Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OYf1NpvXZUNNkHmAx80qgzj7yh0.roa
File:                     OYf1NpvXZUNNkHmAx80qgzj7yh0.roa (raw, json)
Hash identifier:          uqX10ucUQZKSWZI8rFyc8vSVCcY1ECTFMiZHEJ0siZM=
Subject key identifier:   39:87:F5:36:9B:D7:65:43:4D:90:79:80:C7:CD:2A:83:38:FB:CA:1D
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0190BCCA055730535FAA54D0F61BA86ABFDE
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OYf1NpvXZUNNkHmAx80qgzj7yh0.roa
Signing time:             Tue 16 Jul 2024 18:24:34 +0000
ROA not before:           Tue 16 Jul 2024 18:24:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34872
IP address blocks:        45.154.97.0/24 maxlen: 24
                          62.3.50.0/24 maxlen: 24
                          194.28.98.0/23 maxlen: 24
                          2a0c:b640::/32 maxlen: 48
                          2a0c:b641::/44 maxlen: 48
                          2a0c:b641:10::/44 maxlen: 48
                          2a0c:b641:60::/44 maxlen: 48
                          2a0c:b641:150::/44 maxlen: 48
                          2a0c:b641:540::/44 maxlen: 48
                          2a0c:b641:70f::/48 maxlen: 48
                          2a0c:b641:820::/44 maxlen: 48
                          2a0f:8400::/32 maxlen: 48

Validation:               Failed, certificate revoked on Sat 03 Aug 2024 09:43:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bc:ca:05:57:30:53:5f:aa:54:d0:f6:1b:a8:6a:bf:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jul 16 18:24:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3987f5369bd765434d907980c7cd2a8338fbca1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:17:0a:e0:f4:a7:5d:30:da:50:e0:8e:a0:90:
                    37:b6:cf:af:fb:45:4f:47:a1:d4:55:3f:44:04:9e:
                    73:9f:73:27:3b:fc:58:78:21:87:35:4b:e5:22:12:
                    7c:05:dd:c7:66:da:d8:a5:c7:0d:82:52:56:ce:27:
                    a9:54:18:57:f5:14:71:a5:f8:a0:89:6f:e3:a3:39:
                    b7:51:e8:7d:95:dc:8f:06:10:be:bc:19:52:d2:e9:
                    22:d9:e9:ce:84:ce:d8:18:7a:14:52:b0:be:78:2b:
                    f0:de:d0:9d:90:f7:4c:88:dd:90:f1:a4:41:af:47:
                    41:fa:61:f7:a6:8d:c4:c3:79:99:93:7c:01:87:45:
                    49:47:45:5d:a3:dd:f2:5f:d5:5f:fb:c5:63:f4:51:
                    36:54:89:1a:f6:3a:5f:64:1b:28:44:e8:c7:86:89:
                    12:dd:18:a0:83:ba:6a:0b:53:fb:e7:02:af:61:3c:
                    97:ba:a5:1a:6e:7e:d7:b1:68:83:44:ab:1b:78:47:
                    81:8a:48:71:89:bf:ab:bf:a3:6a:1e:be:eb:90:31:
                    0e:9f:37:e6:7d:03:90:f6:a2:4c:fb:12:42:bb:0d:
                    6d:54:28:31:3a:55:ff:71:6e:70:e3:da:f1:09:01:
                    6c:13:8b:14:f6:3b:8c:a0:d4:01:90:f7:e9:af:9a:
                    f5:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:87:F5:36:9B:D7:65:43:4D:90:79:80:C7:CD:2A:83:38:FB:CA:1D
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OYf1NpvXZUNNkHmAx80qgzj7yh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.97.0/24
                  62.3.50.0/24
                  194.28.98.0/23
                IPv6:
                  2a0c:b640::-2a0c:b641:1f:ffff:ffff:ffff:ffff:ffff
                  2a0c:b641:60::/44
                  2a0c:b641:150::/44
                  2a0c:b641:540::/44
                  2a0c:b641:70f::/48
                  2a0c:b641:820::/44
                  2a0f:8400::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:71:61:ce:39:a4:1c:d8:74:77:19:fe:b1:8c:1a:ef:a6:76:
         1a:0b:07:85:16:8b:5a:79:04:64:78:26:b9:80:3d:f1:c3:d8:
         5b:74:86:de:d7:d6:45:dc:d6:0f:e0:bb:12:01:3f:3a:1f:13:
         b7:fe:b0:93:ee:79:20:4e:81:e5:bf:8d:7a:87:56:bd:0b:d5:
         47:e9:85:95:5c:61:f1:45:b5:5d:97:05:95:28:64:81:60:b7:
         21:9e:2c:f9:b9:dd:c0:01:fe:9b:64:d0:7e:02:dc:a0:68:01:
         62:93:3d:8e:74:ef:00:04:05:8e:43:13:d9:b8:d2:69:7e:31:
         17:29:9f:6e:c9:d8:6e:7d:a6:ba:0a:65:87:44:a0:d7:0b:4e:
         07:7f:71:84:36:16:44:09:21:ed:9e:14:77:97:a1:f0:6f:19:
         60:52:15:b3:d1:28:ee:00:43:a6:f1:fc:6c:12:12:af:a5:bd:
         0a:77:74:9a:8d:78:02:2c:86:e7:13:9d:ef:1b:ff:ca:85:3e:
         ed:d1:03:99:d5:19:c7:97:1a:5d:7f:e5:82:03:e1:c0:b4:34:
         56:35:10:65:d1:36:f4:ad:c9:76:1e:52:0d:7a:4e:f6:33:ae:
         0c:f1:39:a8:4b:27:41:14:3a:ef:2c:de:87:e0:8e:0b:95:3a:
         72:e7:0d:01
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZC8ygVXMFNfqlTQ9huoar/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwNzE2MTgyNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTg3ZjUzNjliZDc2NTQzNGQ5MDc5ODBjN2NkMmE4MzM4ZmJjYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBcK4PSnXTDaUOCOoJA3ts+v+0VP
R6HUVT9EBJ5zn3MnO/xYeCGHNUvlIhJ8Bd3HZtrYpccNglJWziepVBhX9RRxpfig
iW/jozm3Ueh9ldyPBhC+vBlS0uki2enOhM7YGHoUUrC+eCvw3tCdkPdMiN2Q8aRB
r0dB+mH3po3Ew3mZk3wBh0VJR0Vdo93yX9Vf+8Vj9FE2VIka9jpfZBsoROjHhokS
3Rigg7pqC1P75wKvYTyXuqUabn7XsWiDRKsbeEeBikhxib+rv6NqHr7rkDEOnzfm
fQOQ9qJM+xJCuw1tVCgxOlX/cW5w49rxCQFsE4sU9juMoNQBkPfpr5r1ewIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFDmH9Tab12VDTZB5gMfNKoM4+8odMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvT1lmMU5wdlhaVU5Oa0htQXg4MHFnemo3eWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDAYBAIAATASAwQALZphAwQA
PgMyAwQBwhxiMEwEAgACMEYwEAMFBioMtkADBwUqDLZBAAADBwQqDLZBAGADBwQq
DLZBAVADBwQqDLZBBUADBwAqDLZBBw8DBwQqDLZBCCADBQAqD4QAMA0GCSqGSIb3
DQEBCwUAA4IBAQBecWHOOaQc2HR3Gf6xjBrvpnYaCweFFotaeQRkeCa5gD3xw9hb
dIbe19ZF3NYP4LsSAT86HxO3/rCT7nkgToHlv416h1a9C9VH6YWVXGHxRbVdlwWV
KGSBYLchniz5ud3AAf6bZNB+AtygaAFikz2OdO8ABAWOQxPZuNJpfjEXKZ9uydhu
faa6CmWHRKDXC04Hf3GENhZECSHtnhR3l6HwbxlgUhWz0SjuAEOm8fxsEhKvpb0K
d3SajXgCLIbnE53vG//KhT7t0QOZ1RnHlxpdf+WCA+HAtDRWNRBl0Tb0rcl2HlIN
ek72M64M8TmoSydBFDrvLN6H4I4LlTpy5w0B
-----END CERTIFICATE-----