Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/Ak3YMn6DxVc4yI1I7sGjsEU-eD4.roa
File:                     Ak3YMn6DxVc4yI1I7sGjsEU-eD4.roa (raw, json)
Hash identifier:          kFmNvqnGYULCGe8zZL5A3XwZU/iD2t99E59X+3T4Iy4=
Subject key identifier:   02:4D:D8:32:7E:83:C5:57:38:C8:8D:48:EE:C1:A3:B0:45:3E:78:3E
Certificate issuer:       /CN=ce958f181fb507a0a2a821856b8be0d54b118b85
Certificate serial:       018570C2E05E931D10EF17F2DCF8560E53FA
Authority key identifier: CE:95:8F:18:1F:B5:07:A0:A2:A8:21:85:6B:8B:E0:D5:4B:11:8B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/Ak3YMn6DxVc4yI1I7sGjsEU-eD4.roa
Signing time:             Mon 02 Jan 2023 04:34:57 +0000
ROA not before:           Mon 02 Jan 2023 04:34:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207023
IP address blocks:        185.174.90.0/23 maxlen: 23
                          185.60.201.0/24 maxlen: 24
                          185.60.202.0/23 maxlen: 23
                          185.168.158.0/23 maxlen: 23
                          185.242.94.0/23 maxlen: 23
                          185.242.92.0/23 maxlen: 23
                          185.115.64.0/22 maxlen: 22
                          185.126.72.0/22 maxlen: 24
                          185.126.76.0/22 maxlen: 24
                          185.120.8.0/23 maxlen: 23
                          185.120.10.0/23 maxlen: 23
                          2a0a:d05::/32 maxlen: 32
                          2a0a:d01::/32 maxlen: 32
                          2a0a:d04::/32 maxlen: 32
                          2a0a:d02::/32 maxlen: 32
                          2a0a:d03::/32 maxlen: 32
                          2a0a:d07::/32 maxlen: 32
                          2a0a:d06::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 27 Sep 2023 18:35:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:c2:e0:5e:93:1d:10:ef:17:f2:dc:f8:56:0e:53:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce958f181fb507a0a2a821856b8be0d54b118b85
        Validity
            Not Before: Jan  2 04:34:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=024dd8327e83c55738c88d48eec1a3b0453e783e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a0:d1:96:5a:c9:22:a4:95:6c:8a:d2:9c:99:
                    00:a0:b5:71:24:b5:62:93:b2:1e:ef:35:cd:f1:0c:
                    82:70:b7:3c:64:83:cd:ef:92:91:d7:9b:00:e2:46:
                    ec:2c:43:fe:94:e7:20:f0:df:25:ce:b9:60:1d:d9:
                    c0:9f:c8:70:0a:ff:46:cd:f0:19:c6:fe:f5:bb:8c:
                    99:03:87:54:35:c3:b1:9b:bd:b4:74:59:fe:88:21:
                    3d:28:14:6c:18:46:0b:56:ba:2b:6b:c8:ea:d0:0b:
                    ee:6b:34:93:84:12:97:2b:b5:fd:9f:e4:39:bb:e1:
                    b4:48:e6:2a:f6:07:27:4b:b0:78:67:54:fb:c3:25:
                    de:b1:35:de:27:64:fd:d8:53:ba:f5:52:72:78:33:
                    c2:0d:45:0b:3f:6c:38:99:f5:79:d2:ea:ac:43:80:
                    ee:a0:2a:ab:55:1b:fb:00:93:3c:12:9e:43:f1:f0:
                    3c:a9:a0:b5:12:73:a4:ce:70:5d:6c:dc:25:3e:25:
                    b1:05:29:63:c0:29:a4:db:6d:e4:42:7b:4c:97:41:
                    83:14:0a:b3:a3:39:1a:be:c9:75:a5:59:b7:7b:b0:
                    6f:68:c9:e7:fd:dc:b7:42:d9:62:b8:96:cf:3e:75:
                    27:48:f4:22:10:d4:6d:3b:90:72:d6:46:82:01:f3:
                    bb:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:4D:D8:32:7E:83:C5:57:38:C8:8D:48:EE:C1:A3:B0:45:3E:78:3E
            X509v3 Authority Key Identifier:
                keyid:CE:95:8F:18:1F:B5:07:A0:A2:A8:21:85:6B:8B:E0:D5:4B:11:8B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/Ak3YMn6DxVc4yI1I7sGjsEU-eD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/zpWPGB-1B6CiqCGFa4vg1UsRi4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.201.0-185.60.203.255
                  185.115.64.0/22
                  185.120.8.0/22
                  185.126.72.0/21
                  185.168.158.0/23
                  185.174.90.0/23
                  185.242.92.0/22
                IPv6:
                  2a0a:d01::-2a0a:d07:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         91:e5:d5:4b:89:35:47:b7:d2:1b:84:b7:fb:b4:90:99:69:fb:
         1f:23:ba:ee:07:ad:f2:c4:d6:23:cd:28:e3:c6:83:a3:ab:ed:
         09:7b:c0:a9:20:01:78:6a:28:30:38:9b:31:53:35:57:50:5a:
         94:b5:78:b0:d5:9b:39:01:ba:35:03:1b:1f:9a:bb:9f:7e:68:
         c4:3c:43:c7:61:00:b7:c3:ed:b6:58:8d:d7:04:b7:2f:07:2b:
         22:36:29:f0:ca:84:f3:99:3b:97:71:54:6e:50:44:3a:2a:8c:
         e9:7e:e3:1d:82:79:7e:ed:1a:de:df:05:28:7c:fa:b7:22:9e:
         93:97:21:ea:71:31:fd:8c:ea:66:0c:0a:56:01:90:63:3d:15:
         88:73:59:5b:fe:88:2d:e6:1c:fe:c7:2e:24:e9:b0:2c:e3:cb:
         73:e9:1d:5b:61:0d:b2:54:c5:ca:b5:9a:45:a7:49:55:d8:d2:
         e9:9f:45:72:f1:9a:1e:f0:f3:ef:32:9d:92:45:84:32:db:f4:
         b7:f3:48:0e:bf:b9:9f:8f:92:18:50:cb:bd:4b:e8:a1:0b:0e:
         f0:02:38:d5:1d:20:be:01:5c:b7:a5:4f:76:dc:4f:a6:cb:72:
         bb:77:bd:a0:dc:d3:a9:46:e4:15:b8:59:7a:90:8f:92:58:ea:
         76:b4:32:43
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVwwuBekx0Q7xfy3PhWDlP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOTU4ZjE4MWZiNTA3YTBhMmE4MjE4NTZiOGJlMGQ1NGIx
MThiODUwHhcNMjMwMTAyMDQzNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjRkZDgzMjdlODNjNTU3MzhjODhkNDhlZWMxYTNiMDQ1M2U3ODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaDRllrJIqSVbIrSnJkAoLVxJLVi
k7Ie7zXN8QyCcLc8ZIPN75KR15sA4kbsLEP+lOcg8N8lzrlgHdnAn8hwCv9GzfAZ
xv71u4yZA4dUNcOxm720dFn+iCE9KBRsGEYLVrora8jq0AvuazSThBKXK7X9n+Q5
u+G0SOYq9gcnS7B4Z1T7wyXesTXeJ2T92FO69VJyeDPCDUULP2w4mfV50uqsQ4Du
oCqrVRv7AJM8Ep5D8fA8qaC1EnOkznBdbNwlPiWxBSljwCmk223kQntMl0GDFAqz
ozkavsl1pVm3e7BvaMnn/dy3QtliuJbPPnUnSPQiENRtO5By1kaCAfO76QIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFAJN2DJ+g8VXOMiNSO7Bo7BFPng+MB8GA1UdIwQY
MBaAFM6VjxgftQegoqghhWuL4NVLEYuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenBXUEdCLTFCNkNpcUNHRmE0dmcxVXNSaTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zZDliZmEtY2ZkMC00NGE4LTg0MmUt
MGRiYjNiOGRiMTVmLzEvQWszWU1uNkR4VmM0eUkxSTdzR2pzRVUtZUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zZDliZmEtY2ZkMC00NGE4LTg0MmUtMGRiYjNiOGRiMTVm
LzEvenBXUEdCLTFCNkNpcUNHRmE0dmcxVXNSaTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjA4BAIAATAyMAwDBAC5PMkD
BAK5PMgDBAK5c0ADBAK5eAgDBAO5fkgDBAG5qJ4DBAG5rloDBAK58lwwFgQCAAIw
EDAOAwUAKgoNAQMFAyoKDQAwDQYJKoZIhvcNAQELBQADggEBAJHl1UuJNUe30huE
t/u0kJlp+x8juu4HrfLE1iPNKOPGg6Or7Ql7wKkgAXhqKDA4mzFTNVdQWpS1eLDV
mzkBujUDGx+au59+aMQ8Q8dhALfD7bZYjdcEty8HKyI2KfDKhPOZO5dxVG5QRDoq
jOl+4x2CeX7tGt7fBSh8+rcinpOXIepxMf2M6mYMClYBkGM9FYhzWVv+iC3mHP7H
LiTpsCzjy3PpHVthDbJUxcq1mkWnSVXY0umfRXLxmh7w8+8ynZJFhDLb9LfzSA6/
uZ+PkhhQy71L6KELDvACONUdIL4BXLelT3bcT6bLcrt3vaDc06lG5BW4WXqQj5JY
6na0MkM=
-----END CERTIFICATE-----