Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/c12395-c0f8-4e05-8cb1-73a3d07d2c31/1/Hd9g_fslfzGcrnXmdvMRbgKw42k.roa
File:                     Hd9g_fslfzGcrnXmdvMRbgKw42k.roa (raw, json)
Hash identifier:          BIvps3s7h7Ut2VDVzXyW40zQav+NPTgrAb0ED6C5+SU=
Subject key identifier:   1D:DF:60:FD:FB:25:7F:31:9C:AE:75:E6:76:F3:11:6E:02:B0:E3:69
Certificate issuer:       /CN=5b7a905e25a4d5cccb2eebe4e2d5c3920819758e
Certificate serial:       01856D5D27C3B4AF5246AD535CB8E53C1F24
Authority key identifier: 5B:7A:90:5E:25:A4:D5:CC:CB:2E:EB:E4:E2:D5:C3:92:08:19:75:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W3qQXiWk1czLLuvk4tXDkggZdY4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/c12395-c0f8-4e05-8cb1-73a3d07d2c31/1/Hd9g_fslfzGcrnXmdvMRbgKw42k.roa
Signing time:             Sun 01 Jan 2023 12:44:59 +0000
ROA not before:           Sun 01 Jan 2023 12:44:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62250
IP address blocks:        185.119.165.0/24 maxlen: 24
                          185.119.164.0/22 maxlen: 22
                          185.119.166.0/24 maxlen: 24
                          185.119.164.0/24 maxlen: 24
                          185.119.167.0/24 maxlen: 24
                          185.119.166.0/23 maxlen: 23
                          185.110.252.0/22 maxlen: 22
                          185.110.253.0/24 maxlen: 24
                          185.110.252.0/24 maxlen: 24
                          185.110.254.0/24 maxlen: 24
                          185.118.152.0/22 maxlen: 22
                          185.110.255.0/24 maxlen: 24
                          185.118.152.0/24 maxlen: 24
                          185.118.153.0/24 maxlen: 24
                          185.118.154.0/24 maxlen: 24
                          185.118.155.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:5d:27:c3:b4:af:52:46:ad:53:5c:b8:e5:3c:1f:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b7a905e25a4d5cccb2eebe4e2d5c3920819758e
        Validity
            Not Before: Jan  1 12:44:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1ddf60fdfb257f319cae75e676f3116e02b0e369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:94:49:d5:50:9f:b1:13:ff:fd:ce:b3:6c:72:
                    0b:16:16:2b:a1:92:84:1b:86:18:5b:8f:9f:20:4d:
                    38:e9:44:a7:e3:87:b2:5a:74:0e:70:af:01:e4:8f:
                    09:fb:81:72:86:2b:26:f5:ea:55:b0:7f:59:c8:27:
                    0d:d4:de:25:c9:d5:4d:77:f4:80:2b:08:bc:3b:9b:
                    df:f0:c2:0a:8c:88:af:0f:ed:ca:ef:82:7c:64:fd:
                    96:16:9c:ef:78:95:e3:1b:fa:72:83:a0:ec:83:20:
                    2f:29:1d:c3:b2:bd:b0:8a:19:ec:de:71:26:95:4b:
                    21:8e:f9:08:16:96:0b:2f:b0:db:fb:1b:fb:de:8a:
                    2c:db:9d:1d:a2:b2:c4:23:38:93:c5:e4:e5:a1:95:
                    a7:eb:3a:ef:3b:b8:9d:4e:6a:eb:28:38:53:3f:b3:
                    46:14:ae:2f:ef:56:90:d6:54:5a:f1:79:e1:01:50:
                    4f:64:fe:80:3f:47:23:a6:f5:97:39:fa:b3:b0:56:
                    7d:4f:7b:9a:48:59:45:a8:73:b2:b5:34:79:88:af:
                    de:bc:b2:b7:1f:88:8f:f0:25:81:b9:2e:dc:43:a7:
                    50:ea:6c:eb:29:0d:af:9f:a6:92:60:e6:4c:0b:d2:
                    42:50:87:4f:45:cc:9b:3c:be:4c:fd:45:5f:54:f6:
                    4c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:DF:60:FD:FB:25:7F:31:9C:AE:75:E6:76:F3:11:6E:02:B0:E3:69
            X509v3 Authority Key Identifier:
                keyid:5B:7A:90:5E:25:A4:D5:CC:CB:2E:EB:E4:E2:D5:C3:92:08:19:75:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W3qQXiWk1czLLuvk4tXDkggZdY4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/c12395-c0f8-4e05-8cb1-73a3d07d2c31/1/Hd9g_fslfzGcrnXmdvMRbgKw42k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/c12395-c0f8-4e05-8cb1-73a3d07d2c31/1/W3qQXiWk1czLLuvk4tXDkggZdY4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.252.0/22
                  185.118.152.0/22
                  185.119.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:8c:5f:e9:59:6c:48:e6:54:05:b3:c5:9f:44:94:d2:fc:34:
         de:d8:c9:51:20:b4:4b:bd:7a:4f:06:a8:f3:a1:3b:b2:58:2f:
         36:e3:d1:c1:b4:f7:ed:49:f0:58:04:58:d2:40:58:6f:79:88:
         2d:3e:d8:f7:9e:77:2b:21:fb:c3:ea:e0:f2:2c:0c:f1:75:f5:
         74:ec:93:eb:59:bc:6f:47:ef:c9:da:8b:d9:97:3e:ef:68:c2:
         dd:5d:7e:a1:56:8c:50:9c:65:03:4f:d4:d0:d8:88:be:83:ca:
         e2:9e:e3:e3:82:71:4b:59:31:b9:cf:cc:64:84:f7:c1:4a:d6:
         c5:62:6b:18:a0:23:42:55:50:d6:8b:e9:dd:72:da:e8:6c:75:
         be:92:30:bc:39:eb:16:d4:40:0b:da:15:f2:6a:3d:bb:c5:d3:
         a8:49:7c:f0:06:e1:eb:51:1c:07:7f:2b:9e:70:b2:9b:05:de:
         d1:91:bb:55:76:95:d7:24:3d:a5:ae:ad:22:c2:22:ea:c6:e8:
         3e:b8:f5:50:65:63:dd:93:58:02:37:eb:0b:7a:24:89:cf:03:
         64:3e:00:67:db:8f:f8:06:7c:d1:ee:0d:a3:f8:a6:53:22:a6:
         b1:dd:20:60:12:74:29:62:8d:ab:17:ad:7d:60:f3:55:30:04:
         18:15:9b:eb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVtXSfDtK9SRq1TXLjlPB8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViN2E5MDVlMjVhNGQ1Y2NjYjJlZWJlNGUyZDVjMzkyMDgx
OTc1OGUwHhcNMjMwMTAxMTI0NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGRmNjBmZGZiMjU3ZjMxOWNhZTc1ZTY3NmYzMTE2ZTAyYjBlMzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJRJ1VCfsRP//c6zbHILFhYroZKE
G4YYW4+fIE046USn44eyWnQOcK8B5I8J+4Fyhism9epVsH9ZyCcN1N4lydVNd/SA
Kwi8O5vf8MIKjIivD+3K74J8ZP2WFpzveJXjG/pyg6DsgyAvKR3Dsr2wihns3nEm
lUshjvkIFpYLL7Db+xv73oos250dorLEIziTxeTloZWn6zrvO7idTmrrKDhTP7NG
FK4v71aQ1lRa8XnhAVBPZP6AP0cjpvWXOfqzsFZ9T3uaSFlFqHOytTR5iK/evLK3
H4iP8CWBuS7cQ6dQ6mzrKQ2vn6aSYOZMC9JCUIdPRcybPL5M/UVfVPZMFwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB3fYP37JX8xnK515nbzEW4CsONpMB8GA1UdIwQY
MBaAFFt6kF4lpNXMyy7r5OLVw5IIGXWOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzNxUVhpV2sxY3pMTHV2azR0WERrZ2daZFk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9jMTIzOTUtYzBmOC00ZTA1LThjYjEt
NzNhM2QwN2QyYzMxLzEvSGQ5Z19mc2xmekdjcm5YbWR2TVJiZ0t3NDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9jMTIzOTUtYzBmOC00ZTA1LThjYjEtNzNhM2QwN2QyYzMx
LzEvVzNxUVhpV2sxY3pMTHV2azR0WERrZ2daZFk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuW78AwQC
uXaYAwQCuXekMA0GCSqGSIb3DQEBCwUAA4IBAQBAjF/pWWxI5lQFs8WfRJTS/DTe
2MlRILRLvXpPBqjzoTuyWC8249HBtPftSfBYBFjSQFhveYgtPtj3nncrIfvD6uDy
LAzxdfV07JPrWbxvR+/J2ovZlz7vaMLdXX6hVoxQnGUDT9TQ2Ii+g8rinuPjgnFL
WTG5z8xkhPfBStbFYmsYoCNCVVDWi+ndctrobHW+kjC8OesW1EAL2hXyaj27xdOo
SXzwBuHrURwHfyuecLKbBd7RkbtVdpXXJD2lrq0iwiLqxug+uPVQZWPdk1gCN+sL
eiSJzwNkPgBn24/4BnzR7g2j+KZTIqax3SBgEnQpYo2rF619YPNVMAQYFZvr
-----END CERTIFICATE-----