Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/b64SZFeQ9VQ1btaWl57xcyiSop4.roa
File:                     b64SZFeQ9VQ1btaWl57xcyiSop4.roa (raw, json)
Hash identifier:          rtY59J8SGZokP+QoZkjE4qhQA/GhKROLNqh4Vqe5y2U=
Subject key identifier:   6F:AE:12:64:57:90:F5:54:35:6E:D6:96:97:9E:F1:73:28:92:A2:9E
Certificate issuer:       /CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
Certificate serial:       018A653EC8FFDC87566EC33EB6FA3CEE011C
Authority key identifier: D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/b64SZFeQ9VQ1btaWl57xcyiSop4.roa
Signing time:             Tue 05 Sep 2023 12:08:47 +0000
ROA not before:           Tue 05 Sep 2023 12:08:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42846
IP address blocks:        89.252.179.0/24 maxlen: 24
                          89.252.178.0/24 maxlen: 24
                          89.252.186.0/24 maxlen: 24
                          89.252.185.0/24 maxlen: 24
                          89.252.181.0/24 maxlen: 24
                          89.252.180.0/24 maxlen: 24
                          89.252.187.0/24 maxlen: 24
                          185.106.211.0/24 maxlen: 24
                          185.106.210.0/24 maxlen: 24
                          185.106.209.0/24 maxlen: 24
                          185.106.208.0/24 maxlen: 24
                          45.84.188.0/24 maxlen: 24
                          45.84.191.0/24 maxlen: 24
                          45.84.190.0/24 maxlen: 24
                          2a06:41c0:1::/48 maxlen: 48
                          2a06:41c0::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:65:3e:c8:ff:dc:87:56:6e:c3:3e:b6:fa:3c:ee:01:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca1a706abcfbe1b85865238d8435ee33e75820
        Validity
            Not Before: Sep  5 12:08:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6fae12645790f554356ed696979ef1732892a29e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ce:c3:5b:85:5c:4f:3c:96:4a:59:f3:95:8a:
                    4f:ea:a0:7f:09:02:73:67:fe:5f:d5:5a:2c:a0:26:
                    a9:57:77:b4:f4:a5:c9:5f:a7:ed:3f:f0:31:fa:30:
                    4b:15:26:84:db:e0:3d:81:bf:f4:3b:ef:30:4b:d2:
                    89:b4:9f:41:26:5a:01:2d:2c:1e:04:05:f8:c6:0d:
                    02:c3:8c:19:bb:8f:10:2f:0c:7a:76:6e:ba:ce:81:
                    59:3e:c5:0c:1a:47:4c:ae:d4:86:80:45:81:b9:0c:
                    41:53:97:1a:88:48:13:d0:57:6b:ee:78:46:e2:d7:
                    59:21:65:44:56:fb:83:b3:fb:27:7f:df:43:35:53:
                    3f:74:5c:13:38:cd:0a:1c:a5:60:4f:90:69:75:71:
                    4e:8c:af:4c:5e:4b:b5:93:8f:7e:fe:51:cd:29:e0:
                    8f:96:8a:ea:86:04:66:f7:01:1f:94:54:d2:34:a4:
                    33:d9:7c:ec:83:ac:bb:20:92:cb:bd:c2:bb:b7:17:
                    a6:75:6f:80:5a:cc:49:7a:d4:54:ab:50:65:9f:c4:
                    eb:0e:87:53:36:6d:ea:f4:62:60:7c:49:91:f4:bc:
                    3a:f4:33:64:de:a8:74:00:6a:ae:6c:f3:19:5e:cc:
                    8f:60:87:3d:3d:95:c3:8f:cf:1a:54:c3:33:03:f0:
                    c8:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:AE:12:64:57:90:F5:54:35:6E:D6:96:97:9E:F1:73:28:92:A2:9E
            X509v3 Authority Key Identifier:
                keyid:D1:CA:1A:70:6A:BC:FB:E1:B8:58:65:23:8D:84:35:EE:33:E7:58:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0coacGq8--G4WGUjjYQ17jPnWCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/b64SZFeQ9VQ1btaWl57xcyiSop4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cf79a3-f3cc-4d5a-9672-e8f7fd3a4078/1/0coacGq8--G4WGUjjYQ17jPnWCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.188.0/24
                  45.84.190.0/23
                  89.252.178.0-89.252.181.255
                  89.252.185.0-89.252.187.255
                  185.106.208.0/22
                IPv6:
                  2a06:41c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         13:96:c2:c4:51:6c:85:cc:bf:84:74:58:7d:dd:fc:43:bd:e9:
         20:45:fb:41:c6:c4:93:76:3d:19:46:b0:f7:42:76:c1:b4:f5:
         6b:5f:6a:cc:e5:7d:f4:cd:76:b4:ee:93:d2:23:ad:85:49:d2:
         63:94:7e:1d:61:0c:77:e1:d9:c8:13:94:7f:a6:9e:d8:56:84:
         42:94:ef:35:02:c1:8b:08:a7:f0:17:2c:5d:71:05:5b:5f:8c:
         7d:51:39:a7:29:aa:c2:da:b3:3a:8d:3e:eb:25:45:f2:b3:a5:
         14:f4:d0:aa:36:81:44:cf:2f:4a:89:fb:e8:96:2e:bb:ac:29:
         fb:09:ca:72:d0:a2:90:fd:1f:3f:c1:8b:c5:03:54:e3:50:96:
         63:cc:78:ac:d1:d6:77:29:cc:a3:98:3e:78:50:27:b9:4f:dc:
         6e:55:91:0f:c0:28:bc:48:9d:06:c8:d1:13:35:1b:09:07:d3:
         ec:38:eb:10:66:43:e4:e7:b8:d0:73:6f:e0:ff:73:b5:fb:e1:
         9f:41:c4:42:1c:c1:89:45:1d:d8:f0:1b:94:49:11:da:dc:fe:
         56:83:42:5e:72:bc:c3:d0:18:d2:b0:ec:6f:79:ff:14:4e:ed:
         5b:06:e9:e1:0c:f2:09:16:c1:da:e1:39:69:b6:b6:49:3b:91:
         77:aa:fd:43
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYplPsj/3IdWbsM+tvo87gEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2ExYTcwNmFiY2ZiZTFiODU4NjUyMzhkODQzNWVlMzNl
NzU4MjAwHhcNMjMwOTA1MTIwODQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmFlMTI2NDU3OTBmNTU0MzU2ZWQ2OTY5NzllZjE3MzI4OTJhMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0c7DW4VcTzyWSlnzlYpP6qB/CQJz
Z/5f1VosoCapV3e09KXJX6ftP/Ax+jBLFSaE2+A9gb/0O+8wS9KJtJ9BJloBLSwe
BAX4xg0Cw4wZu48QLwx6dm66zoFZPsUMGkdMrtSGgEWBuQxBU5caiEgT0Fdr7nhG
4tdZIWVEVvuDs/snf99DNVM/dFwTOM0KHKVgT5BpdXFOjK9MXku1k49+/lHNKeCP
lorqhgRm9wEflFTSNKQz2Xzsg6y7IJLLvcK7txemdW+AWsxJetRUq1Bln8TrDodT
Nm3q9GJgfEmR9Lw69DNk3qh0AGqubPMZXsyPYIc9PZXDj88aVMMzA/DIzQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFG+uEmRXkPVUNW7Wlpee8XMokqKeMB8GA1UdIwQY
MBaAFNHKGnBqvPvhuFhlI42ENe4z51ggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzIt
ZThmN2ZkM2E0MDc4LzEvYjY0U1pGZVE5VlExYnRhV2w1N3hjeWlTb3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jZjc5YTMtZjNjYy00ZDVhLTk2NzItZThmN2ZkM2E0MDc4
LzEvMGNvYWNHcTgtLUc0V0dVampZUTE3alBuV0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA0BAIAATAuAwQALVS8AwQB
LVS+MAwDBAFZ/LIDBAFZ/LQwDAMEAFn8uQMEAln8uAMEArlq0DAPBAIAAjAJAwcB
KgZBwAAAMA0GCSqGSIb3DQEBCwUAA4IBAQATlsLEUWyFzL+EdFh93fxDvekgRftB
xsSTdj0ZRrD3QnbBtPVrX2rM5X30zXa07pPSI62FSdJjlH4dYQx34dnIE5R/pp7Y
VoRClO81AsGLCKfwFyxdcQVbX4x9UTmnKarC2rM6jT7rJUXys6UU9NCqNoFEzy9K
ifvoli67rCn7Ccpy0KKQ/R8/wYvFA1TjUJZjzHis0dZ3KcyjmD54UCe5T9xuVZEP
wCi8SJ0GyNETNRsJB9PsOOsQZkPk57jQc2/g/3O1++GfQcRCHMGJRR3Y8BuUSRHa
3P5Wg0JecrzD0BjSsOxvef8UTu1bBunhDPIJFsHa4TlptrZJO5F3qv1D
-----END CERTIFICATE-----