Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/LdUa1WQFrvGxjJTT3I8wOzZ7fno.roa
File:                     LdUa1WQFrvGxjJTT3I8wOzZ7fno.roa (raw, json)
Hash identifier:          0/fneW3OK7Webn93JEznB1ecAji7G5c2ej/8ZKO9RMQ=
Subject key identifier:   2D:D5:1A:D5:64:05:AE:F1:B1:8C:94:D3:DC:8F:30:3B:36:7B:7E:7A
Certificate issuer:       /CN=3950303615aca6e5f6f5b5691c7c2c8dca5f234d
Certificate serial:       018CC7274EB1542636BEEFA3F3617F737E9C
Authority key identifier: 39:50:30:36:15:AC:A6:E5:F6:F5:B5:69:1C:7C:2C:8D:CA:5F:23:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OVAwNhWspuX29bVpHHwsjcpfI00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/LdUa1WQFrvGxjJTT3I8wOzZ7fno.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15626
IP address blocks:        217.12.219.0/24 maxlen: 24
                          217.12.216.0/23 maxlen: 23
                          217.12.220.0/22 maxlen: 22
                          217.12.223.0/24 maxlen: 24
                          217.12.221.0/24 maxlen: 24
                          217.12.192.0/21 maxlen: 21
                          217.12.199.0/24 maxlen: 24
                          217.12.204.0/23 maxlen: 23
                          82.118.16.0/22 maxlen: 22
                          82.118.17.0/24 maxlen: 24
                          217.12.212.0/22 maxlen: 22
                          5.34.182.0/23 maxlen: 24
                          217.12.210.0/24 maxlen: 24
                          217.12.210.0/23 maxlen: 23
                          46.28.64.0/21 maxlen: 24
                          2a02:27a8::/32 maxlen: 32
                          2a02:27a8:0:a::/64 maxlen: 64
                          2a02:27ad::/32 maxlen: 32
                          2a02:27a8:0:2::/64 maxlen: 64

Validation:               Failed, certificate revoked on Tue 09 Apr 2024 19:20:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4e:b1:54:26:36:be:ef:a3:f3:61:7f:73:7e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3950303615aca6e5f6f5b5691c7c2c8dca5f234d
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dd51ad56405aef1b18c94d3dc8f303b367b7e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4e:6a:49:47:17:ee:a0:26:3e:31:0a:3d:8f:
                    89:74:60:70:c5:d8:ab:0a:b2:9f:8f:f5:d5:c5:c6:
                    4d:b9:97:93:4d:28:3f:db:e6:b6:15:db:ef:b1:f2:
                    f2:c3:09:d0:e2:9e:cd:0d:65:e9:df:d8:bb:60:ff:
                    c9:4f:e2:89:e3:a7:28:b4:21:bf:5e:8d:48:f1:2d:
                    fc:2b:23:17:7e:9d:05:47:23:13:2f:5c:a3:78:2a:
                    b8:4f:79:ee:55:91:26:f1:3a:0e:9d:46:b6:9e:02:
                    ef:5d:36:6e:44:02:54:b7:5f:a1:5f:df:cd:53:5e:
                    38:7d:19:db:77:3b:b7:65:03:ae:44:98:6c:82:ad:
                    d1:75:34:43:73:61:e1:d7:79:a0:b6:1c:8b:54:5e:
                    2c:ae:52:5b:0d:6e:6a:e1:81:70:09:4f:3e:43:2d:
                    95:15:48:e8:14:eb:0d:ef:ba:02:96:77:38:63:ef:
                    ab:ad:d2:5b:d0:11:42:da:17:89:04:4e:f2:df:07:
                    07:b8:1e:7e:79:b6:f7:55:5a:b0:28:08:17:01:91:
                    86:74:44:26:b5:c1:84:15:fc:36:ed:26:66:6d:4c:
                    00:9b:6a:9f:f7:03:6d:77:a4:2f:54:3d:90:67:38:
                    89:85:f0:09:36:09:24:9e:d1:15:10:bf:64:6e:96:
                    33:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D5:1A:D5:64:05:AE:F1:B1:8C:94:D3:DC:8F:30:3B:36:7B:7E:7A
            X509v3 Authority Key Identifier:
                keyid:39:50:30:36:15:AC:A6:E5:F6:F5:B5:69:1C:7C:2C:8D:CA:5F:23:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OVAwNhWspuX29bVpHHwsjcpfI00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/LdUa1WQFrvGxjJTT3I8wOzZ7fno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/38c694-23a7-48b2-aaec-6c8fd0bc5b00/1/OVAwNhWspuX29bVpHHwsjcpfI00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.182.0/23
                  46.28.64.0/21
                  82.118.16.0/22
                  217.12.192.0/21
                  217.12.204.0/23
                  217.12.210.0-217.12.217.255
                  217.12.219.0-217.12.223.255
                IPv6:
                  2a02:27a8::/32
                  2a02:27ad::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:af:95:32:51:fa:3f:0e:8b:55:b9:a8:79:94:94:5a:0b:5c:
         7e:35:55:de:2a:b4:99:75:12:d5:8d:de:b8:8e:af:76:30:2d:
         1d:c8:90:56:a1:67:09:c3:98:60:06:59:66:55:cc:13:e8:cc:
         41:8e:7e:a3:85:c0:a2:58:4f:48:3b:a4:7f:ee:6b:ad:e2:3a:
         da:53:08:c2:b9:4a:63:1f:b8:05:a7:4f:a4:e6:ef:89:8b:f4:
         7d:a5:a7:42:9d:ce:22:75:53:c6:3b:cc:c0:80:6a:ae:40:d2:
         5c:16:e2:27:b3:ba:53:a1:85:f0:d3:90:21:00:b8:51:13:a4:
         9b:64:5c:3a:99:a4:9f:62:bc:2c:42:2b:48:9a:81:f8:4a:ae:
         8e:4f:81:da:61:71:d4:d2:1f:19:73:4e:79:1a:5b:53:74:d5:
         73:c8:1b:36:d7:38:8a:ef:21:a5:2b:c2:a4:2d:02:b9:e4:e1:
         0f:4e:00:67:57:3f:c6:b8:9f:6a:02:af:ac:96:74:b5:4f:ce:
         ef:21:4c:9a:6d:13:e6:79:c5:94:0f:85:2b:ca:08:d1:a0:de:
         7d:0c:22:fa:77:bd:a3:04:a9:e5:a1:8c:2e:0d:ec:c2:e1:a4:
         ad:51:e1:e7:ae:c8:30:14:22:0f:03:1e:6f:8b:37:68:0a:52:
         87:d6:7d:70
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYzHJ06xVCY2vu+j82F/c36cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NTAzMDM2MTVhY2E2ZTVmNmY1YjU2OTFjN2MyYzhkY2E1
ZjIzNGQwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQ1MWFkNTY0MDVhZWYxYjE4Yzk0ZDNkYzhmMzAzYjM2N2I3ZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnk5qSUcX7qAmPjEKPY+JdGBwxdir
CrKfj/XVxcZNuZeTTSg/2+a2FdvvsfLywwnQ4p7NDWXp39i7YP/JT+KJ46cotCG/
Xo1I8S38KyMXfp0FRyMTL1yjeCq4T3nuVZEm8ToOnUa2ngLvXTZuRAJUt1+hX9/N
U144fRnbdzu3ZQOuRJhsgq3RdTRDc2Hh13mgthyLVF4srlJbDW5q4YFwCU8+Qy2V
FUjoFOsN77oClnc4Y++rrdJb0BFC2heJBE7y3wcHuB5+ebb3VVqwKAgXAZGGdEQm
tcGEFfw27SZmbUwAm2qf9wNtd6QvVD2QZziJhfAJNgkkntEVEL9kbpYzpQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFC3VGtVkBa7xsYyU09yPMDs2e356MB8GA1UdIwQY
MBaAFDlQMDYVrKbl9vW1aRx8LI3KXyNNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1ZBd05oV3NwdVgyOWJWcEhId3NqY3BmSTAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8zOGM2OTQtMjNhNy00OGIyLWFhZWMt
NmM4ZmQwYmM1YjAwLzEvTGRVYTFXUUZydkd4akpUVDNJOHdPelo3Zm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8zOGM2OTQtMjNhNy00OGIyLWFhZWMtNmM4ZmQwYmM1YjAw
LzEvT1ZBd05oV3NwdVgyOWJWcEhId3NqY3BmSTAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBABAIAATA6AwQBBSK2AwQD
LhxAAwQCUnYQAwQD2QzAAwQB2QzMMAwDBAHZDNIDBAHZDNgwDAMEANkM2wMEBdkM
wDAUBAIAAjAOAwUAKgInqAMFACoCJ60wDQYJKoZIhvcNAQELBQADggEBAJevlTJR
+j8Oi1W5qHmUlFoLXH41Vd4qtJl1EtWN3riOr3YwLR3IkFahZwnDmGAGWWZVzBPo
zEGOfqOFwKJYT0g7pH/ua63iOtpTCMK5SmMfuAWnT6Tm74mL9H2lp0KdziJ1U8Y7
zMCAaq5A0lwW4iezulOhhfDTkCEAuFETpJtkXDqZpJ9ivCxCK0iagfhKro5Pgdph
cdTSHxlzTnkaW1N01XPIGzbXOIrvIaUrwqQtArnk4Q9OAGdXP8a4n2oCr6yWdLVP
zu8hTJptE+Z5xZQPhSvKCNGg3n0MIvp3vaMEqeWhjC4N7MLhpK1R4eeuyDAUIg8D
Hm+LN2gKUofWfXA=
-----END CERTIFICATE-----