Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/7G5n-Dm3p5IBdvNRb6pt2vtX3aA.roa
File:                     7G5n-Dm3p5IBdvNRb6pt2vtX3aA.roa (raw, json)
Hash identifier:          pQQXEdC22hZU2LfCOz+KRORGZKCij4cneC7fjcuVGiA=
Subject key identifier:   EC:6E:67:F8:39:B7:A7:92:01:76:F3:51:6F:AA:6D:DA:FB:57:DD:A0
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018E8067886EDEDC1EA90C42CD434DF0A4F2
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/7G5n-Dm3p5IBdvNRb6pt2vtX3aA.roa
Signing time:             Wed 27 Mar 2024 14:54:12 +0000
ROA not before:           Wed 27 Mar 2024 14:54:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6700
IP address blocks:        62.108.96.0/19 maxlen: 24
                          62.193.128.0/19 maxlen: 24
                          85.222.160.0/23 maxlen: 24
                          91.148.64.0/18 maxlen: 24
                          178.20.205.0/24 maxlen: 24
                          178.20.207.0/24 maxlen: 24
                          185.47.208.0/22 maxlen: 24
                          194.106.160.0/19 maxlen: 24
                          195.252.64.0/18 maxlen: 24
                          213.244.224.0/20 maxlen: 24
                          217.26.64.0/20 maxlen: 24
                          2001:8c8::/32 maxlen: 32
                          2a02:e40::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 09 Apr 2024 09:58:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:67:88:6e:de:dc:1e:a9:0c:42:cd:43:4d:f0:a4:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Mar 27 14:54:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec6e67f839b7a7920176f3516faa6ddafb57dda0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4b:66:1d:26:c3:0c:e2:4e:0e:c3:68:9f:6c:
                    36:11:3d:e3:0b:ba:90:ef:96:7f:95:b4:77:01:3b:
                    d3:4c:74:84:8d:a4:12:5a:26:39:59:60:68:0c:cb:
                    2d:0d:d7:05:7b:ef:2a:3d:7e:b1:f5:ba:82:8b:69:
                    95:52:58:bb:36:61:ca:21:e6:c9:77:6a:35:66:2a:
                    85:3f:5a:13:20:dc:bd:fb:02:02:2c:d2:8a:3d:70:
                    df:28:b8:9e:d0:23:47:92:3d:4f:c9:ca:5a:6e:ec:
                    38:9e:c3:a8:96:bf:40:4f:0a:17:26:26:de:9d:b9:
                    12:31:28:71:51:51:1c:b7:57:f5:54:47:fa:77:9b:
                    17:a5:49:81:c6:4b:c3:59:7c:53:fc:fd:af:68:45:
                    e5:27:31:fb:2e:26:2d:71:65:d6:30:79:95:84:0f:
                    b6:bd:57:b5:4a:d2:9f:2f:28:ad:43:a6:20:4c:ce:
                    1f:45:d5:7e:b1:b3:1f:d5:1a:df:90:3c:56:47:2e:
                    ff:1f:48:6b:37:2e:43:df:02:8a:f3:00:0c:85:ca:
                    8a:2b:02:17:d2:ba:84:91:2d:f2:51:65:e5:4b:dc:
                    b4:c0:0f:de:36:8d:8b:bc:64:40:6d:f3:88:c3:62:
                    c3:dd:9a:db:ed:36:8a:c6:37:bc:c9:a9:f8:b3:67:
                    ac:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:6E:67:F8:39:B7:A7:92:01:76:F3:51:6F:AA:6D:DA:FB:57:DD:A0
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/7G5n-Dm3p5IBdvNRb6pt2vtX3aA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.96.0/19
                  62.193.128.0/19
                  85.222.160.0/23
                  91.148.64.0/18
                  178.20.205.0/24
                  178.20.207.0/24
                  185.47.208.0/22
                  194.106.160.0/19
                  195.252.64.0/18
                  213.244.224.0/20
                  217.26.64.0/20
                IPv6:
                  2001:8c8::/32
                  2a02:e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:76:99:28:cc:fc:6f:11:89:8f:df:f0:f4:8d:a4:33:8e:93:
         79:59:f0:54:c3:ff:59:20:2a:a5:86:a4:12:ed:30:be:9a:a7:
         89:79:e1:a5:4b:b8:a9:f3:6a:a5:77:91:4e:e2:96:af:90:44:
         3c:86:19:3e:af:a5:23:d0:3d:21:5a:a3:1e:c9:ac:96:b3:8f:
         40:64:a0:f3:7c:42:e4:11:69:27:ba:ca:1c:5c:8e:82:98:e2:
         55:53:82:3b:04:e2:84:cf:3a:72:14:1d:35:d1:ad:d5:ec:63:
         42:45:57:92:b7:21:8d:0c:10:f6:8c:10:39:a1:51:19:2c:89:
         12:26:7f:e4:15:94:5c:cc:4d:a7:3a:3d:55:15:a9:ba:ed:6f:
         39:6b:ce:b0:a7:c2:cb:08:8a:11:9d:d7:e3:92:ca:78:0f:66:
         55:e8:78:be:5a:fe:89:94:d0:9d:c5:77:16:15:40:bd:7f:e5:
         a4:61:03:65:5c:d6:6a:c5:ce:56:72:0f:06:c6:87:7c:8c:41:
         44:a7:83:af:2f:20:e4:4c:74:66:b7:1d:63:39:1d:45:3c:6a:
         1d:f9:f0:3a:70:36:22:24:dd:f6:ce:96:1f:91:b0:99:02:e7:
         43:48:9f:0d:58:52:87:78:27:d1:8b:b2:a9:15:81:4a:58:79:
         b2:2e:7b:27
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAY6AZ4hu3tweqQxCzUNN8KTyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjQwMzI3MTQ1NDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzZlNjdmODM5YjdhNzkyMDE3NmYzNTE2ZmFhNmRkYWZiNTdkZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEtmHSbDDOJODsNon2w2ET3jC7qQ
75Z/lbR3ATvTTHSEjaQSWiY5WWBoDMstDdcFe+8qPX6x9bqCi2mVUli7NmHKIebJ
d2o1ZiqFP1oTINy9+wICLNKKPXDfKLie0CNHkj1Pycpabuw4nsOolr9ATwoXJibe
nbkSMShxUVEct1f1VEf6d5sXpUmBxkvDWXxT/P2vaEXlJzH7LiYtcWXWMHmVhA+2
vVe1StKfLyitQ6YgTM4fRdV+sbMf1RrfkDxWRy7/H0hrNy5D3wKK8wAMhcqKKwIX
0rqEkS3yUWXlS9y0wA/eNo2LvGRAbfOIw2LD3Zrb7TaKxje8yan4s2esKwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFOxuZ/g5t6eSAXbzUW+qbdr7V92gMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvN0c1bi1EbTNwNUlCZHZOUmI2cHQydnRYM2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQFPmxgAwQF
PsGAAwQBVd6gAwQGW5RAAwQAshTNAwQAshTPAwQCuS/QAwQFwmqgAwQGw/xAAwQE
1fTgAwQE2RpAMBQEAgACMA4DBQAgAQjIAwUAKgIOQDANBgkqhkiG9w0BAQsFAAOC
AQEAXHaZKMz8bxGJj9/w9I2kM46TeVnwVMP/WSAqpYakEu0wvpqniXnhpUu4qfNq
pXeRTuKWr5BEPIYZPq+lI9A9IVqjHsmslrOPQGSg83xC5BFpJ7rKHFyOgpjiVVOC
OwTihM86chQdNdGt1exjQkVXkrchjQwQ9owQOaFRGSyJEiZ/5BWUXMxNpzo9VRWp
uu1vOWvOsKfCywiKEZ3X45LKeA9mVeh4vlr+iZTQncV3FhVAvX/lpGEDZVzWasXO
VnIPBsaHfIxBRKeDry8g5Ex0ZrcdYzkdRTxqHfnwOnA2IiTd9s6WH5GwmQLnQ0if
DVhSh3gn0YuyqRWBSlh5si57Jw==
-----END CERTIFICATE-----