Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/AB3Hy73wZcLrOJ5wDNI6oINunOM.roa
File:                     AB3Hy73wZcLrOJ5wDNI6oINunOM.roa (raw, json)
Hash identifier:          xfWpOJqSdHOptV5y7PPfEifrMwJgOd+IDtB7kT0caao=
Subject key identifier:   00:1D:C7:CB:BD:F0:65:C2:EB:38:9E:70:0C:D2:3A:A0:83:6E:9C:E3
Certificate issuer:       /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial:       018CC26D202A007BA535701783AD87B66341
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/AB3Hy73wZcLrOJ5wDNI6oINunOM.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196755
IP address blocks:        157.143.248.0/21 maxlen: 21
                          178.157.24.0/23 maxlen: 23
                          178.157.18.0/23 maxlen: 23
                          178.157.20.0/22 maxlen: 22
                          80.251.108.0/22 maxlen: 22
                          178.157.28.0/22 maxlen: 22
                          80.251.110.0/23 maxlen: 23
                          178.157.26.0/23 maxlen: 23
                          80.251.108.0/23 maxlen: 23
                          217.181.252.0/23 maxlen: 23
                          178.157.40.0/22 maxlen: 22
                          178.157.44.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 28 Mar 2024 13:22:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:20:2a:00:7b:a5:35:70:17:83:ad:87:b6:63:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=001dc7cbbdf065c2eb389e700cd23aa0836e9ce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7d:e4:5f:4f:97:16:eb:23:0f:df:5b:a7:1f:
                    80:8f:dc:9c:11:c0:aa:bf:14:39:18:bd:15:c4:96:
                    41:af:d2:b9:f2:29:6a:f6:00:96:54:82:65:04:8c:
                    49:72:b5:2a:ca:71:eb:10:df:ee:63:98:99:1c:e0:
                    fc:a8:33:8c:06:d4:00:7d:3b:8a:f4:2d:72:5e:d3:
                    75:e7:b3:ea:db:fd:e8:71:48:a2:64:9f:b7:0a:24:
                    3d:2c:7c:4a:23:3d:36:e5:bf:22:f2:e2:b4:fe:17:
                    e8:b5:79:5c:73:c0:51:fb:bd:55:7b:2c:bb:3d:8d:
                    4f:c5:a8:87:07:f2:da:32:aa:11:99:12:0a:37:d6:
                    48:1f:1a:d3:9d:0a:5c:56:27:f0:4a:d7:73:58:ae:
                    d0:96:16:25:30:38:2a:9b:e6:8f:96:92:94:a3:aa:
                    a9:94:87:e5:93:e3:4c:9e:1e:8e:9f:2a:ca:8f:77:
                    f0:5d:bc:13:94:47:62:06:6e:da:94:e1:14:4d:bd:
                    64:12:45:3d:a1:be:91:e0:81:72:57:0e:fe:0f:60:
                    da:a4:b0:e4:be:82:7d:e8:b1:59:4e:e5:83:27:ff:
                    ce:bd:e6:aa:d6:de:c1:e0:ef:18:1d:68:7a:ed:6e:
                    cf:2b:45:90:23:8f:fd:1f:36:4f:55:7c:91:9f:fc:
                    9f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:1D:C7:CB:BD:F0:65:C2:EB:38:9E:70:0C:D2:3A:A0:83:6E:9C:E3
            X509v3 Authority Key Identifier:
                keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/AB3Hy73wZcLrOJ5wDNI6oINunOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.251.108.0/22
                  157.143.248.0/21
                  178.157.18.0-178.157.31.255
                  178.157.40.0/21
                  217.181.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:32:91:2a:3e:17:20:ab:7c:8e:11:13:b3:c6:86:11:71:52:
         ed:2f:7c:dc:2d:b8:8a:67:10:c3:c4:ae:48:1c:a1:52:48:fe:
         55:4a:6e:d0:35:ad:4e:63:50:c5:32:42:7b:6b:ed:c8:82:a8:
         bb:3f:cc:f3:7c:06:50:b8:94:04:da:7a:3d:3e:96:c3:f4:96:
         de:ee:42:4f:43:4a:2b:58:4e:35:eb:41:56:f5:36:67:75:c0:
         a5:f5:a9:7f:ce:1f:ca:58:78:df:2e:9c:7b:34:21:5b:53:c3:
         87:f1:0e:78:ba:dd:69:83:eb:b3:82:a3:c7:69:a1:d5:2d:d1:
         8a:df:ed:e2:9f:2f:02:57:91:07:8f:06:0d:44:29:6d:b1:5a:
         02:0a:b1:92:1f:8f:26:26:15:a2:d7:f3:db:17:a9:01:0d:ba:
         ba:68:19:75:b0:e2:5f:b8:91:ad:ea:b4:66:0e:ce:d6:5f:68:
         ad:a9:16:52:a1:1d:4e:c3:98:2a:d5:69:d1:3c:17:a6:71:8a:
         aa:a1:b8:08:ca:8d:93:d3:71:b0:3b:6d:46:fc:56:92:af:06:
         bb:55:45:27:54:01:4c:42:d3:14:a6:ed:96:d3:f8:c2:46:a4:
         75:f4:3e:b4:23:ba:d2:02:33:c4:ad:9b:d1:dc:1c:f2:ec:36:
         9e:ac:58:0d
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzCbSAqAHulNXAXg62HtmNBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDFkYzdjYmJkZjA2NWMyZWIzODllNzAwY2QyM2FhMDgzNmU5Y2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl33kX0+XFusjD99bpx+Aj9ycEcCq
vxQ5GL0VxJZBr9K58ilq9gCWVIJlBIxJcrUqynHrEN/uY5iZHOD8qDOMBtQAfTuK
9C1yXtN157Pq2/3ocUiiZJ+3CiQ9LHxKIz025b8i8uK0/hfotXlcc8BR+71Veyy7
PY1PxaiHB/LaMqoRmRIKN9ZIHxrTnQpcVifwStdzWK7QlhYlMDgqm+aPlpKUo6qp
lIflk+NMnh6OnyrKj3fwXbwTlEdiBm7alOEUTb1kEkU9ob6R4IFyVw7+D2DapLDk
voJ96LFZTuWDJ//Oveaq1t7B4O8YHWh67W7PK0WQI4/9HzZPVXyRn/yf0wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFAAdx8u98GXC6ziecAzSOqCDbpzjMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvQUIzSHk3M3daY0xyT0o1d0ROSTZvSU51bk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCUPtsAwQD
nY/4MAwDBAGynRIDBAWynQADBAOynSgDBAHZtfwwDQYJKoZIhvcNAQELBQADggEB
AIkykSo+FyCrfI4RE7PGhhFxUu0vfNwtuIpnEMPErkgcoVJI/lVKbtA1rU5jUMUy
Qntr7ciCqLs/zPN8BlC4lATaej0+lsP0lt7uQk9DSitYTjXrQVb1Nmd1wKX1qX/O
H8pYeN8unHs0IVtTw4fxDni63WmD67OCo8dpodUt0Yrf7eKfLwJXkQePBg1EKW2x
WgIKsZIfjyYmFaLX89sXqQENurpoGXWw4l+4ka3qtGYOztZfaK2pFlKhHU7DmCrV
adE8F6ZxiqqhuAjKjZPTcbA7bUb8VpKvBrtVRSdUAUxC0xSm7ZbT+MJGpHX0PrQj
utICM8Stm9HcHPLsNp6sWA0=
-----END CERTIFICATE-----