Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/R8XHM-hFJSmIbAxopD6RA4y7Ueo.roa
File:                     R8XHM-hFJSmIbAxopD6RA4y7Ueo.roa (raw, json)
Hash identifier:          SoVWuka3s2+b5HLmqVgi1prhHjM/mXmjmiQWDY3cOg4=
Subject key identifier:   47:C5:C7:33:E8:45:25:29:88:6C:0C:68:A4:3E:91:03:8C:BB:51:EA
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       018E010A7DE87D8C09FE1AAE796667BFE60B
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/R8XHM-hFJSmIbAxopD6RA4y7Ueo.roa
Signing time:             Sat 02 Mar 2024 21:20:48 +0000
ROA not before:           Sat 02 Mar 2024 21:20:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        45.87.245.0/24 maxlen: 24
                          185.224.212.0/24 maxlen: 24
                          2a10:9680::/29 maxlen: 29
                          2a10:9680::/32 maxlen: 32
                          2a10:9685::/32 maxlen: 32
                          2a11:e140::/29 maxlen: 29
                          2a12:6c40::/29 maxlen: 29
                          2a12:7f40::/29 maxlen: 29
                          2a12:92c0::/29 maxlen: 29
                          2a12:b3c0::/29 maxlen: 29
                          2a12:b3c0:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 06 Mar 2024 07:50:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:01:0a:7d:e8:7d:8c:09:fe:1a:ae:79:66:67:bf:e6:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Mar  2 21:20:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47c5c733e8452529886c0c68a43e91038cbb51ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:08:90:11:c6:5a:e1:23:6a:23:db:4b:af:f9:
                    72:87:bf:c0:b6:0e:e2:e3:81:35:2b:bb:84:e9:f4:
                    f5:36:05:66:a1:b1:6c:71:a3:ef:8e:df:3c:6d:21:
                    97:33:65:29:cf:7b:7f:97:c8:0e:95:86:a5:5c:93:
                    42:fb:d4:2d:64:b8:6d:cb:d9:e9:f7:0d:8f:69:c0:
                    83:ff:78:d4:4d:09:4c:69:93:41:6e:79:b5:80:8f:
                    fb:6c:d8:90:17:b0:9b:e1:07:d3:fc:e5:ef:93:91:
                    20:09:0a:b7:46:4f:a2:0a:ef:b3:25:42:e3:d7:2f:
                    f7:56:6e:bf:a6:20:c1:65:84:5f:8e:20:9b:fb:52:
                    d9:98:bc:6d:56:42:82:65:96:4a:18:2a:e6:82:41:
                    1b:2f:59:a1:7c:0b:f0:2a:d8:4d:58:f4:90:b5:d2:
                    51:82:88:64:7b:8f:c8:b2:01:20:94:99:08:76:01:
                    84:20:37:38:7a:98:75:f8:1e:d5:30:22:7f:37:83:
                    c3:8c:69:ce:b3:9d:86:f1:34:3a:aa:1b:01:65:17:
                    0c:34:ed:ca:7d:ca:e8:68:82:02:65:90:70:cf:bd:
                    58:c7:d1:e1:8a:76:03:69:48:a7:aa:44:88:ed:b3:
                    b1:77:51:85:c2:ad:8b:6d:24:c7:8c:81:a8:76:3a:
                    f3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C5:C7:33:E8:45:25:29:88:6C:0C:68:A4:3E:91:03:8C:BB:51:EA
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/R8XHM-hFJSmIbAxopD6RA4y7Ueo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.245.0/24
                  185.224.212.0/24
                IPv6:
                  2a10:9680::/29
                  2a11:e140::/29
                  2a12:6c40::/29
                  2a12:7f40::/29
                  2a12:92c0::/29
                  2a12:b3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:b0:67:54:9e:35:19:5f:c9:da:3d:ad:dc:2e:af:6a:0b:f8:
         e0:b6:fd:7e:dc:57:01:88:39:1c:a2:36:85:36:e6:33:c6:ed:
         3c:10:50:0c:e8:bb:1f:13:8b:06:8e:02:c5:64:97:7c:a1:05:
         f1:d2:7a:6d:3c:ab:99:19:32:13:13:ca:e7:09:f1:c6:d7:44:
         57:66:a3:06:f0:a7:c3:f6:4c:1c:2e:68:89:ec:01:f9:5c:83:
         94:3e:e8:38:99:5e:53:13:b6:c4:5d:6c:07:88:5d:ce:02:2e:
         e5:28:6c:75:7d:48:f8:7a:95:0d:87:7b:91:84:a2:f3:c3:a3:
         ae:86:ab:11:f1:96:cf:37:a0:f2:79:a3:cc:a1:0a:ad:c4:66:
         8f:f7:2d:e8:7c:98:68:5f:26:a7:91:9b:b4:fc:2d:9b:77:ed:
         32:38:a3:f0:ee:08:8e:e2:8c:46:41:d0:35:7c:33:c4:a1:20:
         2b:a0:04:f2:c0:db:87:4d:ca:9f:cd:ae:a7:d3:c9:cf:04:da:
         52:73:40:47:b7:87:a9:56:6c:37:f5:27:f1:64:10:0a:9d:7e:
         47:78:a4:86:9d:17:34:76:9e:7a:05:e2:25:d0:8e:95:07:67:
         3c:c5:2a:29:cf:6d:9e:fa:cc:40:bf:71:15:3b:48:b3:4b:3c:
         ed:a3:29:da
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY4BCn3ofYwJ/hqueWZnv+YLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQwMzAyMjEyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2M1YzczM2U4NDUyNTI5ODg2YzBjNjhhNDNlOTEwMzhjYmI1MWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAiQEcZa4SNqI9tLr/lyh7/Atg7i
44E1K7uE6fT1NgVmobFscaPvjt88bSGXM2Upz3t/l8gOlYalXJNC+9QtZLhty9np
9w2PacCD/3jUTQlMaZNBbnm1gI/7bNiQF7Cb4QfT/OXvk5EgCQq3Rk+iCu+zJULj
1y/3Vm6/piDBZYRfjiCb+1LZmLxtVkKCZZZKGCrmgkEbL1mhfAvwKthNWPSQtdJR
gohke4/IsgEglJkIdgGEIDc4eph1+B7VMCJ/N4PDjGnOs52G8TQ6qhsBZRcMNO3K
fcroaIICZZBwz71Yx9HhinYDaUinqkSI7bOxd1GFwq2LbSTHjIGodjrzbQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFEfFxzPoRSUpiGwMaKQ+kQOMu1HqMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvUjhYSE0taEZKU21JYkF4b3BENlJBNHk3VWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjASBAIAATAMAwQALVf1AwQA
ueDUMDAEAgACMCoDBQMqEJaAAwUDKhHhQAMFAyoSbEADBQMqEn9AAwUDKhKSwAMF
AyoSs8AwDQYJKoZIhvcNAQELBQADggEBAG+wZ1SeNRlfydo9rdwur2oL+OC2/X7c
VwGIORyiNoU25jPG7TwQUAzoux8TiwaOAsVkl3yhBfHSem08q5kZMhMTyucJ8cbX
RFdmowbwp8P2TBwuaInsAflcg5Q+6DiZXlMTtsRdbAeIXc4CLuUobHV9SPh6lQ2H
e5GEovPDo66GqxHxls83oPJ5o8yhCq3EZo/3Leh8mGhfJqeRm7T8LZt37TI4o/Du
CI7ijEZB0DV8M8ShICugBPLA24dNyp/NrqfTyc8E2lJzQEe3h6lWbDf1J/FkEAqd
fkd4pIadFzR2nnoF4iXQjpUHZzzFKinPbZ76zEC/cRU7SLNLPO2jKdo=
-----END CERTIFICATE-----