Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/MQbQrIAn6Q-JEn2yqgiRGEYL46M.roa
File:                     MQbQrIAn6Q-JEn2yqgiRGEYL46M.roa (raw, json)
Hash identifier:          xt0H9r7Zukq61ZUEbjdTQ1GAN6r3VQ5oyWsCJJoI0eA=
Subject key identifier:   31:06:D0:AC:80:27:E9:0F:89:12:7D:B2:AA:08:91:18:46:0B:E3:A3
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       0191EC632FB8BAF99DA661FFE484D43B810B
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/MQbQrIAn6Q-JEn2yqgiRGEYL46M.roa
Signing time:             Fri 13 Sep 2024 17:16:48 +0000
ROA not before:           Fri 13 Sep 2024 17:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16589
IP address blocks:        77.223.192.0/21 maxlen: 21
                          77.223.200.0/23 maxlen: 24
                          79.139.64.0/23 maxlen: 24
                          83.142.200.0/21 maxlen: 24
                          94.26.110.0/23 maxlen: 24
                          94.101.103.0/24 maxlen: 24
                          176.222.48.0/22 maxlen: 24
                          178.216.184.0/21 maxlen: 24
                          198.14.16.0/20 maxlen: 24
                          198.145.112.0/22 maxlen: 24
                          205.134.244.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Wed 13 Nov 2024 16:43:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ec:63:2f:b8:ba:f9:9d:a6:61:ff:e4:84:d4:3b:81:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Sep 13 17:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3106d0ac8027e90f89127db2aa089118460be3a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6b:3d:b7:7f:3d:04:09:70:65:db:cd:2c:5e:
                    ef:cd:c1:ad:a0:9a:0d:c0:68:96:2f:70:ac:bd:c6:
                    ab:8e:ad:cf:b5:2b:b1:ec:eb:25:6b:68:72:66:6f:
                    b5:72:27:72:74:b4:bc:00:a6:83:74:5d:9f:20:e2:
                    d1:7a:09:48:3d:f2:c4:64:03:34:fb:06:1e:ac:4a:
                    99:08:83:f3:f6:f2:25:1f:ff:48:10:f7:cc:f3:bb:
                    0b:d4:28:95:84:ae:78:a1:fb:17:b4:a6:91:12:c2:
                    84:64:9b:e9:ed:db:a6:c7:eb:47:32:fc:b4:b9:28:
                    25:4d:bc:51:8c:80:c0:9d:7a:99:f7:75:7c:82:49:
                    04:03:98:f5:58:ad:94:78:0e:99:52:7c:eb:3a:5e:
                    bb:b4:0e:89:a4:5b:9e:41:99:14:6c:13:a9:d3:be:
                    45:6c:01:b8:d7:36:ac:7c:9a:0b:5f:10:9d:31:55:
                    14:64:0b:cd:cb:38:ef:f1:49:d0:28:94:0e:8c:b5:
                    2a:df:2e:b4:3c:ac:0a:71:bb:11:44:28:f0:04:c3:
                    43:1e:27:71:84:da:93:88:bf:db:0e:03:f4:fa:a8:
                    20:4b:56:a4:64:04:1d:cf:cf:44:6f:92:ce:a6:ae:
                    86:a8:c0:76:ec:c1:dc:dd:99:19:a4:55:07:f1:7a:
                    36:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:06:D0:AC:80:27:E9:0F:89:12:7D:B2:AA:08:91:18:46:0B:E3:A3
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/MQbQrIAn6Q-JEn2yqgiRGEYL46M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.223.192.0-77.223.201.255
                  79.139.64.0/23
                  83.142.200.0/21
                  94.26.110.0/23
                  94.101.103.0/24
                  176.222.48.0/22
                  178.216.184.0/21
                  198.14.16.0/20
                  198.145.112.0/22
                  205.134.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:84:41:ac:93:54:18:de:90:85:28:aa:d9:53:6d:49:f8:a9:
         67:b6:bf:a6:dc:05:10:f5:60:eb:98:22:f3:e8:e4:a3:32:73:
         81:e5:c4:41:b8:a2:b6:fa:89:81:66:5a:c6:3c:31:cc:d8:46:
         3f:f8:61:f0:9c:2c:5f:20:a6:3a:4d:67:99:d1:8d:82:37:5e:
         a2:73:72:5f:18:bf:13:45:f2:d2:d9:09:d0:d0:6c:1a:a1:1f:
         32:af:de:d8:0d:37:72:97:ff:9a:a1:cd:a7:b2:c1:26:bf:f1:
         c4:44:17:ae:dd:e0:c4:ab:46:c3:d5:0f:d4:de:a3:ed:29:75:
         da:f7:76:8f:6f:6e:7b:90:5a:53:e3:4b:59:a5:e2:59:ec:42:
         72:1b:5e:87:7a:8b:53:10:9d:56:97:f3:41:dd:47:65:5e:03:
         57:ac:da:c4:13:a5:c0:7b:28:3d:9e:29:59:f6:37:35:55:d0:
         3b:3d:6e:73:ec:cd:66:09:73:4c:f8:28:82:70:95:0b:da:f3:
         f0:3c:de:82:6d:c2:74:d5:14:b9:ce:f6:b8:ac:cb:79:83:bb:
         27:e4:cf:b9:9c:e2:e5:65:2b:fd:ba:02:b5:17:33:00:7d:46:
         ec:9a:b2:ad:c4:94:02:bc:bc:aa:f0:9b:8c:ae:7a:28:3b:e4:
         3b:f2:34:2b
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZHsYy+4uvmdpmH/5ITUO4ELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwOTEzMTcxNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTA2ZDBhYzgwMjdlOTBmODkxMjdkYjJhYTA4OTExODQ2MGJlM2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWs9t389BAlwZdvNLF7vzcGtoJoN
wGiWL3Csvcarjq3PtSux7Osla2hyZm+1cidydLS8AKaDdF2fIOLReglIPfLEZAM0
+wYerEqZCIPz9vIlH/9IEPfM87sL1CiVhK54ofsXtKaREsKEZJvp7dumx+tHMvy0
uSglTbxRjIDAnXqZ93V8gkkEA5j1WK2UeA6ZUnzrOl67tA6JpFueQZkUbBOp075F
bAG41zasfJoLXxCdMVUUZAvNyzjv8UnQKJQOjLUq3y60PKwKcbsRRCjwBMNDHidx
hNqTiL/bDgP0+qggS1akZAQdz89Eb5LOpq6GqMB27MHc3ZkZpFUH8Xo2uwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFDEG0KyAJ+kPiRJ9sqoIkRhGC+OjMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvTVFiUXJJQW42US1KRW4yeXFnaVJHRVlMNDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEMAwDBAZN38AD
BAFN38gDBAFPi0ADBANTjsgDBAFeGm4DBABeZWcDBAKw3jADBAOy2LgDBATGDhAD
BALGkXADBALNhvQwDQYJKoZIhvcNAQELBQADggEBAI6EQayTVBjekIUoqtlTbUn4
qWe2v6bcBRD1YOuYIvPo5KMyc4HlxEG4orb6iYFmWsY8MczYRj/4YfCcLF8gpjpN
Z5nRjYI3XqJzcl8YvxNF8tLZCdDQbBqhHzKv3tgNN3KX/5qhzaeywSa/8cREF67d
4MSrRsPVD9Teo+0pddr3do9vbnuQWlPjS1ml4lnsQnIbXod6i1MQnVaX80HdR2Ve
A1es2sQTpcB7KD2eKVn2NzVV0Ds9bnPszWYJc0z4KIJwlQva8/A83oJtwnTVFLnO
9risy3mDuyfkz7mc4uVlK/26ArUXMwB9Ruyasq3ElAK8vKrwm4yueig75DvyNCs=
-----END CERTIFICATE-----