Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/PCflxXS21jHOo1cxRkQd0_XuJ1U.roa
File:                     PCflxXS21jHOo1cxRkQd0_XuJ1U.roa (raw, json)
Hash identifier:          2XSMP7sQVmtggcjyopLjFm09FccdOHQjPM5tmaMFQkQ=
Subject key identifier:   3C:27:E5:C5:74:B6:D6:31:CE:A3:57:31:46:44:1D:D3:F5:EE:27:55
Certificate issuer:       /CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
Certificate serial:       0187E0C6E2D08C2B615FC1D6DA004F9B3FE7
Authority key identifier: D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/PCflxXS21jHOo1cxRkQd0_XuJ1U.roa
Signing time:             Wed 03 May 2023 08:42:23 +0000
ROA not before:           Wed 03 May 2023 08:42:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203020
IP address blocks:        83.229.66.0/24 maxlen: 32
                          193.32.96.0/23 maxlen: 32
                          193.32.98.0/23 maxlen: 32
                          80.240.98.0/23 maxlen: 32
                          217.194.136.0/23 maxlen: 32
                          217.194.136.0/24 maxlen: 32
                          193.47.56.0/22 maxlen: 32
                          195.216.128.0/22 maxlen: 32
                          103.14.104.0/22 maxlen: 32
                          194.99.60.0/23 maxlen: 32
                          194.99.62.0/23 maxlen: 32
                          212.103.56.0/22 maxlen: 32
                          185.18.40.0/22 maxlen: 32
                          31.12.76.0/23 maxlen: 32
                          31.12.78.0/23 maxlen: 32
                          46.149.160.0/22 maxlen: 32

Validation:               Failed, certificate revoked on Thu 22 Jun 2023 18:21:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e0:c6:e2:d0:8c:2b:61:5f:c1:d6:da:00:4f:9b:3f:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
        Validity
            Not Before: May  3 08:42:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c27e5c574b6d631cea3573146441dd3f5ee2755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ce:84:eb:5e:2f:9b:f7:c8:af:36:27:79:3a:
                    c7:db:16:26:fa:f6:a2:41:ce:61:42:25:f0:1d:6d:
                    e4:de:12:20:22:b0:ba:45:f2:4a:1a:77:54:0f:c4:
                    ef:bb:39:89:8d:c9:1b:09:d0:ec:c3:eb:2c:47:b1:
                    ca:5c:d9:ab:fe:16:dc:09:ba:c4:13:ef:b3:57:88:
                    82:f8:67:b5:9e:28:4f:4b:66:f9:91:3b:e6:64:ca:
                    20:57:89:f9:59:47:ac:03:6a:e5:bc:34:7c:97:cf:
                    9e:4c:1a:be:6f:67:4c:50:41:a6:a6:a3:94:fd:e4:
                    33:3d:3e:27:a9:39:9f:90:8b:1e:70:16:93:a3:d1:
                    d2:66:2f:a6:38:0d:d5:a7:c8:40:7d:67:a8:9e:80:
                    1d:f5:d5:b8:0b:66:b7:b5:91:40:51:ad:00:bd:9a:
                    ad:31:97:ff:f8:c7:21:cf:54:c6:11:90:6c:d2:51:
                    bb:ea:48:34:89:27:06:d1:11:1f:b2:bc:87:65:ab:
                    3f:12:4e:3d:fc:3d:26:8e:77:a2:de:f2:1e:a1:e9:
                    2a:cc:08:d6:52:15:44:2f:66:ba:4e:03:46:7a:e1:
                    9f:f2:a2:93:a4:f1:3c:64:cc:61:3e:33:c0:82:f8:
                    a9:64:da:1d:57:4b:99:1d:54:8a:33:e5:28:5a:12:
                    c1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:27:E5:C5:74:B6:D6:31:CE:A3:57:31:46:44:1D:D3:F5:EE:27:55
            X509v3 Authority Key Identifier:
                keyid:D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/PCflxXS21jHOo1cxRkQd0_XuJ1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.12.76.0/22
                  46.149.160.0/22
                  80.240.98.0/23
                  83.229.66.0/24
                  103.14.104.0/22
                  185.18.40.0/22
                  193.32.96.0/22
                  193.47.56.0/22
                  194.99.60.0/22
                  195.216.128.0/22
                  212.103.56.0/22
                  217.194.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:ad:02:7a:3a:b0:f5:5c:e1:5b:2f:4a:21:10:d3:90:4e:ac:
         fa:dc:62:c5:90:00:9f:00:8d:01:d1:9e:56:1d:a7:c8:fb:1e:
         e0:88:15:48:ea:11:77:49:e6:ef:33:12:72:21:a8:57:c3:07:
         d3:33:5b:47:db:72:1a:4c:29:af:6f:1a:00:5f:34:4f:8f:92:
         fd:f6:74:a6:8f:a9:c7:0a:e9:f3:b0:b4:85:70:58:1c:76:f2:
         50:9c:ab:b8:4d:f6:cb:36:9d:6c:c9:d2:62:16:e1:5f:9b:d7:
         9f:48:a0:04:81:19:56:7a:a9:6e:db:d1:bf:e9:c3:e1:6b:37:
         c9:04:a8:54:79:71:ea:c0:8d:d2:45:17:f0:33:4d:17:97:ae:
         96:c9:1d:b6:9d:bb:22:7f:e8:49:7e:f0:6d:f1:43:7f:4e:2b:
         0d:c7:d9:c0:7b:ac:85:61:4f:f6:45:b5:d1:f8:7a:ef:55:4f:
         f5:01:f4:6e:89:23:7a:58:ec:8a:db:81:f5:f6:63:8d:b1:89:
         7a:4f:94:79:69:a4:47:db:42:1f:0f:0b:2b:ba:b7:ca:b7:4d:
         e9:11:dd:c3:a0:6c:4d:2b:bd:d9:2b:09:af:43:34:22:6d:98:
         d2:c0:ce:c0:80:49:b3:3c:9d:dc:81:43:70:45:67:80:40:26:
         6a:ac:68:60
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYfgxuLQjCthX8HW2gBPmz/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDYzMTU2YzE4MzZmMTZjM2I0MzBlZmZiYjcyYWM2OTkz
MmVhOWIwHhcNMjMwNTAzMDg0MjIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzI3ZTVjNTc0YjZkNjMxY2VhMzU3MzE0NjQ0MWRkM2Y1ZWUyNzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAls6E614vm/fIrzYneTrH2xYm+vai
Qc5hQiXwHW3k3hIgIrC6RfJKGndUD8TvuzmJjckbCdDsw+ssR7HKXNmr/hbcCbrE
E++zV4iC+Ge1nihPS2b5kTvmZMogV4n5WUesA2rlvDR8l8+eTBq+b2dMUEGmpqOU
/eQzPT4nqTmfkIsecBaTo9HSZi+mOA3Vp8hAfWeonoAd9dW4C2a3tZFAUa0AvZqt
MZf/+Mchz1TGEZBs0lG76kg0iScG0REfsryHZas/Ek49/D0mjnei3vIeoekqzAjW
UhVEL2a6TgNGeuGf8qKTpPE8ZMxhPjPAgvipZNodV0uZHVSKM+UoWhLB4wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFDwn5cV0ttYxzqNXMUZEHdP17idVMB8GA1UdIwQY
MBaAFNnWMVbBg28Ww7Qw7/u3KsaZMuqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMt
ZmRhMDExZTVjOTcyLzEvUENmbHhYUzIxakhPbzFjeFJrUWQwX1h1SjFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMtZmRhMDExZTVjOTcy
LzEvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCHwxMAwQC
LpWgAwQBUPBiAwQAU+VCAwQCZw5oAwQCuRIoAwQCwSBgAwQCwS84AwQCwmM8AwQC
w9iAAwQC1Gc4AwQB2cKIMA0GCSqGSIb3DQEBCwUAA4IBAQBWrQJ6OrD1XOFbL0oh
ENOQTqz63GLFkACfAI0B0Z5WHafI+x7giBVI6hF3SebvMxJyIahXwwfTM1tH23Ia
TCmvbxoAXzRPj5L99nSmj6nHCunzsLSFcFgcdvJQnKu4TfbLNp1sydJiFuFfm9ef
SKAEgRlWeqlu29G/6cPhazfJBKhUeXHqwI3SRRfwM00Xl66WyR22nbsif+hJfvBt
8UN/TisNx9nAe6yFYU/2RbXR+HrvVU/1AfRuiSN6WOyK24H19mONsYl6T5R5aaRH
20IfDwsrurfKt03pEd3DoGxNK73ZKwmvQzQibZjSwM7AgEmzPJ3cgUNwRWeAQCZq
rGhg
-----END CERTIFICATE-----