Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/60d930-bd46-4517-ab0e-a6ce8355b2e0/1/Ulw5By7JKhbFwcfk-zNiuT56jIk.roa
File:                     Ulw5By7JKhbFwcfk-zNiuT56jIk.roa (raw, json)
Hash identifier:          pR2z3jqb+xKsh6ni/lS4UJU+V31725DzXZ+zPBalmN0=
Subject key identifier:   52:5C:39:07:2E:C9:2A:16:C5:C1:C7:E4:FB:33:62:B9:3E:7A:8C:89
Certificate issuer:       /CN=6d42cff18334b2ff76b15ad944a8a9135e90568c
Certificate serial:       01856D6F4A0CC68CB907B88DC644D2A406C9
Authority key identifier: 6D:42:CF:F1:83:34:B2:FF:76:B1:5A:D9:44:A8:A9:13:5E:90:56:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bULP8YM0sv92sVrZRKipE16QVow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/60d930-bd46-4517-ab0e-a6ce8355b2e0/1/Ulw5By7JKhbFwcfk-zNiuT56jIk.roa
Signing time:             Sun 01 Jan 2023 13:04:47 +0000
ROA not before:           Sun 01 Jan 2023 13:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198507
IP address blocks:        45.14.176.0/22 maxlen: 22
                          45.81.192.0/22 maxlen: 22
                          37.143.55.0/24 maxlen: 24
                          37.143.52.0/22 maxlen: 22
                          185.132.72.0/24 maxlen: 24
                          185.132.75.0/24 maxlen: 24
                          185.132.73.0/24 maxlen: 24
                          185.132.74.0/24 maxlen: 24
                          45.9.196.0/22 maxlen: 22
                          2a06:e040:7601::/48 maxlen: 48
                          2a06:e040:5901::/48 maxlen: 48
                          2a06:e040:3501::/48 maxlen: 48
                          2a06:e040:6900::/40 maxlen: 40
                          2a06:e040::/32 maxlen: 32
                          2a06:e043::/32 maxlen: 32
                          2a06:e040:3502::/48 maxlen: 48
                          2a06:e044:10::/48 maxlen: 48
                          2a06:e040:7603::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 13 May 2023 22:06:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:6f:4a:0c:c6:8c:b9:07:b8:8d:c6:44:d2:a4:06:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d42cff18334b2ff76b15ad944a8a9135e90568c
        Validity
            Not Before: Jan  1 13:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=525c39072ec92a16c5c1c7e4fb3362b93e7a8c89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e3:a9:a3:47:b7:43:dc:96:cc:f5:d6:46:1b:
                    ed:10:05:71:1d:44:7e:02:2d:f7:6e:a9:d2:44:2b:
                    82:71:e3:40:1d:7f:a8:49:f1:b7:8f:3f:a7:a6:35:
                    cc:86:96:7e:be:01:a0:d1:58:7b:67:72:bf:df:2e:
                    4c:e1:ba:5b:2c:61:60:0a:e0:48:48:db:8e:cc:08:
                    19:74:77:2f:1a:96:38:62:b5:d2:73:f8:c4:09:32:
                    f9:06:f9:2c:b8:95:75:37:23:dc:16:5b:59:15:72:
                    18:98:06:6a:26:3a:68:40:34:ec:dd:21:52:7a:e1:
                    0b:4c:24:28:15:6e:58:32:a8:8f:50:e5:fe:1c:41:
                    17:a3:50:a6:f5:a5:0b:fa:c4:7c:04:85:b1:49:48:
                    03:df:88:21:75:8d:de:b5:b6:be:8c:bb:a9:77:11:
                    68:86:c0:02:ef:a9:82:b1:55:0e:1e:c4:c1:53:68:
                    a7:60:61:14:8d:49:ba:94:96:02:78:53:22:3f:07:
                    7e:c7:52:44:51:0e:0d:a6:41:36:ca:fd:e6:d6:39:
                    10:a1:a3:5c:56:90:cb:d5:f6:8c:05:54:2c:62:c5:
                    85:b5:1e:b1:4d:04:08:57:c0:7d:7b:53:f9:1d:eb:
                    25:c9:57:80:59:65:58:42:8f:2e:dc:2b:27:0f:65:
                    28:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:5C:39:07:2E:C9:2A:16:C5:C1:C7:E4:FB:33:62:B9:3E:7A:8C:89
            X509v3 Authority Key Identifier:
                keyid:6D:42:CF:F1:83:34:B2:FF:76:B1:5A:D9:44:A8:A9:13:5E:90:56:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bULP8YM0sv92sVrZRKipE16QVow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/60d930-bd46-4517-ab0e-a6ce8355b2e0/1/Ulw5By7JKhbFwcfk-zNiuT56jIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/60d930-bd46-4517-ab0e-a6ce8355b2e0/1/bULP8YM0sv92sVrZRKipE16QVow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.52.0/22
                  45.9.196.0/22
                  45.14.176.0/22
                  45.81.192.0/22
                  185.132.72.0/22
                IPv6:
                  2a06:e040::/32
                  2a06:e043::/32
                  2a06:e044:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:f7:8a:71:84:66:2b:06:c6:61:af:de:7c:3c:2a:8c:11:46:
         86:16:be:47:43:75:b1:06:37:78:ce:a2:18:07:1e:08:60:e0:
         78:52:10:5a:f9:4f:22:34:34:30:93:06:d6:79:9b:4b:e8:04:
         e8:05:0c:d9:1a:b0:a4:dc:e3:4f:cb:d4:3b:87:96:08:ae:c8:
         b6:52:60:d2:b3:45:53:7d:e8:07:21:fa:1f:28:85:2e:36:40:
         65:9d:60:e2:94:8b:92:a6:fe:cf:6e:19:9a:14:73:b9:3f:4a:
         c2:9c:dd:8f:9e:0f:77:86:2f:4c:ed:8d:28:f6:06:83:af:21:
         91:86:6b:99:d2:a2:d1:87:e0:d1:fa:ea:b6:eb:8d:f9:16:94:
         c3:fe:c2:1f:69:4f:9e:63:31:db:0f:bc:46:3e:10:8d:55:83:
         da:3f:d7:ab:a6:f5:1e:64:3d:c8:e9:35:10:c2:6a:4c:c9:68:
         6c:9b:08:94:49:ac:15:18:2f:05:46:dc:7d:43:00:96:4d:d4:
         73:39:ad:c5:2a:ee:1b:f7:2b:be:74:0a:f5:cb:dd:36:01:23:
         3e:c1:4f:70:b8:a5:a4:15:23:a1:dc:b2:b6:ee:8a:ca:0a:b0:
         15:fb:c3:c1:46:e9:38:24:38:ee:91:71:06:b5:09:83:64:8d:
         dc:76:a1:66
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYVtb0oMxoy5B7iNxkTSpAbJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNDJjZmYxODMzNGIyZmY3NmIxNWFkOTQ0YThhOTEzNWU5
MDU2OGMwHhcNMjMwMTAxMTMwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjVjMzkwNzJlYzkyYTE2YzVjMWM3ZTRmYjMzNjJiOTNlN2E4Yzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquOpo0e3Q9yWzPXWRhvtEAVxHUR+
Ai33bqnSRCuCceNAHX+oSfG3jz+npjXMhpZ+vgGg0Vh7Z3K/3y5M4bpbLGFgCuBI
SNuOzAgZdHcvGpY4YrXSc/jECTL5BvksuJV1NyPcFltZFXIYmAZqJjpoQDTs3SFS
euELTCQoFW5YMqiPUOX+HEEXo1Cm9aUL+sR8BIWxSUgD34ghdY3etba+jLupdxFo
hsAC76mCsVUOHsTBU2inYGEUjUm6lJYCeFMiPwd+x1JEUQ4NpkE2yv3m1jkQoaNc
VpDL1faMBVQsYsWFtR6xTQQIV8B9e1P5HeslyVeAWWVYQo8u3CsnD2Uo0wIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFFJcOQcuySoWxcHH5PszYrk+eoyJMB8GA1UdIwQY
MBaAFG1Cz/GDNLL/drFa2USoqRNekFaMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlVMUDhZTTBzdjkyc1ZyWlJLaXBFMTZRVm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC82MGQ5MzAtYmQ0Ni00NTE3LWFiMGUt
YTZjZTgzNTViMmUwLzEvVWx3NUJ5N0pLaGJGd2Nmay16Tml1VDU2aklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC82MGQ5MzAtYmQ0Ni00NTE3LWFiMGUtYTZjZTgzNTViMmUw
LzEvYlVMUDhZTTBzdjkyc1ZyWlJLaXBFMTZRVm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAkBAIAATAeAwQCJY80AwQC
LQnEAwQCLQ6wAwQCLVHAAwQCuYRIMB0EAgACMBcDBQAqBuBAAwUAKgbgQwMHACoG
4EQAEDANBgkqhkiG9w0BAQsFAAOCAQEAZ/eKcYRmKwbGYa/efDwqjBFGhha+R0N1
sQY3eM6iGAceCGDgeFIQWvlPIjQ0MJMG1nmbS+gE6AUM2RqwpNzjT8vUO4eWCK7I
tlJg0rNFU33oByH6HyiFLjZAZZ1g4pSLkqb+z24ZmhRzuT9Kwpzdj54Pd4YvTO2N
KPYGg68hkYZrmdKi0Yfg0frqtuuN+RaUw/7CH2lPnmMx2w+8Rj4QjVWD2j/Xq6b1
HmQ9yOk1EMJqTMlobJsIlEmsFRgvBUbcfUMAlk3UczmtxSruG/crvnQK9cvdNgEj
PsFPcLilpBUjodyytu6KygqwFfvDwUbpOCQ47pFxBrUJg2SN3HahZg==
-----END CERTIFICATE-----