Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/EqkfBy6CNlURvmB30I1-9MwXuZw.roa
File:                     EqkfBy6CNlURvmB30I1-9MwXuZw.roa (raw, json)
Hash identifier:          gDctjxJEYiYV+CL2jSbnOYwYzcTijkZu7leU3ebueiY=
Subject key identifier:   12:A9:1F:07:2E:82:36:55:11:BE:60:77:D0:8D:7E:F4:CC:17:B9:9C
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D692B0B9FB0A8898DD9ED6AE643542466
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/EqkfBy6CNlURvmB30I1-9MwXuZw.roa
Signing time:             Fri 02 Feb 2024 09:34:05 +0000
ROA not before:           Fri 02 Feb 2024 09:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        45.138.7.0/24 maxlen: 24
                          45.138.212.0/24 maxlen: 24
                          45.138.215.0/24 maxlen: 24
                          45.149.130.0/24 maxlen: 24
                          45.149.131.0/24 maxlen: 24
                          45.152.118.0/24 maxlen: 24
                          45.152.119.0/24 maxlen: 24
                          91.206.69.0/24 maxlen: 24
                          91.237.104.0/24 maxlen: 24
                          91.237.105.0/24 maxlen: 24
                          194.107.200.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 05 Feb 2024 18:41:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:2b:0b:9f:b0:a8:89:8d:d9:ed:6a:e6:43:54:24:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  2 09:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12a91f072e82365511be6077d08d7ef4cc17b99c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:4a:99:13:d0:5c:78:f2:5e:d4:10:91:16:e5:
                    d2:50:af:2a:11:26:e9:63:af:ba:5c:1f:c3:74:12:
                    54:a0:68:bb:98:c2:64:f5:09:00:dd:5e:ae:db:c9:
                    7b:63:11:46:a0:3b:4f:37:bd:44:75:3f:cd:f8:e8:
                    56:44:4f:1a:29:0f:3d:78:81:a1:bc:da:5e:ab:c2:
                    ca:85:6f:4f:41:48:7a:63:5b:a6:b7:bb:f2:a2:15:
                    30:3d:cb:45:e2:4c:89:94:2f:2e:bf:01:f4:f2:9e:
                    e7:f2:4b:79:5c:1d:a5:59:66:11:3e:bc:a9:fb:f8:
                    68:85:f0:00:18:ae:4b:c2:ea:79:17:31:e3:ab:d7:
                    aa:0a:bc:85:86:5e:1c:4c:af:bd:96:06:b5:bf:96:
                    de:42:49:c8:bd:40:84:92:63:10:77:a7:94:6a:f9:
                    fd:5b:87:94:bc:3e:af:37:a7:70:3c:f2:44:9f:73:
                    76:1a:19:83:5f:62:0b:df:c0:fa:34:f4:8c:11:dd:
                    9a:37:5a:17:45:a3:5f:02:0e:5c:4c:48:40:a4:e2:
                    18:73:30:51:26:c2:79:1e:55:bf:56:9a:f1:73:12:
                    d2:73:2c:6d:37:9f:77:56:a8:f1:ea:0c:86:84:be:
                    37:80:82:3b:ff:27:3b:e5:85:3f:9a:54:aa:3b:75:
                    4e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:A9:1F:07:2E:82:36:55:11:BE:60:77:D0:8D:7E:F4:CC:17:B9:9C
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/EqkfBy6CNlURvmB30I1-9MwXuZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.7.0/24
                  45.138.212.0/24
                  45.138.215.0/24
                  45.149.130.0/23
                  45.152.118.0/23
                  91.206.69.0/24
                  91.237.104.0/23
                  194.107.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:7b:0b:ce:4a:90:fd:3f:f3:4f:04:3f:d7:6f:25:20:9f:65:
         29:15:e8:6b:0a:96:a9:ef:dd:ec:f9:c2:29:86:b3:47:4d:46:
         e4:af:d1:a1:16:e9:ef:6f:08:77:e0:d9:98:cf:48:f2:26:aa:
         6d:fd:6c:9a:cc:9c:60:6e:1b:d5:c3:0e:5c:94:17:15:59:c3:
         5f:59:a6:53:08:84:20:3d:3c:f5:ef:05:60:f3:dd:3f:71:c7:
         e7:fd:80:61:0f:e8:94:02:d7:13:0e:4f:5e:95:e1:be:14:36:
         41:5e:bb:8b:39:8b:26:52:1e:88:02:16:38:8f:97:d9:40:97:
         10:8b:5b:5c:39:22:0a:ce:d8:2f:1b:61:bf:22:f2:0d:77:18:
         5d:23:c5:d6:00:72:c7:51:fe:ce:00:47:db:c1:07:ce:d2:b4:
         ba:1a:69:af:9d:73:46:3f:20:04:c1:04:d7:42:d2:da:0c:5f:
         f5:35:5a:f2:a7:db:66:36:9f:43:3b:c5:c9:95:8f:5d:eb:58:
         4a:bf:fb:bb:f0:3c:e0:af:a7:f3:4e:af:ac:60:0a:f4:8e:60:
         82:29:b0:4b:4d:9c:ad:25:de:d6:12:02:dc:e1:21:fd:a0:d2:
         26:5d:9c:6b:fc:8f:7d:e8:4e:88:73:ff:73:3a:cf:66:0d:95:
         cd:0f:eb:fe
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY1pKwufsKiJjdntauZDVCRmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjAyMDkzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmE5MWYwNzJlODIzNjU1MTFiZTYwNzdkMDhkN2VmNGNjMTdiOTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkqZE9BcePJe1BCRFuXSUK8qESbp
Y6+6XB/DdBJUoGi7mMJk9QkA3V6u28l7YxFGoDtPN71EdT/N+OhWRE8aKQ89eIGh
vNpeq8LKhW9PQUh6Y1umt7vyohUwPctF4kyJlC8uvwH08p7n8kt5XB2lWWYRPryp
+/hohfAAGK5Lwup5FzHjq9eqCryFhl4cTK+9lga1v5beQknIvUCEkmMQd6eUavn9
W4eUvD6vN6dwPPJEn3N2GhmDX2IL38D6NPSMEd2aN1oXRaNfAg5cTEhApOIYczBR
JsJ5HlW/VprxcxLScyxtN593Vqjx6gyGhL43gII7/yc75YU/mlSqO3VO0QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBKpHwcugjZVEb5gd9CNfvTMF7mcMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvRXFrZkJ5NkNObFVSdm1CMzBJMS05TXdYdVp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALYoHAwQA
LYrUAwQALYrXAwQBLZWCAwQBLZh2AwQAW85FAwQBW+1oAwQAwmvIMA0GCSqGSIb3
DQEBCwUAA4IBAQAZewvOSpD9P/NPBD/XbyUgn2UpFehrCpap793s+cIphrNHTUbk
r9GhFunvbwh34NmYz0jyJqpt/WyazJxgbhvVww5clBcVWcNfWaZTCIQgPTz17wVg
890/ccfn/YBhD+iUAtcTDk9eleG+FDZBXruLOYsmUh6IAhY4j5fZQJcQi1tcOSIK
ztgvG2G/IvINdxhdI8XWAHLHUf7OAEfbwQfO0rS6GmmvnXNGPyAEwQTXQtLaDF/1
NVryp9tmNp9DO8XJlY9d61hKv/u78Dzgr6fzTq+sYAr0jmCCKbBLTZytJd7WEgLc
4SH9oNImXZxr/I996E6Ic/9zOs9mDZXND+v+
-----END CERTIFICATE-----