Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/Mz4p47-e5HtYMnyCQ8zFav3xWqE.roa
File:                     Mz4p47-e5HtYMnyCQ8zFav3xWqE.roa (raw, json)
Hash identifier:          5uVB4iXhLQwC1pAX/xLpRpjzxNVBiHZhh4fL8FgOwN0=
Subject key identifier:   33:3E:29:E3:BF:9E:E4:7B:58:32:7C:82:43:CC:C5:6A:FD:F1:5A:A1
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       0185CBDCCDC6798D0E3255D3F95816D773D5
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/Mz4p47-e5HtYMnyCQ8zFav3xWqE.roa
Signing time:             Thu 19 Jan 2023 21:08:43 +0000
ROA not before:           Thu 19 Jan 2023 21:08:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        91.186.194.0/23 maxlen: 24
                          91.186.200.0/22 maxlen: 24
                          91.186.214.0/23 maxlen: 24
                          94.241.168.0/21 maxlen: 24
                          94.241.176.0/21 maxlen: 24
                          83.147.216.0/23 maxlen: 24
                          178.253.31.0/24 maxlen: 24
                          83.147.217.0/24 maxlen: 24
                          83.147.222.0/23 maxlen: 24
                          178.253.44.0/23 maxlen: 24
                          83.147.232.0/22 maxlen: 24
                          178.253.52.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Tue 24 Jan 2023 19:42:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:cb:dc:cd:c6:79:8d:0e:32:55:d3:f9:58:16:d7:73:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan 19 21:08:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=333e29e3bf9ee47b58327c8243ccc56afdf15aa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fe:34:f8:dd:0d:89:fd:f1:be:f0:58:be:6d:
                    5d:d5:5f:4b:d2:d9:43:df:05:f5:90:9b:6f:d9:6f:
                    01:bb:b1:60:35:b3:89:72:a5:8a:eb:a9:4f:be:f4:
                    4c:81:d3:0e:85:64:bb:7e:36:29:30:8f:ea:7b:77:
                    f3:0d:7f:48:6e:db:db:98:a1:78:92:b1:a6:c8:81:
                    19:e3:cb:03:48:a1:ac:65:72:c3:64:2d:42:15:2b:
                    a9:59:28:6d:e9:60:d3:07:9c:a9:3d:fc:fb:98:66:
                    57:e9:cb:c6:f3:fc:5a:b3:b2:54:ac:bd:7c:07:f6:
                    2c:b2:c2:82:02:bc:f7:bf:91:e6:b0:ec:13:7a:61:
                    ac:dd:2f:c5:2d:f3:82:8c:2f:7e:70:e3:e4:1a:b3:
                    a9:e4:85:5a:35:12:86:61:f8:3a:b4:35:33:5a:17:
                    07:9e:9c:6b:48:04:cf:f7:49:e7:21:9c:3b:3c:4d:
                    15:9a:c3:a3:d1:3a:40:95:e2:d4:2d:39:a4:6c:ba:
                    e6:d6:9c:0f:a8:73:09:37:5c:36:8c:6d:a4:86:78:
                    bf:6f:98:d0:e2:67:ce:0e:47:d6:b5:81:fc:ca:1a:
                    d4:0e:a3:95:58:7b:0e:0a:b2:e7:63:2b:82:03:0f:
                    6d:8e:3a:58:6c:b2:6b:bc:0a:53:8d:63:89:e1:21:
                    97:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:3E:29:E3:BF:9E:E4:7B:58:32:7C:82:43:CC:C5:6A:FD:F1:5A:A1
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/Mz4p47-e5HtYMnyCQ8zFav3xWqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.216.0/23
                  83.147.222.0/23
                  83.147.232.0/22
                  91.186.194.0/23
                  91.186.200.0/22
                  91.186.214.0/23
                  94.241.168.0-94.241.183.255
                  178.253.31.0/24
                  178.253.44.0/23
                  178.253.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:14:09:a0:5d:b7:27:fb:8d:23:4a:28:32:41:08:d1:d3:fa:
         79:43:5d:fd:ef:0c:43:c1:ca:0a:1e:e9:eb:dc:c0:9b:52:e9:
         68:bb:55:a9:11:f7:27:b0:81:e1:a2:f9:cc:86:20:48:ff:d8:
         93:9b:ea:f7:2b:c0:89:a1:45:31:46:6d:33:c0:da:19:d5:67:
         7a:61:cf:dc:ab:0c:9d:ff:38:86:dc:6c:61:07:bf:cb:ff:dd:
         f3:a0:4e:38:dc:27:d0:5c:0d:0d:f1:25:2a:26:88:0b:a6:0a:
         c9:68:0b:5d:36:af:1f:13:26:a1:a2:24:19:ff:e2:f2:0f:6b:
         9e:72:f3:5b:15:f7:e7:64:be:b6:85:81:bd:df:f8:fb:42:47:
         f8:ad:58:c1:d3:b8:74:21:46:60:5d:32:85:b9:c3:85:9a:10:
         e4:db:7c:0d:6e:b1:a6:29:21:d1:ec:d0:7a:35:44:fb:de:9d:
         cf:87:57:9d:15:af:d9:65:94:b0:91:da:64:28:f7:37:7b:b0:
         57:da:cb:23:b1:a0:53:db:77:50:f2:1a:b2:7b:f5:fd:c2:d9:
         21:9f:b5:db:31:26:16:35:0a:1c:7b:77:6e:49:63:2c:1b:c9:
         e3:60:df:c8:4b:60:4c:58:67:b8:cc:14:ce:31:1e:a4:a8:13:
         09:c5:2f:df
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYXL3M3GeY0OMlXT+VgW13PVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjMwMTE5MjEwODQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzNlMjllM2JmOWVlNDdiNTgzMjdjODI0M2NjYzU2YWZkZjE1YWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/40+N0Nif3xvvBYvm1d1V9L0tlD
3wX1kJtv2W8Bu7FgNbOJcqWK66lPvvRMgdMOhWS7fjYpMI/qe3fzDX9IbtvbmKF4
krGmyIEZ48sDSKGsZXLDZC1CFSupWSht6WDTB5ypPfz7mGZX6cvG8/xas7JUrL18
B/YsssKCArz3v5HmsOwTemGs3S/FLfOCjC9+cOPkGrOp5IVaNRKGYfg6tDUzWhcH
npxrSATP90nnIZw7PE0VmsOj0TpAleLULTmkbLrm1pwPqHMJN1w2jG2khni/b5jQ
4mfODkfWtYH8yhrUDqOVWHsOCrLnYyuCAw9tjjpYbLJrvApTjWOJ4SGXvQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFDM+KeO/nuR7WDJ8gkPMxWr98VqhMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvTXo0cDQ3LWU1SHRZTW55Q1E4ekZhdjN4V3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQBU5PYAwQB
U5PeAwQCU5PoAwQBW7rCAwQCW7rIAwQBW7rWMAwDBANe8agDBANe8bADBACy/R8D
BAGy/SwDBAGy/TQwDQYJKoZIhvcNAQELBQADggEBAJAUCaBdtyf7jSNKKDJBCNHT
+nlDXf3vDEPBygoe6evcwJtS6Wi7VakR9yewgeGi+cyGIEj/2JOb6vcrwImhRTFG
bTPA2hnVZ3phz9yrDJ3/OIbcbGEHv8v/3fOgTjjcJ9BcDQ3xJSomiAumCsloC102
rx8TJqGiJBn/4vIPa55y81sV9+dkvraFgb3f+PtCR/itWMHTuHQhRmBdMoW5w4Wa
EOTbfA1usaYpIdHs0Ho1RPvenc+HV50Vr9lllLCR2mQo9zd7sFfayyOxoFPbd1Dy
GrJ79f3C2SGftdsxJhY1Chx7d25JYywbyeNg38hLYExYZ7jMFM4xHqSoEwnFL98=
-----END CERTIFICATE-----