Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/ZG3s5qS8TK_d9bYEn7t2qjB9HMA.roa
File:                     ZG3s5qS8TK_d9bYEn7t2qjB9HMA.roa (raw, json)
Hash identifier:          mNGbQGpRoRZHSSEj5NeL8F0WgTo+FmdoSRzndK7e1QI=
Subject key identifier:   64:6D:EC:E6:A4:BC:4C:AF:DD:F5:B6:04:9F:BB:76:AA:30:7D:1C:C0
Certificate issuer:       /CN=f08fba5263519b7c3a2155c69878217776defba0
Certificate serial:       0185727A1681C4A47ADE8C0D50646A5F43FB
Authority key identifier: F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/ZG3s5qS8TK_d9bYEn7t2qjB9HMA.roa
Signing time:             Mon 02 Jan 2023 12:34:41 +0000
ROA not before:           Mon 02 Jan 2023 12:34:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48847
IP address blocks:        185.12.223.0/24 maxlen: 24
                          185.12.222.0/24 maxlen: 24
                          185.12.221.0/24 maxlen: 24
                          185.12.220.0/22 maxlen: 22
                          185.12.221.152/29 maxlen: 29
                          109.233.21.92/30 maxlen: 30
                          109.233.17.0/24 maxlen: 24
                          109.233.16.0/24 maxlen: 24
                          109.233.16.0/21 maxlen: 21
                          109.233.20.0/24 maxlen: 24
                          109.233.19.128/25 maxlen: 25
                          109.233.19.0/24 maxlen: 24
                          109.233.18.0/24 maxlen: 24
                          109.233.23.0/24 maxlen: 24
                          109.233.22.0/24 maxlen: 24
                          109.233.21.0/24 maxlen: 24
                          109.233.19.128/30 maxlen: 30
                          109.233.20.196/30 maxlen: 30
                          2a03:6900::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:7a:16:81:c4:a4:7a:de:8c:0d:50:64:6a:5f:43:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f08fba5263519b7c3a2155c69878217776defba0
        Validity
            Not Before: Jan  2 12:34:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=646dece6a4bc4cafddf5b6049fbb76aa307d1cc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ab:9c:5d:b8:f4:6f:62:3e:a8:14:f0:06:7e:
                    ae:3d:20:3f:22:7b:08:bf:60:b2:56:bc:e5:44:1d:
                    37:92:77:34:2b:36:eb:f8:6e:d0:f2:8f:b9:f9:db:
                    f7:79:d6:1c:99:bf:9d:28:cf:f9:af:61:5b:b2:c9:
                    1c:51:a8:e0:fe:69:a4:9c:96:f0:92:84:2e:bb:cf:
                    b7:91:f8:dc:70:36:ae:22:11:e5:b6:5a:62:eb:18:
                    64:9f:90:33:bc:b3:f6:4b:3f:d4:f9:b2:2e:e8:73:
                    71:ae:e8:e7:7d:2f:1d:d3:06:7d:8a:71:52:66:a1:
                    d5:08:78:3a:3d:06:90:fa:49:30:3c:91:82:f6:9b:
                    9e:6a:95:e9:09:ee:58:62:ce:bc:f2:05:ed:b6:d0:
                    1d:f2:7c:52:1d:08:11:ac:21:10:99:33:39:41:a9:
                    77:05:72:3e:ba:07:14:ed:bc:d5:fe:eb:2d:e6:46:
                    a9:1c:f2:a4:e4:67:8c:7f:94:7c:e0:8f:a9:68:d1:
                    57:ea:63:f9:5d:a5:a5:b9:23:c4:95:3c:a7:6f:5f:
                    89:89:6b:82:94:f7:bd:34:32:e0:30:6d:ed:73:93:
                    74:07:e3:2b:fa:51:0d:f4:2a:8a:e1:27:f9:c4:f7:
                    1b:de:51:bb:85:da:05:87:12:82:b4:ba:01:5f:0e:
                    7b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:6D:EC:E6:A4:BC:4C:AF:DD:F5:B6:04:9F:BB:76:AA:30:7D:1C:C0
            X509v3 Authority Key Identifier:
                keyid:F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/ZG3s5qS8TK_d9bYEn7t2qjB9HMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.16.0/21
                  185.12.220.0/22
                IPv6:
                  2a03:6900::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:f8:f5:77:e1:fa:0a:4f:6a:38:97:ef:ba:a8:f1:f6:4f:27:
         f3:77:d4:48:b9:ef:5b:ec:4a:ea:ec:bb:8b:1d:93:da:61:3d:
         b0:e6:e3:22:49:6a:b8:31:e6:68:74:46:69:a4:1b:5e:a2:d2:
         bd:8b:c0:5e:4f:52:3d:b6:dd:dd:37:45:9e:0a:fa:f1:db:94:
         81:a1:96:9e:7c:df:62:77:03:54:ec:92:f5:12:42:b6:3f:dc:
         a0:a3:7f:e0:ed:63:24:6d:9d:e4:9a:6e:c2:cb:1d:2b:c8:c5:
         24:83:06:03:19:4a:66:42:1a:9c:c8:53:5b:b7:ee:8f:27:1d:
         59:b9:b5:26:7b:23:b8:9c:91:1e:fc:70:ac:bf:f7:ca:99:f1:
         69:51:68:72:75:02:8e:9e:22:c9:e6:42:15:79:ed:1c:0f:50:
         9c:f7:7f:df:2b:3a:5e:10:37:d7:1d:a5:90:51:dc:5f:1d:b4:
         21:0b:a5:86:38:13:9e:eb:fc:77:c8:5e:65:1e:f8:43:a0:d8:
         ac:b1:92:2c:cf:60:28:50:ac:26:fa:d4:5c:7a:f8:65:ea:3c:
         5e:d0:1f:ba:0c:c3:46:d1:bf:25:4e:19:dd:f8:42:4a:8c:13:
         92:74:9e:56:52:02:6a:69:3c:c6:f2:c4:4b:53:99:f3:f3:1f:
         9f:8b:ad:0b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVyehaBxKR63owNUGRqX0P7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGZiYTUyNjM1MTliN2MzYTIxNTVjNjk4NzgyMTc3NzZk
ZWZiYTAwHhcNMjMwMTAyMTIzNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDZkZWNlNmE0YmM0Y2FmZGRmNWI2MDQ5ZmJiNzZhYTMwN2QxY2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6ucXbj0b2I+qBTwBn6uPSA/InsI
v2CyVrzlRB03knc0Kzbr+G7Q8o+5+dv3edYcmb+dKM/5r2FbsskcUajg/mmknJbw
koQuu8+3kfjccDauIhHltlpi6xhkn5AzvLP2Sz/U+bIu6HNxrujnfS8d0wZ9inFS
ZqHVCHg6PQaQ+kkwPJGC9pueapXpCe5YYs688gXtttAd8nxSHQgRrCEQmTM5Qal3
BXI+ugcU7bzV/ust5kapHPKk5GeMf5R84I+paNFX6mP5XaWluSPElTynb1+JiWuC
lPe9NDLgMG3tc5N0B+Mr+lEN9CqK4Sf5xPcb3lG7hdoFhxKCtLoBXw57hwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGRt7OakvEyv3fW2BJ+7dqowfRzAMB8GA1UdIwQY
MBaAFPCPulJjUZt8OiFVxph4IXd23vugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgt
MDY0MTNjZWVmY2UwLzEvWkczczVxUzhUS19kOWJZRW43dDJxakI5SE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgtMDY0MTNjZWVmY2Uw
LzEvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbekQAwQC
uQzcMA0EAgACMAcDBQAqA2kAMA0GCSqGSIb3DQEBCwUAA4IBAQCI+PV34foKT2o4
l++6qPH2Tyfzd9RIue9b7Erq7LuLHZPaYT2w5uMiSWq4MeZodEZppBteotK9i8Be
T1I9tt3dN0WeCvrx25SBoZaefN9idwNU7JL1EkK2P9ygo3/g7WMkbZ3kmm7Cyx0r
yMUkgwYDGUpmQhqcyFNbt+6PJx1ZubUmeyO4nJEe/HCsv/fKmfFpUWhydQKOniLJ
5kIVee0cD1Cc93/fKzpeEDfXHaWQUdxfHbQhC6WGOBOe6/x3yF5lHvhDoNissZIs
z2AoUKwm+tRcevhl6jxe0B+6DMNG0b8lThnd+EJKjBOSdJ5WUgJqaTzG8sRLU5nz
8x+fi60L
-----END CERTIFICATE-----