Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/SiedCzdcNMeBbHyP9yeAuUkH66A.roa
File:                     SiedCzdcNMeBbHyP9yeAuUkH66A.roa (raw, json)
Hash identifier:          7zoWm+TD709QlQYQyetMk+0+wkQzVaGKbMiWD3yRlpY=
Subject key identifier:   4A:27:9D:0B:37:5C:34:C7:81:6C:7C:8F:F7:27:80:B9:49:07:EB:A0
Certificate issuer:       /CN=896a82a725ed22bb46847ae568912078de25c108
Certificate serial:       018B43DAFAF6018377B409B4121DA407A751
Authority key identifier: 89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/SiedCzdcNMeBbHyP9yeAuUkH66A.roa
Signing time:             Wed 18 Oct 2023 17:35:06 +0000
ROA not before:           Wed 18 Oct 2023 17:35:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5377
IP address blocks:        77.70.240.0/20 maxlen: 20
                          193.220.0.0/16 maxlen: 16
                          193.220.220.0/22 maxlen: 22
                          193.220.224.0/20 maxlen: 20
                          77.70.254.0/24 maxlen: 24
                          77.70.255.0/24 maxlen: 24
                          193.220.240.0/20 maxlen: 24
                          77.70.192.0/19 maxlen: 19
                          193.220.165.0/24 maxlen: 24
                          77.70.207.0/24 maxlen: 24
                          77.70.144.0/20 maxlen: 20
                          77.70.160.0/20 maxlen: 20
                          77.70.176.0/22 maxlen: 24
                          193.219.196.0/24 maxlen: 24
                          77.70.184.0/21 maxlen: 24
                          193.219.192.0/18 maxlen: 18
                          77.70.181.0/24 maxlen: 24
                          193.220.88.0/21 maxlen: 21
                          77.70.128.0/19 maxlen: 19
                          77.70.128.0/17 maxlen: 17
                          2a02:6600:f001::/48 maxlen: 48
                          2a02:6600::/29 maxlen: 32
                          2a02:6600:f000::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:43:da:fa:f6:01:83:77:b4:09:b4:12:1d:a4:07:a7:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896a82a725ed22bb46847ae568912078de25c108
        Validity
            Not Before: Oct 18 17:35:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a279d0b375c34c7816c7c8ff72780b94907eba0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:58:ba:63:dd:9b:d7:8e:0c:01:a0:b7:37:1d:
                    f8:d5:16:5c:9a:10:86:b2:e6:36:b5:19:69:c1:33:
                    59:bc:73:dc:23:40:68:76:e4:89:97:e7:ec:f6:61:
                    86:bc:e5:1c:05:92:e2:9e:30:e6:f3:02:04:16:96:
                    c8:14:59:6b:53:c6:39:27:20:9c:ab:07:96:1a:4a:
                    26:f1:d5:2c:5e:27:6e:89:fe:8c:aa:12:0b:c8:6b:
                    4e:ff:fe:12:4b:08:54:54:95:05:93:d1:74:03:66:
                    2c:73:7a:af:9f:98:87:a7:6a:b3:94:02:aa:bd:e6:
                    20:93:d6:8c:3a:4d:b4:6e:47:1b:a6:5b:da:7b:5b:
                    5b:5a:74:70:af:58:1d:13:7b:04:50:9e:ef:b6:90:
                    59:c4:96:9e:fd:31:33:a4:e3:32:26:01:b4:ec:ea:
                    2d:0d:87:76:8f:cf:de:29:57:2a:ee:a4:75:14:42:
                    f0:85:4b:df:73:0f:4d:7e:a8:21:ac:d5:49:08:d9:
                    5c:f5:e7:60:79:0e:5e:fe:9a:48:a3:22:57:26:dd:
                    f0:11:eb:a4:9e:bc:f9:6e:bb:fb:6c:3d:88:d9:eb:
                    0b:3c:24:26:33:41:c1:d2:27:ad:e6:85:16:3b:27:
                    7a:a8:7a:28:8a:3e:42:89:0f:a6:06:96:f7:ae:11:
                    d0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:27:9D:0B:37:5C:34:C7:81:6C:7C:8F:F7:27:80:B9:49:07:EB:A0
            X509v3 Authority Key Identifier:
                keyid:89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/SiedCzdcNMeBbHyP9yeAuUkH66A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.70.128.0/17
                  193.219.192.0-193.220.255.255
                IPv6:
                  2a02:6600::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:fe:f5:27:ff:f2:5a:6e:79:cb:a6:8a:7c:5a:06:0a:16:1f:
         38:6f:39:a2:93:cf:58:81:24:b5:e5:5c:73:5d:e8:f1:a7:c7:
         d6:34:31:7b:45:4b:66:cb:dc:dd:26:d6:57:9e:e2:32:cf:ca:
         26:ff:36:f8:57:73:7c:af:f3:fc:59:18:57:46:72:93:b4:52:
         9f:9d:1e:2b:c4:49:0e:61:56:90:50:73:72:cb:0d:a7:fc:cf:
         b5:75:bd:f2:f9:cf:07:ed:9d:d1:ad:3e:d9:3e:cf:7d:04:11:
         80:4c:02:c2:fb:e3:e1:3e:18:34:65:83:5e:34:92:b7:44:4f:
         fc:8f:62:47:33:a6:4f:70:bf:bf:95:bd:9d:f9:c4:39:6f:a0:
         91:89:5e:74:bd:d1:d2:bd:ff:82:5e:c3:86:5d:5a:d4:42:ef:
         02:bf:10:0d:34:f4:c7:d9:7c:ae:97:82:bd:00:21:cc:44:4e:
         4a:43:7d:d5:61:1c:05:28:57:69:37:df:de:59:ba:40:b4:2d:
         81:51:00:fa:33:3e:a7:0e:5d:09:da:c3:57:c0:6f:ad:e6:86:
         f1:29:1f:bb:a7:24:1b:31:b9:8d:c5:02:65:4d:86:6a:7b:00:
         e2:39:43:d6:a6:3b:5d:0a:63:58:72:85:70:41:20:1b:75:54:
         37:8a:d6:d0
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYtD2vr2AYN3tAm0Eh2kB6dRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmE4MmE3MjVlZDIyYmI0Njg0N2FlNTY4OTEyMDc4ZGUy
NWMxMDgwHhcNMjMxMDE4MTczNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTI3OWQwYjM3NWMzNGM3ODE2YzdjOGZmNzI3ODBiOTQ5MDdlYmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkli6Y92b144MAaC3Nx341RZcmhCG
suY2tRlpwTNZvHPcI0BoduSJl+fs9mGGvOUcBZLinjDm8wIEFpbIFFlrU8Y5JyCc
qweWGkom8dUsXiduif6MqhILyGtO//4SSwhUVJUFk9F0A2Ysc3qvn5iHp2qzlAKq
veYgk9aMOk20bkcbplvae1tbWnRwr1gdE3sEUJ7vtpBZxJae/TEzpOMyJgG07Oot
DYd2j8/eKVcq7qR1FELwhUvfcw9NfqghrNVJCNlc9edgeQ5e/ppIoyJXJt3wEeuk
nrz5brv7bD2I2esLPCQmM0HB0iet5oUWOyd6qHooij5CiQ+mBpb3rhHQBQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFEonnQs3XDTHgWx8j/cngLlJB+ugMB8GA1UdIwQY
MBaAFIlqgqcl7SK7RoR65WiRIHjeJcEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUt
MDQwMTI3MTAyMjA5LzEvU2llZEN6ZGNOTWVCYkh5UDl5ZUF1VWtINjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUtMDQwMTI3MTAyMjA5
LzEvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAZBAIAATATAwQHTUaAMAsD
BAbB28ADAwDB3DANBAIAAjAHAwUDKgJmADANBgkqhkiG9w0BAQsFAAOCAQEAW/71
J//yWm55y6aKfFoGChYfOG85opPPWIEkteVcc13o8afH1jQxe0VLZsvc3SbWV57i
Ms/KJv82+FdzfK/z/FkYV0Zyk7RSn50eK8RJDmFWkFBzcssNp/zPtXW98vnPB+2d
0a0+2T7PfQQRgEwCwvvj4T4YNGWDXjSSt0RP/I9iRzOmT3C/v5W9nfnEOW+gkYle
dL3R0r3/gl7Dhl1a1ELvAr8QDTT0x9l8rpeCvQAhzEROSkN91WEcBShXaTff3lm6
QLQtgVEA+jM+pw5dCdrDV8BvreaG8Skfu6ckGzG5jcUCZU2GansA4jlD1qY7XQpj
WHKFcEEgG3VUN4rW0A==
-----END CERTIFICATE-----