Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/LqvxkTCXCZIJB6qtU3F36A9blpI.roa
File:                     LqvxkTCXCZIJB6qtU3F36A9blpI.roa (raw, json)
Hash identifier:          l6Z6pahEtwArnITHpH68h5yQi5l/EVxOZYv8nWQTRSk=
Subject key identifier:   2E:AB:F1:91:30:97:09:92:09:07:AA:AD:53:71:77:E8:0F:5B:96:92
Certificate issuer:       /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial:       019296249158E28CD325BE678FCC6E94E390
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/LqvxkTCXCZIJB6qtU3F36A9blpI.roa
Signing time:             Wed 16 Oct 2024 16:23:51 +0000
ROA not before:           Wed 16 Oct 2024 16:23:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196755
IP address blocks:        80.251.108.0/22 maxlen: 22
                          80.251.108.0/23 maxlen: 23
                          80.251.110.0/23 maxlen: 23
                          157.143.248.0/21 maxlen: 21
                          178.157.18.0/23 maxlen: 24
                          178.157.20.0/22 maxlen: 22
                          178.157.24.0/23 maxlen: 23
                          178.157.26.0/23 maxlen: 23
                          178.157.28.0/22 maxlen: 22
                          178.157.40.0/22 maxlen: 22
                          178.157.44.0/22 maxlen: 22
                          178.174.106.0/23 maxlen: 23
                          178.174.108.0/23 maxlen: 23
                          217.181.252.0/23 maxlen: 23
Validation:               Failed, certificate revoked on Fri 18 Oct 2024 15:31:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:96:24:91:58:e2:8c:d3:25:be:67:8f:cc:6e:94:e3:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
        Validity
            Not Before: Oct 16 16:23:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eabf191309709920907aaad537177e80f5b9692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b8:01:b6:e5:b9:45:42:07:21:56:20:bf:af:
                    8f:31:6f:2d:e6:34:50:98:99:81:9e:d2:aa:8d:b9:
                    93:37:4f:48:69:71:d3:2a:9d:71:2b:48:ff:25:db:
                    2c:38:6c:0a:fd:3c:5e:0b:26:bb:70:bd:d7:33:49:
                    0f:4a:28:34:1e:a3:7b:9e:b9:6e:17:6f:88:29:99:
                    f9:59:d8:06:bf:6d:5b:cd:1f:d8:67:53:72:50:a5:
                    4e:ec:38:95:52:39:2e:51:f3:f7:a5:7e:60:15:44:
                    c7:69:40:a3:44:0d:5c:78:c6:68:cb:85:11:6c:66:
                    64:b7:52:11:ff:2c:62:dc:f7:ab:7c:65:23:74:8f:
                    4e:52:85:fe:6e:59:89:ec:54:f8:d3:a2:8f:de:ca:
                    54:97:1a:c0:40:95:79:19:91:19:d7:56:62:7b:ed:
                    ec:7c:ce:e1:26:23:2c:bc:44:69:93:ce:98:7a:28:
                    87:43:85:09:6b:57:94:a9:3c:43:29:b1:ff:a8:b5:
                    fa:b8:89:70:12:b8:58:a5:ab:b0:27:14:69:33:8e:
                    52:4b:9b:cb:54:e9:d4:62:ed:69:20:0e:15:3e:4d:
                    41:b5:c1:86:d5:3d:c8:7d:97:03:e4:1a:c7:19:84:
                    fb:b0:fd:48:58:11:4a:7c:26:0d:7e:30:c0:d8:3b:
                    5a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:AB:F1:91:30:97:09:92:09:07:AA:AD:53:71:77:E8:0F:5B:96:92
            X509v3 Authority Key Identifier:
                keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/LqvxkTCXCZIJB6qtU3F36A9blpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.251.108.0/22
                  157.143.248.0/21
                  178.157.18.0-178.157.31.255
                  178.157.40.0/21
                  178.174.106.0-178.174.109.255
                  217.181.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:9c:80:fc:b0:4a:ee:4b:fd:83:51:67:f6:bb:88:ad:8c:bd:
         09:41:00:5e:d7:9e:89:17:37:7c:20:ce:5b:b6:cd:87:dc:7d:
         4a:7a:68:62:fe:99:eb:da:db:94:5d:ed:97:c5:58:34:e2:4e:
         f9:c0:7b:6b:26:03:a4:f0:d1:ce:99:75:ae:c5:1e:60:87:da:
         3f:36:d0:13:1e:c1:97:a8:71:42:61:69:bd:97:c9:67:f9:e2:
         31:4d:39:af:10:9d:f0:11:bc:ba:e2:52:8a:f0:3f:91:a8:7f:
         a3:b2:50:1c:c9:1f:3c:7c:60:8d:78:43:9b:c8:cd:7d:b6:2c:
         60:84:15:b0:7a:9f:51:78:9b:a7:90:a9:19:27:7d:e5:28:ba:
         2b:8e:42:73:d8:b7:39:09:92:f9:0d:97:b8:a5:9e:52:d5:4f:
         e0:5a:7f:62:b4:de:43:50:eb:d4:19:c6:2d:9f:6c:cf:ed:90:
         fd:65:d8:6a:69:e7:33:ce:de:24:2b:90:a0:fb:2d:06:46:3a:
         67:bc:97:00:a7:30:fb:09:67:18:b6:5f:68:89:b8:71:df:5a:
         17:c1:3c:0e:47:ea:7a:31:31:c5:05:61:85:c3:0c:5c:9a:65:
         40:ef:7d:54:60:fa:dd:bf:09:99:e7:df:86:a4:8a:60:14:70:
         a0:47:f5:af
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZKWJJFY4ozTJb5nj8xulOOQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjQxMDE2MTYyMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWFiZjE5MTMwOTcwOTkyMDkwN2FhYWQ1MzcxNzdlODBmNWI5NjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7gBtuW5RUIHIVYgv6+PMW8t5jRQ
mJmBntKqjbmTN09IaXHTKp1xK0j/JdssOGwK/TxeCya7cL3XM0kPSig0HqN7nrlu
F2+IKZn5WdgGv21bzR/YZ1NyUKVO7DiVUjkuUfP3pX5gFUTHaUCjRA1ceMZoy4UR
bGZkt1IR/yxi3PerfGUjdI9OUoX+blmJ7FT406KP3spUlxrAQJV5GZEZ11Zie+3s
fM7hJiMsvERpk86YeiiHQ4UJa1eUqTxDKbH/qLX6uIlwErhYpauwJxRpM45SS5vL
VOnUYu1pIA4VPk1BtcGG1T3IfZcD5BrHGYT7sP1IWBFKfCYNfjDA2Dta2wIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFC6r8ZEwlwmSCQeqrVNxd+gPW5aSMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvTHF2eGtUQ1hDWklKQjZxdFUzRjM2QTlibHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQCUPtsAwQD
nY/4MAwDBAGynRIDBAWynQADBAOynSgwDAMEAbKuagMEAbKubAMEAdm1/DANBgkq
hkiG9w0BAQsFAAOCAQEATJyA/LBK7kv9g1Fn9ruIrYy9CUEAXteeiRc3fCDOW7bN
h9x9SnpoYv6Z69rblF3tl8VYNOJO+cB7ayYDpPDRzpl1rsUeYIfaPzbQEx7Bl6hx
QmFpvZfJZ/niMU05rxCd8BG8uuJSivA/kah/o7JQHMkfPHxgjXhDm8jNfbYsYIQV
sHqfUXibp5CpGSd95Si6K45Cc9i3OQmS+Q2XuKWeUtVP4Fp/YrTeQ1Dr1BnGLZ9s
z+2Q/WXYamnnM87eJCuQoPstBkY6Z7yXAKcw+wlnGLZfaIm4cd9aF8E8DkfqejEx
xQVhhcMMXJplQO99VGD63b8JmeffhqSKYBRwoEf1rw==
-----END CERTIFICATE-----