Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/vEuJf2VSF6uZhHYt7qu6-PsQL38.roa
File:                     vEuJf2VSF6uZhHYt7qu6-PsQL38.roa (raw, json)
Hash identifier:          vfnR54nvGM4Ji3gIMFTX/GuZvrCq5aCLy8BzB7qmLKY=
Subject key identifier:   BC:4B:89:7F:65:52:17:AB:99:84:76:2D:EE:AB:BA:F8:FB:10:2F:7F
Certificate issuer:       /CN=808e238e30dcb759759fb8a394d9e211a28b9d87
Certificate serial:       018EF4B3C61D78185DF2725DFAE9D700FADA
Authority key identifier: 80:8E:23:8E:30:DC:B7:59:75:9F:B8:A3:94:D9:E2:11:A2:8B:9D:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/vEuJf2VSF6uZhHYt7qu6-PsQL38.roa
Signing time:             Fri 19 Apr 2024 04:53:26 +0000
ROA not before:           Fri 19 Apr 2024 04:53:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6789
IP address blocks:        45.149.244.0/22 maxlen: 22
                          80.245.112.0/20 maxlen: 20
                          80.245.112.0/24 maxlen: 24
                          85.91.192.0/19 maxlen: 19
                          91.235.12.0/22 maxlen: 22
                          91.247.96.0/19 maxlen: 19
                          109.200.128.0/19 maxlen: 19
                          185.99.168.0/22 maxlen: 22
                          185.100.103.0/24 maxlen: 24
                          185.104.92.0/22 maxlen: 22
                          185.186.232.0/22 maxlen: 22
                          2a00:1d80::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 23 Apr 2024 08:09:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f4:b3:c6:1d:78:18:5d:f2:72:5d:fa:e9:d7:00:fa:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=808e238e30dcb759759fb8a394d9e211a28b9d87
        Validity
            Not Before: Apr 19 04:53:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc4b897f655217ab9984762deeabbaf8fb102f7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:36:a2:f1:31:94:3c:fa:54:97:2d:01:e2:53:
                    ef:4e:1f:9b:a3:05:3b:60:29:4a:ff:b7:5d:db:d7:
                    20:da:ba:da:ff:db:15:cd:73:b2:ea:09:93:75:db:
                    e7:b8:09:13:8e:db:eb:e8:7e:26:34:bc:17:01:ef:
                    93:ee:a3:5c:c6:72:54:8b:ba:d0:13:b1:b4:c9:d8:
                    94:dc:72:46:c5:92:75:61:5c:fe:a4:a0:fd:44:8c:
                    4e:ea:cf:fe:1d:43:e5:93:cd:ca:ef:92:ce:79:e0:
                    c4:85:18:44:62:9c:a5:43:12:33:73:3a:ed:ed:8c:
                    1c:d3:84:1d:b8:cb:ee:99:b2:3d:b4:f9:d1:7b:1e:
                    67:99:3c:b5:4b:8f:45:f4:89:ce:20:ca:95:8e:bb:
                    5b:48:bd:45:14:4e:9e:7e:3a:c8:ef:82:8f:2b:49:
                    6b:98:b8:4a:0d:1d:a9:ca:0c:fb:92:34:1a:15:62:
                    57:e8:f8:36:c4:97:00:af:66:db:80:41:6e:b1:10:
                    30:59:30:65:60:2d:de:2e:b9:e4:da:33:6a:de:9b:
                    d5:b5:36:d8:30:b1:df:37:17:dd:76:5b:63:ce:48:
                    f6:73:2c:a8:78:34:b8:ec:e4:c4:49:e3:b9:41:0b:
                    ae:2f:ba:a8:3d:5a:5c:09:36:0e:18:c4:77:63:ed:
                    2c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:4B:89:7F:65:52:17:AB:99:84:76:2D:EE:AB:BA:F8:FB:10:2F:7F
            X509v3 Authority Key Identifier:
                keyid:80:8E:23:8E:30:DC:B7:59:75:9F:B8:A3:94:D9:E2:11:A2:8B:9D:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/vEuJf2VSF6uZhHYt7qu6-PsQL38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/gI4jjjDct1l1n7ijlNniEaKLnYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.244.0/22
                  80.245.112.0/20
                  85.91.192.0/19
                  91.235.12.0/22
                  91.247.96.0/19
                  109.200.128.0/19
                  185.99.168.0/22
                  185.100.103.0/24
                  185.104.92.0/22
                  185.186.232.0/22
                IPv6:
                  2a00:1d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:56:80:c0:58:47:58:c8:9a:aa:d6:bc:6f:2a:a0:04:0d:0b:
         64:e4:1b:29:fc:6d:72:f5:4b:22:19:94:4a:e0:8d:38:81:10:
         be:e7:2f:54:8d:6f:44:1a:b3:36:70:3f:59:73:6d:05:af:43:
         7c:69:e6:75:62:11:ad:9a:fd:04:bc:5b:38:75:d2:9d:37:a6:
         72:fa:08:70:a3:08:1d:3c:2e:fd:a9:b0:0e:17:5f:ef:e9:2f:
         49:81:67:0a:5c:e4:e7:5d:c8:f3:3a:27:ae:d6:8d:d4:31:39:
         cb:f7:42:78:6d:85:07:d0:5a:ee:f2:98:d1:af:10:45:04:ea:
         95:c8:b4:93:6a:55:b8:37:57:c0:21:a5:2c:f3:ee:fe:9f:b0:
         90:ef:1d:c8:34:27:3b:1d:73:34:a8:46:3c:7c:28:00:11:90:
         85:2c:09:b9:fe:ab:32:50:90:e2:56:8c:9e:da:8a:d4:54:15:
         00:f1:6a:2d:99:8e:0d:aa:7b:4b:09:f0:0e:6e:89:9b:31:c7:
         fe:b3:17:fc:57:51:a4:23:11:c6:43:a0:e6:81:7f:89:0f:71:
         18:17:63:e8:df:05:ac:c2:5b:6d:c5:b0:01:f0:27:0b:88:5e:
         0c:ce:04:48:00:14:c9:fb:46:7b:c9:08:b3:d6:52:db:08:49:
         cd:58:4a:9a
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAY70s8YdeBhd8nJd+unXAPraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwOGUyMzhlMzBkY2I3NTk3NTlmYjhhMzk0ZDllMjExYTI4
YjlkODcwHhcNMjQwNDE5MDQ1MzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzRiODk3ZjY1NTIxN2FiOTk4NDc2MmRlZWFiYmFmOGZiMTAyZjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jai8TGUPPpUly0B4lPvTh+bowU7
YClK/7dd29cg2rra/9sVzXOy6gmTddvnuAkTjtvr6H4mNLwXAe+T7qNcxnJUi7rQ
E7G0ydiU3HJGxZJ1YVz+pKD9RIxO6s/+HUPlk83K75LOeeDEhRhEYpylQxIzczrt
7Ywc04QduMvumbI9tPnRex5nmTy1S49F9InOIMqVjrtbSL1FFE6efjrI74KPK0lr
mLhKDR2pygz7kjQaFWJX6Pg2xJcAr2bbgEFusRAwWTBlYC3eLrnk2jNq3pvVtTbY
MLHfNxfddltjzkj2cyyoeDS47OTESeO5QQuuL7qoPVpcCTYOGMR3Y+0sqQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFLxLiX9lUhermYR2Le6ruvj7EC9/MB8GA1UdIwQY
MBaAFICOI44w3LdZdZ+4o5TZ4hGii52HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0k0ampqRGN0MWwxbjdpamxObmlFYUtMblljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83YjJjZDYtYjFmMy00M2ZjLTlmMDkt
Y2Q5NzQwNDI2NDlmLzEvdkV1SmYyVlNGNnVaaEhZdDdxdTYtUHNRTDM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83YjJjZDYtYjFmMy00M2ZjLTlmMDktY2Q5NzQwNDI2NDlm
LzEvZ0k0ampqRGN0MWwxbjdpamxObmlFYUtMblljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQCLZX0AwQE
UPVwAwQFVVvAAwQCW+sMAwQFW/dgAwQFbciAAwQCuWOoAwQAuWRnAwQCuWhcAwQC
ubroMA0EAgACMAcDBQAqAB2AMA0GCSqGSIb3DQEBCwUAA4IBAQCZVoDAWEdYyJqq
1rxvKqAEDQtk5Bsp/G1y9UsiGZRK4I04gRC+5y9UjW9EGrM2cD9Zc20Fr0N8aeZ1
YhGtmv0EvFs4ddKdN6Zy+ghwowgdPC79qbAOF1/v6S9JgWcKXOTnXcjzOieu1o3U
MTnL90J4bYUH0Fru8pjRrxBFBOqVyLSTalW4N1fAIaUs8+7+n7CQ7x3INCc7HXM0
qEY8fCgAEZCFLAm5/qsyUJDiVoye2orUVBUA8WotmY4NqntLCfAObombMcf+sxf8
V1GkIxHGQ6DmgX+JD3EYF2Po3wWswlttxbAB8CcLiF4MzgRIABTJ+0Z7yQiz1lLb
CEnNWEqa
-----END CERTIFICATE-----