Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/0ENmodCsaHm4R_7YUSsqdBiMCRo.roa
File:                     0ENmodCsaHm4R_7YUSsqdBiMCRo.roa (raw, json)
Hash identifier:          SRRd4lDBtrpfIviqqJcofzmlgr593yyvDlnOnfkQMB8=
Subject key identifier:   D0:43:66:A1:D0:AC:68:79:B8:47:FE:D8:51:2B:2A:74:18:8C:09:1A
Certificate issuer:       /CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
Certificate serial:       01857227D6446CE8603890B97601BD65EE68
Authority key identifier: AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/0ENmodCsaHm4R_7YUSsqdBiMCRo.roa
Signing time:             Mon 02 Jan 2023 11:04:51 +0000
ROA not before:           Mon 02 Jan 2023 11:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6697
IP address blocks:        178.120.0.0/13 maxlen: 24
                          86.57.128.0/17 maxlen: 24
                          93.84.0.0/15 maxlen: 24
                          37.212.0.0/14 maxlen: 23
                          37.45.0.0/16 maxlen: 21
                          194.158.192.0/19 maxlen: 24
                          37.44.64.0/18 maxlen: 21
                          82.209.192.0/18 maxlen: 24
                          185.152.136.0/22 maxlen: 24
                          2a02:2208::/29 maxlen: 44
                          2001:7f8:5a::/48 maxlen: 48
                          2a02:2208::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:27:d6:44:6c:e8:60:38:90:b9:76:01:bd:65:ee:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
        Validity
            Not Before: Jan  2 11:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d04366a1d0ac6879b847fed8512b2a74188c091a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a0:83:8a:03:b0:28:e6:29:93:96:33:21:62:
                    cb:4d:aa:a5:f0:61:45:82:39:9d:de:88:a2:18:a4:
                    69:3d:dd:58:6d:ab:29:8b:a6:c6:2f:fd:2a:cb:bf:
                    18:38:19:14:33:c2:3c:3a:3a:26:80:2c:40:fe:5b:
                    b2:a1:e8:3e:0f:31:01:08:ff:b0:95:de:b8:69:91:
                    57:9f:5f:10:b6:82:a8:fd:57:4a:2e:cd:b7:7e:21:
                    db:fd:d8:55:13:f4:0f:a3:8d:2a:4a:ee:ed:d6:ef:
                    79:44:ce:b2:87:eb:41:7a:b3:00:8d:ef:77:30:34:
                    40:31:ea:70:39:6c:01:54:40:3e:f3:92:1c:3f:d2:
                    92:47:ed:b1:e4:f3:3b:b8:ff:29:b5:a7:10:ae:7f:
                    65:44:7d:87:c3:e4:cc:e6:12:9c:f1:10:4f:eb:7a:
                    30:01:37:d6:22:8a:26:23:45:ab:23:5c:5d:90:dd:
                    8b:f7:12:3d:cd:87:d6:49:74:d4:23:74:b0:26:ca:
                    0c:72:43:ba:c9:3e:4c:1b:05:fb:4c:a6:b8:77:c0:
                    81:54:3c:32:77:82:af:55:28:44:01:d6:1f:3d:5f:
                    d8:40:f5:01:8f:0c:79:8a:01:e2:d6:5d:c1:18:ba:
                    3f:c0:84:7f:cc:9d:bb:88:90:cc:f6:41:d2:e7:49:
                    89:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:43:66:A1:D0:AC:68:79:B8:47:FE:D8:51:2B:2A:74:18:8C:09:1A
            X509v3 Authority Key Identifier:
                keyid:AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/0ENmodCsaHm4R_7YUSsqdBiMCRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.64.0/18
                  37.45.0.0/16
                  37.212.0.0/14
                  82.209.192.0/18
                  86.57.128.0/17
                  93.84.0.0/15
                  178.120.0.0/13
                  185.152.136.0/22
                  194.158.192.0/19
                IPv6:
                  2001:7f8:5a::/48
                  2a02:2208::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:58:14:f4:45:8b:7c:5a:28:22:3b:3e:18:8e:99:3a:34:44:
         c0:39:8c:9e:67:f7:9c:4d:51:23:dd:65:62:1e:6d:81:59:7d:
         f5:c0:95:1b:36:95:35:2f:c8:8d:08:4e:58:02:65:57:75:47:
         2a:cc:22:90:9e:c0:6f:26:0d:73:c6:cf:52:9e:55:79:c6:c0:
         37:fe:d0:92:df:2c:db:de:84:74:f1:e6:4d:fb:b5:fe:0e:ae:
         d5:b2:35:15:89:1c:67:9e:ef:2e:f6:7e:00:1d:53:22:3f:f6:
         9c:80:e4:28:58:cc:3e:1f:71:f6:2d:57:38:23:4a:18:74:be:
         7c:b4:f0:78:54:2a:fc:be:f4:14:5a:4d:5f:17:2b:4d:de:40:
         e2:8a:a4:d6:45:87:ad:1c:e0:42:09:d2:08:30:68:3b:fa:e1:
         bd:3b:be:a4:33:fb:bc:48:49:df:4c:d0:51:e6:0d:c4:7c:7a:
         ce:2c:4c:49:ca:a4:54:3c:b1:3a:50:fc:1a:fe:67:06:bc:2d:
         8e:49:85:24:c0:f4:f8:01:c2:ee:f9:82:e1:ba:45:fd:fc:c6:
         02:2c:a0:8d:5c:08:a7:b2:dd:1e:0a:b7:55:dc:0f:84:c6:fa:
         24:e7:9d:d1:c2:b2:51:3e:12:56:c5:29:59:10:b4:c6:e0:2a:
         f1:76:3d:64
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVyJ9ZEbOhgOJC5dgG9Ze5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiODgyY2Q2ZDE5NmFlMWY5Njg3MmFjYWU3ODMyMWJlN2E5
MmI4ZWIwHhcNMjMwMTAyMTEwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDQzNjZhMWQwYWM2ODc5Yjg0N2ZlZDg1MTJiMmE3NDE4OGMwOTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaCDigOwKOYpk5YzIWLLTaql8GFF
gjmd3oiiGKRpPd1Ybaspi6bGL/0qy78YOBkUM8I8OjomgCxA/luyoeg+DzEBCP+w
ld64aZFXn18QtoKo/VdKLs23fiHb/dhVE/QPo40qSu7t1u95RM6yh+tBerMAje93
MDRAMepwOWwBVEA+85IcP9KSR+2x5PM7uP8ptacQrn9lRH2Hw+TM5hKc8RBP63ow
ATfWIoomI0WrI1xdkN2L9xI9zYfWSXTUI3SwJsoMckO6yT5MGwX7TKa4d8CBVDwy
d4KvVShEAdYfPV/YQPUBjwx5igHi1l3BGLo/wIR/zJ27iJDM9kHS50mJjQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFNBDZqHQrGh5uEf+2FErKnQYjAkaMB8GA1UdIwQY
MBaAFKuILNbRlq4flocqyueDIb56krjrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTRnczF0R1dyaC1XaHlySzU0TWh2bnFTdU9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80YjZjYzktMDlkMy00Njc4LWIwYTct
OTUwYzE4MDU5NmQwLzEvMEVObW9kQ3NhSG00Ul83WVVTc3FkQmlNQ1JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80YjZjYzktMDlkMy00Njc4LWIwYTctOTUwYzE4MDU5NmQw
LzEvcTRnczF0R1dyaC1XaHlySzU0TWh2bnFTdU9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjA4BAIAATAyAwQGJSxAAwMA
JS0DAwIl1AMEBlLRwAMEB1Y5gAMDAV1UAwMDsngDBAK5mIgDBAXCnsAwFgQCAAIw
EAMHACABB/gAWgMFAyoCIggwDQYJKoZIhvcNAQELBQADggEBADdYFPRFi3xaKCI7
PhiOmTo0RMA5jJ5n95xNUSPdZWIebYFZffXAlRs2lTUvyI0ITlgCZVd1RyrMIpCe
wG8mDXPGz1KeVXnGwDf+0JLfLNvehHTx5k37tf4OrtWyNRWJHGee7y72fgAdUyI/
9pyA5ChYzD4fcfYtVzgjShh0vny08HhUKvy+9BRaTV8XK03eQOKKpNZFh60c4EIJ
0ggwaDv64b07vqQz+7xISd9M0FHmDcR8es4sTEnKpFQ8sTpQ/Br+Zwa8LY5JhSTA
9PgBwu75guG6Rf38xgIsoI1cCKey3R4Kt1XcD4TG+iTnndHCslE+ElbFKVkQtMbg
KvF2PWQ=
-----END CERTIFICATE-----