Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/AdQbvPuLt7cnaCRsmhU3xMXZEko.roa
File:                     AdQbvPuLt7cnaCRsmhU3xMXZEko.roa (raw, json)
Hash identifier:          gYDRoBEAezxEpFCcp8UKsDUqJuoSbS8hrd2sW7JgCD4=
Subject key identifier:   01:D4:1B:BC:FB:8B:B7:B7:27:68:24:6C:9A:15:37:C4:C5:D9:12:4A
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018A8945D6890DA4B5A41D6B1DD1C6FAA7F5
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/AdQbvPuLt7cnaCRsmhU3xMXZEko.roa
Signing time:             Tue 12 Sep 2023 12:02:50 +0000
ROA not before:           Tue 12 Sep 2023 12:02:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34918
IP address blocks:        85.9.96.0/20 maxlen: 20
                          85.9.96.0/21 maxlen: 21
                          85.9.104.0/21 maxlen: 21
                          85.9.106.0/24 maxlen: 24
                          185.126.3.0/24 maxlen: 24
                          185.126.2.0/24 maxlen: 24
                          185.126.4.0/24 maxlen: 24
                          185.126.0.0/24 maxlen: 24
                          185.126.0.0/22 maxlen: 22
                          185.126.0.0/20 maxlen: 20
                          185.126.1.0/24 maxlen: 24
                          185.126.0.0/21 maxlen: 21
                          185.126.10.0/24 maxlen: 24
                          185.126.9.0/24 maxlen: 24
                          185.126.11.0/24 maxlen: 24
                          185.126.7.0/24 maxlen: 24
                          185.126.6.0/24 maxlen: 24
                          185.126.8.0/24 maxlen: 24
                          185.126.8.0/21 maxlen: 21
                          185.126.5.0/24 maxlen: 24
                          185.126.13.0/24 maxlen: 24
                          185.126.15.0/24 maxlen: 24
                          185.126.14.0/24 maxlen: 24
                          185.126.12.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:89:45:d6:89:0d:a4:b5:a4:1d:6b:1d:d1:c6:fa:a7:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Sep 12 12:02:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=01d41bbcfb8bb7b72768246c9a1537c4c5d9124a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:38:ce:26:fb:7d:65:59:7c:4b:1e:cb:b5:49:
                    69:3d:44:2b:b9:15:ae:02:f5:8d:80:ff:7f:49:1a:
                    48:84:d3:30:1c:ea:55:ff:8e:22:dd:ac:4d:47:fa:
                    3f:b2:7d:2c:63:7b:c7:26:f6:4d:e1:ae:5f:16:c5:
                    5b:c5:26:c3:f8:88:70:cb:e9:90:67:e8:62:04:11:
                    52:d7:f2:79:47:0b:67:29:43:66:c1:58:17:06:1c:
                    85:ba:55:8a:5f:d0:69:09:3a:46:e6:96:f5:b1:4d:
                    e5:64:6e:a8:e9:75:d3:1b:c7:b7:ae:d4:8d:55:80:
                    dc:8a:18:a4:78:87:6f:23:be:30:c6:71:94:6d:d2:
                    7c:f7:13:99:f4:ae:ec:c9:d0:89:4e:16:78:d8:4d:
                    11:46:ae:57:81:c8:5a:35:fa:a6:02:07:f0:f0:23:
                    01:7e:aa:7c:9e:34:18:30:02:f4:cb:d8:f3:50:58:
                    0f:94:e8:e4:ab:b3:bb:ee:6d:8f:80:0a:41:4e:36:
                    eb:a3:3e:d2:51:36:60:39:ed:d9:6f:fd:ac:c5:6f:
                    21:56:d7:77:5a:ce:7c:fa:58:74:9c:5d:d5:a9:e0:
                    5b:31:cd:87:a1:22:e9:ad:b1:78:e5:44:0d:4a:09:
                    69:66:5c:c9:1d:36:f5:02:69:00:09:f1:98:37:72:
                    a4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:D4:1B:BC:FB:8B:B7:B7:27:68:24:6C:9A:15:37:C4:C5:D9:12:4A
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/AdQbvPuLt7cnaCRsmhU3xMXZEko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.9.96.0/20
                  185.126.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3b:7a:0b:a6:d7:a1:dc:79:7e:12:37:5b:ef:66:52:eb:62:19:
         d3:41:20:05:1c:91:19:9f:7a:1e:ad:f9:dd:cc:6c:cf:48:5d:
         0b:f7:26:d9:c1:d1:33:9e:5f:e5:fe:54:b5:c5:a9:46:e0:bb:
         69:50:dd:95:92:47:91:3c:47:f0:3a:1b:f5:f3:84:60:6d:70:
         53:e1:d0:ae:4b:c0:41:cf:f3:03:b8:2f:55:5a:6d:58:e2:23:
         ef:bd:2e:ec:f7:23:27:78:2f:c4:68:72:cf:72:23:2c:6c:89:
         07:b7:9d:8f:95:6a:4d:86:aa:6b:f1:85:15:e5:34:a8:b6:c5:
         e5:4d:b7:27:1d:ec:a3:35:d2:5b:5d:86:34:37:ca:c5:16:1f:
         3c:4d:c5:0c:5c:76:01:c6:75:20:bb:1e:cf:68:d0:5a:8f:27:
         b6:f3:9e:1b:26:72:bc:c9:e3:a8:ac:eb:8a:c1:fa:5c:84:d1:
         80:d8:ad:a2:b8:1c:7c:b8:48:4b:78:f5:23:f4:2b:13:77:b5:
         6f:04:4e:2a:66:ac:44:06:cf:08:ba:23:96:9c:3e:a6:96:28:
         95:af:b6:a6:e9:8c:a7:ad:a5:1a:da:14:b3:c0:a3:4f:e2:b8:
         3b:14:d8:26:d2:2d:1b:1e:eb:07:ab:0d:4e:44:c9:2a:6f:54:
         aa:d4:f3:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYqJRdaJDaS1pB1rHdHG+qf1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjMwOTEyMTIwMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWQ0MWJiY2ZiOGJiN2I3Mjc2ODI0NmM5YTE1MzdjNGM1ZDkxMjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTjOJvt9ZVl8Sx7LtUlpPUQruRWu
AvWNgP9/SRpIhNMwHOpV/44i3axNR/o/sn0sY3vHJvZN4a5fFsVbxSbD+Ihwy+mQ
Z+hiBBFS1/J5RwtnKUNmwVgXBhyFulWKX9BpCTpG5pb1sU3lZG6o6XXTG8e3rtSN
VYDcihikeIdvI74wxnGUbdJ89xOZ9K7sydCJThZ42E0RRq5XgchaNfqmAgfw8CMB
fqp8njQYMAL0y9jzUFgPlOjkq7O77m2PgApBTjbroz7SUTZgOe3Zb/2sxW8hVtd3
Ws58+lh0nF3VqeBbMc2HoSLprbF45UQNSglpZlzJHTb1AmkACfGYN3KkiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAHUG7z7i7e3J2gkbJoVN8TF2RJKMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvQWRRYnZQdUx0N2NuYUNSc21oVTN4TVhaRWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEVQlgAwQE
uX4AMA0GCSqGSIb3DQEBCwUAA4IBAQA7egum16HceX4SN1vvZlLrYhnTQSAFHJEZ
n3oerfndzGzPSF0L9ybZwdEznl/l/lS1xalG4LtpUN2VkkeRPEfwOhv184RgbXBT
4dCuS8BBz/MDuC9VWm1Y4iPvvS7s9yMneC/EaHLPciMsbIkHt52PlWpNhqpr8YUV
5TSotsXlTbcnHeyjNdJbXYY0N8rFFh88TcUMXHYBxnUgux7PaNBajye2854bJnK8
yeOorOuKwfpchNGA2K2iuBx8uEhLePUj9CsTd7VvBE4qZqxEBs8IuiOWnD6mliiV
r7am6YynraUa2hSzwKNP4rg7FNgm0i0bHusHqw1ORMkqb1Sq1PPs
-----END CERTIFICATE-----