Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/31d6c1-1146-4588-838d-147177b837de/1/lqwtw8QjDxRXgb9Y1jGpfq-abGc.roa
File:                     lqwtw8QjDxRXgb9Y1jGpfq-abGc.roa (raw, json)
Hash identifier:          RYhAsDkzcthKL8fxW17FRetIBxISiDEkEb5vopG4Jc0=
Subject key identifier:   96:AC:2D:C3:C4:23:0F:14:57:81:BF:58:D6:31:A9:7E:AF:9A:6C:67
Certificate issuer:       /CN=91188ca64c4670a6eb56b42a50a10588ad9647ee
Certificate serial:       01857102D8B181F3905B4C5395A8EB88535D
Authority key identifier: 91:18:8C:A6:4C:46:70:A6:EB:56:B4:2A:50:A1:05:88:AD:96:47:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kRiMpkxGcKbrVrQqUKEFiK2WR-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/31d6c1-1146-4588-838d-147177b837de/1/lqwtw8QjDxRXgb9Y1jGpfq-abGc.roa
Signing time:             Mon 02 Jan 2023 05:44:49 +0000
ROA not before:           Mon 02 Jan 2023 05:44:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43197
IP address blocks:        185.105.229.0/24 maxlen: 24
                          185.105.228.0/22 maxlen: 22
                          185.105.228.0/24 maxlen: 24
                          185.105.231.0/24 maxlen: 24
                          185.105.230.0/24 maxlen: 24
                          109.68.232.0/21 maxlen: 21
                          109.68.233.0/24 maxlen: 24
                          109.68.232.0/24 maxlen: 24
                          109.68.237.0/24 maxlen: 24
                          109.68.236.0/24 maxlen: 24
                          109.68.235.0/24 maxlen: 24
                          109.68.234.0/24 maxlen: 24
                          109.68.239.0/24 maxlen: 24
                          109.68.238.0/24 maxlen: 24
                          2a0b:6bc0::/48 maxlen: 48
                          2a0b:6bc0:1::/64 maxlen: 64
                          2a0b:6bc0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:30:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:02:d8:b1:81:f3:90:5b:4c:53:95:a8:eb:88:53:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91188ca64c4670a6eb56b42a50a10588ad9647ee
        Validity
            Not Before: Jan  2 05:44:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=96ac2dc3c4230f145781bf58d631a97eaf9a6c67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:e5:0e:56:e9:f8:7b:20:ce:ac:51:cd:77:e1:
                    5f:0b:61:ed:ac:ea:bf:f2:c3:dd:04:b2:d6:5c:1a:
                    52:fa:11:60:33:2a:5a:f2:9e:b3:5f:af:72:41:d2:
                    41:10:47:f1:c0:fd:02:61:35:5d:d4:fc:c3:63:62:
                    1a:fb:83:83:e3:46:bc:46:f8:20:5f:21:5f:59:5e:
                    20:34:d9:7c:56:7f:e3:60:12:5e:b4:5b:d7:eb:70:
                    a9:57:e2:d4:b0:8f:7a:43:12:d7:66:f2:72:b6:66:
                    1e:49:25:79:88:8c:b4:bc:5c:1a:92:bd:73:24:77:
                    de:8c:fb:7f:2d:d7:3b:a5:45:9a:21:a3:e6:b6:6e:
                    a7:55:b6:12:7f:44:0d:b4:bc:26:94:67:00:ce:f7:
                    54:6b:12:2f:3c:74:42:bf:20:4b:49:36:d9:01:00:
                    2a:00:ea:a6:83:12:48:53:46:6b:0c:80:0a:ce:3c:
                    68:84:95:6d:26:ee:de:35:71:d0:a2:4d:fa:04:d4:
                    4a:70:a8:7a:f7:eb:98:35:fa:b2:8d:3f:f6:77:83:
                    f5:8b:19:44:3e:5b:e3:bc:55:fe:e2:7f:de:23:1b:
                    42:1f:25:79:86:63:c7:6f:9f:65:4c:ee:ca:6b:f6:
                    e7:65:08:57:3b:c6:3b:03:6b:6a:e8:9e:9d:94:b9:
                    31:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:AC:2D:C3:C4:23:0F:14:57:81:BF:58:D6:31:A9:7E:AF:9A:6C:67
            X509v3 Authority Key Identifier:
                keyid:91:18:8C:A6:4C:46:70:A6:EB:56:B4:2A:50:A1:05:88:AD:96:47:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kRiMpkxGcKbrVrQqUKEFiK2WR-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/31d6c1-1146-4588-838d-147177b837de/1/lqwtw8QjDxRXgb9Y1jGpfq-abGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/31d6c1-1146-4588-838d-147177b837de/1/kRiMpkxGcKbrVrQqUKEFiK2WR-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.232.0/21
                  185.105.228.0/22
                IPv6:
                  2a0b:6bc0::/47

    Signature Algorithm: sha256WithRSAEncryption
         16:3a:4c:99:3a:43:cc:58:91:cb:e3:b8:0e:7a:d6:cf:20:05:
         f8:ce:7f:d7:3d:e7:df:b4:89:3f:7d:65:9b:2d:f6:5e:a7:31:
         3d:74:fb:38:18:0b:f2:86:b3:2b:57:5e:80:42:60:78:39:d0:
         38:8f:56:cd:f8:82:3e:f2:17:d5:c6:57:bd:f8:4c:aa:e5:eb:
         73:d4:c9:1f:f6:81:6e:6f:c5:da:14:3c:c0:cf:3b:ec:36:81:
         c0:9f:87:0e:46:4f:fa:70:8e:61:4c:3a:dc:b1:1e:b5:15:3c:
         0c:53:5c:67:d4:f2:22:c4:47:91:d6:d1:a8:66:dd:70:b8:e2:
         66:ea:f7:93:c8:dd:4b:80:88:a2:aa:eb:f2:f2:47:d7:fa:c4:
         31:9f:7e:9f:6a:8c:fe:e2:a5:f0:da:74:4d:3f:50:a8:6f:dd:
         f7:3c:c7:e2:99:89:fe:02:d1:23:3c:0b:76:3f:0c:e9:19:1b:
         37:ec:37:15:33:4c:24:12:93:92:e2:76:3c:82:ba:01:02:38:
         df:40:e4:f0:b7:63:e8:25:e3:ff:86:b1:5f:7a:a4:a9:09:c9:
         00:aa:bd:1f:74:aa:60:b9:4f:40:e4:47:aa:5c:39:56:9f:49:
         7f:de:1b:b8:7e:d5:ba:07:66:d1:a5:72:45:b1:c3:23:01:d2:
         17:21:48:5f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVxAtixgfOQW0xTlajriFNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMTg4Y2E2NGM0NjcwYTZlYjU2YjQyYTUwYTEwNTg4YWQ5
NjQ3ZWUwHhcNMjMwMTAyMDU0NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmFjMmRjM2M0MjMwZjE0NTc4MWJmNThkNjMxYTk3ZWFmOWE2YzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6+UOVun4eyDOrFHNd+FfC2HtrOq/
8sPdBLLWXBpS+hFgMypa8p6zX69yQdJBEEfxwP0CYTVd1PzDY2Ia+4OD40a8Rvgg
XyFfWV4gNNl8Vn/jYBJetFvX63CpV+LUsI96QxLXZvJytmYeSSV5iIy0vFwakr1z
JHfejPt/Ldc7pUWaIaPmtm6nVbYSf0QNtLwmlGcAzvdUaxIvPHRCvyBLSTbZAQAq
AOqmgxJIU0ZrDIAKzjxohJVtJu7eNXHQok36BNRKcKh69+uYNfqyjT/2d4P1ixlE
PlvjvFX+4n/eIxtCHyV5hmPHb59lTO7Ka/bnZQhXO8Y7A2tq6J6dlLkxzQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJasLcPEIw8UV4G/WNYxqX6vmmxnMB8GA1UdIwQY
MBaAFJEYjKZMRnCm61a0KlChBYitlkfuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1JpTXBreEdjS2JyVnJRcVVLRUZpSzJXUi00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8zMWQ2YzEtMTE0Ni00NTg4LTgzOGQt
MTQ3MTc3YjgzN2RlLzEvbHF3dHc4UWpEeFJYZ2I5WTFqR3BmcS1hYkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8zMWQ2YzEtMTE0Ni00NTg4LTgzOGQtMTQ3MTc3YjgzN2Rl
LzEva1JpTXBreEdjS2JyVnJRcVVLRUZpSzJXUi00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDbUToAwQC
uWnkMA8EAgACMAkDBwEqC2vAAAAwDQYJKoZIhvcNAQELBQADggEBABY6TJk6Q8xY
kcvjuA561s8gBfjOf9c959+0iT99ZZst9l6nMT10+zgYC/KGsytXXoBCYHg50DiP
Vs34gj7yF9XGV734TKrl63PUyR/2gW5vxdoUPMDPO+w2gcCfhw5GT/pwjmFMOtyx
HrUVPAxTXGfU8iLER5HW0ahm3XC44mbq95PI3UuAiKKq6/LyR9f6xDGffp9qjP7i
pfDadE0/UKhv3fc8x+KZif4C0SM8C3Y/DOkZGzfsNxUzTCQSk5LidjyCugECON9A
5PC3Y+gl4/+GsV96pKkJyQCqvR90qmC5T0DkR6pcOVafSX/eG7h+1boHZtGlckWx
wyMB0hchSF8=
-----END CERTIFICATE-----