Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/As9o6Eqh_x1zPO2qoDtgQvZT01E.roa
File:                     As9o6Eqh_x1zPO2qoDtgQvZT01E.roa (raw, json)
Hash identifier:          PNifjvW15FZsCyH1J8U8KGQykLIFU6ENhCu7hXD85bg=
Subject key identifier:   02:CF:68:E8:4A:A1:FF:1D:73:3C:ED:AA:A0:3B:60:42:F6:53:D3:51
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0186B6690330BA24A40A9082C9235167E40A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/As9o6Eqh_x1zPO2qoDtgQvZT01E.roa
Signing time:             Mon 06 Mar 2023 10:13:00 +0000
ROA not before:           Mon 06 Mar 2023 10:13:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200482
IP address blocks:        178.239.200.0/24 maxlen: 24
                          91.209.12.0/24 maxlen: 24
                          185.229.105.0/24 maxlen: 24
                          62.197.132.0/24 maxlen: 24
                          62.197.128.0/24 maxlen: 24
                          89.43.211.0/24 maxlen: 24
                          185.245.236.0/24 maxlen: 24
                          89.43.209.0/24 maxlen: 24
                          45.159.153.0/24 maxlen: 24
                          103.205.27.0/24 maxlen: 24
                          103.205.25.0/24 maxlen: 24
                          223.27.114.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b6:69:03:30:ba:24:a4:0a:90:82:c9:23:51:67:e4:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  6 10:13:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=02cf68e84aa1ff1d733cedaaa03b6042f653d351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c4:03:54:c5:ff:b4:1a:74:23:5f:d8:e2:e4:
                    ab:2d:72:73:f1:72:29:ec:88:a4:ce:c8:d6:1f:25:
                    c6:4b:f8:73:a3:be:98:5a:e0:de:b9:db:b1:63:be:
                    4b:6a:00:90:28:a4:44:87:96:c9:04:69:38:82:d6:
                    80:d9:54:22:17:89:52:50:f9:1a:fc:ee:a2:56:3b:
                    c6:77:c1:e4:f2:9a:72:2b:a2:75:1f:74:dd:10:ef:
                    ec:fd:87:9d:b6:06:ac:c0:30:30:f9:41:58:f0:ee:
                    27:f1:35:9f:0e:62:d8:f5:49:46:4b:ac:a1:23:46:
                    6f:06:3e:63:36:7e:a2:c9:60:99:e4:32:8b:83:ba:
                    8c:08:dd:6d:94:d7:e1:ea:ec:50:9b:ff:9b:a5:20:
                    8c:3a:47:ec:4b:57:b2:2e:72:ec:b4:17:57:ea:71:
                    f4:2d:cf:27:b5:de:31:03:fc:41:c9:59:26:c3:64:
                    3e:8c:8a:a0:68:d5:8b:63:bf:97:87:b2:be:2a:68:
                    d0:d0:ad:1a:77:4a:1d:ef:ed:dd:a3:4b:1b:18:22:
                    32:bf:54:5e:09:6d:26:b3:1f:5b:35:f6:fa:06:c4:
                    61:79:d8:59:90:c0:81:77:fb:50:47:57:3e:9a:ea:
                    9a:da:3d:37:e2:86:8c:8c:db:aa:86:d4:78:fc:ed:
                    10:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:CF:68:E8:4A:A1:FF:1D:73:3C:ED:AA:A0:3B:60:42:F6:53:D3:51
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/As9o6Eqh_x1zPO2qoDtgQvZT01E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.153.0/24
                  62.197.128.0/24
                  62.197.132.0/24
                  89.43.209.0/24
                  89.43.211.0/24
                  91.209.12.0/24
                  103.205.25.0/24
                  103.205.27.0/24
                  178.239.200.0/24
                  185.229.105.0/24
                  185.245.236.0/24
                  223.27.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:15:93:37:5c:4a:ed:b0:2b:39:e9:08:ea:9c:40:3d:6c:d7:
         5f:39:95:73:45:ab:17:38:b6:76:96:d3:b1:98:30:63:64:09:
         6e:b0:3e:49:63:14:02:7f:57:2c:35:22:20:a0:0c:83:bf:c3:
         dc:45:39:0b:55:94:bc:47:27:dd:3f:8a:f3:f2:16:bd:38:bc:
         21:7f:57:93:67:d9:7f:20:09:1f:b2:50:99:7d:75:f7:00:5d:
         0a:5e:8f:61:db:46:6d:de:88:05:46:34:70:6f:7b:8c:37:6e:
         da:4d:be:05:84:4a:e4:79:ae:12:43:d4:cb:39:c3:47:a5:d3:
         43:ec:d1:7a:17:33:c5:ef:44:9a:b8:6a:77:61:ea:c9:98:d2:
         6b:14:33:06:83:fe:b5:5d:31:0b:3d:19:58:34:f9:d4:7b:e4:
         97:1e:93:9f:3a:3e:f0:92:f5:a4:de:09:13:39:8f:da:05:72:
         28:2c:c2:d3:b0:67:8f:3f:c8:71:58:f8:4d:74:bc:17:da:34:
         7c:89:e3:ce:e1:d4:7b:c3:80:46:24:5a:0b:cd:b2:83:ba:93:
         b7:a0:94:97:22:14:a7:32:3c:5f:85:fd:20:9b:bc:a4:99:d3:
         8b:87:c8:1f:71:b4:70:79:66:7d:18:5f:a1:52:de:cf:72:bf:
         8c:ef:c3:68
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYa2aQMwuiSkCpCCySNRZ+QKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA2MTAxMzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmNmNjhlODRhYTFmZjFkNzMzY2VkYWFhMDNiNjA0MmY2NTNkMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcQDVMX/tBp0I1/Y4uSrLXJz8XIp
7IikzsjWHyXGS/hzo76YWuDeuduxY75LagCQKKREh5bJBGk4gtaA2VQiF4lSUPka
/O6iVjvGd8Hk8ppyK6J1H3TdEO/s/YedtgaswDAw+UFY8O4n8TWfDmLY9UlGS6yh
I0ZvBj5jNn6iyWCZ5DKLg7qMCN1tlNfh6uxQm/+bpSCMOkfsS1eyLnLstBdX6nH0
Lc8ntd4xA/xByVkmw2Q+jIqgaNWLY7+Xh7K+KmjQ0K0ad0od7+3do0sbGCIyv1Re
CW0msx9bNfb6BsRhedhZkMCBd/tQR1c+muqa2j034oaMjNuqhtR4/O0QZQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFALPaOhKof8dczztqqA7YEL2U9NRMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQXM5bzZFcWhfeDF6UE8ycW9EdGdRdlpUMDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALZ+ZAwQA
PsWAAwQAPsWEAwQAWSvRAwQAWSvTAwQAW9EMAwQAZ80ZAwQAZ80bAwQAsu/IAwQA
ueVpAwQAufXsAwQA3xtyMA0GCSqGSIb3DQEBCwUAA4IBAQAYFZM3XErtsCs56Qjq
nEA9bNdfOZVzRasXOLZ2ltOxmDBjZAlusD5JYxQCf1csNSIgoAyDv8PcRTkLVZS8
RyfdP4rz8ha9OLwhf1eTZ9l/IAkfslCZfXX3AF0KXo9h20Zt3ogFRjRwb3uMN27a
Tb4FhErkea4SQ9TLOcNHpdND7NF6FzPF70SauGp3YerJmNJrFDMGg/61XTELPRlY
NPnUe+SXHpOfOj7wkvWk3gkTOY/aBXIoLMLTsGePP8hxWPhNdLwX2jR8iePO4dR7
w4BGJFoLzbKDupO3oJSXIhSnMjxfhf0gm7ykmdOLh8gfcbRweWZ9GF+hUt7Pcr+M
78No
-----END CERTIFICATE-----