Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/_3kYETCA5XIvGB_MP2r43pxTvJ8.roa
File:                     _3kYETCA5XIvGB_MP2r43pxTvJ8.roa (raw, json)
Hash identifier:          dOhrWQ9tqizPCR0SMswVTOjjKBB0zD2j/HK/yY6uuTA=
Subject key identifier:   FF:79:18:11:30:80:E5:72:2F:18:1F:CC:3F:6A:F8:DE:9C:53:BC:9F
Certificate issuer:       /CN=b62d4cec783305923e3497ed884f1c445b4e78fb
Certificate serial:       01918F1103DAA16000F88B15FCD879D08491
Authority key identifier: B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/_3kYETCA5XIvGB_MP2r43pxTvJ8.roa
Signing time:             Mon 26 Aug 2024 14:22:22 +0000
ROA not before:           Mon 26 Aug 2024 14:22:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44901
IP address blocks:        46.253.0.0/24 maxlen: 24
                          46.253.1.0/24 maxlen: 24
                          46.253.2.0/24 maxlen: 24
                          46.253.4.0/24 maxlen: 24
                          91.132.60.0/24 maxlen: 24
                          91.132.62.0/24 maxlen: 24
                          91.132.63.0/24 maxlen: 24
                          93.94.142.0/24 maxlen: 24
                          95.169.202.0/24 maxlen: 24
                          185.1.156.0/24 maxlen: 24
                          185.243.213.0/24 maxlen: 24
                          2a09:be80::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 21 Nov 2024 20:52:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8f:11:03:da:a1:60:00:f8:8b:15:fc:d8:79:d0:84:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62d4cec783305923e3497ed884f1c445b4e78fb
        Validity
            Not Before: Aug 26 14:22:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff7918113080e5722f181fcc3f6af8de9c53bc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c7:7d:90:2e:6e:58:c5:f0:a7:b0:26:82:3b:
                    e1:5b:6b:ee:ee:52:bd:4b:a3:f4:00:ef:b9:34:55:
                    e8:4a:f1:a4:48:63:2f:36:2a:fc:a8:fe:b6:53:de:
                    e4:9d:80:8e:b7:ef:a5:3b:0f:82:6d:91:9e:69:79:
                    ac:86:3b:17:fd:3c:af:74:0d:22:0a:37:a6:07:8a:
                    67:cd:88:73:90:b8:2a:50:53:c9:ca:b7:62:5a:b1:
                    bb:1e:4f:56:0f:3c:ce:d0:60:c2:bc:4e:9a:79:a7:
                    89:3b:48:de:56:ed:4a:16:cb:10:bf:c9:d9:03:a9:
                    4d:93:bf:ce:82:49:06:8d:63:5b:35:04:f7:31:05:
                    6c:e2:9d:e3:ba:66:0c:8a:85:be:53:19:6f:23:0b:
                    24:5e:8e:e7:65:e7:d5:6f:a9:98:44:f4:06:d6:9a:
                    4c:c3:1d:09:e6:65:a1:3e:b2:7a:e9:83:0f:2d:68:
                    e3:11:cb:91:6b:db:96:5d:cb:19:7e:91:36:57:a2:
                    3e:b4:82:ae:70:2f:ba:7d:31:6c:56:e1:e7:c8:44:
                    9d:7f:a6:b6:41:31:8d:0c:49:03:e8:0e:c5:94:df:
                    b4:1a:00:cf:27:42:41:d5:e9:39:07:e8:13:06:82:
                    63:5d:25:cb:5d:95:88:77:bf:d1:67:91:f5:2d:f0:
                    85:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:79:18:11:30:80:E5:72:2F:18:1F:CC:3F:6A:F8:DE:9C:53:BC:9F
            X509v3 Authority Key Identifier:
                keyid:B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/_3kYETCA5XIvGB_MP2r43pxTvJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.0.0-46.253.2.255
                  46.253.4.0/24
                  91.132.60.0/24
                  91.132.62.0/23
                  93.94.142.0/24
                  95.169.202.0/24
                  185.1.156.0/24
                  185.243.213.0/24
                IPv6:
                  2a09:be80::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:7f:f3:e1:0b:6a:85:bf:3d:a0:ed:c3:de:b2:9f:26:47:00:
         74:a4:fa:d1:5b:0b:08:cb:ca:74:7f:4a:13:7b:26:6b:4a:69:
         bb:71:d3:c0:8f:c5:df:d9:fb:0d:68:b8:07:91:ce:17:43:50:
         f6:a0:18:72:b4:22:4d:f1:03:3e:7b:5a:28:4a:57:03:fe:2f:
         cf:69:8a:41:0d:ec:ee:e8:5e:1c:e8:e9:11:21:f2:0a:5b:d4:
         1b:5a:96:b2:78:4b:2c:82:bf:b2:35:28:ff:90:b2:35:5b:04:
         b6:df:08:52:5e:22:61:e0:04:98:f6:83:2e:75:43:4a:7d:8f:
         eb:94:93:84:98:d6:60:3b:50:18:00:0b:b0:8a:3a:b1:b4:13:
         75:ba:9a:1e:b9:ba:90:e1:93:56:96:14:27:e2:59:21:74:c4:
         49:26:cb:de:c9:b6:6b:90:21:ae:21:c3:3a:68:ef:71:61:71:
         74:84:b3:11:bf:fe:bd:30:c5:75:23:6f:84:50:32:92:6b:49:
         c4:2e:fa:ff:24:bf:f4:c2:4b:fe:89:c2:0e:2a:cf:ef:e6:fb:
         1b:da:2f:d8:bb:6f:37:81:bc:85:e6:c8:71:3b:09:9b:a1:3d:
         1a:43:15:44:28:36:b8:9e:2a:0b:69:b4:9b:ae:45:cb:bb:bb:
         73:82:5d:5d
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZGPEQPaoWAA+IsV/Nh50ISRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmQ0Y2VjNzgzMzA1OTIzZTM0OTdlZDg4NGYxYzQ0NWI0
ZTc4ZmIwHhcNMjQwODI2MTQyMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjc5MTgxMTMwODBlNTcyMmYxODFmY2MzZjZhZjhkZTljNTNiYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8d9kC5uWMXwp7AmgjvhW2vu7lK9
S6P0AO+5NFXoSvGkSGMvNir8qP62U97knYCOt++lOw+CbZGeaXmshjsX/TyvdA0i
CjemB4pnzYhzkLgqUFPJyrdiWrG7Hk9WDzzO0GDCvE6aeaeJO0jeVu1KFssQv8nZ
A6lNk7/OgkkGjWNbNQT3MQVs4p3jumYMioW+UxlvIwskXo7nZefVb6mYRPQG1ppM
wx0J5mWhPrJ66YMPLWjjEcuRa9uWXcsZfpE2V6I+tIKucC+6fTFsVuHnyESdf6a2
QTGNDEkD6A7FlN+0GgDPJ0JB1ek5B+gTBoJjXSXLXZWId7/RZ5H1LfCFmwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFP95GBEwgOVyLxgfzD9q+N6cU7yfMB8GA1UdIwQY
MBaAFLYtTOx4MwWSPjSX7YhPHERbTnj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTIt
ZDMyZTI3ZmI3ZTU5LzEvXzNrWUVUQ0E1WEl2R0JfTVAycjQzcHhUdko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTItZDMyZTI3ZmI3ZTU5
LzEvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA9BAIAATA3MAsDAwAu/QME
AC79AgMEAC79BAMEAFuEPAMEAVuEPgMEAF1ejgMEAF+pygMEALkBnAMEALnz1TAN
BAIAAjAHAwUAKgm+gDANBgkqhkiG9w0BAQsFAAOCAQEANX/z4Qtqhb89oO3D3rKf
JkcAdKT60VsLCMvKdH9KE3sma0ppu3HTwI/F39n7DWi4B5HOF0NQ9qAYcrQiTfED
PntaKEpXA/4vz2mKQQ3s7uheHOjpESHyClvUG1qWsnhLLIK/sjUo/5CyNVsEtt8I
Ul4iYeAEmPaDLnVDSn2P65SThJjWYDtQGAALsIo6sbQTdbqaHrm6kOGTVpYUJ+JZ
IXTESSbL3sm2a5AhriHDOmjvcWFxdISzEb/+vTDFdSNvhFAykmtJxC76/yS/9MJL
/onCDirP7+b7G9ov2LtvN4G8hebIcTsJm6E9GkMVRCg2uJ4qC2m0m65Fy7u7c4Jd
XQ==
-----END CERTIFICATE-----