Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/duPcQXsL038BwZQRVyfBOCTu3Mo.roa
File:                     duPcQXsL038BwZQRVyfBOCTu3Mo.roa (raw, json)
Hash identifier:          Xe1uNCGiyG7yi5ZOHvd8Jkl19cEZZYIUp9L3elyagWA=
Subject key identifier:   76:E3:DC:41:7B:0B:D3:7F:01:C1:94:11:57:27:C1:38:24:EE:DC:CA
Certificate issuer:       /CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
Certificate serial:       018AB4B10F6371B1C8ACE20FFE08EF2B5112
Authority key identifier: E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/duPcQXsL038BwZQRVyfBOCTu3Mo.roa
Signing time:             Wed 20 Sep 2023 22:23:37 +0000
ROA not before:           Wed 20 Sep 2023 22:23:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        151.186.192.0/24 maxlen: 24
                          151.186.192.0/20 maxlen: 24
                          151.186.193.0/24 maxlen: 24
                          151.186.196.0/24 maxlen: 24
                          151.186.194.0/24 maxlen: 24
                          151.186.195.0/24 maxlen: 24
                          151.186.199.0/24 maxlen: 24
                          151.186.197.0/24 maxlen: 24
                          151.186.198.0/24 maxlen: 24
                          151.186.203.0/24 maxlen: 24
                          151.186.201.0/24 maxlen: 24
                          151.186.202.0/24 maxlen: 24
                          151.186.206.0/24 maxlen: 24
                          151.186.204.0/24 maxlen: 24
                          151.186.205.0/24 maxlen: 24
                          151.186.200.0/24 maxlen: 24
                          151.186.207.0/24 maxlen: 24
                          151.186.172.0/22 maxlen: 24
                          151.186.176.0/20 maxlen: 24
                          2a04:e4c4:5::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 20 Sep 2023 22:27:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b4:b1:0f:63:71:b1:c8:ac:e2:0f:fe:08:ef:2b:51:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
        Validity
            Not Before: Sep 20 22:23:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=76e3dc417b0bd37f01c194115727c13824eedcca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e1:53:8c:8d:12:97:19:f0:de:e7:37:6b:f8:
                    0b:08:31:82:e2:a5:79:cb:a4:cb:97:7f:ed:58:e6:
                    d0:1a:44:04:04:c1:a2:c4:1f:27:44:d7:ec:f6:04:
                    33:6e:4c:74:dc:3e:f0:9a:02:48:76:2e:33:3e:95:
                    c0:90:a9:4b:8b:33:17:d8:71:df:70:0e:8e:42:55:
                    0b:72:d8:77:81:f8:a0:62:24:bd:14:1b:d2:ae:46:
                    44:54:ff:a0:95:45:20:45:a3:e1:28:96:2d:aa:bb:
                    96:12:33:82:e1:98:2e:8e:79:5e:2e:af:5a:9b:f8:
                    59:26:08:50:51:58:32:a3:9d:88:f3:6f:94:3c:e0:
                    bc:9c:3e:ce:3b:d2:d5:3e:6c:43:70:44:a4:89:5e:
                    18:f4:99:24:b7:1e:4e:34:62:ad:e6:21:df:66:3b:
                    11:e4:2c:4d:1c:1c:7f:20:98:75:88:a6:55:88:58:
                    d1:cf:48:23:63:9c:af:5c:09:c5:e2:68:dc:dd:20:
                    ec:b3:90:c5:a6:19:b6:fd:9f:c2:e8:a3:bc:56:93:
                    78:9f:6e:bf:0b:11:04:bf:a6:de:c7:2c:1d:60:00:
                    26:a1:db:06:7c:e4:d5:04:91:06:88:49:d6:2b:cd:
                    78:3b:48:1b:0c:6f:46:59:fd:4a:e7:74:2a:b7:af:
                    11:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E3:DC:41:7B:0B:D3:7F:01:C1:94:11:57:27:C1:38:24:EE:DC:CA
            X509v3 Authority Key Identifier:
                keyid:E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/duPcQXsL038BwZQRVyfBOCTu3Mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.186.172.0-151.186.207.255
                IPv6:
                  2a04:e4c4:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:e8:62:f9:05:0a:4c:6c:e3:fd:c9:3a:4e:e0:a7:c7:b2:18:
         16:31:0e:1d:27:45:d0:1c:00:75:07:f1:b3:3b:2c:74:bc:b4:
         7a:01:38:1f:ef:df:c1:6b:04:c1:bc:41:46:8c:07:43:00:58:
         95:9f:c5:6c:7d:92:ba:2b:ec:ec:c0:fa:2d:f6:80:f1:1e:9a:
         1b:77:2e:7b:6f:7b:ee:aa:64:f1:fa:60:7d:28:97:c7:56:5e:
         d6:5c:c0:8a:01:c3:ab:72:a4:be:e4:86:f4:e8:e4:d3:a2:76:
         1e:d1:9b:f2:28:3f:8a:fa:76:05:cd:1b:c7:67:5d:7d:13:c2:
         a0:2d:94:8b:57:b3:c7:a2:c2:ec:b3:2f:df:4f:45:6f:cb:a2:
         93:73:db:38:e4:af:bd:3e:c8:74:ec:33:24:75:b7:78:db:c2:
         6c:94:ab:db:7a:21:82:c3:32:c2:d7:82:72:ae:df:c6:81:72:
         aa:da:d5:cd:4b:ca:97:f4:ba:34:0e:4d:43:2d:f4:0f:70:41:
         40:98:69:60:80:f2:94:8f:82:25:e0:fa:ef:6e:90:8e:32:1e:
         6b:80:13:18:f6:5f:3f:fa:e4:57:5c:d9:4e:ea:39:2d:a0:85:
         de:5f:6b:8b:1f:27:c5:7b:a3:89:1d:29:88:6d:c3:75:54:11:
         52:ae:81:22
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYq0sQ9jcbHIrOIP/gjvK1ESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTMzZGNhZjJiMWViZjVkYWRlNWEzM2FhMWIyZmI5OWQy
Njg5YmEwHhcNMjMwOTIwMjIyMzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmUzZGM0MTdiMGJkMzdmMDFjMTk0MTE1NzI3YzEzODI0ZWVkY2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOFTjI0Slxnw3uc3a/gLCDGC4qV5
y6TLl3/tWObQGkQEBMGixB8nRNfs9gQzbkx03D7wmgJIdi4zPpXAkKlLizMX2HHf
cA6OQlULcth3gfigYiS9FBvSrkZEVP+glUUgRaPhKJYtqruWEjOC4ZgujnleLq9a
m/hZJghQUVgyo52I82+UPOC8nD7OO9LVPmxDcESkiV4Y9Jkktx5ONGKt5iHfZjsR
5CxNHBx/IJh1iKZViFjRz0gjY5yvXAnF4mjc3SDss5DFphm2/Z/C6KO8VpN4n26/
CxEEv6bexywdYAAmodsGfOTVBJEGiEnWK814O0gbDG9GWf1K53Qqt68RtQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHbj3EF7C9N/AcGUEVcnwTgk7tzKMB8GA1UdIwQY
MBaAFOcTPcrysev12t5aM6obL7mdJom6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUt
MTljZTQ2YTQyZmE0LzEvZHVQY1FYc0wwMzhCd1pRUlZ5ZkJPQ1R1M01vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUtMTljZTQ2YTQyZmE0
LzEvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAKXuqwD
BASXusAwDwQCAAIwCQMHACoE5MQABTANBgkqhkiG9w0BAQsFAAOCAQEASuhi+QUK
TGzj/ck6TuCnx7IYFjEOHSdF0BwAdQfxszssdLy0egE4H+/fwWsEwbxBRowHQwBY
lZ/FbH2Suivs7MD6LfaA8R6aG3cue2977qpk8fpgfSiXx1Ze1lzAigHDq3KkvuSG
9Ojk06J2HtGb8ig/ivp2Bc0bx2ddfRPCoC2Ui1ezx6LC7LMv309Fb8uik3PbOOSv
vT7IdOwzJHW3eNvCbJSr23ohgsMywteCcq7fxoFyqtrVzUvKl/S6NA5NQy30D3BB
QJhpYIDylI+CJeD6726QjjIea4ATGPZfP/rkV1zZTuo5LaCF3l9rix8nxXujiR0p
iG3DdVQRUq6BIg==
-----END CERTIFICATE-----