Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/vVQ4hbT_RoGyYlhLpLNqhmbIEZ0.roa
File:                     vVQ4hbT_RoGyYlhLpLNqhmbIEZ0.roa (raw, json)
Hash identifier:          2I35ubsmCJx2rzDVV0fDBRkJiJhMSgDvBuMDbORmGsI=
Subject key identifier:   BD:54:38:85:B4:FF:46:81:B2:62:58:4B:A4:B3:6A:86:66:C8:11:9D
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       01872DC381480F2175805AB4B3D553113AA5
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/vVQ4hbT_RoGyYlhLpLNqhmbIEZ0.roa
Signing time:             Wed 29 Mar 2023 14:26:39 +0000
ROA not before:           Wed 29 Mar 2023 14:26:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34458
IP address blocks:        46.20.111.0/24 maxlen: 24
                          46.20.110.0/24 maxlen: 24
                          46.20.108.0/24 maxlen: 24
                          46.20.106.0/24 maxlen: 24
                          46.20.97.0/24 maxlen: 24
                          46.20.104.0/24 maxlen: 24
                          46.20.101.0/24 maxlen: 24
                          46.20.105.0/24 maxlen: 24
                          185.160.194.0/24 maxlen: 24
                          185.100.170.0/24 maxlen: 24
                          185.100.171.0/24 maxlen: 24
                          185.100.168.0/24 maxlen: 24
                          185.100.169.0/24 maxlen: 24
                          185.169.222.0/24 maxlen: 24
                          185.169.221.0/24 maxlen: 24
                          185.169.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2d:c3:81:48:0f:21:75:80:5a:b4:b3:d5:53:11:3a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Mar 29 14:26:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bd543885b4ff4681b262584ba4b36a8666c8119d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4d:a0:e5:8f:fe:e4:99:73:fb:74:db:19:15:
                    87:2d:a3:7c:df:40:16:0c:a7:63:09:0a:65:b0:68:
                    e2:80:b8:77:6c:f5:51:f2:b1:30:9e:28:11:a0:ef:
                    c3:ca:80:17:28:2c:84:79:96:a3:b1:2c:b7:54:c7:
                    70:9d:22:fc:d1:aa:d2:01:56:e8:a1:77:27:ea:07:
                    31:45:8e:91:52:01:e0:34:1f:4a:31:6e:20:85:b6:
                    a3:86:f2:ca:d2:0a:c6:79:7e:e4:20:a9:72:97:30:
                    06:07:dd:a1:73:e1:37:fb:4e:5b:5d:f4:c2:8d:4f:
                    74:4b:9e:31:35:38:36:39:b6:c6:dc:84:67:fb:7c:
                    4c:d7:eb:d9:14:e3:8e:b7:e4:4b:94:98:12:c3:a8:
                    8e:81:8a:30:4a:a3:52:a5:03:fa:00:c1:5e:97:e3:
                    be:65:d1:62:93:ee:39:d5:f2:4f:30:54:92:94:76:
                    f1:2c:5a:c4:28:de:74:ed:48:f7:65:62:b1:ab:9d:
                    25:3c:2b:a2:9b:ae:2f:38:9f:b9:41:62:aa:7d:1c:
                    2c:1b:d9:67:ec:ef:74:29:76:b3:8a:f9:e4:df:f1:
                    f8:1a:18:d8:f2:19:29:f9:ce:97:98:c0:7d:9f:75:
                    be:f4:9e:0f:86:6a:c2:25:ab:be:55:69:55:cc:54:
                    6f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:54:38:85:B4:FF:46:81:B2:62:58:4B:A4:B3:6A:86:66:C8:11:9D
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/vVQ4hbT_RoGyYlhLpLNqhmbIEZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0/24
                  46.20.101.0/24
                  46.20.104.0-46.20.106.255
                  46.20.108.0/24
                  46.20.110.0/23
                  185.100.168.0/22
                  185.160.194.0/24
                  185.169.221.0-185.169.223.255

    Signature Algorithm: sha256WithRSAEncryption
         10:cf:cd:4f:2f:68:a5:18:8f:83:06:f6:75:d6:a2:5e:64:5f:
         79:e2:45:a0:31:05:61:2d:5f:1a:52:4d:25:10:73:01:d9:d1:
         8e:a2:b4:d5:91:a2:a9:a0:b4:84:7f:89:2f:d7:ea:6d:c7:bb:
         81:db:d1:d9:d9:7e:52:ee:6b:e9:ce:9f:bb:16:df:bf:9f:d5:
         38:c4:86:ee:00:4e:87:20:4f:cb:fe:c4:94:67:76:98:73:90:
         25:e9:da:e2:c8:44:c1:71:24:dd:cb:87:3d:69:5a:f3:c5:be:
         e3:34:b8:19:74:99:01:d3:df:a3:56:62:c0:00:9b:8f:f9:ea:
         93:19:34:98:f6:76:e1:ec:e2:19:a9:d1:ec:02:c6:2f:e5:e7:
         7b:13:75:ba:4a:37:ed:5e:4a:cb:73:37:32:8b:9d:a6:21:7b:
         f4:08:9f:cb:59:e4:1a:b7:db:67:3c:8b:28:ba:c4:1c:86:25:
         4f:e5:2e:e5:8e:5b:09:e0:46:84:df:75:8a:d4:4b:15:ce:81:
         ab:92:42:fe:a3:71:5a:85:64:90:f2:8a:aa:88:16:8a:4a:45:
         54:62:71:bb:ff:7b:90:4f:eb:48:1c:45:7c:45:7d:27:67:e0:
         f1:22:09:28:22:6f:10:f9:e1:f0:83:06:6b:e0:ef:db:96:7c:
         4f:62:2b:fb
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYctw4FIDyF1gFq0s9VTETqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjMwMzI5MTQyNjM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDU0Mzg4NWI0ZmY0NjgxYjI2MjU4NGJhNGIzNmE4NjY2YzgxMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq02g5Y/+5Jlz+3TbGRWHLaN830AW
DKdjCQplsGjigLh3bPVR8rEwnigRoO/DyoAXKCyEeZajsSy3VMdwnSL80arSAVbo
oXcn6gcxRY6RUgHgNB9KMW4ghbajhvLK0grGeX7kIKlylzAGB92hc+E3+05bXfTC
jU90S54xNTg2ObbG3IRn+3xM1+vZFOOOt+RLlJgSw6iOgYowSqNSpQP6AMFel+O+
ZdFik+451fJPMFSSlHbxLFrEKN507Uj3ZWKxq50lPCuim64vOJ+5QWKqfRwsG9ln
7O90KXazivnk3/H4GhjY8hkp+c6XmMB9n3W+9J4PhmrCJau+VWlVzFRvzQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFL1UOIW0/0aBsmJYS6SzaoZmyBGdMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvdlZRNGhiVF9Sb0d5WWxoTHBMTnFobWJJRVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQALhRhAwQA
LhRlMAwDBAMuFGgDBAAuFGoDBAAuFGwDBAEuFG4DBAK5ZKgDBAC5oMIwDAMEALmp
3QMEBbmpwDANBgkqhkiG9w0BAQsFAAOCAQEAEM/NTy9opRiPgwb2ddaiXmRfeeJF
oDEFYS1fGlJNJRBzAdnRjqK01ZGiqaC0hH+JL9fqbce7gdvR2dl+Uu5r6c6fuxbf
v5/VOMSG7gBOhyBPy/7ElGd2mHOQJena4shEwXEk3cuHPWla88W+4zS4GXSZAdPf
o1ZiwACbj/nqkxk0mPZ24eziGanR7ALGL+XnexN1uko37V5Ky3M3MoudpiF79Aif
y1nkGrfbZzyLKLrEHIYlT+Uu5Y5bCeBGhN91itRLFc6Bq5JC/qNxWoVkkPKKqogW
ikpFVGJxu/97kE/rSBxFfEV9J2fg8SIJKCJvEPnh8IMGa+Dv25Z8T2Ir+w==
-----END CERTIFICATE-----