Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/eyKel2EoWZiijb3rkgo5Bc868e0.roa
File:                     eyKel2EoWZiijb3rkgo5Bc868e0.roa (raw, json)
Hash identifier:          foHP4sA2L0zI+d7L9c+4AoYSmks+1yxnysTKSmjb8GU=
Subject key identifier:   7B:22:9E:97:61:28:59:98:A2:8D:BD:EB:92:0A:39:05:CF:3A:F1:ED
Certificate issuer:       /CN=86cb742a03bc9c85507217a25204dfff82fccdf9
Certificate serial:       0188E2F07DDE824BD61C9DCBAC76E8A48C9C
Authority key identifier: 86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/eyKel2EoWZiijb3rkgo5Bc868e0.roa
Signing time:             Thu 22 Jun 2023 11:49:51 +0000
ROA not before:           Thu 22 Jun 2023 11:49:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44493
IP address blocks:        31.192.233.0/24 maxlen: 24
                          31.192.232.0/24 maxlen: 24
                          31.192.238.0/24 maxlen: 24
                          31.192.237.0/24 maxlen: 24
                          31.192.236.0/24 maxlen: 24
                          31.192.235.0/24 maxlen: 24
                          31.192.234.0/24 maxlen: 24
                          31.192.239.0/24 maxlen: 24
                          2a0a:eec0:6::/48 maxlen: 48
                          2a0a:eec0:5::/48 maxlen: 48
                          2a0a:eec0:3::/48 maxlen: 48
                          2a0a:eec0:4::/48 maxlen: 48
                          2a0a:eec0:7::/48 maxlen: 48
                          2a0a:eec0:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 23 Jun 2023 08:42:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e2:f0:7d:de:82:4b:d6:1c:9d:cb:ac:76:e8:a4:8c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cb742a03bc9c85507217a25204dfff82fccdf9
        Validity
            Not Before: Jun 22 11:49:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7b229e9761285998a28dbdeb920a3905cf3af1ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:fb:56:6e:19:1a:de:f1:00:36:5c:57:20:fe:
                    9d:33:45:a2:2f:8e:63:53:3f:af:4a:0b:8d:63:96:
                    17:fb:9e:f3:53:a7:8c:33:c5:dc:03:7a:0b:af:34:
                    7d:96:fb:de:4c:68:11:6d:41:e2:11:78:ec:4d:58:
                    a3:33:b4:45:4e:47:56:77:d7:6e:b9:55:10:30:36:
                    f6:78:58:48:8e:3f:aa:95:a7:90:80:af:55:62:e7:
                    ff:0a:5d:7e:64:ce:a8:3a:d1:1e:26:13:b2:38:78:
                    74:c8:f9:18:37:64:31:cb:84:d4:d1:1d:ae:62:09:
                    31:ab:b3:36:df:69:a0:47:f4:0d:7c:54:ac:b3:47:
                    20:ea:56:0b:1a:7d:e4:5e:5f:8e:bf:01:4e:b8:67:
                    f2:04:c2:7a:52:fc:39:73:76:b6:ae:3d:d7:17:0c:
                    94:61:87:e2:09:4b:59:70:b6:32:45:b4:93:95:53:
                    29:4d:84:ce:0d:77:ce:08:d1:24:af:55:70:79:ac:
                    f9:5c:e1:b1:b2:b6:ba:bb:cd:10:ab:af:d2:df:cd:
                    e9:3d:c3:d9:25:55:65:d1:3d:c1:8f:b6:ed:2e:85:
                    34:01:ae:51:10:25:42:e9:20:6c:1d:81:e7:f9:fe:
                    74:29:e7:f2:09:ec:23:32:4f:13:c6:77:01:40:32:
                    0a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:22:9E:97:61:28:59:98:A2:8D:BD:EB:92:0A:39:05:CF:3A:F1:ED
            X509v3 Authority Key Identifier:
                keyid:86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/eyKel2EoWZiijb3rkgo5Bc868e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.232.0/21
                IPv6:
                  2a0a:eec0:2::-2a0a:eec0:7:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         30:af:27:2a:af:02:24:e0:de:2b:c2:ea:c3:5d:de:30:13:cd:
         78:ba:d3:9c:63:60:cf:97:26:2e:4d:2f:82:2b:fb:4d:96:66:
         8d:f9:c9:a0:3a:20:05:de:be:a0:96:ab:5d:92:79:25:54:f8:
         cd:c6:38:ac:49:77:eb:45:3c:1b:06:0c:39:98:9a:f6:34:fc:
         56:3e:ce:13:ee:7b:3e:13:6a:f1:db:89:31:24:5b:a5:e8:b6:
         f4:19:10:11:2f:0b:34:0d:8b:38:20:dd:e3:d9:03:9a:78:df:
         54:89:74:b4:d5:65:31:27:0c:97:dc:60:b2:47:65:fb:c9:a1:
         c2:80:b9:11:70:61:14:9d:29:39:4f:90:c8:87:61:05:d2:0e:
         bf:4e:38:62:53:73:e8:3e:4e:ed:11:f4:43:6f:a4:7c:a3:aa:
         ff:04:76:4b:d3:8c:2c:f1:14:18:7c:5c:a8:8e:f6:4d:0d:01:
         74:de:a8:b3:a7:71:d8:19:bf:6f:13:87:0b:f8:d0:7f:e3:b1:
         15:25:d6:64:8d:60:fc:17:39:a1:19:71:15:f4:7e:bf:fe:41:
         60:ba:75:26:83:21:72:3d:7b:58:1d:14:1c:23:b2:a6:4e:9e:
         eb:68:da:d1:c9:55:09:57:ad:19:4c:35:12:1c:57:98:fe:39:
         fe:15:07:9a
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYji8H3egkvWHJ3LrHbopIycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2I3NDJhMDNiYzljODU1MDcyMTdhMjUyMDRkZmZmODJm
Y2NkZjkwHhcNMjMwNjIyMTE0OTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjIyOWU5NzYxMjg1OTk4YTI4ZGJkZWI5MjBhMzkwNWNmM2FmMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPtWbhka3vEANlxXIP6dM0WiL45j
Uz+vSguNY5YX+57zU6eMM8XcA3oLrzR9lvveTGgRbUHiEXjsTVijM7RFTkdWd9du
uVUQMDb2eFhIjj+qlaeQgK9VYuf/Cl1+ZM6oOtEeJhOyOHh0yPkYN2Qxy4TU0R2u
Ygkxq7M232mgR/QNfFSss0cg6lYLGn3kXl+OvwFOuGfyBMJ6Uvw5c3a2rj3XFwyU
YYfiCUtZcLYyRbSTlVMpTYTODXfOCNEkr1Vweaz5XOGxsra6u80Qq6/S383pPcPZ
JVVl0T3Bj7btLoU0Aa5RECVC6SBsHYHn+f50KefyCewjMk8TxncBQDIKMwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFHsinpdhKFmYoo2965IKOQXPOvHtMB8GA1UdIwQY
MBaAFIbLdCoDvJyFUHIXolIE3/+C/M35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgt
MDVmMThmYzIxMmE3LzEvZXlLZWwyRW9XWmlpamIzcmtnbzVCYzg2OGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgtMDVmMThmYzIxMmE3
LzEvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAMBAIAATAGAwQDH8DoMBoE
AgACMBQwEgMHASoK7sAAAgMHAyoK7sAAADANBgkqhkiG9w0BAQsFAAOCAQEAMK8n
Kq8CJODeK8Lqw13eMBPNeLrTnGNgz5cmLk0vgiv7TZZmjfnJoDogBd6+oJarXZJ5
JVT4zcY4rEl360U8GwYMOZia9jT8Vj7OE+57PhNq8duJMSRbpei29BkQES8LNA2L
OCDd49kDmnjfVIl0tNVlMScMl9xgskdl+8mhwoC5EXBhFJ0pOU+QyIdhBdIOv044
YlNz6D5O7RH0Q2+kfKOq/wR2S9OMLPEUGHxcqI72TQ0BdN6os6dx2Bm/bxOHC/jQ
f+OxFSXWZI1g/Bc5oRlxFfR+v/5BYLp1JoMhcj17WB0UHCOypk6e62ja0clVCVet
GUw1EhxXmP45/hUHmg==
-----END CERTIFICATE-----