Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/MC0YTSTspgLYv8LfMUn8MDX_URM.roa
File:                     MC0YTSTspgLYv8LfMUn8MDX_URM.roa (raw, json)
Hash identifier:          j3Q3xYahwZqNIF1mSzZVWgeiJjkX7K14McBIYWHUd0M=
Subject key identifier:   30:2D:18:4D:24:EC:A6:02:D8:BF:C2:DF:31:49:FC:30:35:FF:51:13
Certificate issuer:       /CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
Certificate serial:       0189FB467EC1B5A7CB4FA44DE0D19F2130EE
Authority key identifier: 19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/MC0YTSTspgLYv8LfMUn8MDX_URM.roa
Signing time:             Tue 15 Aug 2023 22:17:28 +0000
ROA not before:           Tue 15 Aug 2023 22:17:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13213
IP address blocks:        176.67.160.0/20 maxlen: 24
                          185.7.224.0/22 maxlen: 24
                          176.67.169.0/24 maxlen: 24
                          176.67.172.0/22 maxlen: 24
                          109.123.64.0/18 maxlen: 24
                          83.170.64.0/18 maxlen: 24
                          82.163.72.0/21 maxlen: 24
                          88.202.224.0/21 maxlen: 24
                          77.92.64.0/19 maxlen: 24
                          31.24.224.0/21 maxlen: 24
                          91.109.240.0/21 maxlen: 24
                          37.123.112.0/21 maxlen: 24
                          46.23.64.0/20 maxlen: 24
                          46.23.74.0/24 maxlen: 24
                          88.202.176.0/20 maxlen: 24
                          2a02:2498:8000::/40 maxlen: 40
                          2a02:2498::/32 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:fb:46:7e:c1:b5:a7:cb:4f:a4:4d:e0:d1:9f:21:30:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ffff289f2dad0fc08456b0bad54d7ba449a492
        Validity
            Not Before: Aug 15 22:17:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=302d184d24eca602d8bfc2df3149fc3035ff5113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:36:ba:2f:f8:16:f4:f7:b8:c3:be:b9:df:9c:
                    18:4b:58:93:55:d6:b9:0c:52:3d:45:f2:73:24:8a:
                    a3:4d:cf:ee:16:05:ea:7e:36:1b:5a:50:64:5b:74:
                    6e:e8:9a:0b:05:fd:6e:73:15:8c:07:5e:98:7d:fd:
                    d9:b9:cc:0a:53:d2:cb:fc:f6:3b:e9:42:78:f7:09:
                    2d:78:6f:2d:8e:df:1c:6f:00:c9:66:ad:98:66:35:
                    72:b5:1e:1a:9e:2c:ae:78:c4:e2:11:d1:dc:f9:f6:
                    12:e5:8b:5e:d2:6d:4d:cc:90:46:d7:b4:8e:bb:ea:
                    45:b3:49:07:cd:37:33:ec:49:53:24:65:eb:41:e4:
                    6c:d8:21:67:1f:2f:7f:76:b7:5e:4f:f0:57:f9:d4:
                    3b:39:36:1d:28:62:7e:1d:aa:70:05:2f:9f:45:12:
                    f2:c8:ae:d7:d6:13:db:c1:96:4c:05:0a:81:1e:f5:
                    f5:79:62:b4:b3:e3:7d:f4:62:77:81:14:05:3e:9b:
                    86:bb:04:5a:fc:7e:58:1e:f2:5b:9f:16:1e:89:8b:
                    e5:93:71:ca:47:31:ce:bf:75:5a:0a:1b:46:0a:c7:
                    1b:87:c0:f4:c4:b9:7f:72:cf:4b:8a:9d:a8:f3:ff:
                    de:6c:ee:30:f2:49:d7:6c:8e:5f:b0:8a:24:71:73:
                    b2:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:2D:18:4D:24:EC:A6:02:D8:BF:C2:DF:31:49:FC:30:35:FF:51:13
            X509v3 Authority Key Identifier:
                keyid:19:FF:FF:28:9F:2D:AD:0F:C0:84:56:B0:BA:D5:4D:7B:A4:49:A4:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gf__KJ8trQ_AhFawutVNe6RJpJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/MC0YTSTspgLYv8LfMUn8MDX_URM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c11c87-efbb-45e8-9b03-d525718aa44a/1/Gf__KJ8trQ_AhFawutVNe6RJpJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.224.0/21
                  37.123.112.0/21
                  46.23.64.0/20
                  77.92.64.0/19
                  82.163.72.0/21
                  83.170.64.0/18
                  88.202.176.0/20
                  88.202.224.0/21
                  91.109.240.0/21
                  109.123.64.0/18
                  176.67.160.0/20
                  185.7.224.0/22
                IPv6:
                  2a02:2498::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:f8:c3:bb:70:36:6e:4a:7a:77:21:0c:9f:8a:e8:e8:88:56:
         a6:dd:de:f8:a6:0d:52:d8:7e:f2:a3:d7:05:10:83:4f:3d:aa:
         52:3c:8d:48:58:06:c1:bf:52:e5:85:ef:df:d9:36:7b:fb:31:
         ef:d6:a2:9d:06:d1:38:00:97:13:44:36:bd:eb:ef:40:77:ff:
         f4:c6:61:bc:c8:50:dc:e1:12:1e:ee:df:76:e1:65:d0:c5:a8:
         72:3d:14:26:fa:e2:21:26:54:cf:5d:af:33:46:3c:61:6e:2c:
         28:52:e0:40:28:b8:4d:c0:45:97:98:a9:1d:ea:e3:0e:db:a2:
         a8:90:24:14:81:c8:93:4d:67:75:1e:ef:31:5b:2e:85:1c:e6:
         a2:7f:4e:55:ed:7b:cb:e0:49:f7:cd:70:11:a3:4b:05:aa:b9:
         91:ae:1f:99:5f:b2:a7:60:56:a5:eb:ee:03:ef:50:f4:58:ca:
         77:d5:a7:2f:0f:b7:de:0c:4f:70:1e:55:75:9e:8a:69:72:bd:
         46:30:4b:83:17:63:f0:8d:f6:9f:6b:8a:79:c8:34:08:50:60:
         9a:90:b3:c9:17:55:10:cd:b2:93:6b:56:f0:2e:6f:13:d1:4f:
         b7:8d:2a:fc:0e:90:a8:e7:2c:41:27:dc:b4:8e:9d:df:48:38:
         c7:8f:36:cd
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYn7Rn7BtafLT6RN4NGfITDuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZmZmZjI4OWYyZGFkMGZjMDg0NTZiMGJhZDU0ZDdiYTQ0
OWE0OTIwHhcNMjMwODE1MjIxNzI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDJkMTg0ZDI0ZWNhNjAyZDhiZmMyZGYzMTQ5ZmMzMDM1ZmY1MTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDa6L/gW9Pe4w76535wYS1iTVda5
DFI9RfJzJIqjTc/uFgXqfjYbWlBkW3Ru6JoLBf1ucxWMB16Yff3ZucwKU9LL/PY7
6UJ49wkteG8tjt8cbwDJZq2YZjVytR4aniyueMTiEdHc+fYS5Yte0m1NzJBG17SO
u+pFs0kHzTcz7ElTJGXrQeRs2CFnHy9/drdeT/BX+dQ7OTYdKGJ+HapwBS+fRRLy
yK7X1hPbwZZMBQqBHvX1eWK0s+N99GJ3gRQFPpuGuwRa/H5YHvJbnxYeiYvlk3HK
RzHOv3VaChtGCscbh8D0xLl/cs9Lip2o8//ebO4w8knXbI5fsIokcXOyvwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFDAtGE0k7KYC2L/C3zFJ/DA1/1ETMB8GA1UdIwQY
MBaAFBn//yifLa0PwIRWsLrVTXukSaSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMt
ZDUyNTcxOGFhNDRhLzEvTUMwWVRTVHNwZ0xZdjhMZk1VbjhNRFhfVVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMTFjODctZWZiYi00NWU4LTliMDMtZDUyNTcxOGFhNDRh
LzEvR2ZfX0tKOHRyUV9BaEZhd3V0Vk5lNlJKcEpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDHxjgAwQD
JXtwAwQELhdAAwQFTVxAAwQDUqNIAwQGU6pAAwQEWMqwAwQDWMrgAwQDW23wAwQG
bXtAAwQEsEOgAwQCuQfgMA0EAgACMAcDBQAqAiSYMA0GCSqGSIb3DQEBCwUAA4IB
AQBK+MO7cDZuSnp3IQyfiujoiFam3d74pg1S2H7yo9cFEINPPapSPI1IWAbBv1Ll
he/f2TZ7+zHv1qKdBtE4AJcTRDa96+9Ad//0xmG8yFDc4RIe7t924WXQxahyPRQm
+uIhJlTPXa8zRjxhbiwoUuBAKLhNwEWXmKkd6uMO26KokCQUgciTTWd1Hu8xWy6F
HOaif05V7XvL4En3zXARo0sFqrmRrh+ZX7KnYFal6+4D71D0WMp31acvD7feDE9w
HlV1noppcr1GMEuDF2Pwjfafa4p5yDQIUGCakLPJF1UQzbKTa1bwLm8T0U+3jSr8
DpCo5yxBJ9y0jp3fSDjHjzbN
-----END CERTIFICATE-----