Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/96TZYatNNh5x8bGM9oTPC9e7YXY.roa
File:                     96TZYatNNh5x8bGM9oTPC9e7YXY.roa (raw, json)
Hash identifier:          FptKyn06bqbc4K3J2ASQW0QVdq0LLd77D9hkvfob8yw=
Subject key identifier:   F7:A4:D9:61:AB:4D:36:1E:71:F1:B1:8C:F6:84:CF:0B:D7:BB:61:76
Certificate issuer:       /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial:       018DEF1317771A96AE7760E0D7E2C45DB03E
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/96TZYatNNh5x8bGM9oTPC9e7YXY.roa
Signing time:             Wed 28 Feb 2024 09:37:02 +0000
ROA not before:           Wed 28 Feb 2024 09:37:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47894
IP address blocks:        94.103.36.0/24 maxlen: 24
                          94.103.37.0/24 maxlen: 24
                          94.103.38.0/24 maxlen: 24
                          94.103.39.0/24 maxlen: 24
                          94.103.41.0/24 maxlen: 24
                          94.103.42.0/24 maxlen: 24
                          94.103.43.0/24 maxlen: 24
                          185.35.20.0/24 maxlen: 24
                          185.35.22.0/24 maxlen: 24
                          185.35.23.0/24 maxlen: 24
                          2a00:7300::/32 maxlen: 32
                          2a00:7300:1::/48 maxlen: 48
                          2a00:7300:42::/48 maxlen: 48
                          2a00:7300:100::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 19 Mar 2024 10:19:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:13:17:77:1a:96:ae:77:60:e0:d7:e2:c4:5d:b0:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
        Validity
            Not Before: Feb 28 09:37:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7a4d961ab4d361e71f1b18cf684cf0bd7bb6176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:eb:0b:13:65:0d:a8:ee:54:2a:95:2e:d3:15:
                    13:c8:2b:07:fd:0f:87:69:91:7b:6f:3d:b9:6b:c9:
                    f7:2d:47:48:b6:2b:11:59:ac:31:cf:cd:5d:3a:3d:
                    70:ce:a6:0c:9d:28:4b:a7:89:ce:ab:89:e1:5e:4f:
                    52:ea:d2:e2:5c:28:00:8d:0a:58:ef:04:5a:7c:94:
                    6f:94:4a:6f:4e:28:f5:3c:86:db:48:fa:4d:fb:5d:
                    f3:ed:cb:41:74:b0:6f:c6:25:8a:09:e7:4d:04:b8:
                    08:e6:fd:08:10:40:ee:fb:4a:ba:0d:cf:9b:4b:d2:
                    6d:85:ac:8f:c1:3f:67:a0:3b:3f:70:6d:8b:d5:d0:
                    c7:1f:fe:89:f6:a3:ff:b9:21:8c:10:65:2c:5a:35:
                    a1:88:1d:56:5b:37:2d:47:36:5f:b1:e5:90:5d:86:
                    c2:9b:26:80:58:71:74:5b:4c:9d:ac:3a:eb:59:d8:
                    a3:c1:1b:66:2b:98:38:bd:a4:ca:a9:d5:f2:5a:ea:
                    45:31:c1:45:72:c1:ba:30:de:60:ce:df:69:7f:6c:
                    e6:d1:ae:02:43:26:71:65:b5:20:a2:af:b0:8d:d3:
                    eb:ef:e3:06:b5:d4:47:30:83:82:8d:a6:44:43:fc:
                    82:03:42:02:1b:28:77:f6:9f:3f:90:6c:b9:78:4d:
                    92:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A4:D9:61:AB:4D:36:1E:71:F1:B1:8C:F6:84:CF:0B:D7:BB:61:76
            X509v3 Authority Key Identifier:
                keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/96TZYatNNh5x8bGM9oTPC9e7YXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.36.0/22
                  94.103.41.0-94.103.43.255
                  185.35.20.0/24
                  185.35.22.0/23
                IPv6:
                  2a00:7300::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:c2:42:a4:05:ff:dc:64:ee:1b:3e:0a:1a:72:60:d3:f2:e3:
         c0:62:2f:70:5b:de:06:b3:4a:e4:07:90:c5:c8:1c:a0:f0:70:
         5b:1e:61:66:ac:7a:34:62:d7:a0:8e:9a:94:c8:12:32:68:8d:
         f5:84:19:78:0e:ed:3c:b5:67:11:cf:a1:eb:b7:67:3d:8b:22:
         42:fa:8c:d0:b4:13:b2:e3:39:3d:4c:39:90:59:1f:b2:66:67:
         78:52:39:b7:52:70:01:e6:e5:82:c3:40:2f:88:34:43:4e:cd:
         e7:85:48:6d:d7:65:bd:31:8a:fe:b9:d5:0b:eb:aa:8e:e7:70:
         63:d0:8a:d0:0d:f4:e5:b9:af:02:9b:ad:0e:18:e0:0d:52:56:
         e8:b6:7d:bb:1e:59:0f:87:c4:cf:90:5d:04:b4:29:b4:b6:58:
         d7:6b:5f:59:ad:73:11:dd:d0:3c:96:77:cb:ed:8a:18:2e:ee:
         18:05:31:59:ad:3a:32:47:28:3b:2b:14:72:93:a4:c0:b7:29:
         27:e4:53:1f:ef:a8:04:09:74:ca:6d:60:ad:58:db:62:ee:7d:
         6a:ef:60:11:2c:c5:12:f2:b6:c7:cf:3d:a7:46:98:54:a5:00:
         d5:d8:ba:67:b0:3f:cf:f3:83:72:d7:a2:19:e1:4f:9b:50:67:
         51:64:9c:67
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAY3vExd3Gpaud2Dg1+LEXbA+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDE4MTVjNmY5OGYzYTJiNjE4NGFmZWJmMThlYTM0MWJl
ODgyZWEwHhcNMjQwMjI4MDkzNzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2E0ZDk2MWFiNGQzNjFlNzFmMWIxOGNmNjg0Y2YwYmQ3YmI2MTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOsLE2UNqO5UKpUu0xUTyCsH/Q+H
aZF7bz25a8n3LUdItisRWawxz81dOj1wzqYMnShLp4nOq4nhXk9S6tLiXCgAjQpY
7wRafJRvlEpvTij1PIbbSPpN+13z7ctBdLBvxiWKCedNBLgI5v0IEEDu+0q6Dc+b
S9JthayPwT9noDs/cG2L1dDHH/6J9qP/uSGMEGUsWjWhiB1WWzctRzZfseWQXYbC
myaAWHF0W0ydrDrrWdijwRtmK5g4vaTKqdXyWupFMcFFcsG6MN5gzt9pf2zm0a4C
QyZxZbUgoq+wjdPr7+MGtdRHMIOCjaZEQ/yCA0ICGyh39p8/kGy5eE2SdwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFPek2WGrTTYecfGxjPaEzwvXu2F2MB8GA1UdIwQY
MBaAFOUBgVxvmPOithhK/r8Y6jQb6ILqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWIt
MDA1OWY3MzdlZjA1LzEvOTZUWllhdE5OaDV4OGJHTTlvVFBDOWU3WVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWItMDA1OWY3MzdlZjA1
LzEvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQCXmckMAwD
BABeZykDBAJeZygDBAC5IxQDBAG5IxYwDQQCAAIwBwMFACoAcwAwDQYJKoZIhvcN
AQELBQADggEBAHPCQqQF/9xk7hs+ChpyYNPy48BiL3Bb3gazSuQHkMXIHKDwcFse
YWasejRi16COmpTIEjJojfWEGXgO7Ty1ZxHPoeu3Zz2LIkL6jNC0E7LjOT1MOZBZ
H7JmZ3hSObdScAHm5YLDQC+INENOzeeFSG3XZb0xiv651Qvrqo7ncGPQitAN9OW5
rwKbrQ4Y4A1SVui2fbseWQ+HxM+QXQS0KbS2WNdrX1mtcxHd0DyWd8vtihgu7hgF
MVmtOjJHKDsrFHKTpMC3KSfkUx/vqAQJdMptYK1Y22LufWrvYBEsxRLytsfPPadG
mFSlANXYumewP8/zg3LXohnhT5tQZ1FknGc=
-----END CERTIFICATE-----