Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/eW3nYzAGZbCUHRNKOPxJkvhHqt8.roa
File:                     eW3nYzAGZbCUHRNKOPxJkvhHqt8.roa (raw, json)
Hash identifier:          j4REEf80T/F2RnQOz7jdrP0sldezzuFqdTt+9VabUGU=
Subject key identifier:   79:6D:E7:63:30:06:65:B0:94:1D:13:4A:38:FC:49:92:F8:47:AA:DF
Certificate issuer:       /CN=86cb742a03bc9c85507217a25204dfff82fccdf9
Certificate serial:       0188E8AD1433A7A321C58D308968CBEB6FD9
Authority key identifier: 86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/eW3nYzAGZbCUHRNKOPxJkvhHqt8.roa
Signing time:             Fri 23 Jun 2023 14:33:56 +0000
ROA not before:           Fri 23 Jun 2023 14:33:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44493
IP address blocks:        31.192.233.0/24 maxlen: 24
                          31.192.232.0/24 maxlen: 24
                          31.192.238.0/24 maxlen: 24
                          31.192.237.0/24 maxlen: 24
                          31.192.236.0/24 maxlen: 24
                          31.192.235.0/24 maxlen: 24
                          31.192.234.0/24 maxlen: 24
                          31.192.239.0/24 maxlen: 24
                          2a0a:eec0:6::/48 maxlen: 48
                          2a0a:eec0:5::/48 maxlen: 48
                          2a0a:eec0:3::/48 maxlen: 48
                          2a0a:eec0:4::/48 maxlen: 48
                          2a0a:eec0:7::/48 maxlen: 48
                          2a0a:eec0:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 28 Jun 2023 09:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e8:ad:14:33:a7:a3:21:c5:8d:30:89:68:cb:eb:6f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cb742a03bc9c85507217a25204dfff82fccdf9
        Validity
            Not Before: Jun 23 14:33:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=796de763300665b0941d134a38fc4992f847aadf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e8:ef:fb:d7:25:7e:42:05:4e:87:ca:6f:1a:
                    6c:e9:9c:b6:6c:c1:98:e0:10:40:e0:74:ba:5c:6a:
                    50:2e:f2:75:eb:be:5e:82:91:31:04:55:4c:85:de:
                    e6:56:be:01:55:89:1d:a5:40:d4:76:cf:ab:c0:29:
                    de:42:bc:3e:29:a9:7a:54:da:b3:2c:15:47:de:96:
                    56:76:9f:30:eb:cc:26:5b:ea:16:19:84:e8:e8:2e:
                    f2:fa:a8:ba:f6:83:aa:87:43:95:99:9c:2c:89:c9:
                    c1:b1:7a:16:40:7b:c8:7c:66:68:44:47:dd:a4:7e:
                    a1:d0:2e:5d:d5:43:91:64:8e:d0:a3:1e:cc:fb:6d:
                    83:be:bd:fb:72:cc:26:fe:08:41:5a:5d:42:61:f9:
                    78:56:f4:c2:db:82:62:99:1e:a8:c6:8c:ce:4c:5f:
                    54:dc:6a:42:ca:9b:35:da:03:f8:ca:a4:8c:45:f7:
                    74:05:13:4d:24:1f:eb:c9:24:7e:0e:4e:96:b5:51:
                    af:f3:9a:13:05:62:c5:87:c0:18:0b:e5:36:80:41:
                    d6:ae:42:f3:a0:5f:5d:27:0b:90:85:74:7a:12:c4:
                    11:79:9b:17:2f:64:13:3b:89:9b:15:4e:52:1c:7f:
                    9a:fe:69:04:fb:ab:ce:9c:ae:f5:06:f3:dd:42:36:
                    59:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:6D:E7:63:30:06:65:B0:94:1D:13:4A:38:FC:49:92:F8:47:AA:DF
            X509v3 Authority Key Identifier:
                keyid:86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/eW3nYzAGZbCUHRNKOPxJkvhHqt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.232.0/21
                IPv6:
                  2a0a:eec0:2::-2a0a:eec0:7:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         97:fd:ea:70:d9:8c:e3:63:c6:8d:f7:9a:e7:9b:20:17:83:37:
         7b:fb:e4:9d:7a:0f:04:b4:ef:2e:c8:bb:7f:59:ce:d2:d1:27:
         18:80:c8:e7:02:b4:2f:c7:39:a4:2a:42:66:50:c6:1e:ae:02:
         b1:5a:6e:78:83:6e:55:ca:ef:f6:e3:13:8c:57:c7:c7:d2:13:
         da:cf:02:1f:84:18:50:8c:83:91:f3:a1:31:f8:a8:6a:71:51:
         aa:99:02:c2:76:40:cc:63:63:7e:e1:96:3a:82:37:58:60:d1:
         f8:6f:35:c2:82:a2:0a:a1:e3:f4:93:32:4f:17:00:ba:11:cb:
         84:74:96:29:13:48:f4:38:aa:67:8e:af:70:24:6c:9e:b9:da:
         9a:11:a5:bd:bf:07:ba:d3:6d:2e:5f:ec:28:2c:56:a6:af:db:
         04:0e:ab:ef:22:27:a6:2f:9b:bd:68:fe:b5:f5:15:aa:57:23:
         af:41:bd:78:48:18:be:95:1e:1e:e8:a8:c0:ad:fa:fa:19:b2:
         8c:9c:9d:6a:8a:5d:67:5a:4e:cd:d7:f4:fb:d4:fd:93:64:9c:
         d4:1f:45:20:c3:84:a1:32:c8:a4:d9:13:0d:bf:07:e2:6c:e4:
         a3:a6:cd:e6:9f:39:5f:32:e3:e2:81:df:0c:a8:2e:b9:29:79:
         b6:3c:86:5b
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYjorRQzp6MhxY0wiWjL62/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2I3NDJhMDNiYzljODU1MDcyMTdhMjUyMDRkZmZmODJm
Y2NkZjkwHhcNMjMwNjIzMTQzMzU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTZkZTc2MzMwMDY2NWIwOTQxZDEzNGEzOGZjNDk5MmY4NDdhYWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgejv+9clfkIFTofKbxps6Zy2bMGY
4BBA4HS6XGpQLvJ1675egpExBFVMhd7mVr4BVYkdpUDUds+rwCneQrw+Kal6VNqz
LBVH3pZWdp8w68wmW+oWGYTo6C7y+qi69oOqh0OVmZwsicnBsXoWQHvIfGZoREfd
pH6h0C5d1UORZI7Qox7M+22Dvr37cswm/ghBWl1CYfl4VvTC24JimR6oxozOTF9U
3GpCyps12gP4yqSMRfd0BRNNJB/rySR+Dk6WtVGv85oTBWLFh8AYC+U2gEHWrkLz
oF9dJwuQhXR6EsQReZsXL2QTO4mbFU5SHH+a/mkE+6vOnK71BvPdQjZZ0QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFHlt52MwBmWwlB0TSjj8SZL4R6rfMB8GA1UdIwQY
MBaAFIbLdCoDvJyFUHIXolIE3/+C/M35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgt
MDVmMThmYzIxMmE3LzEvZVczbll6QUdaYkNVSFJOS09QeEprdmhIcXQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgtMDVmMThmYzIxMmE3
LzEvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAMBAIAATAGAwQDH8DoMBoE
AgACMBQwEgMHASoK7sAAAgMHAyoK7sAAADANBgkqhkiG9w0BAQsFAAOCAQEAl/3q
cNmM42PGjfea55sgF4M3e/vknXoPBLTvLsi7f1nO0tEnGIDI5wK0L8c5pCpCZlDG
Hq4CsVpueINuVcrv9uMTjFfHx9IT2s8CH4QYUIyDkfOhMfioanFRqpkCwnZAzGNj
fuGWOoI3WGDR+G81woKiCqHj9JMyTxcAuhHLhHSWKRNI9DiqZ46vcCRsnrnamhGl
vb8HutNtLl/sKCxWpq/bBA6r7yInpi+bvWj+tfUVqlcjr0G9eEgYvpUeHuiowK36
+hmyjJydaopdZ1pOzdf0+9T9k2Sc1B9FIMOEoTLIpNkTDb8H4mzko6bN5p85XzLj
4oHfDKguuSl5tjyGWw==
-----END CERTIFICATE-----