Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/7Lq18vm63QPxO4aUxRLoa5x6CIs.roa
File:                     7Lq18vm63QPxO4aUxRLoa5x6CIs.roa (raw, json)
Hash identifier:          iOC7wGIUOKNE3hBGK800nDgvSDxsHVD7WSKz9uf4EGk=
Subject key identifier:   EC:BA:B5:F2:F9:BA:DD:03:F1:3B:86:94:C5:12:E8:6B:9C:7A:08:8B
Certificate issuer:       /CN=3deb104463e920b45542b6af1a27d5950e86e9a0
Certificate serial:       018CCA2A2FA599BE34951CA7AAC938CC7161
Authority key identifier: 3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/7Lq18vm63QPxO4aUxRLoa5x6CIs.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43925
IP address blocks:        89.45.0.0/22 maxlen: 22
                          89.45.0.0/23 maxlen: 23
                          89.45.2.0/23 maxlen: 23
                          185.32.0.0/22 maxlen: 22
                          37.34.96.0/19 maxlen: 24
                          37.34.96.0/22 maxlen: 24
                          37.34.105.0/24 maxlen: 24
                          37.34.100.0/22 maxlen: 24
                          37.34.106.0/24 maxlen: 24
                          37.34.108.0/22 maxlen: 24
                          37.34.107.0/24 maxlen: 24
                          37.34.112.0/20 maxlen: 24
                          79.170.224.0/21 maxlen: 24
                          37.34.120.0/21 maxlen: 24
                          178.76.76.0/22 maxlen: 22
                          178.76.80.0/20 maxlen: 22
                          94.139.128.0/19 maxlen: 32
                          178.76.96.0/19 maxlen: 21
                          93.113.112.0/21 maxlen: 22
                          2a00:f900::/32 maxlen: 33

Validation:               Failed, certificate revoked on Fri 15 Mar 2024 08:48:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2f:a5:99:be:34:95:1c:a7:aa:c9:38:cc:71:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3deb104463e920b45542b6af1a27d5950e86e9a0
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecbab5f2f9badd03f13b8694c512e86b9c7a088b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:82:33:8b:8a:a8:bb:b8:df:4e:d1:6e:74:b2:
                    15:7d:25:d8:f7:16:93:1e:2b:0d:c4:ca:98:2f:1d:
                    ac:80:36:f5:03:a6:da:08:f8:4c:25:ac:9f:95:d1:
                    d7:53:49:df:7f:9e:20:32:5a:12:bc:da:b7:03:b0:
                    54:9a:a1:75:7a:e0:87:9b:d1:89:2a:6c:07:dc:b5:
                    f6:8d:19:b2:85:ad:d2:3d:84:85:00:09:1a:5c:9b:
                    f1:65:96:36:0f:f1:ea:37:d8:8e:dd:f7:cf:ed:0a:
                    79:09:05:69:ba:b6:a8:b5:6c:21:b2:bb:a3:b2:d5:
                    fb:da:bd:0e:dc:f3:7a:4d:0b:eb:b7:19:24:f1:3e:
                    cc:b0:a9:85:5a:cf:f9:08:30:40:41:7b:bd:7b:f8:
                    78:f9:47:9e:ea:cd:91:e9:f4:59:3a:ea:e2:28:f0:
                    24:5b:20:b1:4f:4a:da:00:8b:0d:8c:da:07:8a:f8:
                    71:6f:ec:36:8e:12:54:bb:64:0f:e4:e1:66:5b:97:
                    06:03:a3:8c:e2:7d:55:e1:9c:b5:87:30:31:7a:c3:
                    90:c6:1f:1a:24:a1:ab:19:0f:7f:e0:50:b3:4b:68:
                    91:1f:9e:65:fb:17:1d:dd:2e:93:97:18:3e:f1:f2:
                    87:87:59:d2:7e:73:d6:3d:45:12:2a:0b:6b:14:38:
                    5f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:BA:B5:F2:F9:BA:DD:03:F1:3B:86:94:C5:12:E8:6B:9C:7A:08:8B
            X509v3 Authority Key Identifier:
                keyid:3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/7Lq18vm63QPxO4aUxRLoa5x6CIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.34.96.0/19
                  79.170.224.0/21
                  89.45.0.0/22
                  93.113.112.0/21
                  94.139.128.0/19
                  178.76.76.0-178.76.127.255
                  185.32.0.0/22
                IPv6:
                  2a00:f900::/32

    Signature Algorithm: sha256WithRSAEncryption
         c4:af:76:b5:3c:0a:57:00:88:5f:2b:93:d8:d0:48:e7:43:7c:
         c4:f2:8e:8f:07:63:d8:c2:19:39:13:63:66:42:df:20:d6:b7:
         2b:5c:2a:c4:1d:05:da:a2:aa:d5:31:d9:79:33:16:b2:a1:1a:
         b3:69:58:ed:44:20:35:7a:b7:90:5c:42:a2:62:19:f2:71:29:
         9c:4a:f0:2b:22:6b:d2:ec:d0:ee:46:04:37:f8:05:6a:06:86:
         02:8a:2d:a5:3e:c2:83:43:01:98:c2:d5:9d:e0:f5:d5:42:98:
         e6:27:e1:65:e6:42:d9:4e:ca:a7:6b:cc:0b:e9:84:83:69:9d:
         24:90:d1:56:06:b0:7a:6c:28:75:23:73:ff:f7:1b:5f:1e:5d:
         3d:3c:ed:d7:6b:9c:cd:11:4d:0e:93:1b:9f:e3:b7:a1:31:9e:
         ec:82:44:f7:95:8d:5c:20:f3:93:78:33:73:38:42:4f:92:47:
         f1:47:6f:3e:92:59:d0:5f:77:f6:c5:2a:19:e8:f9:51:68:5f:
         18:e5:89:fa:c5:39:41:ae:09:a2:68:4c:86:9d:69:9f:5b:a1:
         d0:df:27:a3:e4:a1:ce:d0:21:d0:82:bb:82:a5:a9:d4:24:28:
         45:32:7f:8f:cd:f9:92:e4:25:74:f4:84:dd:0a:6e:b9:98:00:
         b5:f2:f5:70
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYzKKi+lmb40lRynqsk4zHFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZWIxMDQ0NjNlOTIwYjQ1NTQyYjZhZjFhMjdkNTk1MGU4
NmU5YTAwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2JhYjVmMmY5YmFkZDAzZjEzYjg2OTRjNTEyZTg2YjljN2EwODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4Izi4qou7jfTtFudLIVfSXY9xaT
HisNxMqYLx2sgDb1A6baCPhMJayfldHXU0nff54gMloSvNq3A7BUmqF1euCHm9GJ
KmwH3LX2jRmyha3SPYSFAAkaXJvxZZY2D/HqN9iO3ffP7Qp5CQVpuraotWwhsruj
stX72r0O3PN6TQvrtxkk8T7MsKmFWs/5CDBAQXu9e/h4+Uee6s2R6fRZOuriKPAk
WyCxT0raAIsNjNoHivhxb+w2jhJUu2QP5OFmW5cGA6OM4n1V4Zy1hzAxesOQxh8a
JKGrGQ9/4FCzS2iRH55l+xcd3S6Tlxg+8fKHh1nSfnPWPUUSKgtrFDhftQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFOy6tfL5ut0D8TuGlMUS6GucegiLMB8GA1UdIwQY
MBaAFD3rEERj6SC0VUK2rxon1ZUOhumgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMt
MTE5ZDhiZjcxN2JiLzEvN0xxMTh2bTYzUVB4TzRhVXhSTG9hNXg2Q0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMtMTE5ZDhiZjcxN2Ji
LzEvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQFJSJgAwQD
T6rgAwQCWS0AAwQDXXFwAwQFXouAMAwDBAKyTEwDBAeyTAADBAK5IAAwDQQCAAIw
BwMFACoA+QAwDQYJKoZIhvcNAQELBQADggEBAMSvdrU8ClcAiF8rk9jQSOdDfMTy
jo8HY9jCGTkTY2ZC3yDWtytcKsQdBdqiqtUx2XkzFrKhGrNpWO1EIDV6t5BcQqJi
GfJxKZxK8Csia9Ls0O5GBDf4BWoGhgKKLaU+woNDAZjC1Z3g9dVCmOYn4WXmQtlO
yqdrzAvphINpnSSQ0VYGsHpsKHUjc//3G18eXT087ddrnM0RTQ6TG5/jt6ExnuyC
RPeVjVwg85N4M3M4Qk+SR/FHbz6SWdBfd/bFKhno+VFoXxjlifrFOUGuCaJoTIad
aZ9bodDfJ6Pkoc7QIdCCu4KlqdQkKEUyf4/N+ZLkJXT0hN0KbrmYALXy9XA=
-----END CERTIFICATE-----