Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/rbv07bAXVscOOsARza2v3BBgGO4.roa
File:                     rbv07bAXVscOOsARza2v3BBgGO4.roa (raw, json)
Hash identifier:          PxeWDgTz49//dwnymnSIqNrZ5WOeKcSxaqyNF76yhe0=
Subject key identifier:   AD:BB:F4:ED:B0:17:56:C7:0E:3A:C0:11:CD:AD:AF:DC:10:60:18:EE
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       0188E05D616B00A803420AD48B84A56D4AB5
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/rbv07bAXVscOOsARza2v3BBgGO4.roa
Signing time:             Wed 21 Jun 2023 23:49:56 +0000
ROA not before:           Wed 21 Jun 2023 23:49:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210025
IP address blocks:        88.218.206.0/24 maxlen: 24
                          88.218.204.0/24 maxlen: 24
                          88.218.207.0/24 maxlen: 24
                          2a09:b280:ffba::/48 maxlen: 48
                          2a09:b280:ffb0::/48 maxlen: 48
                          2a09:b280:ccc0::/48 maxlen: 48
                          2a09:b280::/48 maxlen: 48
                          2a09:b280:ffbb::/48 maxlen: 48
                          2a09:b280:ffbe::/48 maxlen: 48
                          2a09:b280:ffb9::/48 maxlen: 48
                          2a09:b280:ffbf::/48 maxlen: 48
                          2a09:b280:ffb2::/48 maxlen: 48
                          2a09:b280:ffbd::/48 maxlen: 48
                          2a09:b280:ccc1::/48 maxlen: 48
                          2a09:b280:ffb1::/48 maxlen: 48
                          2a09:b280:ffbc::/48 maxlen: 48
                          2a09:b280:cccc::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 26 Jun 2023 14:08:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e0:5d:61:6b:00:a8:03:42:0a:d4:8b:84:a5:6d:4a:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jun 21 23:49:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=adbbf4edb01756c70e3ac011cdadafdc106018ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:01:01:81:f1:95:76:d5:5d:df:11:e2:1e:a8:
                    27:98:f2:5f:8a:96:ac:28:fc:5c:ea:87:6a:6c:58:
                    2a:29:66:f7:10:ec:7e:e3:48:b9:32:0d:15:f0:25:
                    82:66:b9:74:f7:1a:4c:1a:9f:e4:2a:a7:f4:6c:e0:
                    28:ab:d1:5f:73:58:b7:c9:ad:bd:eb:f1:2f:f2:69:
                    1b:1f:74:dc:df:0b:92:50:3c:5f:81:80:3c:9d:4d:
                    95:87:e2:fb:57:83:f8:77:ba:85:5d:e8:d6:2d:5c:
                    99:55:54:5f:33:d6:dc:25:1c:0f:39:09:83:4d:6a:
                    6d:54:51:4f:92:44:10:f4:15:bc:fd:ba:d8:98:dc:
                    c1:7e:d2:f7:06:76:7b:ae:77:b1:40:b1:55:23:b8:
                    39:28:fb:6e:2e:ea:b2:54:d6:dc:34:49:bd:4d:65:
                    6a:65:fe:ae:84:3b:83:7f:6a:b8:62:24:41:49:68:
                    5d:d0:50:44:0f:36:15:90:79:d3:a3:b8:1a:b5:7e:
                    a2:10:ea:1c:b2:b0:8c:0f:0b:fb:31:cd:08:9d:d0:
                    2c:48:56:83:0e:ee:9f:9f:ca:eb:ff:f5:6e:c5:b3:
                    a6:ad:95:88:c4:f6:10:fe:03:bc:ae:fa:50:ab:88:
                    3c:49:73:98:c1:68:a1:e0:2c:79:2f:de:8a:8a:53:
                    a9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:BB:F4:ED:B0:17:56:C7:0E:3A:C0:11:CD:AD:AF:DC:10:60:18:EE
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/rbv07bAXVscOOsARza2v3BBgGO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.204.0/24
                  88.218.206.0/23
                IPv6:
                  2a09:b280::/48
                  2a09:b280:ccc0::/47
                  2a09:b280:cccc::/48
                  2a09:b280:ffb0::-2a09:b280:ffb2:ffff:ffff:ffff:ffff:ffff
                  2a09:b280:ffb9::-2a09:b280:ffbf:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         9a:75:8e:0c:52:ff:af:fc:ed:c6:7a:af:61:07:66:20:9c:09:
         5f:c7:6f:aa:13:47:99:30:c6:38:fc:88:b3:de:f1:57:2c:56:
         19:66:a1:3e:85:17:5b:08:c7:dd:53:f2:fc:63:fb:ab:91:fe:
         e0:f9:55:61:5c:f2:83:b5:dc:be:29:7f:e1:f3:c6:00:3a:56:
         af:72:b5:96:17:d1:94:e4:3c:59:0b:6f:b6:3c:53:a2:f9:85:
         3d:a5:86:b0:a1:55:76:61:9f:cc:9d:9b:d4:f8:f1:bd:c8:7f:
         ea:3e:60:4d:6b:77:d5:f9:28:1c:88:5c:98:27:7a:26:c4:c5:
         69:22:17:2a:2f:53:50:fb:db:1b:40:3a:fd:17:08:94:a8:2c:
         ed:9d:2d:0c:03:30:f0:cb:02:da:e2:f8:c1:06:d5:10:dd:70:
         10:91:c9:33:dd:63:68:e0:37:3b:b3:38:8a:6b:45:08:31:1f:
         ca:98:1f:9e:eb:85:3b:bd:13:a5:61:3c:8d:5c:99:43:4f:8e:
         47:d9:40:b5:b0:20:96:39:26:5c:cc:9f:f5:31:64:78:66:0e:
         fc:c9:2b:f7:0b:6b:d8:4a:50:9e:14:60:b9:a5:92:09:9a:79:
         78:31:9e:7a:95:96:6f:2c:44:69:0e:09:cb:9d:ff:04:5e:4f:
         ef:fc:2e:d2
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYjgXWFrAKgDQgrUi4SlbUq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjMwNjIxMjM0OTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGJiZjRlZGIwMTc1NmM3MGUzYWMwMTFjZGFkYWZkYzEwNjAxOGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgEBgfGVdtVd3xHiHqgnmPJfipas
KPxc6odqbFgqKWb3EOx+40i5Mg0V8CWCZrl09xpMGp/kKqf0bOAoq9Ffc1i3ya29
6/Ev8mkbH3Tc3wuSUDxfgYA8nU2Vh+L7V4P4d7qFXejWLVyZVVRfM9bcJRwPOQmD
TWptVFFPkkQQ9BW8/brYmNzBftL3BnZ7rnexQLFVI7g5KPtuLuqyVNbcNEm9TWVq
Zf6uhDuDf2q4YiRBSWhd0FBEDzYVkHnTo7gatX6iEOocsrCMDwv7Mc0IndAsSFaD
Du6fn8rr//VuxbOmrZWIxPYQ/gO8rvpQq4g8SXOYwWih4Cx5L96KilOpgwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFK279O2wF1bHDjrAEc2tr9wQYBjuMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvcmJ2MDdiQVhWc2NPT3NBUnphMnYzQkJnR080LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzASBAIAATAMAwQAWNrMAwQB
WNrOMEkEAgACMEMDBwAqCbKAAAADBwEqCbKAzMADBwAqCbKAzMwwEgMHBCoJsoD/
sAMHACoJsoD/sjASAwcAKgmygP+5AwcGKgmygP+AMA0GCSqGSIb3DQEBCwUAA4IB
AQCadY4MUv+v/O3Geq9hB2YgnAlfx2+qE0eZMMY4/Iiz3vFXLFYZZqE+hRdbCMfd
U/L8Y/urkf7g+VVhXPKDtdy+KX/h88YAOlavcrWWF9GU5DxZC2+2PFOi+YU9pYaw
oVV2YZ/MnZvU+PG9yH/qPmBNa3fV+SgciFyYJ3omxMVpIhcqL1NQ+9sbQDr9FwiU
qCztnS0MAzDwywLa4vjBBtUQ3XAQkckz3WNo4Dc7sziKa0UIMR/KmB+e64U7vROl
YTyNXJlDT45H2UC1sCCWOSZczJ/1MWR4Zg78ySv3C2vYSlCeFGC5pZIJmnl4MZ56
lZZvLERpDgnLnf8EXk/v/C7S
-----END CERTIFICATE-----