Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/ca734b-5a0b-4a03-8131-cfefeaee865e/1/yKusnXKdZzKHEwhogfZB0E4U9dg.roa
File:                     yKusnXKdZzKHEwhogfZB0E4U9dg.roa (raw, json)
Hash identifier:          I8hobQI+vLEngm3kBxVStjrR7CidvKncuYFVXgE1y6M=
Subject key identifier:   C8:AB:AC:9D:72:9D:67:32:87:13:08:68:81:F6:41:D0:4E:14:F5:D8
Certificate issuer:       /CN=ec5ada0dc900a13c83b70ac3f587fb8c2e1df030
Certificate serial:       01856ED4D50E537AA9CB85BB50508BC084E6
Authority key identifier: EC:5A:DA:0D:C9:00:A1:3C:83:B7:0A:C3:F5:87:FB:8C:2E:1D:F0:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7FraDckAoTyDtwrD9Yf7jC4d8DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/ca734b-5a0b-4a03-8131-cfefeaee865e/1/yKusnXKdZzKHEwhogfZB0E4U9dg.roa
Signing time:             Sun 01 Jan 2023 19:35:19 +0000
ROA not before:           Sun 01 Jan 2023 19:35:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51580
IP address blocks:        31.193.16.0/20 maxlen: 24
                          80.66.208.0/20 maxlen: 24
                          145.14.160.0/19 maxlen: 24
                          141.105.152.0/21 maxlen: 24
                          185.121.148.0/22 maxlen: 24
                          178.250.64.0/21 maxlen: 24
                          185.139.28.0/22 maxlen: 24
                          185.5.180.0/22 maxlen: 24
                          46.17.152.0/21 maxlen: 24
                          178.218.148.0/22 maxlen: 24
                          185.180.180.0/23 maxlen: 24
                          109.238.16.0/20 maxlen: 24
                          185.55.88.0/22 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:d4:d5:0e:53:7a:a9:cb:85:bb:50:50:8b:c0:84:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec5ada0dc900a13c83b70ac3f587fb8c2e1df030
        Validity
            Not Before: Jan  1 19:35:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c8abac9d729d67328713086881f641d04e14f5d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ed:16:b7:7d:b2:50:18:87:94:56:45:71:01:
                    89:c3:c8:59:05:9e:c7:93:3e:a6:3f:db:a9:a6:bb:
                    04:76:48:ca:98:34:79:ad:b7:03:07:c3:f0:31:ec:
                    1a:23:ef:34:88:b9:86:68:d1:b3:59:e4:63:64:31:
                    c2:e7:2d:14:d1:a4:c6:a3:f0:42:84:10:8f:e5:18:
                    07:bc:2e:4e:76:e5:a5:b9:77:d2:9e:3e:54:a1:38:
                    b3:8d:85:12:5a:4b:22:43:87:50:97:07:09:d9:7a:
                    09:eb:51:f3:34:20:55:b8:e5:21:e3:bd:a7:49:f5:
                    85:bb:2c:37:fe:9d:50:7e:7b:c7:6d:93:9b:0d:b2:
                    a0:ec:dc:59:af:45:7e:9d:05:7b:32:c5:da:e6:e9:
                    9e:73:ab:25:8b:60:11:44:18:50:d0:73:86:38:62:
                    78:07:8d:70:20:ca:f4:1b:48:d4:ae:2f:e0:df:cb:
                    15:0f:e8:05:59:88:95:0a:28:90:9b:d4:32:72:ca:
                    b7:ce:77:f4:e3:bc:27:ba:9e:36:c6:72:df:07:1a:
                    61:a2:dd:19:0a:e8:75:9f:5d:82:38:e6:28:fa:d7:
                    bb:1e:2a:9d:34:32:ec:72:7d:a8:70:a6:2b:53:bb:
                    56:6d:09:c7:e0:33:6a:e9:c7:aa:54:c6:da:5f:fa:
                    0e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:AB:AC:9D:72:9D:67:32:87:13:08:68:81:F6:41:D0:4E:14:F5:D8
            X509v3 Authority Key Identifier:
                keyid:EC:5A:DA:0D:C9:00:A1:3C:83:B7:0A:C3:F5:87:FB:8C:2E:1D:F0:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7FraDckAoTyDtwrD9Yf7jC4d8DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca734b-5a0b-4a03-8131-cfefeaee865e/1/yKusnXKdZzKHEwhogfZB0E4U9dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca734b-5a0b-4a03-8131-cfefeaee865e/1/7FraDckAoTyDtwrD9Yf7jC4d8DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.16.0/20
                  46.17.152.0/21
                  80.66.208.0/20
                  109.238.16.0/20
                  141.105.152.0/21
                  145.14.160.0/19
                  178.218.148.0/22
                  178.250.64.0/21
                  185.5.180.0/22
                  185.55.88.0/22
                  185.121.148.0/22
                  185.139.28.0/22
                  185.180.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:56:a5:98:3d:71:54:11:2b:da:06:3b:f1:1f:d9:3c:44:07:
         74:0a:5e:28:83:89:39:95:12:57:be:54:9e:74:dd:24:39:2b:
         0b:58:af:e8:7f:cc:5d:91:5f:be:3f:eb:e6:9b:be:a4:4b:0f:
         9d:ba:75:d4:99:ad:6f:ed:f4:17:09:60:be:64:42:58:c3:6e:
         45:ea:fd:1d:49:3a:df:de:4c:31:54:04:8a:de:ec:82:03:6d:
         e2:dc:ea:97:ff:82:eb:b2:aa:08:dc:25:12:ac:e1:d1:99:d8:
         21:eb:71:6c:7a:16:d7:3b:41:a7:08:4c:85:59:b5:df:a3:91:
         18:7c:22:2b:a4:5d:7f:0e:84:fd:97:76:16:85:56:15:8f:6c:
         46:be:c3:92:b9:5a:9f:bf:29:a9:80:3f:f5:cc:d1:b0:ee:cb:
         d9:42:7c:8c:7d:56:6b:cd:e0:f3:1e:98:ef:9e:16:fd:8d:a1:
         cb:b5:83:ad:bc:14:94:f3:46:67:4b:30:d1:8f:57:f8:0a:c6:
         87:66:d7:b7:52:af:2e:bd:5a:25:88:f4:37:24:fe:7d:a9:57:
         f2:8d:29:47:60:a0:85:40:ec:a8:c6:d0:40:c2:82:85:ac:95:
         97:42:79:91:d0:14:31:7c:46:a6:42:84:91:91:80:89:8d:41:
         84:8f:e1:91
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYVu1NUOU3qpy4W7UFCLwITmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNWFkYTBkYzkwMGExM2M4M2I3MGFjM2Y1ODdmYjhjMmUx
ZGYwMzAwHhcNMjMwMTAxMTkzNTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGFiYWM5ZDcyOWQ2NzMyODcxMzA4Njg4MWY2NDFkMDRlMTRmNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAke0Wt32yUBiHlFZFcQGJw8hZBZ7H
kz6mP9upprsEdkjKmDR5rbcDB8PwMewaI+80iLmGaNGzWeRjZDHC5y0U0aTGo/BC
hBCP5RgHvC5OduWluXfSnj5UoTizjYUSWksiQ4dQlwcJ2XoJ61HzNCBVuOUh472n
SfWFuyw3/p1QfnvHbZObDbKg7NxZr0V+nQV7MsXa5umec6sli2ARRBhQ0HOGOGJ4
B41wIMr0G0jUri/g38sVD+gFWYiVCiiQm9Qycsq3znf047wnup42xnLfBxphot0Z
Cuh1n12COOYo+te7HiqdNDLscn2ocKYrU7tWbQnH4DNq6ceqVMbaX/oOiwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFMirrJ1ynWcyhxMIaIH2QdBOFPXYMB8GA1UdIwQY
MBaAFOxa2g3JAKE8g7cKw/WH+4wuHfAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0ZyYURja0FvVHlEdHdyRDlZZjdqQzRkOERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9jYTczNGItNWEwYi00YTAzLTgxMzEt
Y2ZlZmVhZWU4NjVlLzEveUt1c25YS2RaektIRXdob2dmWkIwRTRVOWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9jYTczNGItNWEwYi00YTAzLTgxMzEtY2ZlZmVhZWU4NjVl
LzEvN0ZyYURja0FvVHlEdHdyRDlZZjdqQzRkOERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQEH8EQAwQD
LhGYAwQEUELQAwQEbe4QAwQDjWmYAwQFkQ6gAwQCstqUAwQDsvpAAwQCuQW0AwQC
uTdYAwQCuXmUAwQCuYscAwQBubS0MA0GCSqGSIb3DQEBCwUAA4IBAQCPVqWYPXFU
ESvaBjvxH9k8RAd0Cl4og4k5lRJXvlSedN0kOSsLWK/of8xdkV++P+vmm76kSw+d
unXUma1v7fQXCWC+ZEJYw25F6v0dSTrf3kwxVASK3uyCA23i3OqX/4LrsqoI3CUS
rOHRmdgh63FsehbXO0GnCEyFWbXfo5EYfCIrpF1/DoT9l3YWhVYVj2xGvsOSuVqf
vympgD/1zNGw7svZQnyMfVZrzeDzHpjvnhb9jaHLtYOtvBSU80ZnSzDRj1f4CsaH
Zte3Uq8uvVoliPQ3JP59qVfyjSlHYKCFQOyoxtBAwoKFrJWXQnmR0BQxfEamQoSR
kYCJjUGEj+GR
-----END CERTIFICATE-----