Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/PmR4s772vHtQokpjoK4deibvR5w.roa
File:                     PmR4s772vHtQokpjoK4deibvR5w.roa (raw, json)
Hash identifier:          Bq/jpceTpFLjRU9eOkVjVZIiwCsb426T1hQbL3i4urk=
Subject key identifier:   3E:64:78:B3:BE:F6:BC:7B:50:A2:4A:63:A0:AE:1D:7A:26:EF:47:9C
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       0190CB8F3788BBE97C82E060997E65E6C802
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/PmR4s772vHtQokpjoK4deibvR5w.roa
Signing time:             Fri 19 Jul 2024 15:14:38 +0000
ROA not before:           Fri 19 Jul 2024 15:14:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34744
IP address blocks:        31.133.28.0/22 maxlen: 22
                          77.36.0.0/18 maxlen: 18
                          77.36.16.0/21 maxlen: 21
                          77.36.64.0/19 maxlen: 19
                          77.36.64.0/24 maxlen: 24
                          77.232.216.0/22 maxlen: 22
                          91.246.172.0/22 maxlen: 22
                          93.120.47.0/24 maxlen: 24
                          109.197.232.0/22 maxlen: 22
                          109.197.236.0/22 maxlen: 22
                          176.115.232.0/22 maxlen: 22
                          2a01:7d8::/48 maxlen: 48
                          2a01:7d8:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 26 Jul 2024 12:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:cb:8f:37:88:bb:e9:7c:82:e0:60:99:7e:65:e6:c8:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jul 19 15:14:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e6478b3bef6bc7b50a24a63a0ae1d7a26ef479c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d9:fb:74:1d:4d:6b:1c:cc:78:be:70:16:48:
                    7d:2a:fb:76:ad:dc:87:7a:cf:d2:b6:45:7e:3b:dd:
                    63:e1:e1:52:2c:1a:f3:b1:0f:81:b0:d7:db:54:94:
                    bb:f9:b3:3e:f6:31:44:07:7d:e5:50:b5:a4:9d:62:
                    80:c0:21:18:f8:b8:aa:58:80:cd:ac:e9:7c:e6:bd:
                    06:58:27:17:7e:ba:12:a8:62:f2:10:3b:58:33:9d:
                    23:20:c5:54:f2:f0:aa:20:cd:23:67:10:0b:2e:e7:
                    59:99:98:47:8c:61:8c:99:21:f7:17:c2:97:4b:93:
                    f0:ce:0f:5c:11:82:2b:a9:4b:5b:f7:32:4a:18:8f:
                    83:9e:f0:75:15:ae:07:e4:b0:6f:cc:01:f5:63:7e:
                    a6:dc:ce:c4:6d:82:d2:f6:f5:93:ab:9c:0d:19:12:
                    09:00:d2:46:77:e7:16:4d:29:49:68:2a:fa:87:5f:
                    3b:db:30:fa:3c:12:46:05:e0:56:31:42:50:89:c1:
                    28:c1:18:8b:25:62:7c:9a:40:8e:29:36:b9:d6:2c:
                    f2:e4:7a:d3:78:ce:5d:c4:11:56:b0:9e:53:d3:79:
                    cd:dc:46:ff:48:8a:33:70:65:f5:bd:6a:d2:4d:9b:
                    38:97:15:69:d3:96:bb:66:cb:e8:a5:ad:1b:5d:b6:
                    c3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:64:78:B3:BE:F6:BC:7B:50:A2:4A:63:A0:AE:1D:7A:26:EF:47:9C
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/PmR4s772vHtQokpjoK4deibvR5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.28.0/22
                  77.36.0.0-77.36.95.255
                  77.232.216.0/22
                  91.246.172.0/22
                  93.120.47.0/24
                  109.197.232.0/21
                  176.115.232.0/22
                IPv6:
                  2a01:7d8::/47

    Signature Algorithm: sha256WithRSAEncryption
         7f:f6:9b:09:08:14:8a:c0:19:b9:20:7c:65:f8:df:b2:ab:72:
         ec:40:01:2f:ef:1c:a2:8c:87:7a:e9:44:db:8d:33:f3:96:e9:
         af:c0:37:ba:f7:5a:5a:55:43:08:2a:75:56:52:51:53:d8:04:
         f3:3f:64:77:02:79:c2:d7:c6:f7:4e:4c:a4:cb:be:be:2f:9e:
         87:a4:85:da:c2:a9:0e:10:64:45:f2:ad:cd:0d:c1:23:81:20:
         eb:18:d1:d9:62:6d:af:be:bf:92:c8:b4:7c:c1:23:b6:0b:77:
         59:d9:3a:7f:a6:d9:0a:4e:78:ce:4f:7b:e4:d5:eb:e6:b4:c2:
         8e:2f:32:2a:4e:0e:a8:bc:80:e7:c9:22:87:e8:5e:64:cb:53:
         5f:ce:10:24:2f:ab:c1:8d:83:a4:58:c5:7d:ca:df:82:16:e2:
         a1:c3:db:7d:4e:6c:a5:e6:e6:95:17:91:48:27:ea:b1:38:18:
         97:8b:0b:47:53:9f:aa:2b:40:06:90:be:ba:df:73:04:45:8d:
         b4:08:ab:92:ea:18:e3:03:c7:7d:46:36:e2:a7:41:f0:af:ee:
         22:d9:ce:5f:4a:e3:ce:d2:5c:f6:bc:aa:7c:9b:44:f0:7e:e1:
         97:82:4e:83:1a:7d:38:69:2f:1d:ce:f4:3f:14:2e:2d:68:47:
         24:74:d7:6b
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZDLjzeIu+l8guBgmX5l5sgCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwNzE5MTUxNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTY0NzhiM2JlZjZiYzdiNTBhMjRhNjNhMGFlMWQ3YTI2ZWY0NzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdn7dB1NaxzMeL5wFkh9Kvt2rdyH
es/StkV+O91j4eFSLBrzsQ+BsNfbVJS7+bM+9jFEB33lULWknWKAwCEY+LiqWIDN
rOl85r0GWCcXfroSqGLyEDtYM50jIMVU8vCqIM0jZxALLudZmZhHjGGMmSH3F8KX
S5Pwzg9cEYIrqUtb9zJKGI+DnvB1Fa4H5LBvzAH1Y36m3M7EbYLS9vWTq5wNGRIJ
ANJGd+cWTSlJaCr6h1872zD6PBJGBeBWMUJQicEowRiLJWJ8mkCOKTa51izy5HrT
eM5dxBFWsJ5T03nN3Eb/SIozcGX1vWrSTZs4lxVp05a7Zsvopa0bXbbDzQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFD5keLO+9rx7UKJKY6CuHXom70ecMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvUG1SNHM3NzJ2SHRRb2twam9LNGRlaWJ2UjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjA3BAIAATAxAwQCH4UcMAsD
AwJNJAMEBU0kQAMEAk3o2AMEAlv2rAMEAF14LwMEA23F6AMEArBz6DAPBAIAAjAJ
AwcBKgEH2AAAMA0GCSqGSIb3DQEBCwUAA4IBAQB/9psJCBSKwBm5IHxl+N+yq3Ls
QAEv7xyijId66UTbjTPzlumvwDe691paVUMIKnVWUlFT2ATzP2R3AnnC18b3Tkyk
y76+L56HpIXawqkOEGRF8q3NDcEjgSDrGNHZYm2vvr+SyLR8wSO2C3dZ2Tp/ptkK
TnjOT3vk1evmtMKOLzIqTg6ovIDnySKH6F5ky1NfzhAkL6vBjYOkWMV9yt+CFuKh
w9t9Tmyl5uaVF5FIJ+qxOBiXiwtHU5+qK0AGkL6633MERY20CKuS6hjjA8d9Rjbi
p0Hwr+4i2c5fSuPO0lz2vKp8m0TwfuGXgk6DGn04aS8dzvQ/FC4taEckdNdr
-----END CERTIFICATE-----