Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/8nhwNsIcqWwSeZbjMdb23Omm4lc.roa
File:                     8nhwNsIcqWwSeZbjMdb23Omm4lc.roa (raw, json)
Hash identifier:          C55cu6yb1njSxgUowRHEHTBCVsDVC3KZBNKbDJAqp2g=
Subject key identifier:   F2:78:70:36:C2:1C:A9:6C:12:79:96:E3:31:D6:F6:DC:E9:A6:E2:57
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       018DA74DABEF606E868B6E08C5DE5D3CC336
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/8nhwNsIcqWwSeZbjMdb23Omm4lc.roa
Signing time:             Wed 14 Feb 2024 11:08:21 +0000
ROA not before:           Wed 14 Feb 2024 11:08:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        5.253.184.0/23 maxlen: 23
                          5.253.187.0/24 maxlen: 24
                          45.81.161.0/24 maxlen: 24
                          45.81.162.0/24 maxlen: 24
                          45.81.163.0/24 maxlen: 24
                          45.94.136.0/24 maxlen: 24
                          45.130.34.0/23 maxlen: 23
                          88.214.0.0/24 maxlen: 24
                          88.214.1.0/24 maxlen: 24
                          88.214.2.0/24 maxlen: 24
                          88.214.3.0/24 maxlen: 24
                          88.218.196.0/22 maxlen: 22
                          185.114.204.0/24 maxlen: 24
                          185.219.160.0/24 maxlen: 24
                          185.219.161.0/24 maxlen: 24
                          185.219.163.0/24 maxlen: 24
                          193.111.184.0/22 maxlen: 22
                          193.135.220.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 19 Feb 2024 12:49:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:4d:ab:ef:60:6e:86:8b:6e:08:c5:de:5d:3c:c3:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Feb 14 11:08:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2787036c21ca96c127996e331d6f6dce9a6e257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:19:4f:b2:a5:a0:24:be:03:8a:b1:9d:84:db:
                    5c:c3:e7:6a:8a:fe:1b:10:92:70:da:7c:d1:f6:83:
                    9c:37:1e:4c:a0:93:ea:33:2c:47:78:c8:f1:b7:78:
                    79:cd:f9:20:bd:20:20:00:f3:88:38:8d:c9:a1:a5:
                    a7:2e:87:c4:a4:2d:78:09:da:e8:66:3c:ce:39:35:
                    b7:f2:03:8f:30:97:86:05:2f:78:61:7c:e9:f1:ec:
                    f1:26:b0:3c:40:98:f6:be:84:9b:1e:44:10:05:39:
                    2d:15:62:98:85:81:ea:d2:84:be:8d:31:84:1d:56:
                    8a:80:6e:f6:97:18:11:f2:e8:14:0f:ac:5d:5a:3d:
                    1b:d3:8f:f1:16:29:91:c8:59:39:9b:f9:ec:4f:9d:
                    c9:b4:9c:b8:b6:7f:ec:99:72:bf:be:b6:d7:87:73:
                    c1:fc:b7:84:f1:2b:58:8c:e8:b8:87:54:21:5f:db:
                    50:8e:74:9f:12:fe:7e:e7:dc:81:61:5a:f6:62:93:
                    cc:de:3e:ff:b7:0a:9d:e8:58:41:00:99:45:4a:40:
                    88:17:2f:36:f1:ce:ce:19:63:3b:85:de:13:6b:3f:
                    f9:f5:3b:14:bc:68:44:94:76:15:0b:a7:1d:d2:13:
                    31:c5:0e:21:24:3d:0f:96:6e:e9:74:10:f5:30:47:
                    f0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:78:70:36:C2:1C:A9:6C:12:79:96:E3:31:D6:F6:DC:E9:A6:E2:57
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/8nhwNsIcqWwSeZbjMdb23Omm4lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.184.0/23
                  5.253.187.0/24
                  45.81.161.0-45.81.163.255
                  45.94.136.0/24
                  45.130.34.0/23
                  88.214.0.0/22
                  88.218.196.0/22
                  185.114.204.0/24
                  185.219.160.0/23
                  185.219.163.0/24
                  193.111.184.0/22
                  193.135.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:08:3b:cb:ee:0e:f6:bb:13:29:55:27:a1:30:a3:a2:42:b2:
         4b:69:c5:72:b3:1f:20:8d:86:17:66:3f:27:f8:ec:f1:73:c9:
         a1:73:d4:cb:19:9c:ea:c5:14:1e:dc:b2:75:40:26:a4:a6:87:
         a1:93:6b:f9:ae:52:c3:7f:e5:d2:98:6d:a7:f0:02:f9:39:8d:
         b0:a1:8a:9d:96:81:7c:ce:61:db:8b:63:0c:da:1f:ce:61:b7:
         ec:3a:e1:f6:c0:c5:6b:16:3d:18:e5:ce:9b:b8:21:fe:62:79:
         ca:07:bf:ae:30:40:35:d7:9a:7a:46:e8:60:1c:9e:dd:68:fe:
         ff:00:24:1d:d2:01:7e:b4:ee:ff:3c:a2:93:e8:90:d3:ca:c9:
         67:dc:8f:5e:95:44:9d:3f:90:d9:e6:cd:7e:dc:a1:92:4a:f7:
         8a:af:d4:0e:c3:0d:89:a2:a7:02:13:72:55:d1:7f:d1:83:d9:
         5f:95:ae:5e:77:a7:ff:25:cb:33:2b:58:de:5a:5a:6d:8a:0e:
         3c:5d:ae:e3:68:93:a6:c7:7d:f5:e3:12:f1:6b:4b:96:e1:74:
         a5:86:72:0e:e1:94:12:99:c6:30:cc:c9:f9:b9:16:38:54:42:
         48:df:b2:8a:bd:5e:14:c1:41:fb:5d:bf:b4:cf:85:11:6d:ae:
         b3:86:2a:0c
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAY2nTavvYG6Gi24Ixd5dPMM2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQwMjE0MTEwODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjc4NzAzNmMyMWNhOTZjMTI3OTk2ZTMzMWQ2ZjZkY2U5YTZlMjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxlPsqWgJL4DirGdhNtcw+dqiv4b
EJJw2nzR9oOcNx5MoJPqMyxHeMjxt3h5zfkgvSAgAPOIOI3JoaWnLofEpC14Cdro
ZjzOOTW38gOPMJeGBS94YXzp8ezxJrA8QJj2voSbHkQQBTktFWKYhYHq0oS+jTGE
HVaKgG72lxgR8ugUD6xdWj0b04/xFimRyFk5m/nsT53JtJy4tn/smXK/vrbXh3PB
/LeE8StYjOi4h1QhX9tQjnSfEv5+59yBYVr2YpPM3j7/twqd6FhBAJlFSkCIFy82
8c7OGWM7hd4Taz/59TsUvGhElHYVC6cd0hMxxQ4hJD0Plm7pdBD1MEfwrwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFPJ4cDbCHKlsEnmW4zHW9tzppuJXMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvOG5od05zSWNxV3dTZVpiak1kYjIzT21tNGxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQBBf24AwQA
Bf27MAwDBAAtUaEDBAItUaADBAAtXogDBAEtgiIDBAJY1gADBAJY2sQDBAC5cswD
BAG526ADBAC526MDBALBb7gDBALBh9wwDQYJKoZIhvcNAQELBQADggEBAGkIO8vu
Dva7EylVJ6Ewo6JCsktpxXKzHyCNhhdmPyf47PFzyaFz1MsZnOrFFB7csnVAJqSm
h6GTa/muUsN/5dKYbafwAvk5jbChip2WgXzOYduLYwzaH85ht+w64fbAxWsWPRjl
zpu4If5iecoHv64wQDXXmnpG6GAcnt1o/v8AJB3SAX607v88opPokNPKyWfcj16V
RJ0/kNnmzX7coZJK94qv1A7DDYmipwITclXRf9GD2V+Vrl53p/8lyzMrWN5aWm2K
DjxdruNok6bHffXjEvFrS5bhdKWGcg7hlBKZxjDMyfm5FjhUQkjfsoq9XhTBQftd
v7TPhRFtrrOGKgw=
-----END CERTIFICATE-----