Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/7mcIx-2gBvRJwCW7iT_tJF0LFxo.roa
File:                     7mcIx-2gBvRJwCW7iT_tJF0LFxo.roa (raw, json)
Hash identifier:          mnzKR76jvRcHyVOSE/vI4lti1E8wMA32zz7D+f7jGoc=
Subject key identifier:   EE:67:08:C7:ED:A0:06:F4:49:C0:25:BB:89:3F:ED:24:5D:0B:17:1A
Certificate issuer:       /CN=435416b2282b4533c3509c18e957ce0c836bc837
Certificate serial:       0186DA4C85F107FC1E90025BA081D00EA001
Authority key identifier: 43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/7mcIx-2gBvRJwCW7iT_tJF0LFxo.roa
Signing time:             Mon 13 Mar 2023 09:28:13 +0000
ROA not before:           Mon 13 Mar 2023 09:28:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207990
IP address blocks:        185.23.200.0/23 maxlen: 32
                          185.251.44.0/23 maxlen: 32
                          185.247.230.0/23 maxlen: 32
                          185.247.228.0/24 maxlen: 32
                          193.8.80.0/22 maxlen: 32
                          178.239.22.0/23 maxlen: 32
                          88.218.144.0/22 maxlen: 32
                          91.193.100.0/22 maxlen: 32
                          95.175.80.0/20 maxlen: 32
                          185.251.248.0/23 maxlen: 32

Validation:               Failed, certificate revoked on Wed 15 Mar 2023 08:48:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:da:4c:85:f1:07:fc:1e:90:02:5b:a0:81:d0:0e:a0:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=435416b2282b4533c3509c18e957ce0c836bc837
        Validity
            Not Before: Mar 13 09:28:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ee6708c7eda006f449c025bb893fed245d0b171a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:59:2e:05:d5:1b:b3:42:b4:70:53:13:40:2d:
                    5e:55:5b:ee:42:f6:79:db:dc:5a:91:cd:0e:9a:d0:
                    2e:4b:8c:51:2c:c6:33:b7:4a:d7:76:56:a5:42:9f:
                    7f:5b:59:a3:b2:c1:10:1d:14:3e:7e:8f:b4:01:dd:
                    de:77:bb:b3:03:06:fb:bf:2f:23:5c:eb:0e:fe:1b:
                    7f:ac:c2:e1:3d:e3:09:4f:7d:fe:05:32:f8:03:b9:
                    32:d6:12:88:cd:99:9a:3e:8a:2e:3e:5e:77:10:09:
                    48:d3:07:2f:a8:81:54:6c:77:d6:c9:80:4d:a6:5d:
                    76:63:25:2d:4e:4c:05:76:64:12:4b:e5:84:fa:af:
                    7f:5c:80:b1:f0:5a:f9:62:4d:30:79:b9:8e:f7:43:
                    20:c3:57:19:c2:18:d8:d2:a6:01:4f:2e:8b:fb:09:
                    9e:53:84:fd:a0:51:77:81:94:5b:7e:f4:ec:90:e6:
                    90:bf:43:f8:ee:e8:e0:36:59:ab:f9:fe:79:d2:57:
                    47:c4:c9:7c:65:bf:4e:9c:eb:40:f3:c3:33:c9:97:
                    b7:bc:2e:a2:41:fe:c2:8a:bd:f3:a5:12:0f:50:f2:
                    0e:ec:ff:83:16:d2:3e:e9:d1:06:a2:22:0c:c3:23:
                    b2:58:3d:11:b4:fa:bd:52:8c:be:ba:2f:61:d5:08:
                    5c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:67:08:C7:ED:A0:06:F4:49:C0:25:BB:89:3F:ED:24:5D:0B:17:1A
            X509v3 Authority Key Identifier:
                keyid:43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/7mcIx-2gBvRJwCW7iT_tJF0LFxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Q1QWsigrRTPDUJwY6VfODINryDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.144.0/22
                  91.193.100.0/22
                  95.175.80.0/20
                  178.239.22.0/23
                  185.23.200.0/23
                  185.247.228.0/24
                  185.247.230.0/23
                  185.251.44.0/23
                  185.251.248.0/23
                  193.8.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:3b:da:d9:be:03:87:0f:0c:65:19:b1:c7:05:b6:e7:c1:66:
         09:e5:94:e4:99:b5:16:15:81:76:2f:8d:bd:c9:4b:c4:a9:df:
         91:4e:c7:84:f3:dc:12:16:b4:94:6b:60:9d:bc:65:5c:f0:65:
         0b:87:4b:34:c4:23:02:65:e1:88:da:8b:db:41:b6:a5:bd:98:
         40:1c:19:71:f8:6f:0b:d8:82:b0:0d:42:3e:30:ba:51:fc:52:
         8d:c5:6b:bd:f5:ab:4d:78:b5:81:38:91:8d:a3:32:75:55:45:
         ae:79:11:14:57:84:3a:7f:bc:40:1b:34:87:fc:2a:40:ed:1c:
         90:da:c2:d8:ca:00:ec:59:4d:18:93:fe:2f:42:d0:e7:7b:bf:
         7c:0f:20:9a:ed:36:4e:55:84:6f:56:18:4f:7c:22:19:79:f6:
         58:28:3e:3e:af:4e:92:d8:51:19:7c:70:dd:13:ff:cf:c1:68:
         16:66:80:71:9c:49:34:07:6e:85:d0:70:57:54:b8:82:3f:8c:
         cc:78:c4:47:26:66:d9:28:99:c0:bf:5b:43:ae:52:36:02:17:
         63:bc:35:93:d4:1b:30:03:6e:93:ba:f7:9c:f4:f5:5c:64:0c:
         e1:7f:76:69:dd:a9:e4:86:27:fd:10:52:03:4d:44:73:e9:fb:
         90:4b:7c:08
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYbaTIXxB/wekAJboIHQDqABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTQxNmIyMjgyYjQ1MzNjMzUwOWMxOGU5NTdjZTBjODM2
YmM4MzcwHhcNMjMwMzEzMDkyODEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTY3MDhjN2VkYTAwNmY0NDljMDI1YmI4OTNmZWQyNDVkMGIxNzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVkuBdUbs0K0cFMTQC1eVVvuQvZ5
29xakc0OmtAuS4xRLMYzt0rXdlalQp9/W1mjssEQHRQ+fo+0Ad3ed7uzAwb7vy8j
XOsO/ht/rMLhPeMJT33+BTL4A7ky1hKIzZmaPoouPl53EAlI0wcvqIFUbHfWyYBN
pl12YyUtTkwFdmQSS+WE+q9/XICx8Fr5Yk0webmO90Mgw1cZwhjY0qYBTy6L+wme
U4T9oFF3gZRbfvTskOaQv0P47ujgNlmr+f550ldHxMl8Zb9OnOtA88MzyZe3vC6i
Qf7Cir3zpRIPUPIO7P+DFtI+6dEGoiIMwyOyWD0RtPq9Uoy+ui9h1QhckQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFO5nCMftoAb0ScAlu4k/7SRdCxcaMB8GA1UdIwQY
MBaAFENUFrIoK0Uzw1CcGOlXzgyDa8g3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQt
MjYyZWIzOWJiZTc2LzEvN21jSXgtMmdCdlJKd0NXN2lUX3RKRjBMRnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQtMjYyZWIzOWJiZTc2
LzEvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCWNqQAwQC
W8FkAwQEX69QAwQBsu8WAwQBuRfIAwQAuffkAwQBuffmAwQBufssAwQBufv4AwQC
wQhQMA0GCSqGSIb3DQEBCwUAA4IBAQBAO9rZvgOHDwxlGbHHBbbnwWYJ5ZTkmbUW
FYF2L429yUvEqd+RTseE89wSFrSUa2CdvGVc8GULh0s0xCMCZeGI2ovbQbalvZhA
HBlx+G8L2IKwDUI+MLpR/FKNxWu99atNeLWBOJGNozJ1VUWueREUV4Q6f7xAGzSH
/CpA7RyQ2sLYygDsWU0Yk/4vQtDne798DyCa7TZOVYRvVhhPfCIZefZYKD4+r06S
2FEZfHDdE//PwWgWZoBxnEk0B26F0HBXVLiCP4zMeMRHJmbZKJnAv1tDrlI2Ahdj
vDWT1BswA26Tuvec9PVcZAzhf3Zp3ankhif9EFIDTURz6fuQS3wI
-----END CERTIFICATE-----