Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/TYt2BXTdZJ_UDdGBsZxnx6qZTEc.roa
File:                     TYt2BXTdZJ_UDdGBsZxnx6qZTEc.roa (raw, json)
Hash identifier:          h+dMYfdiSZ60KrskKwe4zFa78qwyYs9NeYbqG9/rmfA=
Subject key identifier:   4D:8B:76:05:74:DD:64:9F:D4:0D:D1:81:B1:9C:67:C7:AA:99:4C:47
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       018BA3691A4F95D3F1F9A78857B3DA2FAE98
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/TYt2BXTdZJ_UDdGBsZxnx6qZTEc.roa
Signing time:             Mon 06 Nov 2023 06:54:16 +0000
ROA not before:           Mon 06 Nov 2023 06:54:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49100
IP address blocks:        185.129.230.0/23 maxlen: 23
                          185.129.228.0/22 maxlen: 22
                          185.129.240.0/22 maxlen: 22
                          109.125.128.0/22 maxlen: 22
                          109.125.128.0/19 maxlen: 19
                          185.129.184.0/21 maxlen: 21
                          185.129.197.0/24 maxlen: 24
                          185.129.196.0/22 maxlen: 22
                          185.129.200.0/22 maxlen: 22
                          185.129.212.0/22 maxlen: 22
                          185.129.216.0/22 maxlen: 22
                          185.82.28.0/22 maxlen: 22
                          2a03:54a0::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a3:69:1a:4f:95:d3:f1:f9:a7:88:57:b3:da:2f:ae:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: Nov  6 06:54:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4d8b760574dd649fd40dd181b19c67c7aa994c47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e3:0a:30:6e:da:81:23:c5:c3:c2:b1:a1:21:
                    52:a8:e7:27:0c:77:76:d6:43:66:2d:09:19:2f:87:
                    60:2e:ea:ad:1d:94:a0:a3:7f:84:20:51:17:b9:9e:
                    e7:5b:85:3c:ce:a8:b5:2a:b6:0b:3a:6b:a8:a6:f7:
                    82:45:46:a0:ca:b8:89:b5:b1:a7:4d:d2:2c:a7:d7:
                    71:7e:60:7a:d1:fb:df:1e:7d:27:fe:01:d1:6c:f3:
                    26:c0:87:d7:71:ba:26:74:f9:f1:bb:c1:15:ae:71:
                    fb:1f:38:c1:28:69:b0:20:41:e6:c8:69:c5:9b:2b:
                    28:96:eb:48:f8:4f:27:3b:ac:5b:e8:af:df:61:e6:
                    7b:1b:95:15:ae:fe:ff:43:b8:3b:a6:80:35:60:e0:
                    83:4b:cc:b3:a2:e9:f5:5e:15:9f:d9:3d:a0:69:5f:
                    49:fc:99:c0:71:7b:16:29:4c:86:81:6e:7c:ac:7c:
                    02:80:4b:4c:93:b5:d3:bb:6f:94:ef:b0:e9:3c:6f:
                    b9:53:d7:58:b4:b6:d4:21:15:d8:5b:97:a5:09:5f:
                    b4:d6:cc:56:74:eb:7c:b1:4e:d0:58:ac:de:c0:52:
                    92:0b:2b:31:3f:d1:16:e3:ba:cf:0d:49:c8:d9:f4:
                    f5:b3:ca:2e:40:2c:5b:15:c0:03:e1:0f:92:45:23:
                    e1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:8B:76:05:74:DD:64:9F:D4:0D:D1:81:B1:9C:67:C7:AA:99:4C:47
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/TYt2BXTdZJ_UDdGBsZxnx6qZTEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.125.128.0/19
                  185.82.28.0/22
                  185.129.184.0/21
                  185.129.196.0-185.129.203.255
                  185.129.212.0-185.129.219.255
                  185.129.228.0/22
                  185.129.240.0/22
                IPv6:
                  2a03:54a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:e4:2c:5f:30:14:d5:54:52:66:cc:c9:1b:3e:4c:dd:cd:df:
         ed:13:06:8d:f4:5e:60:a5:bd:c1:d7:21:6d:d1:ab:c1:d9:c4:
         5d:4f:27:c7:2d:93:fa:09:a9:29:eb:1c:1d:8b:d1:19:56:cb:
         3b:88:bd:26:78:67:7d:f7:71:55:1a:f8:c4:37:3c:6f:8d:21:
         29:3b:93:7c:c3:f8:56:09:aa:1a:03:5c:ba:47:78:1f:44:ee:
         4a:17:f4:26:51:2c:8f:39:06:86:bd:75:dd:54:fb:e9:fc:74:
         98:86:d6:f7:97:3d:74:47:48:83:19:0c:df:5c:dd:0d:35:14:
         65:f1:a9:77:87:f1:96:40:f4:d1:f1:67:f0:a8:35:1c:ab:91:
         c4:08:68:9a:f9:a2:f2:e8:66:1c:ed:88:1e:8a:bc:d5:e9:a0:
         f6:f4:7d:b1:90:34:8b:c8:0e:d4:6a:e4:cf:61:38:0b:0c:ee:
         4a:f3:5a:0a:5c:f1:4f:d2:a3:8e:9d:7d:e3:e9:f8:df:aa:99:
         ec:c4:ec:07:0d:bf:db:72:9b:b5:e9:70:79:d4:6b:c5:4f:41:
         b4:e3:26:ad:64:2c:95:aa:b4:e3:d7:ee:fc:44:60:95:44:d1:
         29:75:23:7e:e2:aa:65:6d:49:0d:56:0d:f7:57:5c:9d:1c:8b:
         f9:b2:57:b7
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYujaRpPldPx+aeIV7PaL66YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjMxMTA2MDY1NDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDhiNzYwNTc0ZGQ2NDlmZDQwZGQxODFiMTljNjdjN2FhOTk0YzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeMKMG7agSPFw8KxoSFSqOcnDHd2
1kNmLQkZL4dgLuqtHZSgo3+EIFEXuZ7nW4U8zqi1KrYLOmuopveCRUagyriJtbGn
TdIsp9dxfmB60fvfHn0n/gHRbPMmwIfXcbomdPnxu8EVrnH7HzjBKGmwIEHmyGnF
mysolutI+E8nO6xb6K/fYeZ7G5UVrv7/Q7g7poA1YOCDS8yzoun1XhWf2T2gaV9J
/JnAcXsWKUyGgW58rHwCgEtMk7XTu2+U77DpPG+5U9dYtLbUIRXYW5elCV+01sxW
dOt8sU7QWKzewFKSCysxP9EW47rPDUnI2fT1s8ouQCxbFcAD4Q+SRSPhEQIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFE2LdgV03WSf1A3RgbGcZ8eqmUxHMB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEvVFl0MkJYVGRaSl9VRGRHQnNaeG54NnFaVEVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTBABAIAATA6AwQFbX2AAwQC
uVIcAwQDuYG4MAwDBAK5gcQDBAK5gcgwDAMEArmB1AMEArmB2AMEArmB5AMEArmB
8DANBAIAAjAHAwUAKgNUoDANBgkqhkiG9w0BAQsFAAOCAQEAs+QsXzAU1VRSZszJ
Gz5M3c3f7RMGjfReYKW9wdchbdGrwdnEXU8nxy2T+gmpKescHYvRGVbLO4i9Jnhn
ffdxVRr4xDc8b40hKTuTfMP4VgmqGgNcukd4H0TuShf0JlEsjzkGhr113VT76fx0
mIbW95c9dEdIgxkM31zdDTUUZfGpd4fxlkD00fFn8Kg1HKuRxAhomvmi8uhmHO2I
Hoq81emg9vR9sZA0i8gO1Grkz2E4CwzuSvNaClzxT9Kjjp194+n436qZ7MTsBw2/
23KbtelwedRrxU9BtOMmrWQslaq049fu/ERglUTRKXUjfuKqZW1JDVYN91dcnRyL
+bJXtw==
-----END CERTIFICATE-----