Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/1177a2-219c-4b60-b901-b856db33c6c6/1/h0SWG01Z9cNeXRD0xVhuBU3cPpM.roa
File:                     h0SWG01Z9cNeXRD0xVhuBU3cPpM.roa (raw, json)
Hash identifier:          IvF4IHrMtPjgpyS79TpY00uj7kwS5FrFz/EJ6Pl7WpY=
Subject key identifier:   87:44:96:1B:4D:59:F5:C3:5E:5D:10:F4:C5:58:6E:05:4D:DC:3E:93
Certificate issuer:       /CN=8e52a3954e30e4753e2e00a0ef816966d6d60db6
Certificate serial:       01857246C85E4E1DB83BA9B96CF9158C72C1
Authority key identifier: 8E:52:A3:95:4E:30:E4:75:3E:2E:00:A0:EF:81:69:66:D6:D6:0D:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jlKjlU4w5HU-LgCg74FpZtbWDbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/1177a2-219c-4b60-b901-b856db33c6c6/1/h0SWG01Z9cNeXRD0xVhuBU3cPpM.roa
Signing time:             Mon 02 Jan 2023 11:38:39 +0000
ROA not before:           Mon 02 Jan 2023 11:38:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205697
IP address blocks:        195.216.234.0/24 maxlen: 24
                          195.216.238.0/24 maxlen: 24
                          185.161.98.0/24 maxlen: 24
                          185.161.96.0/22 maxlen: 24
                          185.161.96.0/24 maxlen: 24
                          195.216.245.0/24 maxlen: 24
                          185.161.97.0/24 maxlen: 24
                          195.216.247.0/24 maxlen: 24
                          185.161.99.0/24 maxlen: 24
                          2a0b:ef01::/32 maxlen: 32
                          2a0b:ef04::/32 maxlen: 32
                          2a0b:ef05::/32 maxlen: 32
                          2a0b:ef02::/32 maxlen: 32
                          2a0b:ef00::/29 maxlen: 32
                          2a0b:ef03::/32 maxlen: 32
                          2a0b:ef07::/32 maxlen: 32
                          2a0b:ef00::/32 maxlen: 32
                          2a0b:ef06::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:46:c8:5e:4e:1d:b8:3b:a9:b9:6c:f9:15:8c:72:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e52a3954e30e4753e2e00a0ef816966d6d60db6
        Validity
            Not Before: Jan  2 11:38:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8744961b4d59f5c35e5d10f4c5586e054ddc3e93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:52:24:9e:b3:2d:97:25:4f:fd:95:c0:59:fe:
                    c6:fa:98:03:50:66:fa:a7:83:bd:30:8f:6a:ed:b9:
                    19:b8:18:23:6a:53:b9:45:be:31:fe:7c:bb:ab:63:
                    c2:93:c3:34:56:2d:ff:68:5b:c3:d5:f9:23:68:95:
                    62:dd:43:13:1c:c8:2f:82:4a:a6:ea:60:0b:4e:08:
                    14:4a:ac:6c:15:bf:1c:52:98:00:f8:ae:1f:ca:97:
                    3c:74:f2:a4:e8:69:34:ef:63:6e:ef:7e:01:eb:c4:
                    61:a1:b0:4a:66:6e:da:23:4a:f3:b3:96:64:c8:23:
                    19:80:fa:0c:e5:33:94:0e:f3:66:59:6f:ba:45:c9:
                    84:3e:d4:ea:87:fa:91:b7:1a:eb:e2:45:5f:32:7a:
                    72:3e:ac:61:a8:cb:8c:7f:d9:2b:94:2b:9c:c3:3a:
                    a1:f7:91:a8:6e:9a:84:de:15:17:a3:85:31:fc:70:
                    db:77:f8:93:02:3b:fd:c9:a2:b4:17:f5:0d:ef:98:
                    8d:e7:b8:46:50:a9:5b:b5:a7:7b:b9:e2:7c:a0:68:
                    0a:98:40:b0:6a:fc:74:48:56:4f:80:d9:16:48:5a:
                    4a:04:87:c8:d5:a7:9e:46:29:1a:b6:02:5d:75:6a:
                    1c:c7:a5:c6:08:42:7a:60:7f:7f:81:b6:e3:dd:a6:
                    88:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:44:96:1B:4D:59:F5:C3:5E:5D:10:F4:C5:58:6E:05:4D:DC:3E:93
            X509v3 Authority Key Identifier:
                keyid:8E:52:A3:95:4E:30:E4:75:3E:2E:00:A0:EF:81:69:66:D6:D6:0D:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jlKjlU4w5HU-LgCg74FpZtbWDbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/1177a2-219c-4b60-b901-b856db33c6c6/1/h0SWG01Z9cNeXRD0xVhuBU3cPpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/1177a2-219c-4b60-b901-b856db33c6c6/1/jlKjlU4w5HU-LgCg74FpZtbWDbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.96.0/22
                  195.216.234.0/24
                  195.216.238.0/24
                  195.216.245.0/24
                  195.216.247.0/24
                IPv6:
                  2a0b:ef00::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:68:e4:1e:9c:38:8f:a9:fa:a1:25:0a:93:13:ef:dc:f8:dd:
         e0:ad:51:df:4b:04:f5:81:67:f0:3c:eb:02:19:b3:2f:52:b0:
         b4:5d:4d:7d:fd:0b:a7:f1:8f:bc:f5:c3:d8:07:59:06:07:85:
         37:3f:6a:10:25:ea:0a:75:79:0a:17:05:fe:8c:14:1b:a8:5d:
         b7:46:f6:d5:86:e0:27:87:b2:42:2f:ef:cb:f2:95:14:53:7c:
         31:de:c0:9e:76:b8:ea:32:e9:5f:eb:f2:0c:c2:c3:07:90:f7:
         d4:ef:03:b3:f5:44:fe:c4:c7:b3:17:27:01:5f:a6:65:15:7c:
         97:c4:42:b4:67:b1:92:79:8c:44:03:1c:f7:49:5a:c3:f3:34:
         6c:dd:ec:07:f6:46:cf:49:83:3b:f3:b9:3a:07:38:d9:f0:88:
         98:46:c2:c3:ba:23:7e:0f:b5:68:bd:01:ea:9f:8c:5e:77:99:
         1c:3e:34:43:28:72:f0:59:cf:f5:91:5b:ff:44:ce:94:62:a2:
         ae:6b:30:cb:59:a2:61:ca:33:71:fc:d4:9d:66:49:ae:76:4e:
         77:76:2e:60:21:20:be:6f:83:5d:90:a9:fb:99:9d:76:a0:38:
         9b:31:ab:04:d3:67:7f:c7:15:33:2d:45:6d:71:49:4c:7e:f0:
         16:09:33:d6
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVyRsheTh24O6m5bPkVjHLBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNTJhMzk1NGUzMGU0NzUzZTJlMDBhMGVmODE2OTY2ZDZk
NjBkYjYwHhcNMjMwMTAyMTEzODM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzQ0OTYxYjRkNTlmNWMzNWU1ZDEwZjRjNTU4NmUwNTRkZGMzZTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1IknrMtlyVP/ZXAWf7G+pgDUGb6
p4O9MI9q7bkZuBgjalO5Rb4x/ny7q2PCk8M0Vi3/aFvD1fkjaJVi3UMTHMgvgkqm
6mALTggUSqxsFb8cUpgA+K4fypc8dPKk6Gk072Nu734B68RhobBKZm7aI0rzs5Zk
yCMZgPoM5TOUDvNmWW+6RcmEPtTqh/qRtxrr4kVfMnpyPqxhqMuMf9krlCucwzqh
95GobpqE3hUXo4Ux/HDbd/iTAjv9yaK0F/UN75iN57hGUKlbtad7ueJ8oGgKmECw
avx0SFZPgNkWSFpKBIfI1aeeRikatgJddWocx6XGCEJ6YH9/gbbj3aaIXQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFIdElhtNWfXDXl0Q9MVYbgVN3D6TMB8GA1UdIwQY
MBaAFI5So5VOMOR1Pi4AoO+BaWbW1g22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamxLamxVNHc1SFUtTGdDZzc0RnBadGJXRGJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMTc3YTItMjE5Yy00YjYwLWI5MDEt
Yjg1NmRiMzNjNmM2LzEvaDBTV0cwMVo5Y05lWFJEMHhWaHVCVTNjUHBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMTc3YTItMjE5Yy00YjYwLWI5MDEtYjg1NmRiMzNjNmM2
LzEvamxLamxVNHc1SFUtTGdDZzc0RnBadGJXRGJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuaFgAwQA
w9jqAwQAw9juAwQAw9j1AwQAw9j3MA0EAgACMAcDBQMqC+8AMA0GCSqGSIb3DQEB
CwUAA4IBAQCSaOQenDiPqfqhJQqTE+/c+N3grVHfSwT1gWfwPOsCGbMvUrC0XU19
/Qun8Y+89cPYB1kGB4U3P2oQJeoKdXkKFwX+jBQbqF23RvbVhuAnh7JCL+/L8pUU
U3wx3sCedrjqMulf6/IMwsMHkPfU7wOz9UT+xMezFycBX6ZlFXyXxEK0Z7GSeYxE
Axz3SVrD8zRs3ewH9kbPSYM787k6BzjZ8IiYRsLDuiN+D7VovQHqn4xed5kcPjRD
KHLwWc/1kVv/RM6UYqKuazDLWaJhyjNx/NSdZkmudk53di5gISC+b4NdkKn7mZ12
oDibMasE02d/xxUzLUVtcUlMfvAWCTPW
-----END CERTIFICATE-----