Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/_JB1G663JLOKNA8YNoM523HuDy0.roa
File:                     _JB1G663JLOKNA8YNoM523HuDy0.roa (raw, json)
Hash identifier:          J3mJEBNdwDp9tQiv2//Jx8QAknn2fK0OOevP70hMRF4=
Subject key identifier:   FC:90:75:1B:AE:B7:24:B3:8A:34:0F:18:36:83:39:DB:71:EE:0F:2D
Certificate issuer:       /CN=6d150b438cc68f62dc15d359593161f799de53af
Certificate serial:       018B906CB8167F062C8CDD7F187AEFC225CA
Authority key identifier: 6D:15:0B:43:8C:C6:8F:62:DC:15:D3:59:59:31:61:F7:99:DE:53:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bRULQ4zGj2LcFdNZWTFh95neU68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/_JB1G663JLOKNA8YNoM523HuDy0.roa
Signing time:             Thu 02 Nov 2023 14:25:25 +0000
ROA not before:           Thu 02 Nov 2023 14:25:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35258
IP address blocks:        185.6.252.0/22 maxlen: 22
                          87.253.184.0/22 maxlen: 22
                          195.85.72.0/23 maxlen: 23
                          195.85.38.0/24 maxlen: 24
                          91.208.244.0/24 maxlen: 24
                          46.254.120.0/21 maxlen: 21
                          83.143.208.0/21 maxlen: 21
                          83.143.210.0/24 maxlen: 24
                          83.143.208.0/23 maxlen: 24
                          213.238.48.0/23 maxlen: 23
                          185.102.105.0/24 maxlen: 24
                          185.102.104.0/22 maxlen: 22
                          185.102.106.0/23 maxlen: 23
                          2a06:23c0::/29 maxlen: 29
                          2a00:e400::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:30:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:90:6c:b8:16:7f:06:2c:8c:dd:7f:18:7a:ef:c2:25:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d150b438cc68f62dc15d359593161f799de53af
        Validity
            Not Before: Nov  2 14:25:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fc90751baeb724b38a340f18368339db71ee0f2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ea:36:77:81:e0:f7:e3:05:98:e3:b7:3b:47:
                    99:d3:ff:22:e4:f4:06:6f:a3:35:9d:d3:06:2c:79:
                    e3:86:36:b2:13:3c:4c:a2:e8:5b:1b:4c:c3:8e:1e:
                    98:b1:6a:c8:b0:39:44:6b:c4:67:f2:84:40:3f:cc:
                    9b:9d:73:4f:4f:8e:7f:3a:3d:95:ad:6a:61:e8:a2:
                    11:7f:49:4b:af:ec:d5:eb:9c:f3:01:02:62:d7:22:
                    41:b6:0e:b5:56:e5:8c:4e:b8:47:68:cf:65:af:89:
                    81:9d:7c:f1:be:37:97:60:3a:b3:97:c7:ee:53:06:
                    da:5c:e5:c4:50:b7:73:ec:b1:48:e0:7a:c0:ab:91:
                    fa:a9:0b:98:40:62:53:22:6d:eb:2c:90:6b:c8:55:
                    10:fc:0e:7b:b0:a7:c6:72:1e:97:71:56:42:91:60:
                    d4:b9:e1:d6:f9:16:c6:9a:a3:0d:9c:34:5e:f4:ec:
                    89:29:6f:6c:e5:65:63:7b:e0:e6:4f:57:0d:7f:06:
                    6c:87:95:f0:c0:7f:ec:eb:cc:46:46:4d:fe:74:0e:
                    fd:d9:ee:b2:ab:34:64:a5:f4:78:72:12:d1:28:ec:
                    c9:42:84:3c:6e:52:7b:d3:0b:39:09:74:d4:45:3c:
                    2a:56:cc:c0:d6:82:70:d6:61:0d:2a:dd:db:92:3b:
                    47:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:90:75:1B:AE:B7:24:B3:8A:34:0F:18:36:83:39:DB:71:EE:0F:2D
            X509v3 Authority Key Identifier:
                keyid:6D:15:0B:43:8C:C6:8F:62:DC:15:D3:59:59:31:61:F7:99:DE:53:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bRULQ4zGj2LcFdNZWTFh95neU68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/_JB1G663JLOKNA8YNoM523HuDy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2fa86f-7f4e-4aab-9dfd-1b3d98bef1e9/1/bRULQ4zGj2LcFdNZWTFh95neU68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.120.0/21
                  83.143.208.0/21
                  87.253.184.0/22
                  91.208.244.0/24
                  185.6.252.0/22
                  185.102.104.0/22
                  195.85.38.0/24
                  195.85.72.0/23
                  213.238.48.0/23
                IPv6:
                  2a00:e400::/29
                  2a06:23c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:c9:01:c5:24:d4:88:a5:45:62:e0:33:a6:a5:29:8c:a0:38:
         f1:87:d1:59:bb:7d:52:10:e4:28:07:96:f0:8b:35:5a:2f:cd:
         f6:05:42:59:d8:5f:64:87:4c:87:08:d3:5d:d8:85:73:db:5d:
         92:a7:82:98:18:05:00:f0:ec:7c:24:7c:4d:88:8a:93:f7:0f:
         a1:b9:ce:a5:5a:d9:06:2c:15:48:89:d3:63:bf:6d:cf:0f:0a:
         f7:a1:b9:e2:14:ba:58:26:22:d8:41:66:d2:b2:3c:93:9c:4b:
         93:60:2c:62:ef:59:c8:f3:7d:d9:db:2b:cd:d4:af:01:e4:af:
         fc:c8:69:66:06:91:e0:99:76:6a:4a:e8:38:92:9d:68:38:3b:
         f8:56:e0:a6:9f:84:11:ad:88:c4:d6:63:38:01:b4:91:e6:a5:
         4d:00:b3:dd:b7:b6:9a:b6:c6:78:f9:c7:99:a3:c7:15:d2:49:
         95:84:87:d4:11:4f:f6:58:01:13:4b:c2:22:20:3e:00:8c:86:
         79:58:3b:5a:2e:2c:87:14:28:8d:73:eb:0d:0e:1b:b1:56:cf:
         75:e0:a9:2e:6b:71:4a:a6:a3:8d:3a:e4:26:6f:1a:72:f9:7a:
         1b:4a:d9:d8:8b:9f:d1:61:5d:43:11:4a:1d:9b:30:3f:ed:6d:
         11:ba:77:be
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYuQbLgWfwYsjN1/GHrvwiXKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMTUwYjQzOGNjNjhmNjJkYzE1ZDM1OTU5MzE2MWY3OTlk
ZTUzYWYwHhcNMjMxMTAyMTQyNTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzkwNzUxYmFlYjcyNGIzOGEzNDBmMTgzNjgzMzlkYjcxZWUwZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOo2d4Hg9+MFmOO3O0eZ0/8i5PQG
b6M1ndMGLHnjhjayEzxMouhbG0zDjh6YsWrIsDlEa8Rn8oRAP8ybnXNPT45/Oj2V
rWph6KIRf0lLr+zV65zzAQJi1yJBtg61VuWMTrhHaM9lr4mBnXzxvjeXYDqzl8fu
UwbaXOXEULdz7LFI4HrAq5H6qQuYQGJTIm3rLJBryFUQ/A57sKfGch6XcVZCkWDU
ueHW+RbGmqMNnDRe9OyJKW9s5WVje+DmT1cNfwZsh5XwwH/s68xGRk3+dA792e6y
qzRkpfR4chLRKOzJQoQ8blJ70ws5CXTURTwqVszA1oJw1mENKt3bkjtH5QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFPyQdRuutySzijQPGDaDOdtx7g8tMB8GA1UdIwQY
MBaAFG0VC0OMxo9i3BXTWVkxYfeZ3lOvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlJVTFE0ekdqMkxjRmROWldURmg5NW5lVTY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yZmE4NmYtN2Y0ZS00YWFiLTlkZmQt
MWIzZDk4YmVmMWU5LzEvX0pCMUc2NjNKTE9LTkE4WU5vTTUyM0h1RHkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yZmE4NmYtN2Y0ZS00YWFiLTlkZmQtMWIzZDk4YmVmMWU5
LzEvYlJVTFE0ekdqMkxjRmROWldURmg5NW5lVTY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDLv54AwQD
U4/QAwQCV/24AwQAW9D0AwQCuQb8AwQCuWZoAwQAw1UmAwQBw1VIAwQB1e4wMBQE
AgACMA4DBQMqAOQAAwUDKgYjwDANBgkqhkiG9w0BAQsFAAOCAQEAEckBxSTUiKVF
YuAzpqUpjKA48YfRWbt9UhDkKAeW8Is1Wi/N9gVCWdhfZIdMhwjTXdiFc9tdkqeC
mBgFAPDsfCR8TYiKk/cPobnOpVrZBiwVSInTY79tzw8K96G54hS6WCYi2EFm0rI8
k5xLk2AsYu9ZyPN92dsrzdSvAeSv/MhpZgaR4Jl2akroOJKdaDg7+Fbgpp+EEa2I
xNZjOAG0kealTQCz3be2mrbGePnHmaPHFdJJlYSH1BFP9lgBE0vCIiA+AIyGeVg7
Wi4shxQojXPrDQ4bsVbPdeCpLmtxSqajjTrkJm8acvl6G0rZ2Iuf0WFdQxFKHZsw
P+1tEbp3vg==
-----END CERTIFICATE-----