Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/f4d345-5ff3-4b0a-8dd9-7a4e3340a491/1/uLRhO856L2qIFOvdR9ZRjbxUdrk.roa
File:                     uLRhO856L2qIFOvdR9ZRjbxUdrk.roa (raw, json)
Hash identifier:          z3XQNsRpOjtraCKCx211IgdbLAe/vl4xIPNtTvSvGlE=
Subject key identifier:   B8:B4:61:3B:CE:7A:2F:6A:88:14:EB:DD:47:D6:51:8D:BC:54:76:B9
Certificate issuer:       /CN=59138e3db77640beadf1da5b15194b9384a1444e
Certificate serial:       01856DDD4B5CBCE46C640C242718CE30B24C
Authority key identifier: 59:13:8E:3D:B7:76:40:BE:AD:F1:DA:5B:15:19:4B:93:84:A1:44:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WROOPbd2QL6t8dpbFRlLk4ShRE4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/f4d345-5ff3-4b0a-8dd9-7a4e3340a491/1/uLRhO856L2qIFOvdR9ZRjbxUdrk.roa
Signing time:             Sun 01 Jan 2023 15:04:57 +0000
ROA not before:           Sun 01 Jan 2023 15:04:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41878
IP address blocks:        217.29.225.0/24 maxlen: 24
                          217.29.224.0/24 maxlen: 24
                          217.29.226.0/24 maxlen: 24
                          217.29.230.0/24 maxlen: 24
                          217.29.229.0/24 maxlen: 24
                          217.29.232.0/24 maxlen: 24
                          217.29.231.0/24 maxlen: 24
                          217.29.233.0/24 maxlen: 24
                          217.29.228.0/24 maxlen: 24
                          217.29.227.0/24 maxlen: 24
                          217.29.237.0/24 maxlen: 24
                          217.29.236.0/24 maxlen: 24
                          217.29.239.0/24 maxlen: 24
                          217.29.238.0/24 maxlen: 24
                          217.29.235.0/24 maxlen: 24
                          217.29.234.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:31:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:dd:4b:5c:bc:e4:6c:64:0c:24:27:18:ce:30:b2:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59138e3db77640beadf1da5b15194b9384a1444e
        Validity
            Not Before: Jan  1 15:04:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b8b4613bce7a2f6a8814ebdd47d6518dbc5476b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:05:7a:79:42:6f:e1:d8:1c:d7:73:b9:a8:5a:
                    e7:b1:77:e6:41:c3:10:da:fa:b2:20:8b:fd:5d:1d:
                    09:64:2b:7a:d5:77:f7:7c:16:6e:d5:ce:87:5e:02:
                    98:48:41:53:c7:bb:4c:f7:80:90:c9:31:ed:c5:61:
                    b1:39:74:e2:12:0d:ec:fe:53:9a:76:ed:e7:d9:31:
                    e9:53:33:f1:9e:09:23:79:a4:b6:51:59:d4:3e:de:
                    c3:03:69:5d:5d:54:db:8a:d6:c8:21:93:aa:98:ea:
                    8a:0c:8a:25:d2:3c:5a:51:2e:eb:35:80:6c:5c:4b:
                    01:20:50:6d:4d:e7:f5:b2:51:bc:ca:20:f5:52:06:
                    95:a0:49:6d:b0:06:62:e9:9b:fb:c2:02:6d:8e:0b:
                    08:5f:62:ed:cb:f8:e4:82:d6:37:11:3c:22:5b:55:
                    5d:dc:e4:fe:47:fc:5c:4f:87:6f:06:29:01:76:a4:
                    6d:67:d3:df:63:b7:34:6e:ef:78:00:d0:56:b8:c4:
                    3b:79:0f:2b:c9:96:84:1b:74:20:43:a4:ba:c8:b1:
                    97:f1:c6:f2:4a:a1:d2:bb:55:0e:ce:a6:6b:65:62:
                    d6:ad:c6:a8:80:2b:c0:a2:6f:4b:40:e2:6d:52:ba:
                    5c:c0:5a:b7:f0:58:fe:3a:9e:9b:8d:ff:76:8b:ff:
                    34:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:B4:61:3B:CE:7A:2F:6A:88:14:EB:DD:47:D6:51:8D:BC:54:76:B9
            X509v3 Authority Key Identifier:
                keyid:59:13:8E:3D:B7:76:40:BE:AD:F1:DA:5B:15:19:4B:93:84:A1:44:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WROOPbd2QL6t8dpbFRlLk4ShRE4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/f4d345-5ff3-4b0a-8dd9-7a4e3340a491/1/uLRhO856L2qIFOvdR9ZRjbxUdrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/f4d345-5ff3-4b0a-8dd9-7a4e3340a491/1/WROOPbd2QL6t8dpbFRlLk4ShRE4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.29.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8e:6e:4d:61:c4:d1:ab:fe:c0:bb:8c:28:cc:4d:21:2e:16:92:
         2b:28:b4:8e:6b:3a:05:28:98:9a:23:c7:30:7d:70:92:94:90:
         b8:3a:1a:15:e3:e0:04:62:82:ec:48:4b:fe:a1:08:b4:6c:b0:
         89:5e:8e:86:37:d5:ea:fc:87:97:93:d8:cf:d0:4d:87:4d:8a:
         4f:fa:4f:63:4b:6f:ee:63:12:db:36:ed:a2:85:5b:8b:07:59:
         42:97:75:68:c0:aa:31:43:40:8e:23:b7:44:52:bd:aa:7a:ad:
         65:ed:17:04:ea:72:ea:f8:ef:66:34:65:26:e3:cc:35:bc:63:
         2d:7b:8d:6f:df:19:a0:de:7c:8b:8e:33:80:9a:17:ca:a2:1f:
         da:0c:48:52:5b:f2:27:7e:db:6f:66:a4:5e:09:ce:ee:bc:4b:
         0a:e5:9a:98:60:b8:40:9f:2a:cd:01:df:a7:6f:47:84:b8:67:
         b4:5d:01:9f:a4:b4:39:4a:f6:1f:74:1b:91:50:af:8c:d5:94:
         03:e9:3b:19:d1:71:c6:0b:83:9c:bd:54:33:09:c4:3e:26:2a:
         4b:70:19:b3:d0:1c:e9:b1:64:da:f7:53:64:29:9d:f8:89:e3:
         bd:7b:63:d4:24:73:65:c6:6a:c5:4b:f2:4b:25:38:e0:45:6b:
         ff:51:9c:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVt3UtcvORsZAwkJxjOMLJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MTM4ZTNkYjc3NjQwYmVhZGYxZGE1YjE1MTk0YjkzODRh
MTQ0NGUwHhcNMjMwMTAxMTUwNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGI0NjEzYmNlN2EyZjZhODgxNGViZGQ0N2Q2NTE4ZGJjNTQ3NmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQV6eUJv4dgc13O5qFrnsXfmQcMQ
2vqyIIv9XR0JZCt61Xf3fBZu1c6HXgKYSEFTx7tM94CQyTHtxWGxOXTiEg3s/lOa
du3n2THpUzPxngkjeaS2UVnUPt7DA2ldXVTbitbIIZOqmOqKDIol0jxaUS7rNYBs
XEsBIFBtTef1slG8yiD1UgaVoEltsAZi6Zv7wgJtjgsIX2Lty/jkgtY3ETwiW1Vd
3OT+R/xcT4dvBikBdqRtZ9PfY7c0bu94ANBWuMQ7eQ8ryZaEG3QgQ6S6yLGX8cby
SqHSu1UOzqZrZWLWrcaogCvAom9LQOJtUrpcwFq38Fj+Op6bjf92i/80fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLi0YTvOei9qiBTr3UfWUY28VHa5MB8GA1UdIwQY
MBaAFFkTjj23dkC+rfHaWxUZS5OEoUROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1JPT1BiZDJRTDZ0OGRwYkZSbExrNFNoUkU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9mNGQzNDUtNWZmMy00YjBhLThkZDkt
N2E0ZTMzNDBhNDkxLzEvdUxSaE84NTZMMnFJRk92ZFI5WlJqYnhVZHJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9mNGQzNDUtNWZmMy00YjBhLThkZDktN2E0ZTMzNDBhNDkx
LzEvV1JPT1BiZDJRTDZ0OGRwYkZSbExrNFNoUkU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2R3gMA0G
CSqGSIb3DQEBCwUAA4IBAQCObk1hxNGr/sC7jCjMTSEuFpIrKLSOazoFKJiaI8cw
fXCSlJC4OhoV4+AEYoLsSEv+oQi0bLCJXo6GN9Xq/IeXk9jP0E2HTYpP+k9jS2/u
YxLbNu2ihVuLB1lCl3VowKoxQ0COI7dEUr2qeq1l7RcE6nLq+O9mNGUm48w1vGMt
e41v3xmg3nyLjjOAmhfKoh/aDEhSW/InfttvZqReCc7uvEsK5ZqYYLhAnyrNAd+n
b0eEuGe0XQGfpLQ5SvYfdBuRUK+M1ZQD6TsZ0XHGC4OcvVQzCcQ+JipLcBmz0Bzp
sWTa91NkKZ34ieO9e2PUJHNlxmrFS/JLJTjgRWv/UZxw
-----END CERTIFICATE-----