Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/7637a6-5237-4b16-93cf-be17b8aad554/1/z2uQYpuGxVxuR1kW4K1ZWnhGF5o.roa
File:                     z2uQYpuGxVxuR1kW4K1ZWnhGF5o.roa (raw, json)
Hash identifier:          1lUMxnFhs0Jm31ZwfxvkR5pAD+4fsVXYcCK6nm9KVGs=
Subject key identifier:   CF:6B:90:62:9B:86:C5:5C:6E:47:59:16:E0:AD:59:5A:78:46:17:9A
Certificate issuer:       /CN=1f31139f89e825962a7e3380ade75b56ab5baad5
Certificate serial:       018E39D159F6B938C089E1D6885D281E871E
Authority key identifier: 1F:31:13:9F:89:E8:25:96:2A:7E:33:80:AD:E7:5B:56:AB:5B:AA:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HzETn4noJZYqfjOAredbVqtbqtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/7637a6-5237-4b16-93cf-be17b8aad554/1/z2uQYpuGxVxuR1kW4K1ZWnhGF5o.roa
Signing time:             Wed 13 Mar 2024 21:56:45 +0000
ROA not before:           Wed 13 Mar 2024 21:56:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50522
IP address blocks:        81.23.244.0/22 maxlen: 22
                          81.173.0.0/22 maxlen: 22
                          81.173.7.0/24 maxlen: 24
                          81.173.32.0/22 maxlen: 23
                          81.173.48.0/20 maxlen: 20
                          81.173.64.0/20 maxlen: 20
                          81.173.96.0/22 maxlen: 22
                          81.173.125.0/24 maxlen: 24
                          81.173.126.0/23 maxlen: 23
                          109.235.32.0/21 maxlen: 21
                          185.61.68.0/22 maxlen: 22
                          2a03:be00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 08 Jul 2024 08:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:39:d1:59:f6:b9:38:c0:89:e1:d6:88:5d:28:1e:87:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f31139f89e825962a7e3380ade75b56ab5baad5
        Validity
            Not Before: Mar 13 21:56:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf6b90629b86c55c6e475916e0ad595a7846179a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b1:b0:ff:06:ac:42:a0:e3:98:92:06:3d:ff:
                    91:a6:df:1c:c4:7f:32:6c:59:2d:0a:cf:bd:59:08:
                    69:db:0a:a8:f2:40:00:d0:00:05:eb:e4:91:82:2f:
                    ce:a8:80:a8:18:cc:d1:03:cf:10:4c:97:cf:48:48:
                    66:1e:a5:f2:14:3c:c6:c6:4f:97:3c:00:03:2b:2c:
                    96:e3:4b:c9:53:0b:1c:43:1b:1e:e8:2e:df:39:b2:
                    8e:93:3e:4a:60:86:0a:de:f3:64:96:dd:89:58:8b:
                    de:52:ca:07:91:36:b5:42:fb:7f:3d:9e:2a:e0:72:
                    98:ac:fb:b9:9d:74:2e:9c:01:a1:d4:cd:c4:d3:1a:
                    ca:84:19:6e:62:52:6e:f1:be:22:df:05:68:32:8f:
                    04:e1:5a:94:a0:c9:f2:e7:ff:12:08:de:78:a3:15:
                    86:5d:f7:a4:68:0d:71:a5:de:0b:46:9d:7e:58:36:
                    03:78:5c:87:3a:b4:af:8f:a6:46:30:b5:a1:4d:f2:
                    f8:bf:e9:91:56:51:81:b0:2d:18:76:39:61:a8:a7:
                    20:73:fb:cd:4c:c3:c5:a7:49:6d:ef:c0:24:70:62:
                    50:3c:4b:d0:e1:9e:0b:ef:6c:c3:6c:94:81:89:ec:
                    1a:07:f2:6d:0d:ac:3c:9d:ca:5f:20:97:12:ea:d5:
                    5e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:6B:90:62:9B:86:C5:5C:6E:47:59:16:E0:AD:59:5A:78:46:17:9A
            X509v3 Authority Key Identifier:
                keyid:1F:31:13:9F:89:E8:25:96:2A:7E:33:80:AD:E7:5B:56:AB:5B:AA:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HzETn4noJZYqfjOAredbVqtbqtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/7637a6-5237-4b16-93cf-be17b8aad554/1/z2uQYpuGxVxuR1kW4K1ZWnhGF5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/7637a6-5237-4b16-93cf-be17b8aad554/1/HzETn4noJZYqfjOAredbVqtbqtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.23.244.0/22
                  81.173.0.0/22
                  81.173.7.0/24
                  81.173.32.0/22
                  81.173.48.0-81.173.79.255
                  81.173.96.0/22
                  81.173.125.0-81.173.127.255
                  109.235.32.0/21
                  185.61.68.0/22
                IPv6:
                  2a03:be00::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:8b:74:84:1c:2f:35:39:3c:b3:d6:2e:d7:17:56:a7:12:66:
         4f:d1:db:65:02:bd:39:23:73:f9:c2:d8:f5:7c:2e:f0:10:22:
         93:c8:ee:03:2f:07:6f:99:56:17:a2:81:7d:68:09:ff:c5:a8:
         55:7f:ab:9c:9d:cd:58:46:30:e7:82:04:6d:c9:7b:a1:13:e3:
         65:be:52:52:9a:5e:c2:52:af:dd:ef:21:d1:04:2a:f0:63:bd:
         ca:14:b1:ab:78:f7:e9:68:3d:33:f0:f6:91:9a:f6:58:17:9b:
         1c:d0:32:99:50:dc:98:11:75:ad:d0:ea:a5:97:ce:f3:98:36:
         9e:09:27:40:d9:64:e7:1e:d3:8d:1f:0c:8f:ad:94:79:10:96:
         f3:95:3c:9f:c5:45:b6:85:8f:aa:ac:ae:e4:05:81:f7:b9:c2:
         f2:f4:58:e0:32:29:09:a6:a6:b2:57:c1:e8:6f:b9:3a:50:a0:
         93:14:e3:f5:bb:7b:a0:e5:86:2c:ea:08:7d:43:0a:7b:31:37:
         02:95:36:a8:12:f8:99:bf:45:37:97:36:e5:d2:9b:4c:40:e9:
         87:b0:64:a8:4b:da:d4:53:2f:b0:13:0d:70:c6:45:8e:b7:f2:
         c1:40:c4:1b:34:ee:be:8c:04:29:a1:bf:42:2f:9e:8d:6c:9d:
         27:ee:b4:7c
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAY450Vn2uTjAieHWiF0oHoceMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMzExMzlmODllODI1OTYyYTdlMzM4MGFkZTc1YjU2YWI1
YmFhZDUwHhcNMjQwMzEzMjE1NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjZiOTA2MjliODZjNTVjNmU0NzU5MTZlMGFkNTk1YTc4NDYxNzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrGw/wasQqDjmJIGPf+Rpt8cxH8y
bFktCs+9WQhp2wqo8kAA0AAF6+SRgi/OqICoGMzRA88QTJfPSEhmHqXyFDzGxk+X
PAADKyyW40vJUwscQxse6C7fObKOkz5KYIYK3vNklt2JWIveUsoHkTa1Qvt/PZ4q
4HKYrPu5nXQunAGh1M3E0xrKhBluYlJu8b4i3wVoMo8E4VqUoMny5/8SCN54oxWG
XfekaA1xpd4LRp1+WDYDeFyHOrSvj6ZGMLWhTfL4v+mRVlGBsC0YdjlhqKcgc/vN
TMPFp0lt78AkcGJQPEvQ4Z4L72zDbJSBiewaB/JtDaw8ncpfIJcS6tVeywIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFM9rkGKbhsVcbkdZFuCtWVp4RheaMB8GA1UdIwQY
MBaAFB8xE5+J6CWWKn4zgK3nW1arW6rVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHpFVG40bm9KWllxZmpPQXJlZGJWcXRicXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS83NjM3YTYtNTIzNy00YjE2LTkzY2Yt
YmUxN2I4YWFkNTU0LzEvejJ1UVlwdUd4Vnh1UjFrVzRLMVpXbmhHRjVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS83NjM3YTYtNTIzNy00YjE2LTkzY2YtYmUxN2I4YWFkNTU0
LzEvSHpFVG40bm9KWllxZmpPQXJlZGJWcXRicXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwQCURf0AwQC
Ua0AAwQAUa0HAwQCUa0gMAwDBARRrTADBARRrUADBAJRrWAwDAMEAFGtfQMEB1Gt
AAMEA23rIAMEArk9RDANBAIAAjAHAwUAKgO+ADANBgkqhkiG9w0BAQsFAAOCAQEA
cIt0hBwvNTk8s9Yu1xdWpxJmT9HbZQK9OSNz+cLY9Xwu8BAik8juAy8Hb5lWF6KB
fWgJ/8WoVX+rnJ3NWEYw54IEbcl7oRPjZb5SUppewlKv3e8h0QQq8GO9yhSxq3j3
6Wg9M/D2kZr2WBebHNAymVDcmBF1rdDqpZfO85g2ngknQNlk5x7TjR8Mj62UeRCW
85U8n8VFtoWPqqyu5AWB97nC8vRY4DIpCaamslfB6G+5OlCgkxTj9bt7oOWGLOoI
fUMKezE3ApU2qBL4mb9FN5c25dKbTEDph7BkqEva1FMvsBMNcMZFjrfywUDEGzTu
vowEKaG/Qi+ejWydJ+60fA==
-----END CERTIFICATE-----