Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/qvPL4JRznbFDW3QVzxMubiUE7SY.roa
File:                     qvPL4JRznbFDW3QVzxMubiUE7SY.roa (raw, json)
Hash identifier:          cRbZRb0gTfD6VIUhII/tEkMKx0RbSmPzh+PXvfFUuDc=
Subject key identifier:   AA:F3:CB:E0:94:73:9D:B1:43:5B:74:15:CF:13:2E:6E:25:04:ED:26
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       018E12BDA0FE7EE950AD24DF584AD9B2C178
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/qvPL4JRznbFDW3QVzxMubiUE7SY.roa
Signing time:             Wed 06 Mar 2024 07:50:01 +0000
ROA not before:           Wed 06 Mar 2024 07:50:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        45.87.245.0/24 maxlen: 24
                          185.224.212.0/24 maxlen: 24
                          2a10:9680::/29 maxlen: 29
                          2a10:9680::/32 maxlen: 32
                          2a10:9684::/32 maxlen: 32
                          2a10:9685::/32 maxlen: 32
                          2a11:e140::/29 maxlen: 29
                          2a12:6c40::/29 maxlen: 29
                          2a12:7f40::/29 maxlen: 29
                          2a12:92c0::/29 maxlen: 29
                          2a12:b3c0::/29 maxlen: 29
                          2a12:b3c0:ffff::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 17 Apr 2024 16:30:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:12:bd:a0:fe:7e:e9:50:ad:24:df:58:4a:d9:b2:c1:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Mar  6 07:50:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaf3cbe094739db1435b7415cf132e6e2504ed26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0e:54:c8:d0:f6:f0:c7:7f:f2:a9:22:d5:ad:
                    f9:02:d4:bd:30:82:45:f2:a1:09:e0:b2:a4:98:b2:
                    ec:b8:4d:4c:a1:2c:00:63:69:a6:ad:15:4a:4a:c5:
                    86:71:11:39:8a:df:5f:29:7e:e3:73:cc:1f:4b:15:
                    fa:fd:f3:0b:84:91:71:29:c3:8d:f6:35:e3:30:95:
                    fd:db:72:e4:44:60:05:20:70:94:4f:55:9b:db:52:
                    b7:c0:b8:c9:2a:e0:a5:56:31:3b:d6:73:76:f2:c9:
                    e6:ef:3d:c7:a4:32:6c:70:62:f8:06:de:55:8f:6d:
                    f1:f3:e1:c8:a9:ec:7c:cd:23:d0:9b:47:5b:ce:df:
                    88:07:bc:69:e4:7d:26:4b:5e:51:02:58:86:33:c6:
                    d7:1d:1f:38:0c:11:06:ec:4d:8a:1b:ba:ae:24:63:
                    7f:8b:02:f5:c7:63:20:80:37:35:73:e0:31:72:12:
                    3b:99:7f:52:56:f2:5c:80:3f:73:4c:48:5e:d0:a3:
                    79:49:2f:84:ca:0f:b7:42:a3:3f:5d:7b:d0:34:4b:
                    27:2d:32:19:2e:ca:1c:c3:9b:f0:39:3c:1e:b6:7d:
                    d7:e1:87:82:b4:cf:60:02:a7:ad:a4:d5:d3:1b:c2:
                    e1:9b:56:9f:bc:04:26:58:40:f1:0f:bd:12:a7:48:
                    d7:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F3:CB:E0:94:73:9D:B1:43:5B:74:15:CF:13:2E:6E:25:04:ED:26
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/qvPL4JRznbFDW3QVzxMubiUE7SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.245.0/24
                  185.224.212.0/24
                IPv6:
                  2a10:9680::/29
                  2a11:e140::/29
                  2a12:6c40::/29
                  2a12:7f40::/29
                  2a12:92c0::/29
                  2a12:b3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:54:21:8e:f5:33:d2:cc:25:1a:d2:1b:c4:23:37:78:3b:ad:
         7c:4e:4e:cf:fb:cc:a8:59:2d:23:05:29:df:9e:4b:91:94:30:
         30:c1:6c:90:a5:8e:1c:bd:a8:c0:de:71:89:03:84:be:ec:3c:
         c8:c4:7e:ad:da:70:b9:71:03:5e:a8:78:a5:aa:f7:90:bc:82:
         ef:e1:06:be:0c:df:f7:6e:eb:38:ba:d9:7e:61:37:b8:9a:0a:
         16:d1:57:f9:d6:99:95:89:d5:f7:d6:22:64:bb:0f:3b:ab:00:
         aa:d0:11:1e:72:7c:d4:e3:3b:31:7f:1a:53:2d:ac:20:9b:61:
         2b:66:9f:9a:df:d0:c9:f9:a5:61:58:27:f9:37:84:54:e7:fc:
         28:eb:ef:aa:39:9c:ad:ee:76:a2:24:7b:6e:2e:27:60:da:ee:
         59:96:17:35:13:8d:31:9a:36:e8:df:ea:44:b5:9e:84:7d:de:
         1a:5f:79:21:a9:5a:4e:68:7d:70:9c:9a:28:6d:b0:d5:31:5c:
         bf:85:a8:a0:7c:4a:2a:78:2a:9d:45:67:90:cb:1b:c8:4f:11:
         9a:49:27:09:f9:e6:f2:33:94:0d:52:6c:e2:4d:9d:05:f5:1b:
         f7:d5:36:82:cf:58:b3:f8:48:a9:a3:fe:63:56:8f:04:fd:e6:
         ed:b3:0a:f0
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY4SvaD+fulQrSTfWErZssF4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQwMzA2MDc1MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWYzY2JlMDk0NzM5ZGIxNDM1Yjc0MTVjZjEzMmU2ZTI1MDRlZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoA5UyND28Md/8qki1a35AtS9MIJF
8qEJ4LKkmLLsuE1MoSwAY2mmrRVKSsWGcRE5it9fKX7jc8wfSxX6/fMLhJFxKcON
9jXjMJX923LkRGAFIHCUT1Wb21K3wLjJKuClVjE71nN28snm7z3HpDJscGL4Bt5V
j23x8+HIqex8zSPQm0dbzt+IB7xp5H0mS15RAliGM8bXHR84DBEG7E2KG7quJGN/
iwL1x2MggDc1c+AxchI7mX9SVvJcgD9zTEhe0KN5SS+Eyg+3QqM/XXvQNEsnLTIZ
Lsocw5vwOTwetn3X4YeCtM9gAqetpNXTG8Lhm1afvAQmWEDxD70Sp0jXewIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFKrzy+CUc52xQ1t0Fc8TLm4lBO0mMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvcXZQTDRKUnpuYkZEVzNRVnp4TXViaVVFN1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjASBAIAATAMAwQALVf1AwQA
ueDUMDAEAgACMCoDBQMqEJaAAwUDKhHhQAMFAyoSbEADBQMqEn9AAwUDKhKSwAMF
AyoSs8AwDQYJKoZIhvcNAQELBQADggEBAAlUIY71M9LMJRrSG8QjN3g7rXxOTs/7
zKhZLSMFKd+eS5GUMDDBbJCljhy9qMDecYkDhL7sPMjEfq3acLlxA16oeKWq95C8
gu/hBr4M3/du6zi62X5hN7iaChbRV/nWmZWJ1ffWImS7DzurAKrQER5yfNTjOzF/
GlMtrCCbYStmn5rf0Mn5pWFYJ/k3hFTn/Cjr76o5nK3udqIke24uJ2Da7lmWFzUT
jTGaNujf6kS1noR93hpfeSGpWk5ofXCcmihtsNUxXL+FqKB8Sip4Kp1FZ5DLG8hP
EZpJJwn55vIzlA1SbOJNnQX1G/fVNoLPWLP4SKmj/mNWjwT95u2zCvA=
-----END CERTIFICATE-----