Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/LCxaGJsHJzmZ-_dfjQZQxHMKT5U.roa
File:                     LCxaGJsHJzmZ-_dfjQZQxHMKT5U.roa (raw, json)
Hash identifier:          eZ3020o/zRQpk2ukH5gaciWJAFygy+xXFbCz1Jz7pqc=
Subject key identifier:   2C:2C:5A:18:9B:07:27:39:99:FB:F7:5F:8D:06:50:C4:73:0A:4F:95
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018E17D9EB6A8674C66590B920C690C6C4C5
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/LCxaGJsHJzmZ-_dfjQZQxHMKT5U.roa
Signing time:             Thu 07 Mar 2024 07:39:01 +0000
ROA not before:           Thu 07 Mar 2024 07:39:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25086
IP address blocks:        62.168.224.0/20 maxlen: 20
                          62.168.240.0/20 maxlen: 20
                          81.91.32.0/20 maxlen: 20
                          81.91.48.0/20 maxlen: 20
                          85.235.32.0/20 maxlen: 20
                          85.235.48.0/20 maxlen: 20
                          93.90.228.0/22 maxlen: 22
                          93.90.232.0/21 maxlen: 21
                          94.140.132.0/23 maxlen: 23
                          94.140.138.0/23 maxlen: 23
                          94.140.144.0/23 maxlen: 23
                          94.140.150.0/23 maxlen: 23
                          109.198.224.0/20 maxlen: 20
                          109.198.240.0/20 maxlen: 20
                          141.105.24.0/22 maxlen: 22
                          213.176.228.0/24 maxlen: 24
                          213.176.229.0/24 maxlen: 24
                          213.176.230.0/24 maxlen: 24
                          213.176.231.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 12 Mar 2024 07:49:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:17:d9:eb:6a:86:74:c6:65:90:b9:20:c6:90:c6:c4:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Mar  7 07:39:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c2c5a189b07273999fbf75f8d0650c4730a4f95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:52:01:b4:05:1b:e4:31:ad:0e:8c:90:cc:2d:
                    8c:7f:84:91:17:f8:ea:27:5b:85:7d:0b:d7:6d:fc:
                    4a:71:3e:a7:c7:1d:d6:7a:58:9c:73:98:71:98:fe:
                    5b:82:03:f1:26:4f:a8:5b:f7:bc:07:1d:19:3c:13:
                    78:ee:ef:1e:72:ab:c6:5e:a8:96:97:2f:76:39:a0:
                    4e:a4:a9:20:41:c7:a8:41:dc:f7:ed:00:04:8b:19:
                    7b:9b:82:f9:ff:85:2a:79:eb:9e:42:6c:74:cc:06:
                    cb:3d:04:0e:4e:fa:7a:56:e1:52:d1:28:4e:bb:2d:
                    23:2b:73:d7:d8:91:cf:98:b7:89:45:47:0f:6e:14:
                    e2:b0:96:77:1b:4e:43:8b:6c:f9:28:bf:ac:1d:d0:
                    09:69:f5:44:d6:aa:e3:8c:bf:a2:28:97:26:ce:f4:
                    eb:61:a8:46:63:75:ed:0d:21:87:31:13:2c:a0:49:
                    6a:6a:65:f7:48:39:f0:1c:48:0d:ef:5e:85:84:b3:
                    b0:62:63:e4:70:64:d1:98:d2:29:4f:e2:c8:84:f8:
                    07:74:b2:08:5e:e3:05:3a:e6:a7:30:67:f1:f9:4e:
                    05:8a:9f:6c:c1:06:c5:f4:27:f3:c6:40:61:34:66:
                    4a:ed:4f:1d:14:26:7a:05:88:3c:da:c0:1a:29:22:
                    49:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:2C:5A:18:9B:07:27:39:99:FB:F7:5F:8D:06:50:C4:73:0A:4F:95
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/LCxaGJsHJzmZ-_dfjQZQxHMKT5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.168.224.0/19
                  81.91.32.0/19
                  85.235.32.0/19
                  93.90.228.0-93.90.239.255
                  94.140.132.0/23
                  94.140.138.0/23
                  94.140.144.0/23
                  94.140.150.0/23
                  109.198.224.0/19
                  141.105.24.0/22
                  213.176.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:bc:8d:5e:56:c5:86:7f:30:cc:a4:44:78:4d:bd:49:a8:e2:
         60:43:2d:5f:e1:cd:2b:10:16:f9:3b:9a:1c:fe:61:46:dd:c1:
         7d:d6:36:d5:b6:7d:90:55:d0:df:ac:c0:d5:32:cb:1c:95:77:
         4a:cf:ed:71:af:6b:07:9e:68:7b:5d:68:1a:63:aa:6d:a8:3b:
         2b:c9:93:18:e8:9d:92:0f:a2:3b:cb:a3:f0:e5:99:9b:18:92:
         3d:02:8d:2b:93:9c:bb:76:c1:d2:26:a2:3f:29:72:74:54:83:
         ff:43:f7:a6:ef:b9:a9:06:d7:42:94:a4:da:42:42:bf:21:6c:
         3d:c7:9a:31:9c:68:31:68:64:19:30:c2:57:67:29:b6:4b:be:
         29:40:6a:e9:c5:e2:35:e8:11:70:6d:ae:75:83:34:4b:59:66:
         ca:d5:6d:ea:fb:6a:56:7a:06:10:dd:20:cb:86:c7:5f:cb:e3:
         9a:fb:bf:00:56:73:57:34:5c:a6:6b:87:fe:4f:6c:1e:ad:0f:
         b0:de:9e:01:f1:d0:c9:fb:d3:5f:27:71:54:ed:63:9e:1a:c3:
         05:89:e4:12:85:0b:ad:15:56:ed:66:9b:ab:0d:24:88:21:44:
         90:f7:9a:b8:bf:64:ba:92:c1:80:58:6b:6b:d2:17:3d:0b:46:
         0a:1e:33:94
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAY4X2etqhnTGZZC5IMaQxsTFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjQwMzA3MDczOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzJjNWExODliMDcyNzM5OTlmYmY3NWY4ZDA2NTBjNDczMGE0Zjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilIBtAUb5DGtDoyQzC2Mf4SRF/jq
J1uFfQvXbfxKcT6nxx3Welicc5hxmP5bggPxJk+oW/e8Bx0ZPBN47u8ecqvGXqiW
ly92OaBOpKkgQceoQdz37QAEixl7m4L5/4UqeeueQmx0zAbLPQQOTvp6VuFS0ShO
uy0jK3PX2JHPmLeJRUcPbhTisJZ3G05Di2z5KL+sHdAJafVE1qrjjL+iKJcmzvTr
YahGY3XtDSGHMRMsoElqamX3SDnwHEgN716FhLOwYmPkcGTRmNIpT+LIhPgHdLII
XuMFOuanMGfx+U4Fip9swQbF9CfzxkBhNGZK7U8dFCZ6BYg82sAaKSJJWwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFCwsWhibByc5mfv3X40GUMRzCk+VMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvTEN4YUdKc0hKem1aLV9kZmpRWlF4SE1LVDVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQFPqjgAwQF
UVsgAwQFVesgMAwDBAJdWuQDBARdWuADBAFejIQDBAFejIoDBAFejJADBAFejJYD
BAVtxuADBAKNaRgDBALVsOQwDQYJKoZIhvcNAQELBQADggEBAAK8jV5WxYZ/MMyk
RHhNvUmo4mBDLV/hzSsQFvk7mhz+YUbdwX3WNtW2fZBV0N+swNUyyxyVd0rP7XGv
aweeaHtdaBpjqm2oOyvJkxjonZIPojvLo/DlmZsYkj0CjSuTnLt2wdImoj8pcnRU
g/9D96bvuakG10KUpNpCQr8hbD3HmjGcaDFoZBkwwldnKbZLvilAaunF4jXoEXBt
rnWDNEtZZsrVber7alZ6BhDdIMuGx1/L45r7vwBWc1c0XKZrh/5PbB6tD7DengHx
0Mn7018ncVTtY54awwWJ5BKFC60VVu1mm6sNJIghRJD3mri/ZLqSwYBYa2vSFz0L
RgoeM5Q=
-----END CERTIFICATE-----