Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/12fc9e-ea3b-41c0-950e-4475a9bf250e/1/izKZNVtwBLIGjhACIyDm7xlP2oA.roa
File:                     izKZNVtwBLIGjhACIyDm7xlP2oA.roa (raw, json)
Hash identifier:          NZP+d/zhHs1rmKR+5LUX5yGOuhJaAs9irPLiKJCM0B0=
Subject key identifier:   8B:32:99:35:5B:70:04:B2:06:8E:10:02:23:20:E6:EF:19:4F:DA:80
Certificate issuer:       /CN=593b53fb9306346f272494928d77839cbaf9ddc7
Certificate serial:       0188049983BFC8EB71352600FB37526118C2
Authority key identifier: 59:3B:53:FB:93:06:34:6F:27:24:94:92:8D:77:83:9C:BA:F9:DD:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WTtT-5MGNG8nJJSSjXeDnLr53cc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/12fc9e-ea3b-41c0-950e-4475a9bf250e/1/izKZNVtwBLIGjhACIyDm7xlP2oA.roa
Signing time:             Wed 10 May 2023 07:39:09 +0000
ROA not before:           Wed 10 May 2023 07:39:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12417
IP address blocks:        185.220.24.0/24 maxlen: 24
                          185.220.24.0/22 maxlen: 24
                          185.220.27.0/24 maxlen: 24
                          185.220.25.0/24 maxlen: 24
                          91.234.46.0/24 maxlen: 24
                          178.218.163.0/24 maxlen: 24
                          178.218.160.0/20 maxlen: 24
                          178.218.170.0/24 maxlen: 24
                          178.218.171.0/24 maxlen: 24
                          178.218.172.0/24 maxlen: 24
                          178.218.173.0/24 maxlen: 24
                          178.218.174.0/24 maxlen: 24
                          2a0b:ee41::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:04:99:83:bf:c8:eb:71:35:26:00:fb:37:52:61:18:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=593b53fb9306346f272494928d77839cbaf9ddc7
        Validity
            Not Before: May 10 07:39:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b3299355b7004b2068e10022320e6ef194fda80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f5:e2:c3:82:29:ee:b0:66:91:d0:00:25:ee:
                    be:85:41:18:3b:1d:fb:06:17:67:fb:83:a7:c2:2a:
                    1f:93:89:e3:2b:6c:31:e7:3f:cf:81:48:68:9c:a1:
                    b7:c8:54:e2:74:97:68:88:93:07:19:74:dd:e6:b5:
                    d8:2f:6c:19:ba:e9:75:53:d5:bc:7e:ca:7f:26:e8:
                    a6:ca:86:aa:1d:3e:ff:4d:ed:9c:73:8c:c5:f2:4b:
                    f7:87:27:2a:60:71:19:7d:bc:fa:ed:d8:a8:35:94:
                    f2:c7:5b:6e:ba:36:5d:4e:5c:01:ae:80:98:2d:66:
                    04:4c:8e:6f:8b:28:df:90:6e:43:69:2a:e1:5b:f6:
                    db:93:2f:ab:eb:96:7a:fe:0f:8e:2e:00:11:66:95:
                    5a:5e:8e:12:0d:b9:47:82:36:64:f2:b8:db:46:40:
                    cf:a3:49:2a:53:98:4b:50:98:33:8a:2a:1c:31:d3:
                    59:1d:46:e6:b1:74:3a:d2:43:98:cd:91:3a:18:83:
                    92:20:ac:f8:b4:83:b2:3b:e6:51:71:3b:f3:de:88:
                    5f:4b:6e:ba:a2:72:b8:6a:19:30:d7:5c:7d:55:dd:
                    b3:45:23:7b:11:d4:f7:24:5b:b9:46:ba:51:01:48:
                    77:26:99:45:73:30:26:a8:7e:69:d7:d9:29:9a:60:
                    e6:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:32:99:35:5B:70:04:B2:06:8E:10:02:23:20:E6:EF:19:4F:DA:80
            X509v3 Authority Key Identifier:
                keyid:59:3B:53:FB:93:06:34:6F:27:24:94:92:8D:77:83:9C:BA:F9:DD:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WTtT-5MGNG8nJJSSjXeDnLr53cc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/12fc9e-ea3b-41c0-950e-4475a9bf250e/1/izKZNVtwBLIGjhACIyDm7xlP2oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/12fc9e-ea3b-41c0-950e-4475a9bf250e/1/WTtT-5MGNG8nJJSSjXeDnLr53cc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.46.0/24
                  178.218.160.0/20
                  185.220.24.0/22
                IPv6:
                  2a0b:ee41::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:a7:31:1f:bf:07:10:6b:70:55:e1:c8:90:82:fd:7f:3e:da:
         2c:d9:59:87:35:8a:7b:ee:a8:07:2e:08:36:91:51:73:61:24:
         01:be:64:ad:f3:0f:fd:85:02:3b:e4:12:9b:c8:e4:ea:72:12:
         40:0a:84:52:49:49:75:50:80:ea:d0:d7:5f:7d:ae:f2:c3:29:
         12:4e:ca:bf:08:00:00:8a:4b:eb:08:e8:49:49:ea:23:b6:ab:
         13:14:00:7e:1d:9d:1f:60:de:29:24:09:a8:cc:00:8c:0f:9c:
         18:ed:6a:15:cc:2d:79:d5:d4:1c:7c:74:20:0c:87:a9:93:26:
         26:0f:62:94:14:fa:5b:62:ea:48:6b:7e:05:a1:53:a3:c0:07:
         30:60:04:e2:59:d8:7b:fd:d6:54:9d:0e:17:b7:d1:34:c0:da:
         3d:99:dc:a3:f7:a9:c7:99:29:48:0d:5b:4d:12:df:e1:3a:03:
         4b:1c:44:5d:4e:73:2e:3f:07:62:06:31:18:c1:96:e5:76:85:
         95:12:81:a1:6d:58:08:04:c8:38:86:5d:5f:34:96:4c:67:b3:
         82:59:21:9d:54:f5:a7:02:86:8b:8b:dc:4d:53:1c:7d:57:15:
         64:01:ac:70:64:c3:79:a5:49:0d:97:f5:9f:6f:e4:1d:ab:8d:
         c7:b4:3f:01
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYgEmYO/yOtxNSYA+zdSYRjCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5M2I1M2ZiOTMwNjM0NmYyNzI0OTQ5MjhkNzc4MzljYmFm
OWRkYzcwHhcNMjMwNTEwMDczOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjMyOTkzNTViNzAwNGIyMDY4ZTEwMDIyMzIwZTZlZjE5NGZkYTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/Xiw4Ip7rBmkdAAJe6+hUEYOx37
Bhdn+4Onwiofk4njK2wx5z/PgUhonKG3yFTidJdoiJMHGXTd5rXYL2wZuul1U9W8
fsp/JuimyoaqHT7/Te2cc4zF8kv3hycqYHEZfbz67dioNZTyx1tuujZdTlwBroCY
LWYETI5viyjfkG5DaSrhW/bbky+r65Z6/g+OLgARZpVaXo4SDblHgjZk8rjbRkDP
o0kqU5hLUJgziiocMdNZHUbmsXQ60kOYzZE6GIOSIKz4tIOyO+ZRcTvz3ohfS266
onK4ahkw11x9Vd2zRSN7EdT3JFu5RrpRAUh3JplFczAmqH5p19kpmmDm/wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIsymTVbcASyBo4QAiMg5u8ZT9qAMB8GA1UdIwQY
MBaAFFk7U/uTBjRvJySUko13g5y6+d3HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1R0VC01TUdORzhuSkpTU2pYZURuTHI1M2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMmZjOWUtZWEzYi00MWMwLTk1MGUt
NDQ3NWE5YmYyNTBlLzEvaXpLWk5WdHdCTElHamhBQ0l5RG03eGxQMm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMmZjOWUtZWEzYi00MWMwLTk1MGUtNDQ3NWE5YmYyNTBl
LzEvV1R0VC01TUdORzhuSkpTU2pYZURuTHI1M2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAW+ouAwQE
stqgAwQCudwYMA0EAgACMAcDBQAqC+5BMA0GCSqGSIb3DQEBCwUAA4IBAQBapzEf
vwcQa3BV4ciQgv1/Ptos2VmHNYp77qgHLgg2kVFzYSQBvmSt8w/9hQI75BKbyOTq
chJACoRSSUl1UIDq0Ndffa7ywykSTsq/CAAAikvrCOhJSeojtqsTFAB+HZ0fYN4p
JAmozACMD5wY7WoVzC151dQcfHQgDIepkyYmD2KUFPpbYupIa34FoVOjwAcwYATi
Wdh7/dZUnQ4Xt9E0wNo9mdyj96nHmSlIDVtNEt/hOgNLHERdTnMuPwdiBjEYwZbl
doWVEoGhbVgIBMg4hl1fNJZMZ7OCWSGdVPWnAoaLi9xNUxx9VxVkAaxwZMN5pUkN
l/Wfb+Qdq43HtD8B
-----END CERTIFICATE-----