Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/7b45b9-990b-4614-a64e-0f52ea5229fc/1/tQuErIQoL8p1ttjl8gGrWJoOZwY.roa
File:                     tQuErIQoL8p1ttjl8gGrWJoOZwY.roa (raw, json)
Hash identifier:          HDSPHuiMFoYCO35nS8ysTlaCSpw7oGHBgqeMbI32SVM=
Subject key identifier:   B5:0B:84:AC:84:28:2F:CA:75:B6:D8:E5:F2:01:AB:58:9A:0E:67:06
Certificate issuer:       /CN=9256db3487b4c5bacb300177057cf3174cf77477
Certificate serial:       01856E4B08382253F28BCDAC2DE57811432C
Authority key identifier: 92:56:DB:34:87:B4:C5:BA:CB:30:01:77:05:7C:F3:17:4C:F7:74:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klbbNIe0xbrLMAF3BXzzF0z3dHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/7b45b9-990b-4614-a64e-0f52ea5229fc/1/tQuErIQoL8p1ttjl8gGrWJoOZwY.roa
Signing time:             Sun 01 Jan 2023 17:04:49 +0000
ROA not before:           Sun 01 Jan 2023 17:04:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51263
IP address blocks:        62.56.176.0/20 maxlen: 20
                          168.86.192.0/19 maxlen: 19
                          178.251.178.0/24 maxlen: 24
                          178.251.177.0/24 maxlen: 24
                          178.251.176.0/24 maxlen: 24
                          178.251.176.0/21 maxlen: 21
                          178.251.179.0/24 maxlen: 24
                          178.251.183.0/24 maxlen: 24
                          178.251.182.0/24 maxlen: 24
                          178.251.181.0/24 maxlen: 24
                          178.251.180.0/24 maxlen: 24
                          185.25.56.0/22 maxlen: 22
                          213.244.200.0/21 maxlen: 21
                          2a03:e240::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:4b:08:38:22:53:f2:8b:cd:ac:2d:e5:78:11:43:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9256db3487b4c5bacb300177057cf3174cf77477
        Validity
            Not Before: Jan  1 17:04:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b50b84ac84282fca75b6d8e5f201ab589a0e6706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:75:e9:08:23:4e:e8:5a:55:42:47:3c:0c:d1:
                    99:f9:2e:49:66:b8:c9:cb:d5:b5:34:29:dd:2d:7f:
                    a6:a6:cd:a8:9a:cf:44:54:94:9c:f8:73:f0:2b:e7:
                    cf:ac:96:13:e8:ef:d3:c4:09:55:19:69:f5:fc:8e:
                    91:eb:7a:0a:8c:f8:f4:f1:6e:74:02:50:7e:ef:a6:
                    07:fd:2e:48:f4:bc:75:3b:f1:75:39:0f:27:f8:9b:
                    f5:9b:f3:b4:f4:8f:1f:3e:e5:a7:a0:4a:e5:d0:63:
                    93:a7:53:9d:2b:a2:70:6e:db:13:00:fc:57:46:c0:
                    e4:74:68:12:13:96:be:85:fc:27:22:81:74:26:d2:
                    cb:11:f2:b9:af:b3:07:47:ca:fc:b0:5b:0b:03:9c:
                    26:1c:e7:14:8b:fb:30:b3:7b:60:bd:5a:5a:e4:23:
                    88:bb:c4:e0:50:b5:f7:73:55:f4:e2:c1:57:8a:bf:
                    72:1a:24:29:bd:51:bb:45:74:00:a5:25:b7:47:d9:
                    e2:63:86:1e:dc:f2:93:87:f1:f0:d7:20:0d:1d:fc:
                    ad:72:db:86:6a:96:54:4d:48:1a:0c:62:f7:b9:96:
                    d6:e0:ff:fe:19:df:94:11:3f:a6:03:8e:2b:39:67:
                    b7:a2:76:d1:07:28:54:43:0e:d0:42:52:2f:e5:8b:
                    9c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:0B:84:AC:84:28:2F:CA:75:B6:D8:E5:F2:01:AB:58:9A:0E:67:06
            X509v3 Authority Key Identifier:
                keyid:92:56:DB:34:87:B4:C5:BA:CB:30:01:77:05:7C:F3:17:4C:F7:74:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klbbNIe0xbrLMAF3BXzzF0z3dHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/7b45b9-990b-4614-a64e-0f52ea5229fc/1/tQuErIQoL8p1ttjl8gGrWJoOZwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/7b45b9-990b-4614-a64e-0f52ea5229fc/1/klbbNIe0xbrLMAF3BXzzF0z3dHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.56.176.0/20
                  168.86.192.0/19
                  178.251.176.0/21
                  185.25.56.0/22
                  213.244.200.0/21
                IPv6:
                  2a03:e240::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:73:8c:7e:00:62:6a:ba:90:d2:98:51:b3:2e:6e:78:9f:89:
         8b:26:fd:77:16:a4:6c:bd:fc:77:63:da:dd:28:5a:25:f9:6c:
         bb:8f:e7:1f:c2:a5:a7:2f:84:62:4a:f4:72:4c:12:18:06:fb:
         63:58:a7:3d:9a:3e:94:1c:0e:31:40:6a:5c:8e:92:83:cc:da:
         01:ab:a6:f6:33:bf:89:b3:7a:32:b5:a0:91:0c:d3:fb:37:f9:
         d2:4f:1b:36:18:f9:e1:68:aa:55:47:88:75:90:7f:63:95:79:
         a8:0f:68:c2:8e:39:9a:a0:52:23:48:ac:f9:aa:af:01:6e:6d:
         c1:4c:17:4d:3c:0b:ba:c2:25:78:af:ce:c3:04:d2:2d:8e:36:
         26:1a:e0:8d:d2:7d:df:cc:b0:13:af:c1:57:20:8c:f7:a8:3c:
         f4:76:cd:5f:d4:ec:d9:ea:e6:b9:c5:b0:04:3a:24:42:1a:ef:
         92:6c:94:e1:30:c5:5b:03:17:53:e1:04:e2:84:09:8f:7f:2e:
         de:06:20:ba:b9:f4:05:f4:94:2e:05:69:0e:04:31:7b:11:67:
         ad:dd:97:50:02:65:cb:a3:89:92:9a:21:ac:4f:d5:be:9d:19:
         7b:69:ad:6e:34:41:18:56:b4:9a:66:5b:74:8a:8b:5c:6e:e1:
         f8:7c:52:dc
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVuSwg4IlPyi82sLeV4EUMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNTZkYjM0ODdiNGM1YmFjYjMwMDE3NzA1N2NmMzE3NGNm
Nzc0NzcwHhcNMjMwMTAxMTcwNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTBiODRhYzg0MjgyZmNhNzViNmQ4ZTVmMjAxYWI1ODlhMGU2NzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHXpCCNO6FpVQkc8DNGZ+S5JZrjJ
y9W1NCndLX+mps2oms9EVJSc+HPwK+fPrJYT6O/TxAlVGWn1/I6R63oKjPj08W50
AlB+76YH/S5I9Lx1O/F1OQ8n+Jv1m/O09I8fPuWnoErl0GOTp1OdK6JwbtsTAPxX
RsDkdGgSE5a+hfwnIoF0JtLLEfK5r7MHR8r8sFsLA5wmHOcUi/sws3tgvVpa5COI
u8TgULX3c1X04sFXir9yGiQpvVG7RXQApSW3R9niY4Ye3PKTh/Hw1yANHfytctuG
apZUTUgaDGL3uZbW4P/+Gd+UET+mA44rOWe3onbRByhUQw7QQlIv5Yuc1QIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFLULhKyEKC/KdbbY5fIBq1iaDmcGMB8GA1UdIwQY
MBaAFJJW2zSHtMW6yzABdwV88xdM93R3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2xiYk5JZTB4YnJMTUFGM0JYenpGMHozZEhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83YjQ1YjktOTkwYi00NjE0LWE2NGUt
MGY1MmVhNTIyOWZjLzEvdFF1RXJJUW9MOHAxdHRqbDhnR3JXSm9PWndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83YjQ1YjktOTkwYi00NjE0LWE2NGUtMGY1MmVhNTIyOWZj
LzEva2xiYk5JZTB4YnJMTUFGM0JYenpGMHozZEhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQEPjiwAwQF
qFbAAwQDsvuwAwQCuRk4AwQD1fTIMA0EAgACMAcDBQAqA+JAMA0GCSqGSIb3DQEB
CwUAA4IBAQBac4x+AGJqupDSmFGzLm54n4mLJv13FqRsvfx3Y9rdKFol+Wy7j+cf
wqWnL4RiSvRyTBIYBvtjWKc9mj6UHA4xQGpcjpKDzNoBq6b2M7+Js3oytaCRDNP7
N/nSTxs2GPnhaKpVR4h1kH9jlXmoD2jCjjmaoFIjSKz5qq8Bbm3BTBdNPAu6wiV4
r87DBNItjjYmGuCN0n3fzLATr8FXIIz3qDz0ds1f1OzZ6ua5xbAEOiRCGu+SbJTh
MMVbAxdT4QTihAmPfy7eBiC6ufQF9JQuBWkOBDF7EWet3ZdQAmXLo4mSmiGsT9W+
nRl7aa1uNEEYVrSaZlt0iotcbuH4fFLc
-----END CERTIFICATE-----