Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/L4MpCarJF-KxtT_pDaxdiKD30Xk.roa
File:                     L4MpCarJF-KxtT_pDaxdiKD30Xk.roa (raw, json)
Hash identifier:          Rhh1ekhLvZ3WeN/35b8WKDBWYeREMPm4guYgpwjXdDg=
Subject key identifier:   2F:83:29:09:AA:C9:17:E2:B1:B5:3F:E9:0D:AC:5D:88:A0:F7:D1:79
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       0190E4382AFEF8A28A6CFF43A86904CC7559
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/L4MpCarJF-KxtT_pDaxdiKD30Xk.roa
Signing time:             Wed 24 Jul 2024 10:10:04 +0000
ROA not before:           Wed 24 Jul 2024 10:10:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6939
IP address blocks:        31.40.196.0/22 maxlen: 22
                          31.40.204.0/22 maxlen: 22
                          37.221.76.0/22 maxlen: 22
                          83.171.244.0/22 maxlen: 22
                          84.54.0.0/22 maxlen: 22
                          85.8.144.0/22 maxlen: 22
                          85.235.72.0/22 maxlen: 22
                          139.28.48.0/22 maxlen: 22
                          139.28.212.0/22 maxlen: 22
                          176.53.156.0/22 maxlen: 22
                          176.96.128.0/22 maxlen: 22
                          193.32.204.0/22 maxlen: 22
                          194.93.48.0/22 maxlen: 22
                          212.115.100.0/22 maxlen: 22
                          217.18.208.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 24 Oct 2024 20:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e4:38:2a:fe:f8:a2:8a:6c:ff:43:a8:69:04:cc:75:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jul 24 10:10:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f832909aac917e2b1b53fe90dac5d88a0f7d179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f5:bd:f0:52:13:23:44:a3:90:36:6b:08:dc:
                    63:e7:d3:89:cf:cd:5c:78:3c:a7:bb:52:f9:b7:62:
                    3b:51:16:76:50:ad:fc:af:78:ae:bc:0f:98:7d:be:
                    d2:84:63:16:b4:c4:ef:61:a0:7a:dd:8a:2d:67:0c:
                    74:fa:20:72:fc:bb:9b:7b:d3:fb:fa:d0:cf:36:a2:
                    45:06:de:c3:05:42:a3:5a:14:54:52:6f:b4:0a:06:
                    f0:32:bf:d8:fe:3d:55:db:5d:0e:b7:e7:9f:36:05:
                    1e:95:24:e1:c1:85:1a:02:78:06:0a:8c:18:e3:a7:
                    13:f3:47:e1:42:30:c1:9e:6b:19:5b:48:6c:05:e7:
                    50:e9:d9:a0:92:be:eb:f6:be:f4:6d:b1:fc:45:7d:
                    db:45:66:4b:d5:e6:73:7d:4d:28:b3:ea:92:b1:c2:
                    f0:ca:ed:22:a2:0b:44:84:fb:7b:7c:09:dc:2c:ee:
                    48:c6:cb:04:8a:9f:c9:6d:8d:bb:6d:0d:56:06:47:
                    53:5a:65:59:59:2b:96:10:61:02:11:56:b0:81:ba:
                    00:bf:09:83:80:44:20:2b:a1:c0:bd:02:24:d8:2a:
                    07:29:92:67:33:04:d1:df:95:2b:52:b1:ef:56:10:
                    41:48:a7:69:01:7e:3c:f4:3f:0e:1d:d4:ca:6a:c9:
                    ba:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:83:29:09:AA:C9:17:E2:B1:B5:3F:E9:0D:AC:5D:88:A0:F7:D1:79
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/L4MpCarJF-KxtT_pDaxdiKD30Xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.196.0/22
                  31.40.204.0/22
                  37.221.76.0/22
                  83.171.244.0/22
                  84.54.0.0/22
                  85.8.144.0/22
                  85.235.72.0/22
                  139.28.48.0/22
                  139.28.212.0/22
                  176.53.156.0/22
                  176.96.128.0/22
                  193.32.204.0/22
                  194.93.48.0/22
                  212.115.100.0/22
                  217.18.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:3f:26:0d:49:4a:c6:29:f3:a9:bb:eb:8a:8d:14:f0:ab:68:
         3a:dc:b6:67:4f:88:84:14:4a:f8:e9:76:d3:9f:cd:a5:5a:10:
         ab:c0:51:c8:48:97:4f:68:23:e5:76:4d:26:3d:10:c4:e3:cc:
         67:a0:04:f0:dd:67:2d:86:b6:f0:7e:49:8a:09:93:59:9c:12:
         6f:d7:e7:67:1b:98:cd:4e:64:88:00:a6:ba:83:1b:e0:fc:4a:
         a3:91:35:34:a8:fd:68:65:39:bb:1d:b8:f9:19:10:ac:e8:ff:
         c9:86:55:bf:8a:70:84:30:98:62:48:ca:0d:8c:8b:4d:55:35:
         2c:25:2c:2d:e8:a8:9c:30:61:2c:b7:0a:62:a6:50:1d:1a:21:
         6e:80:3d:f7:98:5d:43:58:c1:b1:59:fa:9c:5f:7c:a6:9d:5a:
         a2:b7:96:0b:ae:3e:88:8a:28:d9:4f:e0:b7:c4:d7:90:ea:09:
         87:08:9b:86:0e:e2:a9:52:65:07:f4:8b:62:6f:33:1e:85:48:
         18:b5:6b:5c:f0:6d:c3:19:b4:af:27:85:a3:5e:1e:dd:c8:64:
         98:a8:ab:b2:59:f0:35:b5:87:f8:11:3d:cd:e1:72:a2:b6:0c:
         79:a2:7e:f6:fe:75:b2:af:73:c2:7a:70:9b:3a:62:76:89:a3:
         e2:e9:b1:1a
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZDkOCr++KKKbP9DqGkEzHVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwNzI0MTAxMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjgzMjkwOWFhYzkxN2UyYjFiNTNmZTkwZGFjNWQ4OGEwZjdkMTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPW98FITI0SjkDZrCNxj59OJz81c
eDynu1L5t2I7URZ2UK38r3iuvA+Yfb7ShGMWtMTvYaB63YotZwx0+iBy/Lube9P7
+tDPNqJFBt7DBUKjWhRUUm+0CgbwMr/Y/j1V210Ot+efNgUelSThwYUaAngGCowY
46cT80fhQjDBnmsZW0hsBedQ6dmgkr7r9r70bbH8RX3bRWZL1eZzfU0os+qSscLw
yu0iogtEhPt7fAncLO5IxssEip/JbY27bQ1WBkdTWmVZWSuWEGECEVawgboAvwmD
gEQgK6HAvQIk2CoHKZJnMwTR35UrUrHvVhBBSKdpAX489D8OHdTKasm68wIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFC+DKQmqyRfisbU/6Q2sXYig99F5MB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvTDRNcENhckpGLUt4dFRfcERheGRpS0QzMFhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQCHyjEAwQC
HyjMAwQCJd1MAwQCU6v0AwQCVDYAAwQCVQiQAwQCVetIAwQCixwwAwQCixzUAwQC
sDWcAwQCsGCAAwQCwSDMAwQCwl0wAwQC1HNkAwQC2RLQMA0GCSqGSIb3DQEBCwUA
A4IBAQCvPyYNSUrGKfOpu+uKjRTwq2g63LZnT4iEFEr46XbTn82lWhCrwFHISJdP
aCPldk0mPRDE48xnoATw3WcthrbwfkmKCZNZnBJv1+dnG5jNTmSIAKa6gxvg/Eqj
kTU0qP1oZTm7Hbj5GRCs6P/JhlW/inCEMJhiSMoNjItNVTUsJSwt6KicMGEstwpi
plAdGiFugD33mF1DWMGxWfqcX3ymnVqit5YLrj6IiijZT+C3xNeQ6gmHCJuGDuKp
UmUH9ItibzMehUgYtWtc8G3DGbSvJ4WjXh7dyGSYqKuyWfA1tYf4ET3N4XKitgx5
on72/nWyr3PCenCbOmJ2iaPi6bEa
-----END CERTIFICATE-----