Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VO9Ulx2ALvMRwE5JAbMnc3e-aX0.roa
File:                     VO9Ulx2ALvMRwE5JAbMnc3e-aX0.roa (raw, json)
Hash identifier:          bCpQmFRokqPxsCuIMqfcwLZCk2dXKc4mjW9jcO0oL6I=
Subject key identifier:   54:EF:54:97:1D:80:2E:F3:11:C0:4E:49:01:B3:27:73:77:BE:69:7D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0187284A99B509D8289C7DD19431265DF45D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VO9Ulx2ALvMRwE5JAbMnc3e-aX0.roa
Signing time:             Tue 28 Mar 2023 12:56:30 +0000
ROA not before:           Tue 28 Mar 2023 12:56:30 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204843
IP address blocks:        94.156.11.0/24 maxlen: 24
                          45.81.241.0/24 maxlen: 24
                          141.98.1.0/24 maxlen: 24
                          193.149.2.0/24 maxlen: 24
                          193.149.3.0/24 maxlen: 24
                          37.221.121.0/24 maxlen: 24
                          37.221.122.0/24 maxlen: 24
                          37.221.123.0/24 maxlen: 24
                          37.221.120.0/24 maxlen: 24
                          45.144.153.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 12 Apr 2023 12:04:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:28:4a:99:b5:09:d8:28:9c:7d:d1:94:31:26:5d:f4:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 28 12:56:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=54ef54971d802ef311c04e4901b3277377be697d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:47:fd:8c:e3:d6:4c:06:4f:89:24:ce:20:1e:
                    ed:39:10:df:e5:fa:7a:80:e5:fa:3e:1b:0e:93:5d:
                    77:9c:9b:b3:2a:0d:8d:af:7b:53:04:af:e3:b5:5f:
                    9d:25:1c:26:20:b2:92:55:f4:0e:77:c6:a8:5f:4a:
                    e1:d3:60:f6:51:88:71:72:8e:9d:ac:d3:f3:01:9f:
                    2a:ff:8c:aa:eb:32:66:05:b5:b6:68:0d:52:ca:eb:
                    bc:c5:43:ed:38:b3:34:dc:e0:ac:59:8d:00:af:86:
                    ca:a9:5a:5e:c3:c7:74:bb:8e:0f:83:8f:fb:cb:a4:
                    f0:8a:9e:3b:b7:be:29:c8:76:a8:12:0e:c3:f8:50:
                    9a:08:87:b3:5e:d7:a3:cd:68:66:54:21:f5:27:51:
                    09:34:39:f4:fc:b2:1c:86:06:0f:a5:39:93:3f:a3:
                    bd:44:59:15:ba:a2:e2:86:71:a1:30:e4:ea:d3:88:
                    4e:3c:4b:fa:2f:15:9e:c6:41:91:d1:dc:88:63:b0:
                    9d:45:d2:9e:27:3e:44:c2:5f:d0:51:31:70:b1:ad:
                    b3:6a:d5:db:4a:b6:f9:a5:85:72:9b:0a:57:66:f9:
                    fd:97:5d:4b:56:ea:ff:00:12:f1:4a:79:a0:a0:d3:
                    d0:aa:28:fc:7a:84:de:a6:06:03:ad:ef:05:d8:0d:
                    84:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:EF:54:97:1D:80:2E:F3:11:C0:4E:49:01:B3:27:73:77:BE:69:7D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VO9Ulx2ALvMRwE5JAbMnc3e-aX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.120.0/22
                  45.81.241.0/24
                  45.144.153.0/24
                  94.156.11.0/24
                  141.98.1.0/24
                  193.149.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:d3:2c:4d:e3:45:c4:b4:99:14:05:bf:3b:e4:c0:20:0b:8f:
         c5:32:86:42:4b:6f:a5:89:ff:20:72:85:6c:b7:62:c4:72:1e:
         3b:ad:80:19:49:88:e3:35:6d:5a:a6:43:7b:84:b2:77:54:ed:
         66:69:5c:e0:ec:9a:65:d6:f9:6a:31:11:a9:a0:b4:6f:3e:dc:
         26:f5:c5:26:7c:b6:65:cd:f4:5e:d7:7b:d4:90:39:f4:9f:2a:
         c0:ad:aa:d1:fa:30:50:c4:48:19:b1:06:ef:eb:7c:d8:2a:e3:
         71:58:db:3b:0c:4e:ef:0b:3d:a5:b5:08:b3:b0:7d:65:5b:57:
         ea:93:12:50:40:04:5e:05:9a:f1:b8:63:75:dd:0c:a6:f2:89:
         d2:2d:e0:f2:a5:02:f9:2e:9f:65:61:d9:27:3c:d3:d1:d2:f8:
         e1:b0:61:c7:34:c0:e0:93:a7:62:e5:36:c3:c9:3c:2b:8c:43:
         e9:0d:28:03:11:ee:ce:5e:f5:5b:e3:ff:00:3c:5d:08:b4:2c:
         09:0d:b9:be:ad:76:42:13:8d:33:4e:fe:03:cf:58:98:1d:4b:
         44:73:55:1b:fe:fd:89:45:82:84:72:f4:ce:47:e5:97:56:1a:
         46:72:2a:d6:3a:14:73:bb:81:02:aa:f3:72:08:5c:d5:25:af:
         8c:29:8a:62
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYcoSpm1CdgonH3RlDEmXfRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMzI4MTI1NjMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGVmNTQ5NzFkODAyZWYzMTFjMDRlNDkwMWIzMjc3Mzc3YmU2OTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkf9jOPWTAZPiSTOIB7tORDf5fp6
gOX6PhsOk113nJuzKg2Nr3tTBK/jtV+dJRwmILKSVfQOd8aoX0rh02D2UYhxco6d
rNPzAZ8q/4yq6zJmBbW2aA1Syuu8xUPtOLM03OCsWY0Ar4bKqVpew8d0u44Pg4/7
y6Twip47t74pyHaoEg7D+FCaCIezXtejzWhmVCH1J1EJNDn0/LIchgYPpTmTP6O9
RFkVuqLihnGhMOTq04hOPEv6LxWexkGR0dyIY7CdRdKeJz5Ewl/QUTFwsa2zatXb
Srb5pYVymwpXZvn9l11LVur/ABLxSnmgoNPQqij8eoTepgYDre8F2A2E/wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFTvVJcdgC7zEcBOSQGzJ3N3vml9MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVk85VWx4MkFMdk1Sd0U1SkFiTW5jM2UtYVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCJd14AwQA
LVHxAwQALZCZAwQAXpwLAwQAjWIBAwQBwZUCMA0GCSqGSIb3DQEBCwUAA4IBAQCb
0yxN40XEtJkUBb875MAgC4/FMoZCS2+lif8gcoVst2LEch47rYAZSYjjNW1apkN7
hLJ3VO1maVzg7Jpl1vlqMRGpoLRvPtwm9cUmfLZlzfRe13vUkDn0nyrArarR+jBQ
xEgZsQbv63zYKuNxWNs7DE7vCz2ltQizsH1lW1fqkxJQQAReBZrxuGN13Qym8onS
LeDypQL5Lp9lYdknPNPR0vjhsGHHNMDgk6di5TbDyTwrjEPpDSgDEe7OXvVb4/8A
PF0ItCwJDbm+rXZCE40zTv4Dz1iYHUtEc1Ub/v2JRYKEcvTOR+WXVhpGcirWOhRz
u4ECqvNyCFzVJa+MKYpi
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:08 2024 by rpki-client on console-fra.rpki-client.org