Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/XXSt-ZL_ETiPa6BdYov89jikiO0.roa
File:                     XXSt-ZL_ETiPa6BdYov89jikiO0.roa (raw, json)
Hash identifier:          47xhIWuw9Vxs6S05tGsMK7mYjcujjSBOxyIxupZVd9A=
Subject key identifier:   5D:74:AD:F9:92:FF:11:38:8F:6B:A0:5D:62:8B:FC:F6:38:A4:88:ED
Certificate issuer:       /CN=5ebba0735a07e40ca32026278b2678678f8bacd9
Certificate serial:       018CFBB60C6AAA55F98485F114754F13D1B8
Authority key identifier: 5E:BB:A0:73:5A:07:E4:0C:A3:20:26:27:8B:26:78:67:8F:8B:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xrugc1oH5AyjICYniyZ4Z4-LrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/XXSt-ZL_ETiPa6BdYov89jikiO0.roa
Signing time:             Fri 12 Jan 2024 03:27:41 +0000
ROA not before:           Fri 12 Jan 2024 03:27:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48503
IP address blocks:        217.76.70.0/24 maxlen: 24
                          2a03:32c0:6::/48 maxlen: 48
                          2a03:32c0:7001::/48 maxlen: 48
                          2a03:32c0:5001::/48 maxlen: 48
                          2a03:32c0:6001::/48 maxlen: 48
                          2a03:32c0:3004::/48 maxlen: 48
                          2a03:32c0:7::/48 maxlen: 48
                          2a03:32c0:5002::/48 maxlen: 48
                          2a03:32c0:3005::/48 maxlen: 48
                          2a03:32c0:5000::/48 maxlen: 48
                          2a03:32c0:6000::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 15 Jan 2024 03:46:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fb:b6:0c:6a:aa:55:f9:84:85:f1:14:75:4f:13:d1:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ebba0735a07e40ca32026278b2678678f8bacd9
        Validity
            Not Before: Jan 12 03:27:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d74adf992ff11388f6ba05d628bfcf638a488ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:19:56:d9:e0:8b:fa:0d:39:34:6f:e3:4a:92:
                    11:30:ee:53:c3:8b:2a:61:c1:8e:c1:04:a5:30:5c:
                    bc:5e:56:cf:db:63:52:b1:8d:77:76:41:4e:e5:97:
                    aa:73:70:e5:bb:84:15:5c:5a:ba:11:bb:02:5a:ad:
                    35:01:65:35:74:ee:a1:17:8c:10:d3:58:c4:4d:33:
                    63:a8:c2:61:48:e2:df:c9:67:31:6f:01:c2:a9:63:
                    21:93:11:02:c4:6b:b1:97:0d:8a:54:bb:5e:00:2a:
                    08:dd:e8:60:80:b1:d3:6d:e7:e1:0c:b0:9d:b3:e6:
                    85:e3:b8:29:24:1f:06:9c:89:96:8f:e7:51:3e:cb:
                    a1:a3:63:e9:80:02:6e:02:ca:46:fb:da:db:82:27:
                    14:40:8b:6f:59:22:4e:3e:fc:11:18:eb:62:2b:0c:
                    58:ea:e4:39:26:05:e9:94:99:4a:c6:14:16:78:b0:
                    8b:3d:ed:72:03:40:f7:bf:ed:57:af:e4:8e:76:00:
                    c6:c8:88:99:7a:d4:82:88:2b:8e:fc:5e:90:9a:d7:
                    d9:71:bc:95:93:34:1a:b0:af:4f:3a:c5:84:2d:74:
                    77:13:0d:96:47:81:ed:92:8c:f9:35:9d:bd:8f:7e:
                    2e:af:5c:61:d1:a2:77:e2:d3:0c:e4:35:64:76:ee:
                    c4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:74:AD:F9:92:FF:11:38:8F:6B:A0:5D:62:8B:FC:F6:38:A4:88:ED
            X509v3 Authority Key Identifier:
                keyid:5E:BB:A0:73:5A:07:E4:0C:A3:20:26:27:8B:26:78:67:8F:8B:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xrugc1oH5AyjICYniyZ4Z4-LrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/XXSt-ZL_ETiPa6BdYov89jikiO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/6077d8-2877-4698-8040-3212b68584e9/1/Xrugc1oH5AyjICYniyZ4Z4-LrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.76.70.0/24
                IPv6:
                  2a03:32c0:6::/47
                  2a03:32c0:3004::/47
                  2a03:32c0:5000::-2a03:32c0:5002:ffff:ffff:ffff:ffff:ffff
                  2a03:32c0:6000::/47
                  2a03:32c0:7001::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:14:c0:73:d7:45:6d:8f:26:ce:10:1c:63:b1:30:9f:f5:5d:
         b6:6d:01:c2:7e:58:28:49:0e:7c:a7:ad:90:e8:03:cf:ba:41:
         1a:12:08:7c:12:05:da:07:80:0e:69:40:20:ea:23:15:c2:36:
         15:48:0a:97:3c:15:5f:2a:11:99:22:5c:7e:48:49:df:fe:82:
         34:7a:4d:ad:ac:56:90:ba:3f:27:a1:1c:49:92:25:a9:12:3f:
         a1:78:54:b7:d6:44:38:fb:55:52:b3:cc:ed:f1:7a:0f:44:2a:
         fb:5d:5c:34:9f:ac:77:0d:cf:0a:06:70:17:be:f3:cb:00:52:
         c1:8b:e2:cb:a6:66:7d:6a:75:49:cb:b1:92:a5:0a:ed:29:9d:
         86:2c:d4:5b:6f:14:6a:5a:c2:83:7f:b7:ea:72:b4:a3:a8:64:
         37:77:b9:de:78:92:f6:41:14:da:b9:13:8a:69:06:d8:e2:fa:
         30:39:b3:8c:f3:bb:1e:ba:56:09:85:b8:b3:2a:98:f4:91:b7:
         14:b1:bf:0c:26:30:b6:1e:80:16:8f:b0:0b:1f:31:af:e8:ed:
         9f:aa:da:9b:d4:9d:b9:5f:6b:cc:dc:ad:7d:bf:0a:f6:63:ec:
         4d:e8:5e:bc:a3:52:99:5a:3c:3c:0e:1e:bb:71:5c:97:04:e9:
         7a:45:03:01
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYz7tgxqqlX5hIXxFHVPE9G4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYmJhMDczNWEwN2U0MGNhMzIwMjYyNzhiMjY3ODY3OGY4
YmFjZDkwHhcNMjQwMTEyMDMyNzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDc0YWRmOTkyZmYxMTM4OGY2YmEwNWQ2MjhiZmNmNjM4YTQ4OGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBlW2eCL+g05NG/jSpIRMO5Tw4sq
YcGOwQSlMFy8XlbP22NSsY13dkFO5Zeqc3Dlu4QVXFq6EbsCWq01AWU1dO6hF4wQ
01jETTNjqMJhSOLfyWcxbwHCqWMhkxECxGuxlw2KVLteACoI3ehggLHTbefhDLCd
s+aF47gpJB8GnImWj+dRPsuho2PpgAJuAspG+9rbgicUQItvWSJOPvwRGOtiKwxY
6uQ5JgXplJlKxhQWeLCLPe1yA0D3v+1Xr+SOdgDGyIiZetSCiCuO/F6QmtfZcbyV
kzQasK9POsWELXR3Ew2WR4Htkoz5NZ29j34ur1xh0aJ34tMM5DVkdu7E9QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFF10rfmS/xE4j2ugXWKL/PY4pIjtMB8GA1UdIwQY
MBaAFF67oHNaB+QMoyAmJ4smeGePi6zZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHJ1Z2Mxb0g1QXlqSUNZbml5WjRaNC1Mck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC82MDc3ZDgtMjg3Ny00Njk4LTgwNDAt
MzIxMmI2ODU4NGU5LzEvWFhTdC1aTF9FVGlQYTZCZFlvdjg5amlraU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC82MDc3ZDgtMjg3Ny00Njk4LTgwNDAtMzIxMmI2ODU4NGU5
LzEvWHJ1Z2Mxb0g1QXlqSUNZbml5WjRaNC1Mck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTAMBAIAATAGAwQA2UxGMD0E
AgACMDcDBwEqAzLAAAYDBwEqAzLAMAQwEQMGBCoDMsBQAwcAKgMywFACAwcBKgMy
wGAAAwcAKgMywHABMA0GCSqGSIb3DQEBCwUAA4IBAQBnFMBz10VtjybOEBxjsTCf
9V22bQHCflgoSQ58p62Q6APPukEaEgh8EgXaB4AOaUAg6iMVwjYVSAqXPBVfKhGZ
Ilx+SEnf/oI0ek2trFaQuj8noRxJkiWpEj+heFS31kQ4+1VSs8zt8XoPRCr7XVw0
n6x3Dc8KBnAXvvPLAFLBi+LLpmZ9anVJy7GSpQrtKZ2GLNRbbxRqWsKDf7fqcrSj
qGQ3d7neeJL2QRTauROKaQbY4vowObOM87seulYJhbizKpj0kbcUsb8MJjC2HoAW
j7ALHzGv6O2fqtqb1J25X2vM3K19vwr2Y+xN6F68o1KZWjw8Dh67cVyXBOl6RQMB
-----END CERTIFICATE-----