Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/oOrxeZaz6KySWe3CQchmzlD0vUc.roa
File:                     oOrxeZaz6KySWe3CQchmzlD0vUc.roa (raw, json)
Hash identifier:          EEL4Pcco2To6DNHOw61esvadCgl/N11CL32KY22sULM=
Subject key identifier:   A0:EA:F1:79:96:B3:E8:AC:92:59:ED:C2:41:C8:66:CE:50:F4:BD:47
Certificate issuer:       /CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Certificate serial:       018CA271D5F92088B04BAFB3DD40D90E122B
Authority key identifier: 9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/oOrxeZaz6KySWe3CQchmzlD0vUc.roa
Signing time:             Mon 25 Dec 2023 19:26:58 +0000
ROA not before:           Mon 25 Dec 2023 19:26:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25198
IP address blocks:        103.246.248.0/24 maxlen: 24
                          195.74.93.0/24 maxlen: 24
                          77.74.123.0/24 maxlen: 24
                          46.229.243.0/24 maxlen: 24
                          46.229.253.0/24 maxlen: 24
                          46.229.251.0/24 maxlen: 24
                          83.229.61.0/24 maxlen: 24
                          85.204.107.0/24 maxlen: 24
                          103.112.171.0/24 maxlen: 24
                          185.104.63.0/24 maxlen: 24
                          2a12:3200:3000::/36 maxlen: 36
                          2a12:3200:1000::/36 maxlen: 36
                          2a12:3200::/36 maxlen: 36
                          2a12:3200:2000::/36 maxlen: 36
                          2a12:3200:4000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:a2:71:d5:f9:20:88:b0:4b:af:b3:dd:40:d9:0e:12:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
        Validity
            Not Before: Dec 25 19:26:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a0eaf17996b3e8ac9259edc241c866ce50f4bd47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ad:74:b7:d6:f7:81:4c:87:66:88:cb:07:68:
                    ec:e1:c6:f0:96:93:80:74:8c:19:64:03:78:83:28:
                    23:e5:e0:13:e1:88:75:c1:b5:3f:97:80:fa:a2:13:
                    c2:e8:bd:cd:de:9c:c8:80:63:f6:0a:a0:71:a7:8b:
                    92:f6:11:f6:15:71:1f:c9:08:0f:4e:1a:b3:4d:45:
                    a3:aa:04:75:57:15:f1:79:ca:34:bc:54:4d:b5:d1:
                    18:ec:e2:54:a3:cc:81:80:23:8a:96:8e:ab:c3:14:
                    38:be:58:5f:68:bb:04:b6:a9:98:61:32:d0:fb:55:
                    69:61:f6:20:b5:42:20:b2:9f:8d:ad:5b:ff:7c:1a:
                    3c:20:02:70:b1:45:4e:78:62:d4:e9:40:7b:91:0e:
                    8a:45:27:bf:a0:87:78:1f:4d:2e:20:53:f4:73:3c:
                    73:98:cf:2d:89:31:fa:7b:22:c4:7b:94:23:2b:5b:
                    d9:a0:2f:27:6d:b3:fe:7c:38:b9:18:63:b2:47:1c:
                    ce:49:34:e9:8a:6a:31:87:00:39:e5:10:c2:96:91:
                    2e:9e:6a:86:a6:52:bd:f3:e7:d6:d1:0a:b2:89:8c:
                    9c:da:ed:cc:fc:0f:fd:fb:eb:65:28:d4:28:13:3c:
                    82:11:a9:da:ed:ca:89:4f:7c:88:d7:ad:c9:b8:d3:
                    6c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:EA:F1:79:96:B3:E8:AC:92:59:ED:C2:41:C8:66:CE:50:F4:BD:47
            X509v3 Authority Key Identifier:
                keyid:9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/oOrxeZaz6KySWe3CQchmzlD0vUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.243.0/24
                  46.229.251.0/24
                  46.229.253.0/24
                  77.74.123.0/24
                  83.229.61.0/24
                  85.204.107.0/24
                  103.112.171.0/24
                  103.246.248.0/24
                  185.104.63.0/24
                  195.74.93.0/24
                IPv6:
                  2a12:3200::-2a12:3200:4fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         e5:79:88:50:64:c5:5f:61:91:27:8b:a9:3d:d2:05:69:42:c0:
         fd:1e:6c:22:d5:00:e9:98:05:2e:39:06:ac:df:b8:1f:fd:49:
         a5:52:2c:4f:d5:c8:c5:4d:79:56:37:8c:51:70:72:d8:c2:9d:
         9e:4e:2e:61:9a:d2:7d:4e:62:a9:99:38:21:31:e1:08:91:0e:
         b5:9c:6f:ba:9c:16:6c:5c:1d:64:f7:83:ae:bb:96:e9:24:0f:
         19:a2:15:1d:30:83:b7:74:05:73:7d:c9:36:96:b1:26:a9:a8:
         ca:e7:9c:b0:10:c4:59:f0:3b:0d:f6:90:de:a2:e9:3c:96:8e:
         78:cb:57:26:74:9a:61:55:67:35:51:1f:7b:48:5d:8e:9d:bb:
         41:74:7a:03:3b:84:b8:2b:12:06:9d:3b:3c:92:2f:4c:4a:4d:
         f5:60:cd:6b:00:05:e3:f4:2a:15:e8:6c:13:e8:43:77:97:7d:
         50:df:0c:02:23:92:a5:06:ca:d2:9d:b9:44:82:9a:20:89:f9:
         f9:4e:0a:d7:31:7d:ae:64:5c:f0:09:9c:f2:b5:8e:4f:af:40:
         75:11:76:ac:d2:39:04:57:13:27:19:14:da:c1:35:82:63:ed:
         3c:d1:22:2e:c7:7c:88:39:09:f2:75:4b:c9:30:57:c0:84:36:
         73:8c:38:a2
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYyicdX5IIiwS6+z3UDZDhIrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjUwZTUzODZjODA5YTBmYWU2NTMwYWE1ZThkOTgyNTI1
MWRlZDAwHhcNMjMxMjI1MTkyNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGVhZjE3OTk2YjNlOGFjOTI1OWVkYzI0MWM4NjZjZTUwZjRiZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK10t9b3gUyHZojLB2js4cbwlpOA
dIwZZAN4gygj5eAT4Yh1wbU/l4D6ohPC6L3N3pzIgGP2CqBxp4uS9hH2FXEfyQgP
ThqzTUWjqgR1VxXxeco0vFRNtdEY7OJUo8yBgCOKlo6rwxQ4vlhfaLsEtqmYYTLQ
+1VpYfYgtUIgsp+NrVv/fBo8IAJwsUVOeGLU6UB7kQ6KRSe/oId4H00uIFP0czxz
mM8tiTH6eyLEe5QjK1vZoC8nbbP+fDi5GGOyRxzOSTTpimoxhwA55RDClpEunmqG
plK98+fW0QqyiYyc2u3M/A/9++tlKNQoEzyCEana7cqJT3yI163JuNNs+wIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFKDq8XmWs+isklntwkHIZs5Q9L1HMB8GA1UdIwQY
MBaAFJ61DlOGyAmg+uZTCqXo2YJSUd7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUt
MWNhZGE2ZThiMWE5LzEvb09yeGVaYXo2S3lTV2UzQ1FjaG16bEQwdlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUtMWNhZGE2ZThiMWE5
LzEvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBCBAIAATA8AwQALuXzAwQA
LuX7AwQALuX9AwQATUp7AwQAU+U9AwQAVcxrAwQAZ3CrAwQAZ/b4AwQAuWg/AwQA
w0pdMBYEAgACMBAwDgMEASoSMgMGBCoSMgBAMA0GCSqGSIb3DQEBCwUAA4IBAQDl
eYhQZMVfYZEni6k90gVpQsD9Hmwi1QDpmAUuOQas37gf/UmlUixP1cjFTXlWN4xR
cHLYwp2eTi5hmtJ9TmKpmTghMeEIkQ61nG+6nBZsXB1k94Ouu5bpJA8ZohUdMIO3
dAVzfck2lrEmqajK55ywEMRZ8DsN9pDeouk8lo54y1cmdJphVWc1UR97SF2OnbtB
dHoDO4S4KxIGnTs8ki9MSk31YM1rAAXj9CoV6GwT6EN3l31Q3wwCI5KlBsrSnblE
gpogifn5TgrXMX2uZFzwCZzytY5Pr0B1EXas0jkEVxMnGRTawTWCY+080SIux3yI
OQnydUvJMFfAhDZzjDii
-----END CERTIFICATE-----