Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pgEFe7aBuT3fD5aqEalHd9GWbDc.roa
File:                     pgEFe7aBuT3fD5aqEalHd9GWbDc.roa (raw, json)
Hash identifier:          /0GKeUy8qK06EIUSO/hL8Op1oO5zis1GbWZjEkwcDt4=
Subject key identifier:   A6:01:05:7B:B6:81:B9:3D:DF:0F:96:AA:11:A9:47:77:D1:96:6C:37
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018D55B9DAFDA87653166C19464FCA59438D
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pgEFe7aBuT3fD5aqEalHd9GWbDc.roa
Signing time:             Mon 29 Jan 2024 14:57:39 +0000
ROA not before:           Mon 29 Jan 2024 14:57:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199558
IP address blocks:        85.254.45.0/24 maxlen: 24
                          85.254.46.0/24 maxlen: 24
                          85.254.52.0/22 maxlen: 22
                          85.254.70.0/24 maxlen: 24
                          85.254.144.0/24 maxlen: 24
                          159.148.27.0/24 maxlen: 24
                          159.148.89.0/24 maxlen: 24
                          159.148.218.0/24 maxlen: 24
                          159.148.233.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 19:43:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:55:b9:da:fd:a8:76:53:16:6c:19:46:4f:ca:59:43:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan 29 14:57:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a601057bb681b93ddf0f96aa11a94777d1966c37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0d:e9:f9:5b:79:fe:0d:89:e3:e5:c5:b1:3d:
                    da:67:be:77:68:63:ea:0e:b4:2b:14:b3:3e:8c:9d:
                    39:6a:cb:90:09:f8:d0:85:cc:92:3e:7b:1c:dd:10:
                    5e:2d:85:2b:94:db:67:ae:ce:34:93:6d:48:3e:25:
                    b0:f9:ba:ac:01:36:02:91:3c:14:ad:9e:08:7e:9e:
                    84:45:ff:1c:68:3f:47:82:60:e4:22:21:d1:44:9f:
                    25:c2:5a:a2:37:50:e6:25:87:c1:22:1f:0d:5d:b7:
                    64:fc:1c:29:b5:fc:41:f8:58:50:5c:7e:cb:26:7f:
                    33:22:13:4b:c4:31:4b:7d:cc:be:af:26:14:8d:bf:
                    16:01:02:49:6d:ce:36:7f:cb:e4:8b:ac:1b:1c:0c:
                    51:24:c7:93:9a:84:32:56:46:e6:40:33:2e:35:41:
                    b8:6f:7b:cb:84:ff:91:f1:fc:18:56:d0:7f:77:84:
                    89:01:76:e2:26:8b:48:93:5f:94:d0:6f:19:f8:3b:
                    ac:ac:16:99:d1:fc:1b:e9:d9:fa:51:47:11:af:1f:
                    89:51:6e:11:ae:b8:75:74:43:ea:84:17:de:9c:9d:
                    3a:2e:e7:21:c8:6a:b0:d3:e7:c4:bb:fd:bd:4c:86:
                    9f:83:80:bd:09:36:59:39:da:a1:da:9a:08:80:fe:
                    37:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:01:05:7B:B6:81:B9:3D:DF:0F:96:AA:11:A9:47:77:D1:96:6C:37
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/pgEFe7aBuT3fD5aqEalHd9GWbDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.45.0-85.254.46.255
                  85.254.52.0/22
                  85.254.70.0/24
                  85.254.144.0/24
                  159.148.27.0/24
                  159.148.89.0/24
                  159.148.218.0/24
                  159.148.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:41:b9:be:52:08:42:3e:af:30:25:16:de:97:9a:00:fc:a3:
         15:61:6d:52:60:36:93:fb:e0:af:44:90:2f:81:7d:04:a6:b2:
         1b:03:01:db:83:f8:3b:0a:e5:99:85:ae:5d:9c:f8:7a:b4:e1:
         65:6f:8c:dd:1c:70:49:5e:cb:ce:57:03:72:9e:19:2e:54:09:
         a5:5f:d2:87:73:54:e7:57:26:30:bd:20:f7:56:45:a1:25:bc:
         d7:7c:76:c3:55:f8:a5:9e:fd:7c:d9:00:90:b1:aa:fe:83:28:
         b7:b1:6e:b3:8b:00:40:a4:07:99:fb:9a:a5:42:2d:19:39:3f:
         bd:6a:0b:c6:0a:ec:9c:80:99:2e:a1:96:a2:f5:37:99:e9:68:
         20:1a:ef:1f:77:07:41:a0:d2:6c:ac:49:d7:33:d7:83:e4:33:
         54:93:db:e7:a1:00:ad:f4:72:7f:66:22:c2:1a:d3:42:fb:42:
         4c:31:65:86:ea:fd:37:46:95:0e:db:e4:12:ce:e8:e2:7f:0f:
         ca:6e:b2:33:34:46:6a:c1:62:67:c3:6a:8d:be:f3:51:78:8c:
         c8:89:9d:3a:8b:eb:32:5b:74:3e:f1:5c:cd:66:a3:43:2b:3c:
         3c:55:32:c1:3a:e0:db:30:b4:1f:97:0e:d6:20:84:f7:b3:6d:
         cf:ad:ff:e9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY1Vudr9qHZTFmwZRk/KWUONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTI5MTQ1NzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjAxMDU3YmI2ODFiOTNkZGYwZjk2YWExMWE5NDc3N2QxOTY2YzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQ3p+Vt5/g2J4+XFsT3aZ753aGPq
DrQrFLM+jJ05asuQCfjQhcySPnsc3RBeLYUrlNtnrs40k21IPiWw+bqsATYCkTwU
rZ4Ifp6ERf8caD9HgmDkIiHRRJ8lwlqiN1DmJYfBIh8NXbdk/BwptfxB+FhQXH7L
Jn8zIhNLxDFLfcy+ryYUjb8WAQJJbc42f8vki6wbHAxRJMeTmoQyVkbmQDMuNUG4
b3vLhP+R8fwYVtB/d4SJAXbiJotIk1+U0G8Z+DusrBaZ0fwb6dn6UUcRrx+JUW4R
rrh1dEPqhBfenJ06LuchyGqw0+fEu/29TIafg4C9CTZZOdqh2poIgP43dQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKYBBXu2gbk93w+WqhGpR3fRlmw3MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvcGdFRmU3YUJ1VDNmRDVhcUVhbEhkOUdXYkRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBABV/i0D
BABV/i4DBAJV/jQDBABV/kYDBABV/pADBACflBsDBACflFkDBACflNoDBACflOkw
DQYJKoZIhvcNAQELBQADggEBAHdBub5SCEI+rzAlFt6XmgD8oxVhbVJgNpP74K9E
kC+BfQSmshsDAduD+DsK5ZmFrl2c+Hq04WVvjN0ccEley85XA3KeGS5UCaVf0odz
VOdXJjC9IPdWRaElvNd8dsNV+KWe/XzZAJCxqv6DKLexbrOLAECkB5n7mqVCLRk5
P71qC8YK7JyAmS6hlqL1N5npaCAa7x93B0Gg0mysSdcz14PkM1ST2+ehAK30cn9m
IsIa00L7QkwxZYbq/TdGlQ7b5BLO6OJ/D8pusjM0RmrBYmfDao2+81F4jMiJnTqL
6zJbdD7xXM1mo0MrPDxVMsE64NswtB+XDtYghPezbc+t/+k=
-----END CERTIFICATE-----