Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/vTBOE8-z2xaYrb9IZPTlXmK0AuU.roa
File:                     vTBOE8-z2xaYrb9IZPTlXmK0AuU.roa (raw, json)
Hash identifier:          UkBkMTm++0RWYpYV991lR5uSENKpUkAfpMAVPcYc6P0=
Subject key identifier:   BD:30:4E:13:CF:B3:DB:16:98:AD:BF:48:64:F4:E5:5E:62:B4:02:E5
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       01903E715ADE5913E9E0F419C493093EC1DC
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/vTBOE8-z2xaYrb9IZPTlXmK0AuU.roa
Signing time:             Sat 22 Jun 2024 05:35:34 +0000
ROA not before:           Sat 22 Jun 2024 05:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208161
IP address blocks:        87.248.130.0/24 maxlen: 24
                          87.248.133.0/24 maxlen: 24
                          87.248.137.0/24 maxlen: 24
                          87.248.138.0/24 maxlen: 24
                          87.248.139.0/24 maxlen: 24
                          87.248.145.0/24 maxlen: 24
                          87.248.150.0/24 maxlen: 24
                          87.248.151.0/24 maxlen: 24
                          87.248.152.0/23 maxlen: 24
                          87.248.155.0/24 maxlen: 24
                          87.248.156.0/24 maxlen: 24
                          194.60.230.0/24 maxlen: 24
                          194.60.231.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 29 Sep 2024 13:51:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3e:71:5a:de:59:13:e9:e0:f4:19:c4:93:09:3e:c1:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jun 22 05:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd304e13cfb3db1698adbf4864f4e55e62b402e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3f:c9:a0:cc:0b:a8:ad:64:5f:7d:ce:4f:db:
                    29:28:8a:8d:b4:9b:97:52:f1:7d:78:50:62:0c:d5:
                    e6:9b:7b:96:47:0d:c7:86:f5:c9:48:50:9f:e7:1a:
                    0e:ec:ef:36:24:af:1a:88:13:64:91:45:88:08:53:
                    41:a3:b7:fa:ab:50:c9:ca:0e:10:f7:df:d7:ae:7d:
                    6b:1c:5d:cd:04:b5:7d:c2:83:ed:93:fb:f6:60:6b:
                    b5:20:b5:94:bb:19:8d:d4:64:ef:37:23:21:7b:1e:
                    02:5a:41:16:0a:c7:6f:c3:36:db:a3:39:73:d1:0b:
                    82:f9:e9:7c:52:f9:f1:4b:06:cf:2a:11:df:6b:65:
                    33:54:15:6e:f7:0b:1d:ab:a1:e7:82:92:11:a6:71:
                    8c:1c:3f:f3:e4:84:3c:bf:3c:52:f2:35:83:0d:30:
                    8c:b0:26:c2:18:08:87:c2:fa:89:6f:63:f6:19:40:
                    08:f5:dc:76:a7:99:a1:99:4b:4c:f8:80:db:26:e4:
                    3b:f1:84:43:44:3e:f0:c6:25:bb:d2:7c:f4:18:a8:
                    d1:a4:2d:99:db:82:90:6a:80:8c:38:23:df:ca:2f:
                    59:d3:80:f5:7c:7d:78:11:78:ff:80:81:93:c4:b6:
                    e7:7d:49:2f:1a:57:ef:b0:87:9b:da:a7:8c:77:c7:
                    28:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:30:4E:13:CF:B3:DB:16:98:AD:BF:48:64:F4:E5:5E:62:B4:02:E5
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/vTBOE8-z2xaYrb9IZPTlXmK0AuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.130.0/24
                  87.248.133.0/24
                  87.248.137.0-87.248.139.255
                  87.248.145.0/24
                  87.248.150.0-87.248.153.255
                  87.248.155.0-87.248.156.255
                  194.60.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:5f:f1:79:de:fb:d7:ab:3d:8a:92:48:6a:1d:6d:fb:bd:5f:
         71:1f:4c:96:84:b5:da:96:81:df:b4:37:d7:1b:c1:6a:2d:05:
         37:ae:a5:91:d7:eb:3f:20:c0:ad:ef:cf:71:50:a4:c5:09:8e:
         fa:9c:6c:58:8a:a2:02:5d:1f:db:69:30:81:a3:72:90:c5:6f:
         43:97:b3:f9:08:98:51:d9:23:56:d6:0f:13:1b:17:40:d3:78:
         f9:07:c3:53:93:1a:cd:6f:fa:d8:b7:50:35:0b:d5:c1:a7:d0:
         6a:46:91:3c:0b:62:dd:0d:7c:bd:1f:be:b2:53:e4:13:65:49:
         52:ed:bc:c4:01:8d:8f:17:52:b2:f8:09:75:d7:36:aa:22:41:
         c5:f6:49:d5:ea:dc:27:94:14:23:13:ac:4b:bc:ab:4f:c3:38:
         e4:da:ca:6c:ae:aa:68:4a:d4:c0:cb:b8:fa:24:ce:fe:d0:a6:
         28:56:ea:42:c0:31:6b:d3:7b:df:bb:43:e6:87:a8:2b:12:a0:
         53:56:c3:4a:3d:00:6a:a3:ed:40:39:5a:48:29:52:ff:ca:2c:
         be:b0:5e:95:42:92:29:a6:54:99:44:ee:a9:00:6c:a0:57:01:
         b4:a3:ee:c3:4c:c7:f1:2a:60:d2:5d:97:39:21:4a:92:ac:06:
         7f:83:05:3c
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZA+cVreWRPp4PQZxJMJPsHcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwNjIyMDUzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDMwNGUxM2NmYjNkYjE2OThhZGJmNDg2NGY0ZTU1ZTYyYjQwMmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyz/JoMwLqK1kX33OT9spKIqNtJuX
UvF9eFBiDNXmm3uWRw3HhvXJSFCf5xoO7O82JK8aiBNkkUWICFNBo7f6q1DJyg4Q
99/Xrn1rHF3NBLV9woPtk/v2YGu1ILWUuxmN1GTvNyMhex4CWkEWCsdvwzbbozlz
0QuC+el8UvnxSwbPKhHfa2UzVBVu9wsdq6HngpIRpnGMHD/z5IQ8vzxS8jWDDTCM
sCbCGAiHwvqJb2P2GUAI9dx2p5mhmUtM+IDbJuQ78YRDRD7wxiW70nz0GKjRpC2Z
24KQaoCMOCPfyi9Z04D1fH14EXj/gIGTxLbnfUkvGlfvsIeb2qeMd8cobQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFL0wThPPs9sWmK2/SGT05V5itALlMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvdlRCT0U4LXoyeGFZcmI5SVpQVGxYbUswQXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAV/iCAwQA
V/iFMAwDBABX+IkDBAJX+IgDBABX+JEwDAMEAVf4lgMEAVf4mDAMAwQAV/ibAwQA
V/icAwQBwjzmMA0GCSqGSIb3DQEBCwUAA4IBAQBgX/F53vvXqz2KkkhqHW37vV9x
H0yWhLXaloHftDfXG8FqLQU3rqWR1+s/IMCt789xUKTFCY76nGxYiqICXR/baTCB
o3KQxW9Dl7P5CJhR2SNW1g8TGxdA03j5B8NTkxrNb/rYt1A1C9XBp9BqRpE8C2Ld
DXy9H76yU+QTZUlS7bzEAY2PF1Ky+Al11zaqIkHF9knV6twnlBQjE6xLvKtPwzjk
2spsrqpoStTAy7j6JM7+0KYoVupCwDFr03vfu0Pmh6grEqBTVsNKPQBqo+1AOVpI
KVL/yiy+sF6VQpIpplSZRO6pAGygVwG0o+7DTMfxKmDSXZc5IUqSrAZ/gwU8
-----END CERTIFICATE-----