Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/pD4Zi3m_ygu_NqrFi8K3YM81vrg.roa
File:                     pD4Zi3m_ygu_NqrFi8K3YM81vrg.roa (raw, json)
Hash identifier:          r4d45vuy1GeEw8Cbp7vzYM5/1WnOZdlRANHy7dDomd0=
Subject key identifier:   A4:3E:19:8B:79:BF:CA:0B:BF:36:AA:C5:8B:C2:B7:60:CF:35:BE:B8
Certificate issuer:       /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial:       018E37FF595B1C8A174FB7960CDB07B34D07
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/pD4Zi3m_ygu_NqrFi8K3YM81vrg.roa
Signing time:             Wed 13 Mar 2024 13:27:45 +0000
ROA not before:           Wed 13 Mar 2024 13:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9105
IP address blocks:        79.77.0.0/16 maxlen: 24
                          79.78.0.0/15 maxlen: 24
                          80.40.0.0/13 maxlen: 24
                          81.1.64.0/18 maxlen: 24
                          81.86.0.0/16 maxlen: 24
                          81.170.0.0/17 maxlen: 24
                          81.178.0.0/15 maxlen: 24
                          83.67.0.0/16 maxlen: 24
                          89.168.128.0/17 maxlen: 24
                          194.106.32.0/19 maxlen: 24
                          194.247.224.0/19 maxlen: 24
                          195.137.0.0/17 maxlen: 24
                          212.1.128.0/19 maxlen: 24
                          212.74.96.0/19 maxlen: 24
                          212.139.0.0/16 maxlen: 24
                          212.159.128.0/18 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:48:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:ff:59:5b:1c:8a:17:4f:b7:96:0c:db:07:b3:4d:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
        Validity
            Not Before: Mar 13 13:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a43e198b79bfca0bbf36aac58bc2b760cf35beb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:83:77:ec:e4:1c:ec:5a:2f:c4:21:5d:7d:5b:
                    38:ff:3a:a4:8c:bd:68:f1:64:44:74:df:4c:eb:80:
                    d2:c9:d4:39:56:c4:0d:df:de:3f:9a:2a:6c:ab:58:
                    06:02:d5:1c:58:3e:ec:35:65:67:f7:4a:1e:c0:57:
                    47:fe:12:f3:64:0b:2f:d3:98:64:d0:1f:e0:3d:b9:
                    ad:0f:16:fb:5f:7f:d1:9c:c2:e5:10:93:30:d3:a1:
                    22:39:2b:b6:c8:81:04:72:a4:fc:10:dc:2e:f8:ac:
                    c5:5c:3c:7f:97:32:d1:aa:aa:4d:99:7f:42:77:a7:
                    df:77:06:40:3c:e0:25:fe:c9:63:be:70:b4:2b:da:
                    cd:a6:51:cc:bc:15:23:3e:aa:98:65:72:21:5c:fe:
                    ad:f8:cb:65:7c:7b:f6:cf:68:e4:e8:1d:97:54:2c:
                    9a:d1:a8:39:cb:57:61:e9:56:a1:ba:01:f3:a6:6b:
                    eb:7b:9c:2f:55:08:c7:53:6c:33:d9:45:80:ee:ab:
                    2e:81:84:67:2a:82:8e:ae:a2:4d:69:88:f5:6a:5f:
                    5e:5e:4b:48:ef:06:6b:c8:32:05:e3:dd:16:df:db:
                    a2:d6:76:68:3e:4b:ed:7c:e0:1b:fd:25:8a:42:60:
                    39:9e:a7:36:be:a1:08:f1:06:1c:f4:59:58:31:07:
                    d0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:3E:19:8B:79:BF:CA:0B:BF:36:AA:C5:8B:C2:B7:60:CF:35:BE:B8
            X509v3 Authority Key Identifier:
                keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/pD4Zi3m_ygu_NqrFi8K3YM81vrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.77.0.0-79.79.255.255
                  80.40.0.0/13
                  81.1.64.0/18
                  81.86.0.0/16
                  81.170.0.0/17
                  81.178.0.0/15
                  83.67.0.0/16
                  89.168.128.0/17
                  194.106.32.0/19
                  194.247.224.0/19
                  195.137.0.0/17
                  212.1.128.0/19
                  212.74.96.0/19
                  212.139.0.0/16
                  212.159.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         0f:b4:c0:94:4d:1a:50:07:a4:aa:a5:7c:a5:e2:53:dd:9e:a2:
         f1:9a:9b:aa:0f:8d:61:ea:36:e3:92:d6:54:c2:ae:7c:6e:d5:
         91:91:fd:31:56:a9:e9:bf:85:86:39:14:88:0e:13:a5:5d:dc:
         65:39:1a:aa:9a:a3:c6:4a:cb:49:45:88:0f:02:54:b6:e2:cb:
         70:88:17:f5:ef:5d:f9:ed:a4:a7:89:71:d5:66:04:5e:dd:e4:
         f9:02:af:08:cc:13:52:94:2e:c5:23:34:b1:b7:35:c0:54:aa:
         b3:de:3c:25:65:6d:8c:fd:a1:fa:73:1a:4d:23:a9:24:4e:8e:
         07:9a:f7:02:d4:06:38:c9:99:be:30:ca:fc:81:34:8c:6d:da:
         53:07:c6:3b:ef:c4:86:12:cb:01:01:27:90:6c:76:dc:2b:40:
         96:c4:8f:50:bc:1c:fa:db:09:d0:9a:cf:01:5b:fd:e9:4e:d7:
         c0:ab:3c:b4:64:35:b3:33:70:6f:75:17:50:de:06:de:cb:b7:
         62:d4:e0:2a:c5:ec:e8:2f:e9:cd:23:06:a9:cd:96:dc:84:0c:
         1d:ce:6d:f6:58:a0:52:0d:b3:cc:00:f7:b3:f8:45:1b:28:6e:
         b5:29:7d:12:ba:ca:81:6e:b3:30:29:22:b6:85:29:fa:ed:76:
         50:28:47:0a
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAY43/1lbHIoXT7eWDNsHs00HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjQwMzEzMTMyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDNlMTk4Yjc5YmZjYTBiYmYzNmFhYzU4YmMyYjc2MGNmMzViZWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4N37OQc7FovxCFdfVs4/zqkjL1o
8WREdN9M64DSydQ5VsQN394/mipsq1gGAtUcWD7sNWVn90oewFdH/hLzZAsv05hk
0B/gPbmtDxb7X3/RnMLlEJMw06EiOSu2yIEEcqT8ENwu+KzFXDx/lzLRqqpNmX9C
d6ffdwZAPOAl/sljvnC0K9rNplHMvBUjPqqYZXIhXP6t+MtlfHv2z2jk6B2XVCya
0ag5y1dh6VahugHzpmvre5wvVQjHU2wz2UWA7qsugYRnKoKOrqJNaYj1al9eXktI
7wZryDIF490W39ui1nZoPkvtfOAb/SWKQmA5nqc2vqEI8QYc9FlYMQfQZQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFKQ+GYt5v8oLvzaqxYvCt2DPNb64MB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvcEQ0WmkzbV95Z3VfTnFyRmk4SzNZTTgxdnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBhBAIAATBbMAoDAwBPTQMD
BE9AAwMDUCgDBAZRAUADAwBRVgMEB1GqAAMDAVGyAwMAU0MDBAdZqIADBAXCaiAD
BAXC9+ADBAfDiQADBAXUAYADBAXUSmADAwDUiwMEBtSfgDANBgkqhkiG9w0BAQsF
AAOCAQEAD7TAlE0aUAekqqV8peJT3Z6i8Zqbqg+NYeo245LWVMKufG7VkZH9MVap
6b+FhjkUiA4TpV3cZTkaqpqjxkrLSUWIDwJUtuLLcIgX9e9d+e2kp4lx1WYEXt3k
+QKvCMwTUpQuxSM0sbc1wFSqs948JWVtjP2h+nMaTSOpJE6OB5r3AtQGOMmZvjDK
/IE0jG3aUwfGO+/EhhLLAQEnkGx23CtAlsSPULwc+tsJ0JrPAVv96U7XwKs8tGQ1
szNwb3UXUN4G3su3YtTgKsXs6C/pzSMGqc2W3IQMHc5t9ligUg2zzAD3s/hFGyhu
tSl9ErrKgW6zMCkitoUp+u12UChHCg==
-----END CERTIFICATE-----