Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/Zwe7v3V3hv3_HCNNhH0OB5_474s.roa
File:                     Zwe7v3V3hv3_HCNNhH0OB5_474s.roa (raw, json)
Hash identifier:          xmoHsLV/6qfPxeWr/JNXGWPLp8GV+PRfgERwrFFfwJI=
Subject key identifier:   67:07:BB:BF:75:77:86:FD:FF:1C:23:4D:84:7D:0E:07:9F:F8:EF:8B
Certificate issuer:       /CN=29b3a717665a1137e99dc8fad22e3e7f98db8973
Certificate serial:       018CC9BC71EC3C304F6F6238C311F40FA26C
Authority key identifier: 29:B3:A7:17:66:5A:11:37:E9:9D:C8:FA:D2:2E:3E:7F:98:DB:89:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KbOnF2ZaETfpncj60i4-f5jbiXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/Zwe7v3V3hv3_HCNNhH0OB5_474s.roa
Signing time:             Tue 02 Jan 2024 10:33:39 +0000
ROA not before:           Tue 02 Jan 2024 10:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42675
IP address blocks:        217.64.148.0/23 maxlen: 23
                          185.157.162.0/24 maxlen: 24
                          217.64.150.0/24 maxlen: 24
                          185.157.160.0/23 maxlen: 23
                          2a07:a880:4603::/48 maxlen: 48
                          2a07:a880:3101::/48 maxlen: 48
                          2a07:a880:4601::/48 maxlen: 48
                          2a07:a880:4701::/48 maxlen: 48
                          2a07:a880:4604::/48 maxlen: 48
                          2a07:a880:4602::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 26 Aug 2024 09:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:71:ec:3c:30:4f:6f:62:38:c3:11:f4:0f:a2:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29b3a717665a1137e99dc8fad22e3e7f98db8973
        Validity
            Not Before: Jan  2 10:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6707bbbf757786fdff1c234d847d0e079ff8ef8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2b:32:64:ed:d8:95:b1:f6:75:0a:9d:68:ea:
                    8d:56:ee:72:62:b2:db:ef:00:6e:01:68:54:19:a2:
                    d0:3f:69:4f:16:57:8f:d9:ce:6c:99:6c:2a:9b:7f:
                    04:cc:ab:38:09:04:10:e5:2d:70:ab:1e:e1:f8:97:
                    7a:af:09:50:d1:ac:18:d4:26:97:ab:f1:d0:e5:33:
                    9a:e4:63:ba:94:21:b8:95:53:a8:d3:92:db:40:30:
                    e0:9b:c2:d0:38:17:4b:81:e3:68:34:f2:45:02:4d:
                    1d:f7:de:12:cd:c4:c0:71:74:d0:d7:20:67:61:f8:
                    b4:38:52:71:d3:06:48:cc:07:72:e7:a9:26:bd:da:
                    02:0e:28:35:a0:17:90:19:43:03:ff:d0:c7:db:29:
                    e2:ce:de:fd:2e:10:b5:e9:a6:eb:f1:99:ce:7e:82:
                    bb:f4:a6:17:85:a8:33:c7:7f:3b:4a:ef:65:b4:74:
                    a7:f0:90:be:aa:c6:e6:5b:4f:90:42:23:d8:55:00:
                    98:78:48:50:44:a1:3a:dd:c9:50:04:7e:3d:34:96:
                    00:d5:5b:7d:bc:80:a1:12:b3:5b:52:f7:3a:46:92:
                    16:93:65:28:f3:bf:87:05:c0:0e:c1:02:3c:92:3a:
                    77:dd:1f:8a:b8:6e:9a:c1:ed:11:1b:2b:92:e9:32:
                    4c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:07:BB:BF:75:77:86:FD:FF:1C:23:4D:84:7D:0E:07:9F:F8:EF:8B
            X509v3 Authority Key Identifier:
                keyid:29:B3:A7:17:66:5A:11:37:E9:9D:C8:FA:D2:2E:3E:7F:98:DB:89:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KbOnF2ZaETfpncj60i4-f5jbiXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/Zwe7v3V3hv3_HCNNhH0OB5_474s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/acd28e-52ae-4ac9-b028-669f7a761631/1/KbOnF2ZaETfpncj60i4-f5jbiXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.160.0-185.157.162.255
                  217.64.148.0-217.64.150.255
                IPv6:
                  2a07:a880:3101::/48
                  2a07:a880:4601::-2a07:a880:4604:ffff:ffff:ffff:ffff:ffff
                  2a07:a880:4701::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:2d:b5:f5:15:61:57:e1:76:b8:8f:cf:d6:6e:cb:ee:9d:dc:
         c2:d3:28:a6:df:a4:c6:3d:12:31:50:36:c5:50:83:93:b8:f3:
         3e:fe:96:20:3c:07:a4:77:ff:13:0d:2f:e4:7d:86:a2:c8:94:
         51:40:34:ef:c9:6e:1e:56:a1:72:7d:95:66:d4:4b:52:1f:49:
         31:e4:67:2d:9b:c6:0b:96:c8:ce:d2:e7:75:59:51:15:d8:08:
         c8:f2:84:54:3a:33:d4:4e:04:74:d9:d7:55:b0:d7:fe:ab:0a:
         0d:26:e8:f2:60:c4:60:99:a9:8e:ce:ed:83:2a:2e:55:19:d1:
         b4:37:c6:2c:0a:19:44:18:d4:de:1a:c7:24:e0:5f:cb:bc:c8:
         f0:8c:11:a0:17:a8:50:48:00:33:4b:96:1c:78:3f:3c:7a:02:
         b2:80:fb:0a:1a:ae:8e:ae:06:84:65:0d:a0:1b:65:49:28:78:
         97:68:ee:27:22:5c:83:61:31:3a:59:2e:1c:65:55:79:b8:8f:
         91:6e:1c:4f:73:a7:7e:b1:b4:d4:93:d5:b0:1b:57:e0:e2:5c:
         40:ee:c6:5c:22:82:0f:be:aa:c1:b3:51:2e:29:1c:66:b3:42:
         df:58:0d:83:24:0e:bd:ea:ba:c0:cb:35:9d:67:81:d2:4a:d2:
         5e:4b:ce:fb
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYzJvHHsPDBPb2I4wxH0D6JsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YjNhNzE3NjY1YTExMzdlOTlkYzhmYWQyMmUzZTdmOThk
Yjg5NzMwHhcNMjQwMTAyMTAzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzA3YmJiZjc1Nzc4NmZkZmYxYzIzNGQ4NDdkMGUwNzlmZjhlZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSsyZO3YlbH2dQqdaOqNVu5yYrLb
7wBuAWhUGaLQP2lPFleP2c5smWwqm38EzKs4CQQQ5S1wqx7h+Jd6rwlQ0awY1CaX
q/HQ5TOa5GO6lCG4lVOo05LbQDDgm8LQOBdLgeNoNPJFAk0d994SzcTAcXTQ1yBn
Yfi0OFJx0wZIzAdy56kmvdoCDig1oBeQGUMD/9DH2ynizt79LhC16abr8ZnOfoK7
9KYXhagzx387Su9ltHSn8JC+qsbmW0+QQiPYVQCYeEhQRKE63clQBH49NJYA1Vt9
vIChErNbUvc6RpIWk2Uo87+HBcAOwQI8kjp33R+KuG6awe0RGyuS6TJMzwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFGcHu791d4b9/xwjTYR9Dgef+O+LMB8GA1UdIwQY
MBaAFCmzpxdmWhE36Z3I+tIuPn+Y24lzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JPbkYyWmFFVGZwbmNqNjBpNC1mNWpiaVhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hY2QyOGUtNTJhZS00YWM5LWIwMjgt
NjY5ZjdhNzYxNjMxLzEvWndlN3YzVjNodjNfSENOTmhIME9CNV80NzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hY2QyOGUtNTJhZS00YWM5LWIwMjgtNjY5ZjdhNzYxNjMx
LzEvS2JPbkYyWmFFVGZwbmNqNjBpNC1mNWpiaVhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjAiBAIAATAcMAwDBAW5naAD
BAC5naIwDAMEAtlAlAMEANlAljAsBAIAAjAmAwcAKgeogDEBMBIDBwAqB6iARgED
BwAqB6iARgQDBwAqB6iARwEwDQYJKoZIhvcNAQELBQADggEBAMIttfUVYVfhdriP
z9Zuy+6d3MLTKKbfpMY9EjFQNsVQg5O48z7+liA8B6R3/xMNL+R9hqLIlFFANO/J
bh5WoXJ9lWbUS1IfSTHkZy2bxguWyM7S53VZURXYCMjyhFQ6M9ROBHTZ11Ww1/6r
Cg0m6PJgxGCZqY7O7YMqLlUZ0bQ3xiwKGUQY1N4axyTgX8u8yPCMEaAXqFBIADNL
lhx4Pzx6ArKA+woaro6uBoRlDaAbZUkoeJdo7iciXINhMTpZLhxlVXm4j5FuHE9z
p36xtNST1bAbV+DiXEDuxlwigg++qsGzUS4pHGazQt9YDYMkDr3qusDLNZ1ngdJK
0l5Lzvs=
-----END CERTIFICATE-----