI3YzA2ZjY3MDQ5ZmM0ZTk1ZmVlZGQ0N2M5ZGU4OWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3oqIPcw444lBQw2C12ye26s9/GJ
AVBWHVKTCMtty29C32BBZb443OrkmxQJf96o66Pv9uxxdUXDzl/6IZ9b7AQbaDz0
9Gi2E0/yoVihxk/bIo4PuGfipDYflfS4gZbO1MpPfBe4BuuWelQsbqm08doC0CvG
PZsOpafv44bPziV+206z9ZU7FDFPbR43pynZLgGJRGtyVMm4cW3D4H5GLIlFbX7p
z5VIi3/Zuu0E/LFO2OgAm6P2w1VY+GsbGnfJkkXpXKTqAJLMwL5m4Ft3Fwgj3ZyV
9Uv2ci/ErebOAUHSzUhsDcU/lkJNrhiYiXpOkxqgp4IO0A0e8ZGqVGDeLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCCO6OwnwG9nBJ/E6V/u3UfJ3on7MB8GA1UdIwQY
MBaAFMQ8Ii+tLCfKYSyYwnPU8WUG4bLlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveER3aUw2MHNKOHBoTEpqQ2M5VHhaUWJoc3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82OGE3ZWEtZDUwYS00YTMwLTk1MTMt
ZTkwOWE3N2NkYTk4LzEvSUk3bzdDZkFiMmNFbjhUcFgtN2RSOG5laWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82OGE3ZWEtZDUwYS00YTMwLTk1MTMtZTkwOWE3N2NkYTk4
LzEveER3aUw2MHNKOHBoTEpqQ2M5VHhaUWJoc3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGsGRAAwQD
1WyoMA0GCSqGSIb3DQEBCwUAA4IBAQAQIu+XH+AoD2Uo0NtaUknhWSzdbKomucv5
JIai/coAtrzNYr6xF/nD1/sx5ejX8Wgqs3WB8Mrn+4AhpOK1PMgrTrNtXiNsvy/1
fM/NSJaLKITljmdT5WBV5bORLsRcsl53izb46fCt43gcpLl3x8vwRSmx8VR5QBqM
mWCV0Lr6143kceKIb8EmEEha3v3zz3cRvHNKH5umfRXDUtEXS3PRPdSWHWkViips
GC/evVAV3nxI6D1Ugalsdr7DTCW3vFHXt3VkpDDrrIR+ivsqJRPhIh1HEEf9ulT0
WxB8BnqqATgwoCIW/TQUbNTSL8au7L2VrPAanMQDAGOBmhboM3DR
-----END CERTIFICATE-----