Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/ER3r1O95hw14PihGM17Pnrt3oHg.roa
File:                     ER3r1O95hw14PihGM17Pnrt3oHg.roa (raw, json)
Hash identifier:          zetpSbQ8z7mXMzD/DowMo13lhVdxxNCrrhwjpBjdZOQ=
Subject key identifier:   11:1D:EB:D4:EF:79:87:0D:78:3E:28:46:33:5E:CF:9E:BB:77:A0:78
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       01907BCCD048DA6C140C7F58DDD34B6D010E
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/ER3r1O95hw14PihGM17Pnrt3oHg.roa
Signing time:             Thu 04 Jul 2024 03:32:18 +0000
ROA not before:           Thu 04 Jul 2024 03:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205960
IP address blocks:        2.59.153.0/24 maxlen: 24
                          2.59.154.0/24 maxlen: 24
                          45.91.225.0/24 maxlen: 24
                          45.91.227.0/24 maxlen: 24
                          45.142.155.0/24 maxlen: 24
                          91.204.224.0/24 maxlen: 24
                          91.204.225.0/24 maxlen: 24
                          91.204.226.0/24 maxlen: 24
                          91.204.227.0/24 maxlen: 24
                          185.202.101.0/24 maxlen: 24
                          193.239.151.0/24 maxlen: 24
                          194.126.215.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 04 Jul 2024 04:25:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7b:cc:d0:48:da:6c:14:0c:7f:58:dd:d3:4b:6d:01:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Jul  4 03:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=111debd4ef79870d783e2846335ecf9ebb77a078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:df:14:ff:b4:5d:58:c2:13:7b:fc:0f:3b:ae:
                    1a:0a:1d:8f:e2:2e:7d:7f:85:f6:c0:8c:03:c6:2a:
                    b2:1f:10:ef:c4:e0:93:44:a0:97:11:02:5f:e5:5a:
                    eb:3a:43:63:d9:05:67:4f:de:6d:19:b7:9d:1d:19:
                    33:8f:36:71:f9:3b:64:62:f5:2d:f0:c4:48:36:3f:
                    33:6b:0b:79:5c:eb:54:5b:29:ba:9f:43:28:89:93:
                    ff:44:26:46:e8:79:94:f9:09:57:89:c8:50:66:5a:
                    d0:8b:47:16:f8:96:7a:07:af:5d:1b:c0:80:b0:b2:
                    6a:c6:13:40:14:f2:55:23:5c:f7:27:64:be:b5:1a:
                    7d:6d:ff:21:11:28:1b:14:6c:88:d6:b8:9a:6e:14:
                    23:3b:e8:ea:72:a2:6e:2a:40:17:35:44:16:2b:d8:
                    82:89:3c:dd:a0:11:55:30:a3:a0:5f:07:35:e5:1d:
                    da:0b:e1:59:5b:81:d8:9b:dc:f7:5e:da:76:1c:d5:
                    0c:7c:ea:4b:ff:ef:b6:10:02:8e:ba:40:aa:2f:a5:
                    ce:b5:1f:90:d2:98:fc:07:80:4f:b5:0e:f6:9c:19:
                    74:0a:8d:c4:5a:13:11:6b:38:13:08:5f:72:85:29:
                    97:91:e3:16:9b:ce:bb:e8:90:71:18:31:a9:9a:a5:
                    18:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:1D:EB:D4:EF:79:87:0D:78:3E:28:46:33:5E:CF:9E:BB:77:A0:78
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/ER3r1O95hw14PihGM17Pnrt3oHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.153.0-2.59.154.255
                  45.91.225.0/24
                  45.91.227.0/24
                  45.142.155.0/24
                  91.204.224.0/22
                  185.202.101.0/24
                  193.239.151.0/24
                  194.126.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:6b:e4:b0:4c:86:f0:57:b9:62:ee:8e:b2:0a:5d:4e:63:84:
         41:84:8c:03:a3:ec:4b:14:66:ca:d1:00:4c:63:0a:cf:d1:1d:
         28:0e:b6:e3:39:c5:3c:b7:91:15:6b:71:2f:8d:13:90:e6:65:
         e5:93:47:c7:bb:9d:5c:d9:e6:0c:62:6a:e2:50:ac:01:49:31:
         ce:d0:8b:03:0d:5d:71:43:86:4a:2a:83:2f:f2:0f:22:8e:2a:
         8e:aa:86:da:58:dd:af:a0:dd:57:0c:e6:ea:ea:e5:9d:74:20:
         7c:bc:29:b8:b3:70:e8:97:a9:58:ad:4c:7e:69:26:85:06:c1:
         12:c5:1f:62:cf:b1:0e:83:1f:41:4a:da:64:e7:4f:fe:aa:bc:
         58:ab:14:7b:d0:f4:68:13:dd:3c:b4:9e:95:21:54:cd:e6:2e:
         a1:0c:fc:14:be:0b:65:96:de:63:ab:54:20:e0:07:74:09:d9:
         46:59:a9:cd:e1:2e:2c:26:92:e0:be:46:37:f7:ea:70:4a:89:
         63:44:80:5c:d2:36:12:aa:ff:3b:90:48:76:63:43:62:01:a6:
         8c:79:f6:97:16:cc:c4:3b:55:f0:44:0d:09:c6:ec:3d:a7:e1:
         c7:fe:db:79:4e:e7:af:68:68:92:78:aa:cf:89:d9:59:06:53:
         55:ba:04:1a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZB7zNBI2mwUDH9Y3dNLbQEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQwNzA0MDMzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTFkZWJkNGVmNzk4NzBkNzgzZTI4NDYzMzVlY2Y5ZWJiNzdhMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAod8U/7RdWMITe/wPO64aCh2P4i59
f4X2wIwDxiqyHxDvxOCTRKCXEQJf5VrrOkNj2QVnT95tGbedHRkzjzZx+TtkYvUt
8MRINj8zawt5XOtUWym6n0MoiZP/RCZG6HmU+QlXichQZlrQi0cW+JZ6B69dG8CA
sLJqxhNAFPJVI1z3J2S+tRp9bf8hESgbFGyI1riabhQjO+jqcqJuKkAXNUQWK9iC
iTzdoBFVMKOgXwc15R3aC+FZW4HYm9z3Xtp2HNUMfOpL/++2EAKOukCqL6XOtR+Q
0pj8B4BPtQ72nBl0Co3EWhMRazgTCF9yhSmXkeMWm8676JBxGDGpmqUYEQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFBEd69TveYcNeD4oRjNez567d6B4MB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvRVIzcjFPOTVodzE0UGloR00xN1BucnQzb0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBAACO5kD
BAACO5oDBAAtW+EDBAAtW+MDBAAtjpsDBAJbzOADBAC5ymUDBADB75cDBADCftcw
DQYJKoZIhvcNAQELBQADggEBACBr5LBMhvBXuWLujrIKXU5jhEGEjAOj7EsUZsrR
AExjCs/RHSgOtuM5xTy3kRVrcS+NE5DmZeWTR8e7nVzZ5gxiauJQrAFJMc7QiwMN
XXFDhkoqgy/yDyKOKo6qhtpY3a+g3VcM5urq5Z10IHy8KbizcOiXqVitTH5pJoUG
wRLFH2LPsQ6DH0FK2mTnT/6qvFirFHvQ9GgT3Ty0npUhVM3mLqEM/BS+C2WW3mOr
VCDgB3QJ2UZZqc3hLiwmkuC+Rjf36nBKiWNEgFzSNhKq/zuQSHZjQ2IBpox59pcW
zMQ7VfBEDQnG7D2n4cf+23lO569oaJJ4qs+J2VkGU1W6BBo=
-----END CERTIFICATE-----