Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/z0yieLihF4AKdy5kuaWBCWLeKSU.roa
File:                     z0yieLihF4AKdy5kuaWBCWLeKSU.roa (raw, json)
Hash identifier:          fsdb61i2kEAJHiWq2j79bvdzNqbb/OdX16oiKEqgurA=
Subject key identifier:   CF:4C:A2:78:B8:A1:17:80:0A:77:2E:64:B9:A5:81:09:62:DE:29:25
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       018CC86FBF1999AA8ABFAB758E9D85E4DA38
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/z0yieLihF4AKdy5kuaWBCWLeKSU.roa
Signing time:             Tue 02 Jan 2024 04:30:15 +0000
ROA not before:           Tue 02 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34744
IP address blocks:        109.197.232.0/22 maxlen: 22
                          77.36.64.0/24 maxlen: 24
                          109.197.236.0/22 maxlen: 22
                          77.36.64.0/19 maxlen: 19
                          31.133.28.0/22 maxlen: 22
                          77.36.0.0/18 maxlen: 18
                          77.36.16.0/21 maxlen: 21
                          91.246.172.0/22 maxlen: 22
                          77.232.216.0/22 maxlen: 22
                          176.111.164.0/22 maxlen: 22
                          176.115.232.0/22 maxlen: 22
                          93.120.47.0/24 maxlen: 24
                          2a01:7d8::/48 maxlen: 48
                          2a01:7d8:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 19 Jul 2024 15:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:bf:19:99:aa:8a:bf:ab:75:8e:9d:85:e4:da:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf4ca278b8a117800a772e64b9a5810962de2925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5e:0c:25:74:5f:03:08:10:d4:a4:29:3a:6e:
                    72:a9:55:d1:93:62:7c:22:dc:3d:52:a4:e0:8f:2c:
                    8f:7c:5a:74:23:5e:98:82:45:c4:73:af:5f:c3:62:
                    89:b3:dc:b7:9d:45:2c:cb:e0:32:b1:a0:5b:91:b5:
                    48:52:6b:4d:20:1d:86:06:4c:cd:e9:6c:50:dc:58:
                    50:90:23:6b:1d:5b:03:74:fe:af:58:c0:14:5a:00:
                    07:24:1b:f7:e7:90:20:ac:b2:ff:a2:6a:b3:88:0e:
                    ca:63:1a:c3:cb:45:3d:b2:e7:38:5d:e0:32:e7:ca:
                    29:ed:b1:d1:a6:51:9a:e6:6f:f4:cf:95:f6:4b:9f:
                    e7:96:a0:86:7a:76:19:8c:7d:f4:57:8d:72:7b:13:
                    20:34:ed:2e:f7:57:fe:aa:d4:9e:6b:2b:c4:c3:e7:
                    8b:bf:ce:59:60:9f:01:cb:f4:6d:d8:08:f5:f9:22:
                    e1:7f:f3:77:41:cc:e6:ae:bb:7e:90:f8:66:92:cd:
                    ab:37:18:ed:9a:9d:a7:f7:e6:50:18:47:dc:ce:0d:
                    3e:ca:cf:27:9b:24:ec:5b:c3:c2:28:6f:83:1f:b5:
                    48:ec:82:fa:82:58:8f:b9:61:fd:3e:fa:b0:43:99:
                    4f:84:2e:de:31:00:86:88:91:00:c5:13:f9:07:ef:
                    1f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4C:A2:78:B8:A1:17:80:0A:77:2E:64:B9:A5:81:09:62:DE:29:25
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/z0yieLihF4AKdy5kuaWBCWLeKSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.28.0/22
                  77.36.0.0-77.36.95.255
                  77.232.216.0/22
                  91.246.172.0/22
                  93.120.47.0/24
                  109.197.232.0/21
                  176.111.164.0/22
                  176.115.232.0/22
                IPv6:
                  2a01:7d8::/47

    Signature Algorithm: sha256WithRSAEncryption
         39:7e:76:72:fe:50:cc:47:8f:cc:39:b1:1e:f2:a3:06:f9:39:
         8c:27:27:e2:c1:11:f0:21:ff:4f:44:1a:88:5a:7e:b3:26:dc:
         4b:8f:7a:8b:b8:5a:3c:19:ce:82:53:72:1e:00:fb:ce:46:32:
         0b:8a:17:10:81:6b:93:e6:8a:1e:22:a2:6b:36:ad:71:ad:af:
         3d:08:01:6b:0c:25:97:cd:11:25:87:07:58:ff:92:e0:bd:28:
         13:f7:ea:b2:a2:97:02:38:8b:e5:24:97:74:79:be:d7:ed:80:
         0c:55:b0:8a:93:92:e5:cd:e7:c0:b0:50:10:ec:c5:fc:b7:18:
         57:6a:5d:9a:35:40:be:36:a1:d5:6b:df:12:82:08:cc:ea:5a:
         cc:65:1c:63:5e:77:e4:27:4f:dd:7d:39:bf:21:ff:8e:b6:41:
         93:d1:56:e7:0c:e1:a4:b4:be:9e:b7:d5:73:6d:3a:fe:07:1e:
         bc:48:9f:e7:0d:fe:ac:43:f6:f1:8c:e2:d7:da:c9:8f:7c:df:
         7c:16:66:a7:84:d2:bb:81:36:21:b1:72:39:34:8b:98:e1:c7:
         d7:c4:2e:b1:58:2b:e2:d3:c6:98:43:12:65:a9:76:b2:a1:37:
         5d:23:33:64:6c:b1:7e:ed:44:e6:c2:0b:65:66:ef:92:23:36:
         13:df:92:ac
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYzIb78ZmaqKv6t1jp2F5No4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwMTAyMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjRjYTI3OGI4YTExNzgwMGE3NzJlNjRiOWE1ODEwOTYyZGUyOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl14MJXRfAwgQ1KQpOm5yqVXRk2J8
Itw9UqTgjyyPfFp0I16YgkXEc69fw2KJs9y3nUUsy+AysaBbkbVIUmtNIB2GBkzN
6WxQ3FhQkCNrHVsDdP6vWMAUWgAHJBv355AgrLL/omqziA7KYxrDy0U9suc4XeAy
58op7bHRplGa5m/0z5X2S5/nlqCGenYZjH30V41yexMgNO0u91f+qtSeayvEw+eL
v85ZYJ8By/Rt2Aj1+SLhf/N3Qczmrrt+kPhmks2rNxjtmp2n9+ZQGEfczg0+ys8n
myTsW8PCKG+DH7VI7IL6gliPuWH9PvqwQ5lPhC7eMQCGiJEAxRP5B+8fqQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFM9Moni4oReACncuZLmlgQli3iklMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvejB5aWVMaWhGNEFLZHk1a3VhV0JDV0xlS1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA9BAIAATA3AwQCH4UcMAsD
AwJNJAMEBU0kQAMEAk3o2AMEAlv2rAMEAF14LwMEA23F6AMEArBvpAMEArBz6DAP
BAIAAjAJAwcBKgEH2AAAMA0GCSqGSIb3DQEBCwUAA4IBAQA5fnZy/lDMR4/MObEe
8qMG+TmMJyfiwRHwIf9PRBqIWn6zJtxLj3qLuFo8Gc6CU3IeAPvORjILihcQgWuT
5ooeIqJrNq1xra89CAFrDCWXzRElhwdY/5LgvSgT9+qyopcCOIvlJJd0eb7X7YAM
VbCKk5LlzefAsFAQ7MX8txhXal2aNUC+NqHVa98SggjM6lrMZRxjXnfkJ0/dfTm/
If+OtkGT0VbnDOGktL6et9VzbTr+Bx68SJ/nDf6sQ/bxjOLX2smPfN98FmanhNK7
gTYhsXI5NIuY4cfXxC6xWCvi08aYQxJlqXayoTddIzNkbLF+7UTmwgtlZu+SIzYT
35Ks
-----END CERTIFICATE-----
Generated at Fri Jul 19 19:06:17 2024 by rpki-client on console-ams.rpki-client.org