Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/DN9_DcuoVoucE0hpoqRx-03XYVU.roa
File:                     DN9_DcuoVoucE0hpoqRx-03XYVU.roa (raw, json)
Hash identifier:          zlddpQQ8NGqxmO9O2rv18Ah19zYy5qr9RcnGFRvYCSM=
Subject key identifier:   0C:DF:7F:0D:CB:A8:56:8B:9C:13:48:69:A2:A4:71:FB:4D:D7:61:55
Certificate issuer:       /CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
Certificate serial:       018EEB2750D6DA94C86E6EA0651307FAD740
Authority key identifier: 36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/DN9_DcuoVoucE0hpoqRx-03XYVU.roa
Signing time:             Wed 17 Apr 2024 08:23:26 +0000
ROA not before:           Wed 17 Apr 2024 08:23:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200373
IP address blocks:        65.111.0.0/19 maxlen: 19
                          95.141.242.0/24 maxlen: 24
                          104.167.24.0/21 maxlen: 21
                          104.207.32.0/19 maxlen: 19
                          2a0a:1f40::/32 maxlen: 32
                          2a0a:1f41::/32 maxlen: 32
                          2a13:3f80::/32 maxlen: 32
                          2a13:3f83::/32 maxlen: 32
                          2a13:3f84::/32 maxlen: 32
                          2a13:3f85::/32 maxlen: 32
                          2a13:3f86::/32 maxlen: 32
                          2a13:3f87::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 17 Apr 2024 14:06:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:eb:27:50:d6:da:94:c8:6e:6e:a0:65:13:07:fa:d7:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3622fc2f8ad8b008357dbe6f0195960c9de61bd5
        Validity
            Not Before: Apr 17 08:23:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cdf7f0dcba8568b9c134869a2a471fb4dd76155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:7e:5d:2c:f5:c9:8c:e1:14:58:5c:3d:10:00:
                    9a:76:8b:c9:11:ac:c2:71:12:be:03:0c:1d:06:15:
                    1d:70:3d:cb:3c:28:66:e3:bb:81:c5:e6:64:0f:65:
                    8e:1c:38:dc:48:34:e1:18:3f:21:cc:8f:a2:cc:12:
                    25:ff:94:29:da:08:b9:7f:1a:5f:3c:4a:e7:9c:95:
                    ab:34:be:f2:05:c7:6e:de:c2:0b:94:18:33:73:12:
                    b8:72:76:0d:4a:3c:51:92:07:ff:b5:be:df:ab:99:
                    61:39:8f:93:38:8e:23:2d:7d:23:b3:2b:f5:ea:80:
                    0b:d4:a2:df:d0:b5:bd:9f:d1:97:64:cf:f9:cf:a9:
                    05:b5:8a:85:84:5e:cb:d0:3b:8c:73:21:8c:88:6c:
                    72:73:46:f5:63:d5:02:6e:29:81:e2:5b:65:de:25:
                    6a:0f:8e:cf:70:68:67:f5:6a:05:b4:46:bf:da:be:
                    f2:ac:c4:99:fb:9b:a0:b5:ff:ec:8b:c0:91:4c:03:
                    13:74:f2:01:88:ef:26:6f:1b:d6:90:9d:ea:db:f3:
                    40:cb:27:23:07:50:e7:43:77:06:b9:c4:05:dd:38:
                    29:b8:46:dd:9e:a4:28:86:c7:06:36:7e:19:3a:84:
                    3b:b1:42:f0:2f:0a:c9:87:b3:28:ff:6a:b4:63:f3:
                    fa:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DF:7F:0D:CB:A8:56:8B:9C:13:48:69:A2:A4:71:FB:4D:D7:61:55
            X509v3 Authority Key Identifier:
                keyid:36:22:FC:2F:8A:D8:B0:08:35:7D:BE:6F:01:95:96:0C:9D:E6:1B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/DN9_DcuoVoucE0hpoqRx-03XYVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/f63e58-9efc-4082-82bb-08835dff6c4f/1/NiL8L4rYsAg1fb5vAZWWDJ3mG9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.111.0.0/19
                  95.141.242.0/24
                  104.167.24.0/21
                  104.207.32.0/19
                IPv6:
                  2a0a:1f40::/31
                  2a13:3f80::/32
                  2a13:3f83::-2a13:3f87:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         16:e7:36:90:58:82:dc:a9:39:64:5b:77:fc:c2:58:9b:23:c4:
         9f:2c:67:b6:03:af:dd:5d:42:54:98:61:06:9f:ed:50:89:ab:
         a8:eb:66:d9:d5:8a:c8:df:5a:03:7d:3f:69:6f:70:33:92:50:
         3b:ff:18:3e:2a:86:8e:79:74:d9:77:9d:be:41:91:a3:91:ad:
         fb:a3:48:93:f2:04:c5:5b:cb:a1:21:84:f3:cd:39:25:a0:e0:
         c8:a4:50:68:2c:21:2f:96:27:bf:4f:9d:3c:81:76:b6:2a:b5:
         49:e0:d2:7e:03:b0:59:2e:fd:d4:d8:35:2f:36:2c:b0:01:9d:
         ae:6c:66:1b:cb:9b:68:f5:18:5b:16:03:4f:9b:cb:0d:74:55:
         a5:b3:63:55:ec:dc:92:8b:69:f9:e1:b8:bc:f6:13:4c:86:d8:
         0a:2a:7f:8a:65:49:fd:2c:8c:20:65:cd:49:6b:4f:24:c3:e1:
         86:4d:c2:c3:87:0f:f3:08:f7:e5:fd:70:db:ef:16:e2:ca:d1:
         64:a3:a3:62:6a:11:84:3c:f4:02:a9:d1:e6:af:65:ff:0b:44:
         fb:8c:ca:8d:74:19:ef:cb:32:bb:85:ca:ce:96:f2:ba:2e:a5:
         21:e4:bd:55:30:d7:34:7a:96:97:c0:8d:a9:5f:0d:54:f5:91:
         74:b9:ab:3b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY7rJ1DW2pTIbm6gZRMH+tdAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjJmYzJmOGFkOGIwMDgzNTdkYmU2ZjAxOTU5NjBjOWRl
NjFiZDUwHhcNMjQwNDE3MDgyMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RmN2YwZGNiYTg1NjhiOWMxMzQ4NjlhMmE0NzFmYjRkZDc2MTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgn5dLPXJjOEUWFw9EACadovJEazC
cRK+AwwdBhUdcD3LPChm47uBxeZkD2WOHDjcSDThGD8hzI+izBIl/5Qp2gi5fxpf
PErnnJWrNL7yBcdu3sILlBgzcxK4cnYNSjxRkgf/tb7fq5lhOY+TOI4jLX0jsyv1
6oAL1KLf0LW9n9GXZM/5z6kFtYqFhF7L0DuMcyGMiGxyc0b1Y9UCbimB4ltl3iVq
D47PcGhn9WoFtEa/2r7yrMSZ+5ugtf/si8CRTAMTdPIBiO8mbxvWkJ3q2/NAyycj
B1DnQ3cGucQF3TgpuEbdnqQohscGNn4ZOoQ7sULwLwrJh7Mo/2q0Y/P67QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFAzffw3LqFaLnBNIaaKkcftN12FVMB8GA1UdIwQY
MBaAFDYi/C+K2LAINX2+bwGVlgyd5hvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmIt
MDg4MzVkZmY2YzRmLzEvRE45X0RjdW9Wb3VjRTBocG9xUngtMDNYWVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mNjNlNTgtOWVmYy00MDgyLTgyYmItMDg4MzVkZmY2YzRm
LzEvTmlMOEw0cllzQWcxZmI1dkFaV1dESjNtRzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAeBAIAATAYAwQFQW8AAwQA
X43yAwQDaKcYAwQFaM8gMCQEAgACMB4DBQEqCh9AAwUAKhM/gDAOAwUAKhM/gwMF
AyoTP4AwDQYJKoZIhvcNAQELBQADggEBABbnNpBYgtypOWRbd/zCWJsjxJ8sZ7YD
r91dQlSYYQaf7VCJq6jrZtnVisjfWgN9P2lvcDOSUDv/GD4qho55dNl3nb5BkaOR
rfujSJPyBMVby6EhhPPNOSWg4MikUGgsIS+WJ79PnTyBdrYqtUng0n4DsFku/dTY
NS82LLABna5sZhvLm2j1GFsWA0+byw10VaWzY1Xs3JKLafnhuLz2E0yG2Aoqf4pl
Sf0sjCBlzUlrTyTD4YZNwsOHD/MI9+X9cNvvFuLK0WSjo2JqEYQ89AKp0eavZf8L
RPuMyo10Ge/LMruFys6W8roupSHkvVUw1zR6lpfAjalfDVT1kXS5qzs=
-----END CERTIFICATE-----