Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/3FyEzfEheKA7oXq271dhpEHaMWQ.roa
File:                     3FyEzfEheKA7oXq271dhpEHaMWQ.roa (raw, json)
Hash identifier:          7kCJ3Scr32wdqc9QEwst/IoIsBq1hO60WBAohEgqM70=
Subject key identifier:   DC:5C:84:CD:F1:21:78:A0:3B:A1:7A:B6:EF:57:61:A4:41:DA:31:64
Certificate issuer:       /CN=797a48cc13e200e2d3f38af83318d1bcaf6f6331
Certificate serial:       0187DB539EDB6CC37B3D608E3191F1166D93
Authority key identifier: 79:7A:48:CC:13:E2:00:E2:D3:F3:8A:F8:33:18:D1:BC:AF:6F:63:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXpIzBPiAOLT84r4MxjRvK9vYzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/3FyEzfEheKA7oXq271dhpEHaMWQ.roa
Signing time:             Tue 02 May 2023 07:18:22 +0000
ROA not before:           Tue 02 May 2023 07:18:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41678
IP address blocks:        89.185.129.0/24 maxlen: 24
                          89.185.128.0/21 maxlen: 21
                          194.46.152.0/22 maxlen: 22
                          89.185.136.0/21 maxlen: 21
                          89.185.144.0/20 maxlen: 20
                          89.185.143.0/24 maxlen: 24
                          194.46.161.0/24 maxlen: 24
                          194.46.160.0/24 maxlen: 24
                          194.46.164.0/22 maxlen: 22
                          89.185.154.0/24 maxlen: 24
                          89.185.157.0/24 maxlen: 24
                          212.108.64.0/20 maxlen: 20
                          212.108.77.0/24 maxlen: 24
                          194.46.0.0/19 maxlen: 19
                          212.108.94.0/24 maxlen: 24
                          212.108.92.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:db:53:9e:db:6c:c3:7b:3d:60:8e:31:91:f1:16:6d:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=797a48cc13e200e2d3f38af83318d1bcaf6f6331
        Validity
            Not Before: May  2 07:18:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc5c84cdf12178a03ba17ab6ef5761a441da3164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:32:5f:df:89:86:70:55:93:cb:b5:15:6e:7d:
                    14:0d:91:f1:ba:05:77:7a:bf:ac:0b:ef:9f:1a:37:
                    b5:68:eb:65:ca:3a:ce:bc:9e:89:d3:4f:79:7d:04:
                    84:6c:7d:e5:63:d8:d9:4a:5e:aa:8f:97:c0:38:34:
                    12:b2:4c:aa:89:0b:43:d2:b9:78:93:24:f2:b9:ce:
                    0b:7c:76:9c:55:7f:5a:08:88:15:fd:bc:7e:06:81:
                    ee:fc:d0:a8:36:dc:92:7a:1f:21:6a:5e:e3:a5:da:
                    e1:d1:a2:e4:fa:f4:1a:5d:e3:68:fb:4e:e4:2f:1b:
                    27:fa:20:99:73:4d:7a:5e:3e:63:b7:2b:46:54:29:
                    8d:0a:2b:d2:f7:40:f0:50:57:3a:45:a6:9a:7e:f0:
                    7e:23:1e:34:34:43:68:85:f5:4b:b2:3a:10:65:c6:
                    dd:09:ff:e6:95:87:b2:00:70:3f:d9:d0:48:01:ce:
                    0c:29:ec:61:b3:34:f1:d9:fc:43:f6:cf:96:b6:94:
                    78:d5:e2:41:03:f2:e3:55:22:21:b2:bf:cd:b5:5a:
                    1e:d2:43:54:31:4a:a4:ec:b4:c8:64:56:06:51:3f:
                    9b:e5:8e:1e:f8:63:24:96:a9:a7:ca:8e:7e:ca:67:
                    9c:c6:0e:d6:b5:28:35:c3:3a:d6:ba:06:ce:02:46:
                    e3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:5C:84:CD:F1:21:78:A0:3B:A1:7A:B6:EF:57:61:A4:41:DA:31:64
            X509v3 Authority Key Identifier:
                keyid:79:7A:48:CC:13:E2:00:E2:D3:F3:8A:F8:33:18:D1:BC:AF:6F:63:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXpIzBPiAOLT84r4MxjRvK9vYzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/3FyEzfEheKA7oXq271dhpEHaMWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b9cea0-6928-4584-b321-7d7f4b634849/1/eXpIzBPiAOLT84r4MxjRvK9vYzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.128.0/19
                  194.46.0.0/19
                  194.46.152.0/22
                  194.46.160.0/23
                  194.46.164.0/22
                  212.108.64.0/20
                  212.108.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d6:4b:f5:bf:30:d5:03:f8:4c:c4:95:3e:cd:1e:98:9b:12:19:
         1e:b3:b5:8b:96:ae:7f:e4:26:11:70:f9:f1:30:45:8a:d2:40:
         a5:42:3f:f8:2a:f9:90:87:a5:1c:80:51:9b:f5:2a:f1:3f:f1:
         c8:82:19:37:3f:a6:78:67:29:df:74:e2:e6:79:d8:eb:c3:86:
         14:e5:c5:54:ea:dc:7f:b6:c7:fa:e3:a4:a1:51:af:c2:64:99:
         58:3f:fa:9d:d7:c6:1b:cf:5c:4b:b2:01:20:30:4e:e0:01:dc:
         cf:4a:59:d2:01:6d:88:f8:b1:67:41:a8:82:21:15:2f:74:f0:
         9a:45:c8:fd:32:d7:e0:e4:68:54:86:ce:60:05:2b:88:0c:27:
         ff:09:ab:2a:7e:c4:fa:30:cf:d2:f4:45:19:b0:84:a9:e2:4c:
         cd:0e:9a:12:d8:ab:a1:1b:72:0c:01:89:2c:cc:ef:7e:70:ad:
         54:c4:22:4e:f6:6a:80:07:18:11:20:a1:28:c4:88:71:87:8a:
         ce:dd:23:fe:64:9c:ff:40:f6:5c:21:6d:67:05:dd:6b:fb:f3:
         4b:bb:b0:f4:1e:70:b3:a6:c2:0f:9c:6b:c6:5b:93:39:3f:58:
         dc:36:82:0b:1a:c9:6a:05:57:ef:02:e9:a9:94:cb:d4:a2:c6:
         76:39:47:c1
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYfbU57bbMN7PWCOMZHxFm2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5N2E0OGNjMTNlMjAwZTJkM2YzOGFmODMzMThkMWJjYWY2
ZjYzMzEwHhcNMjMwNTAyMDcxODIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzVjODRjZGYxMjE3OGEwM2JhMTdhYjZlZjU3NjFhNDQxZGEzMTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DJf34mGcFWTy7UVbn0UDZHxugV3
er+sC++fGje1aOtlyjrOvJ6J0095fQSEbH3lY9jZSl6qj5fAODQSskyqiQtD0rl4
kyTyuc4LfHacVX9aCIgV/bx+BoHu/NCoNtySeh8hal7jpdrh0aLk+vQaXeNo+07k
Lxsn+iCZc016Xj5jtytGVCmNCivS90DwUFc6RaaafvB+Ix40NENohfVLsjoQZcbd
Cf/mlYeyAHA/2dBIAc4MKexhszTx2fxD9s+WtpR41eJBA/LjVSIhsr/NtVoe0kNU
MUqk7LTIZFYGUT+b5Y4e+GMklqmnyo5+ymecxg7WtSg1wzrWugbOAkbjGQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNxchM3xIXigO6F6tu9XYaRB2jFkMB8GA1UdIwQY
MBaAFHl6SMwT4gDi0/OK+DMY0byvb2MxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhwSXpCUGlBT0xUODRyNE14alJ2Szl2WXpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iOWNlYTAtNjkyOC00NTg0LWIzMjEt
N2Q3ZjRiNjM0ODQ5LzEvM0Z5RXpmRWhlS0E3b1hxMjcxZGhwRUhhTVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iOWNlYTAtNjkyOC00NTg0LWIzMjEtN2Q3ZjRiNjM0ODQ5
LzEvZVhwSXpCUGlBT0xUODRyNE14alJ2Szl2WXpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQFWbmAAwQF
wi4AAwQCwi6YAwQBwi6gAwQCwi6kAwQE1GxAAwQC1GxcMA0GCSqGSIb3DQEBCwUA
A4IBAQDWS/W/MNUD+EzElT7NHpibEhkes7WLlq5/5CYRcPnxMEWK0kClQj/4KvmQ
h6UcgFGb9SrxP/HIghk3P6Z4ZynfdOLmedjrw4YU5cVU6tx/tsf646ShUa/CZJlY
P/qd18Ybz1xLsgEgME7gAdzPSlnSAW2I+LFnQaiCIRUvdPCaRcj9Mtfg5GhUhs5g
BSuIDCf/CasqfsT6MM/S9EUZsISp4kzNDpoS2KuhG3IMAYkszO9+cK1UxCJO9mqA
BxgRIKEoxIhxh4rO3SP+ZJz/QPZcIW1nBd1r+/NLu7D0HnCzpsIPnGvGW5M5P1jc
NoILGslqBVfvAumplMvUosZ2OUfB
-----END CERTIFICATE-----