Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/LEg6I9H6CZ4LzPMl-suxmbJLLOc.roa
File:                     LEg6I9H6CZ4LzPMl-suxmbJLLOc.roa (raw, json)
Hash identifier:          p6rq5xnw7UikiyXJF8uS7L+EmEM475pz6+zZFKSjCpA=
Subject key identifier:   2C:48:3A:23:D1:FA:09:9E:0B:CC:F3:25:FA:CB:B1:99:B2:4B:2C:E7
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       01882E767158C35F1AADE8C2FFBFDAA4611C
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/LEg6I9H6CZ4LzPMl-suxmbJLLOc.roa
Signing time:             Thu 18 May 2023 10:44:54 +0000
ROA not before:           Thu 18 May 2023 10:44:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39521
IP address blocks:        185.144.56.0/22 maxlen: 24
                          45.95.40.0/22 maxlen: 22
                          83.229.23.0/24 maxlen: 24
                          188.191.48.0/22 maxlen: 22
                          5.22.204.0/22 maxlen: 22
                          217.194.153.0/24 maxlen: 24
                          83.229.34.0/24 maxlen: 24
                          45.130.100.0/22 maxlen: 22
                          95.178.107.0/24 maxlen: 24
                          45.88.5.0/24 maxlen: 24
                          45.88.6.0/24 maxlen: 24
                          45.88.7.0/24 maxlen: 24
                          2a05:e4c0::/29 maxlen: 32

Validation:               Failed, certificate revoked on Mon 24 Jul 2023 20:17:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2e:76:71:58:c3:5f:1a:ad:e8:c2:ff:bf:da:a4:61:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: May 18 10:44:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2c483a23d1fa099e0bccf325facbb199b24b2ce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:be:fe:1c:bd:0c:0a:7c:ce:07:57:73:1b:9c:
                    d9:9a:8a:f7:e9:46:90:f6:1e:3d:f2:1f:24:8e:aa:
                    2c:2f:b6:80:65:d7:b2:6c:04:d8:58:ab:d3:ac:c2:
                    f8:1d:61:f1:62:45:b1:e6:db:ee:3f:e7:c8:fb:d6:
                    12:45:b8:a2:d0:bb:2e:1e:7e:3c:8a:75:44:03:c1:
                    3f:69:a8:7b:65:c4:6a:03:7b:6b:02:3f:37:76:22:
                    4f:06:8f:ac:38:b2:27:65:80:8d:86:d6:76:31:55:
                    44:63:a8:90:01:32:6e:73:95:e1:30:0d:58:8e:47:
                    c9:8d:0b:3a:08:ce:dc:bf:af:45:0f:3f:4f:32:6c:
                    9c:9e:5c:a9:08:dc:40:0a:e7:ff:38:60:14:1e:9b:
                    32:58:bb:50:9b:e5:32:81:28:47:e9:19:7c:8d:92:
                    c7:4e:25:b1:13:ba:42:53:a7:68:93:2b:83:c2:f3:
                    62:29:80:bc:52:9b:2d:d8:b6:9b:55:10:1f:f9:63:
                    f5:a9:e0:79:4e:2c:52:57:c0:f8:30:d5:f6:49:bf:
                    79:6e:9d:a7:1d:b0:7a:50:4b:b8:0d:0b:2f:0d:99:
                    eb:26:d5:c4:cd:c3:f4:8b:f3:4e:a1:41:38:52:88:
                    0a:67:dd:c3:7c:b0:ce:fc:a2:56:4e:77:3a:76:22:
                    04:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:48:3A:23:D1:FA:09:9E:0B:CC:F3:25:FA:CB:B1:99:B2:4B:2C:E7
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/LEg6I9H6CZ4LzPMl-suxmbJLLOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.204.0/22
                  45.88.5.0-45.88.7.255
                  45.95.40.0/22
                  45.130.100.0/22
                  83.229.23.0/24
                  83.229.34.0/24
                  95.178.107.0/24
                  185.144.56.0/22
                  188.191.48.0/22
                  217.194.153.0/24
                IPv6:
                  2a05:e4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:e3:6a:4f:55:47:ea:3a:34:70:15:b1:cf:4c:e0:3a:e3:a5:
         ce:5e:97:26:30:8f:39:e8:2f:28:df:2a:49:b5:ae:00:05:b4:
         0c:9c:9d:05:38:e8:78:73:f3:69:2e:ea:34:79:98:21:09:09:
         6f:3e:cf:88:63:f5:9c:d1:85:07:bd:c4:9b:cb:67:52:2f:2f:
         43:32:cf:28:23:a7:ac:8e:e7:e3:51:67:6f:ba:31:10:6f:df:
         22:af:ae:6f:77:62:a6:e6:d3:e7:73:e8:e0:22:8a:1a:43:3e:
         ba:c9:33:b4:8e:84:e0:b0:f8:39:df:cb:a2:ab:2f:d5:da:55:
         40:2f:59:83:30:31:f1:1c:4d:70:ed:dd:d2:08:34:ed:d1:6b:
         3d:99:29:58:dd:73:3d:2e:ad:03:c3:8c:aa:da:ba:db:93:2e:
         a2:52:b3:9d:d6:f2:63:97:56:5e:97:64:8e:48:00:e1:19:42:
         97:1c:fe:3d:b1:e4:b6:31:eb:0f:89:9b:75:f6:c0:ea:f8:a0:
         6b:1f:c6:2f:98:35:6b:f6:a7:10:3b:d1:19:f4:19:a8:0f:11:
         a5:ae:2e:3b:d2:79:28:3d:b5:a4:f9:3b:72:82:7c:7a:80:15:
         3f:31:43:a3:9b:47:2f:33:9c:09:9b:15:b5:5f:8c:b0:3d:63:
         2c:af:ee:3f
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYgudnFYw18arejC/7/apGEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjMwNTE4MTA0NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzQ4M2EyM2QxZmEwOTllMGJjY2YzMjVmYWNiYjE5OWIyNGIyY2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh77+HL0MCnzOB1dzG5zZmor36UaQ
9h498h8kjqosL7aAZdeybATYWKvTrML4HWHxYkWx5tvuP+fI+9YSRbii0LsuHn48
inVEA8E/aah7ZcRqA3trAj83diJPBo+sOLInZYCNhtZ2MVVEY6iQATJuc5XhMA1Y
jkfJjQs6CM7cv69FDz9PMmycnlypCNxACuf/OGAUHpsyWLtQm+UygShH6Rl8jZLH
TiWxE7pCU6dokyuDwvNiKYC8Upst2LabVRAf+WP1qeB5TixSV8D4MNX2Sb95bp2n
HbB6UEu4DQsvDZnrJtXEzcP0i/NOoUE4UogKZ93DfLDO/KJWTnc6diIEuQIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFCxIOiPR+gmeC8zzJfrLsZmySyznMB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvTEVnNkk5SDZDWjRMelBNbC1zdXhtYkpMTE9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQCBRbMMAwD
BAAtWAUDBAMtWAADBAItXygDBAItgmQDBABT5RcDBABT5SIDBABfsmsDBAK5kDgD
BAK8vzADBADZwpkwDQQCAAIwBwMFAyoF5MAwDQYJKoZIhvcNAQELBQADggEBAGPj
ak9VR+o6NHAVsc9M4Drjpc5elyYwjznoLyjfKkm1rgAFtAycnQU46Hhz82ku6jR5
mCEJCW8+z4hj9ZzRhQe9xJvLZ1IvL0Myzygjp6yO5+NRZ2+6MRBv3yKvrm93Yqbm
0+dz6OAiihpDPrrJM7SOhOCw+Dnfy6KrL9XaVUAvWYMwMfEcTXDt3dIINO3Raz2Z
KVjdcz0urQPDjKrautuTLqJSs53W8mOXVl6XZI5IAOEZQpcc/j2x5LYx6w+Jm3X2
wOr4oGsfxi+YNWv2pxA70Rn0GagPEaWuLjvSeSg9taT5O3KCfHqAFT8xQ6ObRy8z
nAmbFbVfjLA9Yyyv7j8=
-----END CERTIFICATE-----