Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/YgQXCBh6jZndkAghoptwP7XGSao.roa
File:                     YgQXCBh6jZndkAghoptwP7XGSao.roa (raw, json)
Hash identifier:          YJLZkdep3mgq7xC42WIHcte75hj+zj7jSTwMAEm5J9w=
Subject key identifier:   62:04:17:08:18:7A:8D:99:DD:90:08:21:A2:9B:70:3F:B5:C6:49:AA
Certificate issuer:       /CN=9e30294b7e4645aaedb54672d48065b1b1cebc62
Certificate serial:       01856F797715E5ACA90601211AFF06964C90
Authority key identifier: 9E:30:29:4B:7E:46:45:AA:ED:B5:46:72:D4:80:65:B1:B1:CE:BC:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njApS35GRarttUZy1IBlsbHOvGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/YgQXCBh6jZndkAghoptwP7XGSao.roa
Signing time:             Sun 01 Jan 2023 22:35:09 +0000
ROA not before:           Sun 01 Jan 2023 22:35:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206123
IP address blocks:        45.131.168.0/22 maxlen: 24
                          109.106.16.0/23 maxlen: 24
                          185.195.196.0/22 maxlen: 24
                          109.106.18.0/23 maxlen: 24
                          185.211.92.0/22 maxlen: 24
                          93.115.211.0/24 maxlen: 24
                          185.254.118.0/23 maxlen: 24
                          171.22.12.0/22 maxlen: 24
                          93.115.253.0/24 maxlen: 24
                          2a0a:5ec0::/29 maxlen: 29
                          2a0d:c340::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 21 Apr 2023 06:36:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:79:77:15:e5:ac:a9:06:01:21:1a:ff:06:96:4c:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e30294b7e4645aaedb54672d48065b1b1cebc62
        Validity
            Not Before: Jan  1 22:35:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=62041708187a8d99dd900821a29b703fb5c649aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:14:eb:43:ba:13:8f:6a:f1:a6:cc:b6:b8:32:
                    7d:47:d3:fe:03:86:0d:7c:86:a9:50:fe:dc:ff:b8:
                    21:8e:46:7c:39:ae:16:83:ec:de:f5:a1:9a:86:19:
                    db:1f:9b:ce:38:8f:1d:a0:09:41:79:e5:67:1a:f7:
                    b2:6a:3f:89:ae:13:a7:c7:b9:c3:10:2c:d3:36:e8:
                    88:58:41:68:7c:c9:ea:6e:2c:d3:51:89:db:75:ef:
                    8b:ea:17:4d:7d:d5:2d:06:59:c9:46:27:19:ee:88:
                    a7:f1:4b:48:84:15:fb:8f:71:51:d0:94:b0:74:4d:
                    39:5d:37:13:87:b0:59:c1:5a:3a:f3:0b:e9:26:89:
                    60:e7:81:e8:fa:ce:d3:cc:bb:f0:fb:0a:6a:7d:b0:
                    27:6f:44:89:f7:61:90:22:5a:9b:61:64:57:21:d9:
                    d1:f5:7a:31:6e:dc:68:36:96:d9:f7:ee:b0:48:01:
                    c8:6b:5b:13:ec:f2:5d:b9:5d:ec:c3:45:e4:02:57:
                    9c:b2:13:31:d7:98:c1:a6:91:3b:99:d1:80:6f:67:
                    4c:3f:b1:51:e5:a7:1e:a3:68:db:15:7a:fd:4e:17:
                    8a:6b:f0:a8:24:77:91:34:02:45:b9:27:f8:ae:6e:
                    26:bf:9d:61:53:80:8c:37:c1:00:8c:27:2d:ea:ab:
                    51:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:04:17:08:18:7A:8D:99:DD:90:08:21:A2:9B:70:3F:B5:C6:49:AA
            X509v3 Authority Key Identifier:
                keyid:9E:30:29:4B:7E:46:45:AA:ED:B5:46:72:D4:80:65:B1:B1:CE:BC:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njApS35GRarttUZy1IBlsbHOvGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/YgQXCBh6jZndkAghoptwP7XGSao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/44e893-9247-452e-9f67-6913387b8083/1/njApS35GRarttUZy1IBlsbHOvGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.168.0/22
                  93.115.211.0/24
                  93.115.253.0/24
                  109.106.16.0/22
                  171.22.12.0/22
                  185.195.196.0/22
                  185.211.92.0/22
                  185.254.118.0/23
                IPv6:
                  2a0a:5ec0::/29
                  2a0d:c340::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:9c:e4:41:33:0a:8b:35:98:01:af:b0:ae:c9:f5:0b:fe:f2:
         ff:03:de:32:2c:28:7f:5a:7c:58:7c:36:0d:10:ef:b8:02:98:
         d0:99:84:0d:93:37:f4:1f:b4:36:a1:85:61:ec:99:b6:af:da:
         c3:21:43:08:20:5d:6f:f7:94:6b:02:e1:b7:ed:cf:13:c6:06:
         77:04:88:b7:dc:5b:6f:e3:58:3e:ab:12:dc:90:96:0f:b6:6c:
         bb:a2:f3:e8:43:89:7a:0e:c3:dd:cc:84:f8:36:5d:80:64:9e:
         f9:ca:cb:12:95:00:eb:db:92:3e:2d:d8:34:ae:cf:a8:48:a0:
         55:56:f1:f1:a1:8f:b1:25:4a:26:72:8f:ff:44:b8:2f:70:be:
         68:3c:81:75:54:e4:37:aa:3c:1d:97:8c:bb:64:b5:19:76:85:
         8c:fb:79:e8:8b:7a:16:88:00:d3:08:dd:aa:36:d5:6f:de:74:
         b3:47:e0:dd:84:b2:2a:4c:81:84:6f:ce:6c:ed:20:2c:58:b7:
         56:1e:a3:8f:14:14:86:a6:b8:ba:12:50:79:8c:5a:bb:0e:ff:
         46:58:2a:b7:54:bf:9d:b8:fd:c5:b5:e2:85:11:9b:3a:10:70:
         cf:a7:47:f9:7c:91:03:ec:1f:f1:01:c6:1a:68:e2:ce:e4:75:
         58:66:ea:be
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVveXcV5aypBgEhGv8GlkyQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzAyOTRiN2U0NjQ1YWFlZGI1NDY3MmQ0ODA2NWIxYjFj
ZWJjNjIwHhcNMjMwMTAxMjIzNTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjA0MTcwODE4N2E4ZDk5ZGQ5MDA4MjFhMjliNzAzZmI1YzY0OWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxTrQ7oTj2rxpsy2uDJ9R9P+A4YN
fIapUP7c/7ghjkZ8Oa4Wg+ze9aGahhnbH5vOOI8doAlBeeVnGveyaj+JrhOnx7nD
ECzTNuiIWEFofMnqbizTUYnbde+L6hdNfdUtBlnJRicZ7oin8UtIhBX7j3FR0JSw
dE05XTcTh7BZwVo68wvpJolg54Ho+s7TzLvw+wpqfbAnb0SJ92GQIlqbYWRXIdnR
9XoxbtxoNpbZ9+6wSAHIa1sT7PJduV3sw0XkAlecshMx15jBppE7mdGAb2dMP7FR
5aceo2jbFXr9TheKa/CoJHeRNAJFuSf4rm4mv51hU4CMN8EAjCct6qtRkQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFGIEFwgYeo2Z3ZAIIaKbcD+1xkmqMB8GA1UdIwQY
MBaAFJ4wKUt+RkWq7bVGctSAZbGxzrxiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpBcFMzNUdSYXJ0dFVaeTFJQmxzYkhPdkdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC80NGU4OTMtOTI0Ny00NTJlLTlmNjct
NjkxMzM4N2I4MDgzLzEvWWdRWENCaDZqWm5ka0FnaG9wdHdQN1hHU2FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC80NGU4OTMtOTI0Ny00NTJlLTlmNjctNjkxMzM4N2I4MDgz
LzEvbmpBcFMzNUdSYXJ0dFVaeTFJQmxzYkhPdkdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQCLYOoAwQA
XXPTAwQAXXP9AwQCbWoQAwQCqxYMAwQCucPEAwQCudNcAwQBuf52MBQEAgACMA4D
BQMqCl7AAwUDKg3DQDANBgkqhkiG9w0BAQsFAAOCAQEAdJzkQTMKizWYAa+wrsn1
C/7y/wPeMiwof1p8WHw2DRDvuAKY0JmEDZM39B+0NqGFYeyZtq/awyFDCCBdb/eU
awLht+3PE8YGdwSIt9xbb+NYPqsS3JCWD7Zsu6Lz6EOJeg7D3cyE+DZdgGSe+crL
EpUA69uSPi3YNK7PqEigVVbx8aGPsSVKJnKP/0S4L3C+aDyBdVTkN6o8HZeMu2S1
GXaFjPt56It6FogA0wjdqjbVb950s0fg3YSyKkyBhG/ObO0gLFi3Vh6jjxQUhqa4
uhJQeYxauw7/Rlgqt1S/nbj9xbXihRGbOhBwz6dH+XyRA+wf8QHGGmjizuR1WGbq
vg==
-----END CERTIFICATE-----