Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/uj4QDYRvyJTbjVb0UBlIAg2tyC4.roa
File:                     uj4QDYRvyJTbjVb0UBlIAg2tyC4.roa (raw, json)
Hash identifier:          +WuoGJF1s0FufnGujOZWqaRgkkv8EUGEE2/FFjcze84=
Subject key identifier:   BA:3E:10:0D:84:6F:C8:94:DB:8D:56:F4:50:19:48:02:0D:AD:C8:2E
Certificate issuer:       /CN=896a82a725ed22bb46847ae568912078de25c108
Certificate serial:       01893BA53765835C8E609577EFD6BAD06A47
Authority key identifier: 89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/uj4QDYRvyJTbjVb0UBlIAg2tyC4.roa
Signing time:             Sun 09 Jul 2023 17:13:50 +0000
ROA not before:           Sun 09 Jul 2023 17:13:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5377
IP address blocks:        77.70.240.0/20 maxlen: 20
                          193.220.0.0/16 maxlen: 16
                          193.220.220.0/22 maxlen: 22
                          193.220.224.0/20 maxlen: 20
                          77.70.254.0/24 maxlen: 24
                          77.70.255.0/24 maxlen: 24
                          193.220.240.0/20 maxlen: 24
                          77.70.192.0/19 maxlen: 19
                          193.220.165.0/24 maxlen: 24
                          77.70.207.0/24 maxlen: 24
                          77.70.144.0/20 maxlen: 20
                          77.70.160.0/20 maxlen: 20
                          77.70.176.0/22 maxlen: 22
                          77.70.184.0/21 maxlen: 21
                          193.219.196.0/24 maxlen: 24
                          193.219.192.0/18 maxlen: 18
                          77.70.181.0/24 maxlen: 24
                          193.220.88.0/21 maxlen: 21
                          77.70.128.0/19 maxlen: 19
                          77.70.128.0/17 maxlen: 17
                          2a02:6600::/29 maxlen: 32
                          2a02:6600:f000::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 30 Aug 2023 10:28:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3b:a5:37:65:83:5c:8e:60:95:77:ef:d6:ba:d0:6a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896a82a725ed22bb46847ae568912078de25c108
        Validity
            Not Before: Jul  9 17:13:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ba3e100d846fc894db8d56f4501948020dadc82e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:81:04:ce:17:e3:14:d5:fa:c4:6e:4d:8f:68:
                    4f:50:f5:7d:df:c2:67:57:f6:85:bb:ec:23:b8:c1:
                    b0:91:e8:a8:a7:7b:a1:b2:a8:c5:14:b6:ae:c7:e1:
                    e8:94:85:69:9e:2e:25:15:64:a0:e6:07:af:c8:44:
                    a8:06:9a:93:0f:22:c6:90:08:a1:5b:2c:14:74:73:
                    df:76:ea:d2:dc:ff:fd:ee:4a:c4:9b:41:96:b0:a1:
                    f5:47:45:a0:f0:d3:7b:2c:ef:61:9b:d5:1b:25:13:
                    a4:b4:dc:c2:6d:91:f9:98:21:25:29:96:0a:d9:6a:
                    47:43:92:b5:c6:9d:65:a5:61:81:53:9e:a6:d6:ec:
                    9f:7a:a9:c1:eb:6e:17:6c:c0:9f:34:86:32:46:21:
                    08:c5:1a:20:14:8f:d5:e3:d5:24:b8:f4:a0:c3:03:
                    2e:83:e2:4f:23:4d:f7:61:19:66:e3:95:54:9e:57:
                    51:5b:ef:f3:7b:0d:da:37:fd:5c:dd:f9:3d:36:9c:
                    62:86:f7:91:93:ff:fd:d3:22:ae:c6:24:cf:92:fa:
                    7f:45:31:ad:6a:58:a6:f5:76:a0:f7:8c:5a:9b:e0:
                    df:40:e4:56:e5:da:ed:d0:dc:d6:d7:9d:42:89:88:
                    42:e2:c4:c4:84:60:25:d2:2f:50:e9:a5:43:c6:56:
                    ce:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:3E:10:0D:84:6F:C8:94:DB:8D:56:F4:50:19:48:02:0D:AD:C8:2E
            X509v3 Authority Key Identifier:
                keyid:89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/uj4QDYRvyJTbjVb0UBlIAg2tyC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.70.128.0/17
                  193.219.192.0-193.220.255.255
                IPv6:
                  2a02:6600::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:01:74:f1:d3:80:45:49:64:74:52:d0:d3:be:01:cb:69:a5:
         5d:89:1b:00:49:24:ee:e9:34:d4:51:5a:59:b3:7a:7a:e5:64:
         88:54:07:fd:de:32:48:72:a4:45:e7:b5:30:ca:37:7b:5b:83:
         9b:da:38:7a:b4:aa:f0:a0:7c:b3:b5:e2:f7:d1:29:13:26:19:
         c0:50:e6:06:a3:c4:e5:0f:d3:fc:4a:71:13:84:8c:16:fb:f9:
         0a:54:68:55:d2:78:fe:62:c6:f0:c2:5c:c5:8f:75:db:ec:90:
         aa:f2:72:cc:ca:f3:73:9c:b0:88:a0:c4:f4:20:a3:50:9e:d4:
         f2:fd:46:66:c2:5e:5f:54:5c:0b:b0:93:48:33:ec:c5:43:7c:
         03:de:c7:d0:0a:45:13:9e:19:44:9e:ee:49:2c:d6:f2:b3:e4:
         5e:5c:1c:1f:03:96:18:b9:17:fa:30:0a:85:67:91:da:53:0d:
         0c:e0:40:93:82:e6:f4:97:c2:1b:91:6f:ef:e9:9f:db:19:34:
         7e:66:85:54:47:a4:13:d4:60:09:09:dc:bf:c4:43:0b:9f:d0:
         fd:c6:3c:5f:11:cc:13:3c:6d:48:a6:e1:76:7d:14:6d:77:7e:
         b8:89:98:70:cf:c8:37:6a:b2:da:58:64:b7:8c:9e:41:16:65:
         ea:26:69:b6
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYk7pTdlg1yOYJV379a60GpHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmE4MmE3MjVlZDIyYmI0Njg0N2FlNTY4OTEyMDc4ZGUy
NWMxMDgwHhcNMjMwNzA5MTcxMzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTNlMTAwZDg0NmZjODk0ZGI4ZDU2ZjQ1MDE5NDgwMjBkYWRjODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oEEzhfjFNX6xG5Nj2hPUPV938Jn
V/aFu+wjuMGwkeiop3uhsqjFFLaux+HolIVpni4lFWSg5gevyESoBpqTDyLGkAih
WywUdHPfdurS3P/97krEm0GWsKH1R0Wg8NN7LO9hm9UbJROktNzCbZH5mCElKZYK
2WpHQ5K1xp1lpWGBU56m1uyfeqnB624XbMCfNIYyRiEIxRogFI/V49UkuPSgwwMu
g+JPI033YRlm45VUnldRW+/zew3aN/1c3fk9NpxihveRk//90yKuxiTPkvp/RTGt
alim9Xag94xam+DfQORW5drt0NzW151CiYhC4sTEhGAl0i9Q6aVDxlbOlQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFLo+EA2Eb8iU241W9FAZSAINrcguMB8GA1UdIwQY
MBaAFIlqgqcl7SK7RoR65WiRIHjeJcEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUt
MDQwMTI3MTAyMjA5LzEvdWo0UURZUnZ5SlRialZiMFVCbElBZzJ0eUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUtMDQwMTI3MTAyMjA5
LzEvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAZBAIAATATAwQHTUaAMAsD
BAbB28ADAwDB3DANBAIAAjAHAwUDKgJmADANBgkqhkiG9w0BAQsFAAOCAQEAKwF0
8dOARUlkdFLQ074By2mlXYkbAEkk7uk01FFaWbN6euVkiFQH/d4ySHKkRee1MMo3
e1uDm9o4erSq8KB8s7Xi99EpEyYZwFDmBqPE5Q/T/EpxE4SMFvv5ClRoVdJ4/mLG
8MJcxY912+yQqvJyzMrzc5ywiKDE9CCjUJ7U8v1GZsJeX1RcC7CTSDPsxUN8A97H
0ApFE54ZRJ7uSSzW8rPkXlwcHwOWGLkX+jAKhWeR2lMNDOBAk4Lm9JfCG5Fv7+mf
2xk0fmaFVEekE9RgCQncv8RDC5/Q/cY8XxHMEzxtSKbhdn0UbXd+uImYcM/IN2qy
2lhkt4yeQRZl6iZptg==
-----END CERTIFICATE-----