Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/jiwYqWfS2fL9UreD1-ryC69H5R0.roa
File:                     jiwYqWfS2fL9UreD1-ryC69H5R0.roa (raw, json)
Hash identifier:          mH6oK5yQ/Pc5VLeyDsSI7Wi7/8WCeZut6W7Ym8jQ9Pg=
Subject key identifier:   8E:2C:18:A9:67:D2:D9:F2:FD:52:B7:83:D7:EA:F2:0B:AF:47:E5:1D
Certificate issuer:       /CN=966b05c661c76a5bcc48da838eedb6973f153b86
Certificate serial:       01856B811E034B61A123C8AA3A829BBEC050
Authority key identifier: 96:6B:05:C6:61:C7:6A:5B:CC:48:DA:83:8E:ED:B6:97:3F:15:3B:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lmsFxmHHalvMSNqDju22lz8VO4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/jiwYqWfS2fL9UreD1-ryC69H5R0.roa
Signing time:             Sun 01 Jan 2023 04:05:01 +0000
ROA not before:           Sun 01 Jan 2023 04:05:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206316
IP address blocks:        195.242.177.0/24 maxlen: 24
                          195.242.178.0/24 maxlen: 24
                          5.183.97.0/24 maxlen: 24
                          5.183.98.0/24 maxlen: 24
                          5.183.96.0/22 maxlen: 22
                          5.183.96.0/24 maxlen: 24
                          5.183.99.0/24 maxlen: 24
                          195.238.248.0/24 maxlen: 24
                          195.238.252.0/24 maxlen: 24
                          185.219.130.0/24 maxlen: 24
                          185.219.131.0/24 maxlen: 24
                          185.219.128.0/22 maxlen: 22
                          185.219.129.0/24 maxlen: 24
                          185.219.128.0/24 maxlen: 24
                          2a0e:bc04::/30 maxlen: 64
                          2a0b:e640::/30 maxlen: 64
                          2a0e:bc00::/30 maxlen: 64
                          2a0b:e640:1::/48 maxlen: 64
                          2a0b:e644::/30 maxlen: 64

Validation:               Failed, certificate revoked on Mon 17 Apr 2023 09:04:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:81:1e:03:4b:61:a1:23:c8:aa:3a:82:9b:be:c0:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=966b05c661c76a5bcc48da838eedb6973f153b86
        Validity
            Not Before: Jan  1 04:05:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e2c18a967d2d9f2fd52b783d7eaf20baf47e51d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:22:c3:ff:3b:4a:36:5b:3b:f7:8a:96:58:6c:
                    04:f7:6c:82:78:5b:3a:36:f5:e2:66:89:29:5c:1f:
                    75:d2:e3:60:b1:75:50:11:0a:94:e8:c8:d6:28:e7:
                    33:1f:89:fd:a6:4b:0b:c2:3e:95:20:9e:e1:91:2b:
                    d0:1c:2e:e0:28:9d:43:ce:9e:3e:08:f5:e1:1a:ad:
                    29:27:c5:d7:be:83:0c:60:2f:ff:e5:14:c8:10:61:
                    16:08:72:3f:e4:a2:28:df:dd:41:e2:f8:ef:39:5e:
                    80:49:37:b8:50:f0:04:b1:1c:ed:d2:7a:66:35:76:
                    e0:4d:37:fd:64:d1:38:8c:55:ad:e4:05:fc:9e:d9:
                    36:17:66:f1:ae:09:08:d5:55:9f:57:80:26:f3:dc:
                    43:d7:db:3d:59:06:b7:ba:92:ec:cf:7e:e3:37:50:
                    83:a7:c8:fe:59:52:5f:e2:0f:8c:03:a1:fe:98:41:
                    c9:f4:ce:49:2c:b6:1c:c6:6a:34:5d:10:98:48:3d:
                    69:5f:18:47:66:92:03:2c:7a:af:aa:65:98:6c:10:
                    3d:15:d0:a7:1f:d9:31:58:db:60:fa:72:0d:53:10:
                    ea:9f:d3:ab:18:03:a0:19:f2:38:77:cb:14:c0:12:
                    3f:9d:02:dd:ec:70:41:48:70:ff:35:b3:f5:6d:84:
                    ef:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:2C:18:A9:67:D2:D9:F2:FD:52:B7:83:D7:EA:F2:0B:AF:47:E5:1D
            X509v3 Authority Key Identifier:
                keyid:96:6B:05:C6:61:C7:6A:5B:CC:48:DA:83:8E:ED:B6:97:3F:15:3B:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lmsFxmHHalvMSNqDju22lz8VO4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/jiwYqWfS2fL9UreD1-ryC69H5R0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6891df-971e-4e60-8cbc-e3c2f32cf3b7/1/lmsFxmHHalvMSNqDju22lz8VO4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.96.0/22
                  185.219.128.0/22
                  195.238.248.0/24
                  195.238.252.0/24
                  195.242.177.0-195.242.178.255
                IPv6:
                  2a0b:e640::/29
                  2a0e:bc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:87:8c:d1:ac:fd:29:17:d1:34:1c:78:a8:41:3f:d0:bf:c0:
         b6:bd:92:75:a7:db:ba:36:c0:25:09:b1:af:2d:32:f8:53:6d:
         b0:e4:c5:a8:43:dc:4d:11:03:09:11:2d:e7:a8:e5:0f:18:63:
         7e:ea:5f:dd:83:3c:15:01:b6:1f:41:46:4c:36:d7:59:fd:5b:
         33:d3:52:8d:ed:f4:c1:5b:74:76:b9:36:1f:a7:ee:e0:66:38:
         50:87:c6:5a:9a:12:d1:b9:12:f3:ce:5f:09:de:11:19:a6:9b:
         35:a1:1f:32:94:ba:f2:25:d5:28:21:a9:ad:67:c3:83:94:89:
         c1:62:fe:1a:6b:e7:64:66:99:06:7c:a4:cf:37:59:fb:b1:20:
         df:08:bd:cf:24:88:ad:e5:88:79:40:f8:5e:b6:fd:89:d1:a3:
         77:e5:0f:68:ca:ee:26:c5:b5:32:17:a9:b3:73:7c:09:1e:17:
         6d:13:41:ca:c5:4a:a6:52:e9:45:f7:3d:de:08:19:8b:af:a5:
         46:02:7e:29:26:dd:5a:0e:ac:01:b1:85:68:d8:99:91:7c:e3:
         0b:2a:36:6f:75:f2:16:a6:08:8d:7e:d4:ea:f0:ad:71:22:10:
         b0:06:a4:c7:77:1e:1c:ac:26:98:db:27:ba:a6:d4:f5:14:0c:
         87:f7:22:e9
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVrgR4DS2GhI8iqOoKbvsBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NmIwNWM2NjFjNzZhNWJjYzQ4ZGE4MzhlZWRiNjk3M2Yx
NTNiODYwHhcNMjMwMTAxMDQwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTJjMThhOTY3ZDJkOWYyZmQ1MmI3ODNkN2VhZjIwYmFmNDdlNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCLD/ztKNls794qWWGwE92yCeFs6
NvXiZokpXB910uNgsXVQEQqU6MjWKOczH4n9pksLwj6VIJ7hkSvQHC7gKJ1Dzp4+
CPXhGq0pJ8XXvoMMYC//5RTIEGEWCHI/5KIo391B4vjvOV6ASTe4UPAEsRzt0npm
NXbgTTf9ZNE4jFWt5AX8ntk2F2bxrgkI1VWfV4Am89xD19s9WQa3upLsz37jN1CD
p8j+WVJf4g+MA6H+mEHJ9M5JLLYcxmo0XRCYSD1pXxhHZpIDLHqvqmWYbBA9FdCn
H9kxWNtg+nINUxDqn9OrGAOgGfI4d8sUwBI/nQLd7HBBSHD/NbP1bYTvGwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFI4sGKln0tny/VK3g9fq8guvR+UdMB8GA1UdIwQY
MBaAFJZrBcZhx2pbzEjag47ttpc/FTuGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG1zRnhtSEhhbHZNU05xRGp1MjJsejhWTzRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ODkxZGYtOTcxZS00ZTYwLThjYmMt
ZTNjMmYzMmNmM2I3LzEvaml3WXFXZlMyZkw5VXJlRDEtcnlDNjlINVIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ODkxZGYtOTcxZS00ZTYwLThjYmMtZTNjMmYzMmNmM2I3
LzEvbG1zRnhtSEhhbHZNU05xRGp1MjJsejhWTzRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAsBAIAATAmAwQCBbdgAwQC
uduAAwQAw+74AwQAw+78MAwDBADD8rEDBADD8rIwFAQCAAIwDgMFAyoL5kADBQMq
DrwAMA0GCSqGSIb3DQEBCwUAA4IBAQBfh4zRrP0pF9E0HHioQT/Qv8C2vZJ1p9u6
NsAlCbGvLTL4U22w5MWoQ9xNEQMJES3nqOUPGGN+6l/dgzwVAbYfQUZMNtdZ/Vsz
01KN7fTBW3R2uTYfp+7gZjhQh8ZamhLRuRLzzl8J3hEZpps1oR8ylLryJdUoIamt
Z8ODlInBYv4aa+dkZpkGfKTPN1n7sSDfCL3PJIit5Yh5QPhetv2J0aN35Q9oyu4m
xbUyF6mzc3wJHhdtE0HKxUqmUulF9z3eCBmLr6VGAn4pJt1aDqwBsYVo2JmRfOML
KjZvdfIWpgiNftTq8K1xIhCwBqTHdx4crCaY2ye6ptT1FAyH9yLp
-----END CERTIFICATE-----