Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/LdiZ2yIw-8R4j-XB8UMDDMcnDQ0.roa
File:                     LdiZ2yIw-8R4j-XB8UMDDMcnDQ0.roa (raw, json)
Hash identifier:          +V580toD1KMF3QOTSt5pNIYM8Q9YfM/+BJos3VgcMhg=
Subject key identifier:   2D:D8:99:DB:22:30:FB:C4:78:8F:E5:C1:F1:43:03:0C:C7:27:0D:0D
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       018CC34964B3CF61E292D179A7316D7ACFC3
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/LdiZ2yIw-8R4j-XB8UMDDMcnDQ0.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44843
IP address blocks:        192.145.19.0/24 maxlen: 24
                          152.89.135.0/24 maxlen: 24
                          152.89.134.0/24 maxlen: 24
                          31.207.64.0/24 maxlen: 24
                          31.207.64.0/20 maxlen: 20
                          31.207.65.0/24 maxlen: 24
                          178.236.132.0/24 maxlen: 24
                          178.236.130.0/24 maxlen: 24
                          178.236.128.0/21 maxlen: 21
                          178.236.131.0/24 maxlen: 24
                          178.236.128.0/24 maxlen: 24
                          178.236.129.0/24 maxlen: 24
                          178.236.133.0/24 maxlen: 24
                          178.236.134.0/24 maxlen: 24
                          178.236.135.0/24 maxlen: 24
                          2a02:1710:4::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 26 Mar 2024 10:06:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:64:b3:cf:61:e2:92:d1:79:a7:31:6d:7a:cf:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dd899db2230fbc4788fe5c1f143030cc7270d0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:89:ff:e2:5b:09:3a:f0:a0:16:a1:19:34:8c:
                    c1:17:ac:b5:40:9c:ef:c0:75:91:67:8e:57:e8:ca:
                    1e:92:42:b1:08:5a:46:a7:ed:80:06:77:06:51:0e:
                    09:d8:93:9d:2f:f0:99:98:7f:e9:64:b5:6e:9c:2b:
                    68:d0:59:b7:b8:e0:9b:15:51:25:22:fa:1f:29:e3:
                    49:d9:f4:78:de:07:d4:71:43:8f:36:06:50:d1:51:
                    2f:00:d0:df:3b:c7:8f:71:93:70:d9:c7:a0:1d:48:
                    3f:67:01:af:fc:22:74:68:5b:15:70:55:1e:93:05:
                    51:05:35:de:01:0d:f4:62:48:5c:84:62:5b:08:f6:
                    5a:e3:e4:11:23:48:d3:29:f2:b0:55:7f:27:db:1c:
                    36:e4:2f:cc:ea:03:f7:76:b3:ec:eb:f8:e7:6a:3b:
                    04:54:0d:92:0c:95:12:70:93:38:05:9a:89:b0:96:
                    d6:78:1a:e5:64:f0:76:d9:f4:b7:dc:41:57:e6:0e:
                    bc:39:cb:9a:2f:c5:6b:52:67:85:7b:da:3b:7a:51:
                    0f:c5:35:b9:e0:0b:7d:e3:dc:34:12:b2:1f:f3:38:
                    62:7e:cf:c7:9d:9d:6c:73:93:96:fc:f3:7e:2b:91:
                    04:25:33:51:3e:9d:94:24:e2:22:06:ce:17:a6:c1:
                    d2:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D8:99:DB:22:30:FB:C4:78:8F:E5:C1:F1:43:03:0C:C7:27:0D:0D
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/LdiZ2yIw-8R4j-XB8UMDDMcnDQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.207.64.0/20
                  152.89.134.0/23
                  178.236.128.0/21
                  192.145.19.0/24
                IPv6:
                  2a02:1710:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:7d:76:b3:1d:f6:48:74:5e:c6:ce:48:73:4c:1a:d8:e6:bb:
         61:9a:ea:83:fd:6f:90:5b:8c:d4:ca:56:99:8a:9d:d1:b7:9c:
         c3:25:20:13:09:2d:e1:81:d5:00:af:ca:30:3e:92:0f:9d:c8:
         94:d2:79:db:de:59:40:3a:3e:da:08:3c:9a:08:f4:ee:45:3d:
         12:2e:53:d2:ca:65:c7:ac:16:19:7d:dd:08:2d:e4:66:c2:e5:
         6c:ec:b0:52:4e:4f:4c:db:2f:9c:2f:40:7b:c2:a1:01:9c:9d:
         e7:88:71:64:ff:a4:10:70:b4:f4:59:18:14:ef:df:7b:7c:54:
         67:4f:eb:41:2c:f1:85:c2:4c:1b:ca:38:45:b2:db:42:c6:f5:
         8b:f8:db:26:bd:e1:f1:a5:b7:5d:8b:cd:4f:1b:bb:ac:05:d7:
         c3:6e:5c:bf:2f:e0:6e:3b:18:49:73:5d:f3:b7:e7:f9:10:0b:
         1f:af:c4:a7:ff:bd:ce:3d:20:9a:bd:ea:42:35:43:73:a2:7e:
         91:aa:00:ee:4a:c9:7f:75:b7:b1:55:a1:95:60:d3:93:3a:16:
         69:9d:67:74:13:17:df:c4:0b:00:26:b7:56:1b:bf:42:38:f8:
         9e:17:8f:32:b9:ca:51:31:c5:37:f3:83:94:3a:40:c5:3d:b9:
         d7:b0:4b:ba
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzDSWSzz2HiktF5pzFtes/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQ4OTlkYjIyMzBmYmM0Nzg4ZmU1YzFmMTQzMDMwY2M3MjcwZDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4n/4lsJOvCgFqEZNIzBF6y1QJzv
wHWRZ45X6MoekkKxCFpGp+2ABncGUQ4J2JOdL/CZmH/pZLVunCto0Fm3uOCbFVEl
IvofKeNJ2fR43gfUcUOPNgZQ0VEvANDfO8ePcZNw2cegHUg/ZwGv/CJ0aFsVcFUe
kwVRBTXeAQ30YkhchGJbCPZa4+QRI0jTKfKwVX8n2xw25C/M6gP3drPs6/jnajsE
VA2SDJUScJM4BZqJsJbWeBrlZPB22fS33EFX5g68OcuaL8VrUmeFe9o7elEPxTW5
4At949w0ErIf8zhifs/HnZ1sc5OW/PN+K5EEJTNRPp2UJOIiBs4XpsHSwQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFC3YmdsiMPvEeI/lwfFDAwzHJw0NMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvTGRpWjJ5SXctOFI0ai1YQjhVTURETWNuRFEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQEH89AAwQB
mFmGAwQDsuyAAwQAwJETMA8EAgACMAkDBwAqAhcQAAQwDQYJKoZIhvcNAQELBQAD
ggEBADl9drMd9kh0XsbOSHNMGtjmu2Ga6oP9b5BbjNTKVpmKndG3nMMlIBMJLeGB
1QCvyjA+kg+dyJTSedveWUA6PtoIPJoI9O5FPRIuU9LKZcesFhl93Qgt5GbC5Wzs
sFJOT0zbL5wvQHvCoQGcneeIcWT/pBBwtPRZGBTv33t8VGdP60Es8YXCTBvKOEWy
20LG9Yv42ya94fGlt12LzU8bu6wF18NuXL8v4G47GElzXfO35/kQCx+vxKf/vc49
IJq96kI1Q3OifpGqAO5KyX91t7FVoZVg05M6FmmdZ3QTF9/ECwAmt1Ybv0I4+J4X
jzK5ylExxTfzg5Q6QMU9udewS7o=
-----END CERTIFICATE-----