Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1-QpMIbIW8Ugc4S-BDqHAuOmin-Y.roa
File:                     1-QpMIbIW8Ugc4S-BDqHAuOmin-Y.roa (raw, json)
Hash identifier:          7UHCPe8tpcHqvlIwCYz66qfD6IQWAWJrNsemdmUSUwc=
Subject key identifier:   F9:0A:4C:21:B2:16:F1:48:1C:E1:2F:81:0E:A1:C0:B8:E9:A2:9F:E6
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018A1974958A98031FF4843E6586FCA2E3B3
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1-QpMIbIW8Ugc4S-BDqHAuOmin-Y.roa
Signing time:             Mon 21 Aug 2023 18:56:25 +0000
ROA not before:           Mon 21 Aug 2023 18:56:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7029
IP address blocks:        195.138.108.0/24 maxlen: 24
                          195.138.107.0/24 maxlen: 24
                          195.138.111.0/24 maxlen: 24
                          195.138.112.0/24 maxlen: 24
                          195.138.114.0/24 maxlen: 24
                          195.138.118.0/24 maxlen: 24
                          185.180.145.0/24 maxlen: 24
                          195.138.120.0/24 maxlen: 24
                          91.201.107.0/24 maxlen: 24
                          185.243.140.0/22 maxlen: 24
                          193.30.30.0/24 maxlen: 24
                          193.46.220.0/24 maxlen: 24
                          45.149.160.0/22 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:19:74:95:8a:98:03:1f:f4:84:3e:65:86:fc:a2:e3:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Aug 21 18:56:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f90a4c21b216f1481ce12f810ea1c0b8e9a29fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b3:86:b6:a3:ff:e3:42:9f:3f:31:9d:0c:56:
                    db:01:9c:3a:cb:81:f2:70:e5:f4:56:14:68:04:d8:
                    df:12:29:a7:fc:23:35:d3:78:0f:c8:09:bb:4e:ee:
                    b0:10:58:eb:b7:5f:d4:4b:98:23:4c:00:6e:d3:22:
                    55:80:74:4c:f1:40:66:44:3b:e6:f6:ce:5c:9b:fa:
                    36:5d:8e:db:21:b3:e8:a4:21:20:05:61:0a:6e:d5:
                    50:61:56:53:1e:91:3d:c5:e8:32:9c:4c:66:6d:ce:
                    e7:21:7d:50:19:d8:c0:32:8c:13:93:21:df:a9:ff:
                    5c:a3:19:0c:fa:10:44:97:9d:58:a5:bf:23:c7:2c:
                    aa:46:98:82:ce:23:28:37:9a:f1:16:3e:ef:78:18:
                    59:82:1d:81:bb:85:48:86:39:6e:c2:33:2b:94:1a:
                    88:8a:4a:15:30:77:6a:0f:c0:22:c3:01:f1:b7:50:
                    09:c1:2e:3f:0f:aa:eb:d2:17:16:29:7c:b7:ad:d3:
                    0f:cf:2a:58:31:19:d6:6b:31:3c:0e:ce:ba:dc:af:
                    fe:1d:09:c8:d6:ac:7d:2e:0a:fe:7a:24:7e:68:74:
                    75:75:52:55:cd:ac:ff:e8:52:60:8e:e6:a3:43:c7:
                    8a:44:e2:aa:e3:9e:fd:5f:56:27:86:26:69:b1:3d:
                    ed:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:0A:4C:21:B2:16:F1:48:1C:E1:2F:81:0E:A1:C0:B8:E9:A2:9F:E6
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1-QpMIbIW8Ugc4S-BDqHAuOmin-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.160.0/22
                  91.201.107.0/24
                  185.180.145.0/24
                  185.243.140.0/22
                  193.30.30.0/24
                  193.46.220.0/24
                  195.138.107.0-195.138.108.255
                  195.138.111.0-195.138.112.255
                  195.138.114.0/24
                  195.138.118.0/24
                  195.138.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:3d:d3:d4:ab:d7:ac:bd:44:de:ff:88:c5:1d:67:d4:cc:d3:
         96:0d:c8:fc:95:c6:ca:b1:60:d0:ec:c4:a4:18:58:b8:cd:10:
         00:58:f5:6f:eb:1f:4f:4e:8f:a4:1e:e3:56:56:aa:28:c1:65:
         62:0f:67:3b:39:b1:b2:4b:76:56:3d:8a:d3:22:8d:bb:29:3c:
         b7:37:56:25:96:81:8b:5d:ca:6c:d0:da:20:69:41:b0:32:dd:
         69:aa:a1:f3:4c:ef:e4:ec:6c:e6:bb:64:d2:35:b2:78:2a:72:
         a0:43:4e:17:20:29:26:f5:31:16:3c:ec:99:c2:e9:45:5a:b5:
         92:12:6e:c8:49:1e:cb:4f:3f:38:f2:63:f3:93:83:29:6e:f0:
         5e:ab:c7:81:13:03:09:3b:ea:e2:7b:1c:cc:c9:c7:98:e6:b3:
         55:c2:31:1d:b6:aa:ba:3a:8b:2b:fc:db:0f:92:6f:fd:ad:c6:
         1d:d3:b5:a6:5f:ab:73:f1:73:f2:0b:7b:db:bb:d5:0e:36:db:
         3a:49:73:a1:7c:cb:51:db:8f:a1:d5:12:11:5b:4f:70:a8:a1:
         85:3c:13:c8:0c:65:e4:23:be:cb:b3:a0:62:df:58:5e:fd:2f:
         25:e5:66:71:4f:d9:3c:10:f8:51:3a:be:45:5b:00:60:a8:60:
         8c:0f:04:78
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYoZdJWKmAMf9IQ+ZYb8ouOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwODIxMTg1NjI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTBhNGMyMWIyMTZmMTQ4MWNlMTJmODEwZWExYzBiOGU5YTI5ZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrOGtqP/40KfPzGdDFbbAZw6y4Hy
cOX0VhRoBNjfEimn/CM103gPyAm7Tu6wEFjrt1/US5gjTABu0yJVgHRM8UBmRDvm
9s5cm/o2XY7bIbPopCEgBWEKbtVQYVZTHpE9xegynExmbc7nIX1QGdjAMowTkyHf
qf9coxkM+hBEl51Ypb8jxyyqRpiCziMoN5rxFj7veBhZgh2Bu4VIhjluwjMrlBqI
ikoVMHdqD8AiwwHxt1AJwS4/D6rr0hcWKXy3rdMPzypYMRnWazE8Ds663K/+HQnI
1qx9Lgr+eiR+aHR1dVJVzaz/6FJgjuajQ8eKROKq4579X1YnhiZpsT3tHwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFPkKTCGyFvFIHOEvgQ6hwLjpop/mMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvMS1RcE1JYklXOFVnYzRTLUJEcUhBdU9taW4tWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmIvODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4
OS8xL2k2c3dhRGhaN0g0Q0J2NlNaVFktampseHFhZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBrBggrBgEFBQcBBwEB/wRcMFowWAQCAAEwUgMEAi2VoAME
AFvJawMEALm0kQMEArnzjAMEAMEeHgMEAMEu3DAMAwQAw4prAwQAw4psMAwDBADD
im8DBADDinADBADDinIDBADDinYDBADDingwDQYJKoZIhvcNAQELBQADggEBAJs9
09Sr16y9RN7/iMUdZ9TM05YNyPyVxsqxYNDsxKQYWLjNEABY9W/rH09Oj6Qe41ZW
qijBZWIPZzs5sbJLdlY9itMijbspPLc3ViWWgYtdymzQ2iBpQbAy3WmqofNM7+Ts
bOa7ZNI1sngqcqBDThcgKSb1MRY87JnC6UVatZISbshJHstPPzjyY/OTgylu8F6r
x4ETAwk76uJ7HMzJx5jms1XCMR22qro6iyv82w+Sb/2txh3TtaZfq3Pxc/ILe9u7
1Q422zpJc6F8y1Hbj6HVEhFbT3CooYU8E8gMZeQjvsuzoGLfWF79LyXlZnFP2TwQ
+FE6vkVbAGCoYIwPBHg=
-----END CERTIFICATE-----