Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/o-VCrrnMDha98uPKTfEFVIGI1pM.roa
File:                     o-VCrrnMDha98uPKTfEFVIGI1pM.roa (raw, json)
Hash identifier:          MVCkTB3dpHo1NM15/JVHBOWKSi9x1qqgonndxdLzZzQ=
Subject key identifier:   A3:E5:42:AE:B9:CC:0E:16:BD:F2:E3:CA:4D:F1:05:54:81:88:D6:93
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       018736818E66746AB6250EB6A603EDB3022D
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/o-VCrrnMDha98uPKTfEFVIGI1pM.roa
Signing time:             Fri 31 Mar 2023 07:11:12 +0000
ROA not before:           Fri 31 Mar 2023 07:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44843
IP address blocks:        192.145.19.0/24 maxlen: 24
                          152.89.135.0/24 maxlen: 24
                          152.89.134.0/24 maxlen: 24
                          31.207.64.0/24 maxlen: 24
                          31.207.64.0/20 maxlen: 20
                          31.207.65.0/24 maxlen: 24
                          178.236.132.0/24 maxlen: 24
                          178.236.130.0/24 maxlen: 24
                          178.236.128.0/21 maxlen: 21
                          178.236.131.0/24 maxlen: 24
                          178.236.128.0/24 maxlen: 24
                          178.236.129.0/24 maxlen: 24
                          178.236.133.0/24 maxlen: 24
                          178.236.134.0/24 maxlen: 24
                          178.236.135.0/24 maxlen: 24
                          2a02:1710:4::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:36:81:8e:66:74:6a:b6:25:0e:b6:a6:03:ed:b3:02:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Mar 31 07:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3e542aeb9cc0e16bdf2e3ca4df105548188d693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ee:4a:86:17:03:3a:32:7c:c0:6a:fb:f2:92:
                    32:85:2b:8c:61:1c:7c:f8:d1:31:c0:95:04:87:64:
                    30:9a:22:51:dd:2e:e7:97:d1:fb:1b:bc:e6:56:d6:
                    a5:1b:eb:2e:a1:18:7a:56:e5:dc:c9:7e:71:d1:ec:
                    03:3c:70:6e:84:1e:06:cf:09:83:4f:bc:5d:2f:ab:
                    1d:f8:83:4a:b1:3b:ab:17:c1:09:b7:b2:62:0b:22:
                    fc:6c:4a:e1:1c:b4:ad:ef:e6:f6:e5:10:26:ae:e9:
                    b7:45:96:80:7a:4b:b9:bb:81:97:16:c9:b3:26:e0:
                    9b:47:1a:46:67:34:9d:d7:33:96:b9:ba:e9:70:73:
                    e0:2c:00:de:94:40:ea:35:8b:ed:4d:1b:a9:34:e0:
                    be:9c:e2:36:ab:74:76:c1:27:5a:82:ee:4a:39:e8:
                    1c:27:2c:5d:5e:6c:25:c4:8b:bd:e1:ed:c7:9c:ec:
                    8c:51:81:dd:9d:f4:ac:76:22:30:ed:f4:c7:8d:0e:
                    f6:16:84:86:37:59:bd:5e:3e:c1:3f:67:30:8e:65:
                    d9:84:35:3a:e5:62:14:f5:f7:cc:67:7f:f7:b0:fd:
                    83:03:73:d7:5b:ed:8e:64:9f:5c:dc:52:f0:6e:04:
                    c4:a2:b1:31:4b:fa:dc:2b:74:fb:ac:60:86:7f:d2:
                    ca:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:E5:42:AE:B9:CC:0E:16:BD:F2:E3:CA:4D:F1:05:54:81:88:D6:93
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/o-VCrrnMDha98uPKTfEFVIGI1pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.207.64.0/20
                  152.89.134.0/23
                  178.236.128.0/21
                  192.145.19.0/24
                IPv6:
                  2a02:1710:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:f7:4b:b2:64:ef:a3:32:61:f6:71:72:b3:b2:38:2e:0b:dc:
         4c:db:d6:20:ce:98:43:4f:db:85:ab:41:f4:6f:6d:00:10:0e:
         a2:08:48:b0:24:53:25:09:7b:ff:2b:fe:11:ce:3f:d5:81:9e:
         a1:f1:35:e4:81:df:7e:96:25:2d:ef:fc:6a:1f:62:a4:fd:ef:
         09:72:56:1b:ed:86:cb:ee:a8:2a:55:d4:c4:40:93:f3:73:f9:
         2c:38:da:12:be:08:b9:33:fe:77:69:fa:2b:3a:e8:10:97:34:
         89:60:d7:36:8e:77:57:41:f4:97:fe:bc:1f:a3:62:6e:0c:35:
         8e:ce:97:23:27:bb:42:3f:55:d9:8c:34:d7:fc:9d:ef:63:89:
         62:3e:42:3c:08:25:96:d6:e0:fe:bb:72:51:18:96:5f:70:52:
         a2:4e:1a:7c:e7:2d:22:45:7a:3f:2a:42:e5:2d:0e:03:eb:b7:
         1b:77:37:47:45:58:f6:02:3b:1e:a3:fa:ef:fa:54:f1:3d:43:
         34:0a:33:e5:86:06:5d:00:cf:48:56:90:31:e1:0f:23:f9:65:
         fb:7f:42:4b:b0:93:a0:94:2e:ef:11:f0:cf:4c:8d:3a:49:4c:
         fd:84:74:ea:9d:28:17:9e:5f:e6:c5:79:0f:03:0a:97:85:1a:
         0d:cf:29:73
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYc2gY5mdGq2JQ62pgPtswItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjMwMzMxMDcxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2U1NDJhZWI5Y2MwZTE2YmRmMmUzY2E0ZGYxMDU1NDgxODhkNjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjO5KhhcDOjJ8wGr78pIyhSuMYRx8
+NExwJUEh2QwmiJR3S7nl9H7G7zmVtalG+suoRh6VuXcyX5x0ewDPHBuhB4GzwmD
T7xdL6sd+INKsTurF8EJt7JiCyL8bErhHLSt7+b25RAmrum3RZaAeku5u4GXFsmz
JuCbRxpGZzSd1zOWubrpcHPgLADelEDqNYvtTRupNOC+nOI2q3R2wSdagu5KOegc
JyxdXmwlxIu94e3HnOyMUYHdnfSsdiIw7fTHjQ72FoSGN1m9Xj7BP2cwjmXZhDU6
5WIU9ffMZ3/3sP2DA3PXW+2OZJ9c3FLwbgTEorExS/rcK3T7rGCGf9LKcwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFKPlQq65zA4WvfLjyk3xBVSBiNaTMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvby1WQ3Jybk1EaGE5OHVQS1RmRUZWSUdJMXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQEH89AAwQB
mFmGAwQDsuyAAwQAwJETMA8EAgACMAkDBwAqAhcQAAQwDQYJKoZIhvcNAQELBQAD
ggEBAGz3S7Jk76MyYfZxcrOyOC4L3Ezb1iDOmENP24WrQfRvbQAQDqIISLAkUyUJ
e/8r/hHOP9WBnqHxNeSB336WJS3v/GofYqT97wlyVhvthsvuqCpV1MRAk/Nz+Sw4
2hK+CLkz/ndp+is66BCXNIlg1zaOd1dB9Jf+vB+jYm4MNY7OlyMnu0I/VdmMNNf8
ne9jiWI+QjwIJZbW4P67clEYll9wUqJOGnznLSJFej8qQuUtDgPrtxt3N0dFWPYC
Ox6j+u/6VPE9QzQKM+WGBl0Az0hWkDHhDyP5Zft/Qkuwk6CULu8R8M9MjTpJTP2E
dOqdKBeeX+bFeQ8DCpeFGg3PKXM=
-----END CERTIFICATE-----