Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/8d3895-65c2-4b8e-a547-8ad74cc6a6b9/1/C6SwaL8IqR5ybXu4o7AQXCSpeOs.roa
File:                     C6SwaL8IqR5ybXu4o7AQXCSpeOs.roa (raw, json)
Hash identifier:          pLx/CoqmxXeCF5C/HiNwdtK5XSX49vmqVXoeygU1m6s=
Subject key identifier:   0B:A4:B0:68:BF:08:A9:1E:72:6D:7B:B8:A3:B0:10:5C:24:A9:78:EB
Certificate issuer:       /CN=5dab456a051d4a93788bef4fac0d07bdc0c9f0cf
Certificate serial:       01856FD4E135F5DF4F583E06D5989020CD54
Authority key identifier: 5D:AB:45:6A:05:1D:4A:93:78:8B:EF:4F:AC:0D:07:BD:C0:C9:F0:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XatFagUdSpN4i-9PrA0HvcDJ8M8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/8d3895-65c2-4b8e-a547-8ad74cc6a6b9/1/C6SwaL8IqR5ybXu4o7AQXCSpeOs.roa
Signing time:             Mon 02 Jan 2023 00:15:00 +0000
ROA not before:           Mon 02 Jan 2023 00:15:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60502
IP address blocks:        185.221.226.0/23 maxlen: 23
                          185.221.224.0/22 maxlen: 22
                          185.221.224.0/23 maxlen: 23
                          2a0c:5003::/32 maxlen: 32
                          2a0c:5000::/30 maxlen: 30
                          2a0c:5000:3072::/48 maxlen: 48
                          2a0c:5000:3082::/48 maxlen: 48
                          2a0c:5000::/32 maxlen: 32
                          2a0c:5000::/48 maxlen: 48
                          2a0c:5000:3084::/48 maxlen: 48
                          2a0c:5001::/32 maxlen: 32
                          2a0c:5000:225::/48 maxlen: 48
                          2a0c:5000:3083::/48 maxlen: 48
                          2a0c:5000:3073::/48 maxlen: 48
                          2a0c:5002::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:d4:e1:35:f5:df:4f:58:3e:06:d5:98:90:20:cd:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dab456a051d4a93788bef4fac0d07bdc0c9f0cf
        Validity
            Not Before: Jan  2 00:15:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0ba4b068bf08a91e726d7bb8a3b0105c24a978eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:36:0c:16:48:5b:77:bf:4f:d2:78:37:82:8e:
                    dd:da:7e:cf:b2:db:db:3d:e2:4d:05:69:29:26:94:
                    4e:07:32:55:12:30:d0:f4:ec:34:39:e1:f7:fc:f4:
                    b9:d7:3b:6a:1e:4d:3d:eb:ba:76:dd:65:6e:40:95:
                    24:8a:8f:38:72:77:d3:67:f7:d9:fe:f0:68:30:07:
                    b8:e1:07:3d:5d:36:90:49:69:33:37:95:b1:4b:aa:
                    62:fa:ac:e3:07:a5:47:36:b9:29:ca:a4:27:6e:87:
                    82:bb:d1:be:c3:62:ec:25:f0:b8:3a:20:44:23:af:
                    3f:4e:6a:9d:37:b5:0d:6c:bf:85:98:d6:f7:43:d8:
                    74:2c:6a:28:4e:f6:b7:e9:95:9c:7d:0e:90:c7:65:
                    bd:3b:eb:6a:28:36:83:7c:92:6b:55:41:ae:ea:01:
                    34:1a:67:1f:27:aa:56:e4:e1:70:bc:8b:60:5b:56:
                    c2:cb:ae:c4:9b:6c:39:d5:3d:eb:c9:2d:d7:65:24:
                    81:06:73:38:31:4f:5d:91:99:4c:4d:36:af:44:d3:
                    b1:32:69:ac:2c:df:a9:7d:33:1a:27:25:cf:26:94:
                    0c:64:d2:af:8b:8f:15:a4:72:62:c6:1e:63:02:5b:
                    d9:d4:ff:ac:11:2c:a1:84:50:c8:eb:54:79:d8:30:
                    14:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:A4:B0:68:BF:08:A9:1E:72:6D:7B:B8:A3:B0:10:5C:24:A9:78:EB
            X509v3 Authority Key Identifier:
                keyid:5D:AB:45:6A:05:1D:4A:93:78:8B:EF:4F:AC:0D:07:BD:C0:C9:F0:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XatFagUdSpN4i-9PrA0HvcDJ8M8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/8d3895-65c2-4b8e-a547-8ad74cc6a6b9/1/C6SwaL8IqR5ybXu4o7AQXCSpeOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/8d3895-65c2-4b8e-a547-8ad74cc6a6b9/1/XatFagUdSpN4i-9PrA0HvcDJ8M8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.224.0/22
                IPv6:
                  2a0c:5000::/30

    Signature Algorithm: sha256WithRSAEncryption
         6a:db:38:a9:4d:7f:41:16:cf:73:f6:00:c1:22:3e:df:79:d1:
         65:f1:b9:97:2f:e3:a9:c5:b9:f5:34:ac:df:c6:c5:20:95:08:
         05:be:d3:62:4a:96:7e:01:e1:fe:f2:aa:d3:aa:62:24:a8:b3:
         6d:eb:1a:57:0b:49:9b:d5:0c:6f:36:cc:4d:26:e5:66:07:d2:
         8c:99:cb:b5:27:42:eb:20:13:6b:24:ae:d7:2f:d7:81:db:6f:
         99:ca:e3:df:e5:cf:36:ca:55:6c:9c:99:38:0a:58:61:75:45:
         82:56:a2:22:87:fd:7e:45:83:db:7b:89:32:ce:3d:e4:e8:7d:
         07:1e:ba:1d:7d:dd:21:d2:da:25:e5:7b:64:59:97:fc:0d:34:
         f7:7b:c0:de:bc:78:3b:24:f2:30:61:b3:89:70:2a:cb:34:e6:
         e2:01:54:34:b5:c1:8c:6f:50:37:c9:f7:91:ee:59:61:51:14:
         8a:2e:76:4d:17:b0:fe:f2:83:72:f9:12:b7:4e:af:6e:63:50:
         8b:5a:39:b3:57:1e:0a:60:37:37:72:7d:84:4f:86:f1:21:aa:
         64:6f:0e:c4:ef:9c:c9:7d:84:51:46:7f:a5:86:37:c7:47:a1:
         04:4d:4a:e4:c5:2e:6a:7a:df:76:b3:37:f2:43:0f:6c:57:08:
         69:0a:76:3e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVv1OE19d9PWD4G1ZiQIM1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYWI0NTZhMDUxZDRhOTM3ODhiZWY0ZmFjMGQwN2JkYzBj
OWYwY2YwHhcNMjMwMTAyMDAxNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmE0YjA2OGJmMDhhOTFlNzI2ZDdiYjhhM2IwMTA1YzI0YTk3OGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDYMFkhbd79P0ng3go7d2n7Pstvb
PeJNBWkpJpROBzJVEjDQ9Ow0OeH3/PS51ztqHk0967p23WVuQJUkio84cnfTZ/fZ
/vBoMAe44Qc9XTaQSWkzN5WxS6pi+qzjB6VHNrkpyqQnboeCu9G+w2LsJfC4OiBE
I68/TmqdN7UNbL+FmNb3Q9h0LGooTva36ZWcfQ6Qx2W9O+tqKDaDfJJrVUGu6gE0
GmcfJ6pW5OFwvItgW1bCy67Em2w51T3ryS3XZSSBBnM4MU9dkZlMTTavRNOxMmms
LN+pfTMaJyXPJpQMZNKvi48VpHJixh5jAlvZ1P+sESyhhFDI61R52DAUUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAuksGi/CKkecm17uKOwEFwkqXjrMB8GA1UdIwQY
MBaAFF2rRWoFHUqTeIvvT6wNB73AyfDPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGF0RmFnVWRTcE40aS05UHJBMEh2Y0RKOE04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi84ZDM4OTUtNjVjMi00YjhlLWE1NDct
OGFkNzRjYzZhNmI5LzEvQzZTd2FMOElxUjV5Ylh1NG83QVFYQ1NwZU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi84ZDM4OTUtNjVjMi00YjhlLWE1NDctOGFkNzRjYzZhNmI5
LzEvWGF0RmFnVWRTcE40aS05UHJBMEh2Y0RKOE04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud3gMA0E
AgACMAcDBQIqDFAAMA0GCSqGSIb3DQEBCwUAA4IBAQBq2zipTX9BFs9z9gDBIj7f
edFl8bmXL+Opxbn1NKzfxsUglQgFvtNiSpZ+AeH+8qrTqmIkqLNt6xpXC0mb1Qxv
NsxNJuVmB9KMmcu1J0LrIBNrJK7XL9eB22+ZyuPf5c82ylVsnJk4ClhhdUWCVqIi
h/1+RYPbe4kyzj3k6H0HHrodfd0h0tol5XtkWZf8DTT3e8DevHg7JPIwYbOJcCrL
NObiAVQ0tcGMb1A3yfeR7llhURSKLnZNF7D+8oNy+RK3Tq9uY1CLWjmzVx4KYDc3
cn2ET4bxIapkbw7E75zJfYRRRn+lhjfHR6EETUrkxS5qet92szfyQw9sVwhpCnY+
-----END CERTIFICATE-----