Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/WMQqe3lHOul_mrIX2TDp2qlHBW4.roa
File:                     WMQqe3lHOul_mrIX2TDp2qlHBW4.roa (raw, json)
Hash identifier:          dKukJAiS+vGaNrWxgBg+ZSw4vkoXrGHad9a3KVioSNY=
Subject key identifier:   58:C4:2A:7B:79:47:3A:E9:7F:9A:B2:17:D9:30:E9:DA:A9:47:05:6E
Certificate issuer:       /CN=8d842656177b4267ab55e4ba165a5ec00f5084bc
Certificate serial:       01856C25B130C83A8DBFCAAD890A987B0A88
Authority key identifier: 8D:84:26:56:17:7B:42:67:AB:55:E4:BA:16:5A:5E:C0:0F:50:84:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/WMQqe3lHOul_mrIX2TDp2qlHBW4.roa
Signing time:             Sun 01 Jan 2023 07:04:47 +0000
ROA not before:           Sun 01 Jan 2023 07:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39156
IP address blocks:        80.76.225.0/24 maxlen: 24
                          80.76.226.0/24 maxlen: 24
                          80.76.224.0/20 maxlen: 20
                          80.76.230.0/24 maxlen: 24
                          80.76.231.0/24 maxlen: 24
                          80.76.232.0/24 maxlen: 24
                          80.76.233.0/24 maxlen: 24
                          80.76.227.0/24 maxlen: 24
                          80.76.228.0/24 maxlen: 24
                          80.76.229.0/24 maxlen: 24
                          80.76.237.0/24 maxlen: 24
                          80.76.238.0/24 maxlen: 24
                          80.76.239.0/24 maxlen: 24
                          80.76.234.0/24 maxlen: 24
                          80.76.235.0/24 maxlen: 24
                          80.76.236.0/24 maxlen: 24
                          109.235.208.0/21 maxlen: 21
                          109.235.211.0/24 maxlen: 24
                          2a03:5200:1::/48 maxlen: 48
                          2a03:5200:2::/48 maxlen: 48
                          2a03:5200::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:25:b1:30:c8:3a:8d:bf:ca:ad:89:0a:98:7b:0a:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d842656177b4267ab55e4ba165a5ec00f5084bc
        Validity
            Not Before: Jan  1 07:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=58c42a7b79473ae97f9ab217d930e9daa947056e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f8:42:3d:e6:74:15:d4:e4:53:c0:8b:ce:aa:
                    bf:9e:c8:a8:03:50:69:62:4c:00:c0:df:28:03:0c:
                    7d:91:37:75:9b:01:26:25:82:4a:99:08:ac:00:c3:
                    70:1f:38:bb:7a:6c:96:27:0b:61:ec:99:71:fe:b2:
                    d1:23:47:78:6a:85:df:c5:00:01:ce:43:34:14:0a:
                    98:f2:97:d5:4c:7c:2a:78:f2:53:f8:79:3f:85:c4:
                    a6:cf:7c:d0:37:62:c4:db:ed:94:a7:56:3b:8d:bb:
                    3f:82:37:57:df:42:c9:ba:b7:06:cb:5c:85:3a:77:
                    87:bc:f9:26:71:14:b1:7d:25:e7:71:7a:f3:ac:6d:
                    d5:33:81:45:30:b5:44:34:41:5b:15:d3:60:b9:17:
                    28:c3:1a:00:72:0d:8e:23:f6:ce:e4:e4:13:f8:c9:
                    80:ca:a7:80:3b:fa:51:9b:0c:d7:bf:76:cd:d9:a9:
                    62:e5:ca:6d:0b:50:32:fe:d2:2d:6c:f3:f0:88:75:
                    c7:3c:37:a8:25:1a:47:8e:67:82:d0:35:eb:7e:7c:
                    f2:04:df:fe:76:b6:d6:08:26:0e:5b:fe:f9:56:a9:
                    8a:25:f5:8c:41:4b:53:26:7c:56:7b:15:dd:d1:0e:
                    1f:d7:27:63:11:39:83:35:d6:d5:3c:bd:12:52:ee:
                    90:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:C4:2A:7B:79:47:3A:E9:7F:9A:B2:17:D9:30:E9:DA:A9:47:05:6E
            X509v3 Authority Key Identifier:
                keyid:8D:84:26:56:17:7B:42:67:AB:55:E4:BA:16:5A:5E:C0:0F:50:84:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/WMQqe3lHOul_mrIX2TDp2qlHBW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/jYQmVhd7QmerVeS6FlpewA9QhLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.224.0/20
                  109.235.208.0/21
                IPv6:
                  2a03:5200::-2a03:5200:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         74:9a:6c:92:fd:d6:b9:f3:7e:07:b5:87:42:d6:a1:f1:9d:7f:
         56:4a:04:3b:eb:b4:f2:e4:7b:e1:17:43:35:7a:d7:82:98:e4:
         1a:b3:42:3c:b4:5f:84:bb:24:61:41:57:44:66:b4:c3:12:55:
         13:bf:5a:00:26:ec:07:79:e6:8e:54:e4:86:8b:7c:d0:a1:8a:
         b4:5d:2c:db:07:4d:2a:ac:ff:c0:ed:ee:fb:dc:a9:79:85:f4:
         d3:87:ee:ef:f6:a8:f6:9a:1d:12:47:ba:e3:46:37:8f:aa:c6:
         bc:cc:8b:33:dd:4b:d6:29:03:54:6a:04:20:58:7d:88:d4:fb:
         50:4e:eb:de:73:62:39:f1:b2:9b:b0:d2:92:b9:17:dd:a7:f7:
         be:eb:06:f4:1c:3a:cb:30:c9:b8:16:a0:c4:75:51:d9:61:1f:
         c9:c4:c8:65:51:2e:fa:54:ef:38:a0:6f:03:bf:d0:e1:52:90:
         7d:6f:5c:3a:67:ce:38:9c:93:7e:66:12:ba:36:70:a7:f3:d9:
         74:f6:da:57:1f:e3:55:49:cb:5d:a0:21:01:81:9f:39:60:56:
         8c:de:a8:50:a0:5d:b0:48:5d:1d:4c:5a:18:77:0e:7a:4c:91:
         cc:b0:a0:b2:bd:7d:cb:a0:4c:fd:97:02:dd:2b:2b:9c:9b:1a:
         6d:c6:44:48
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYVsJbEwyDqNv8qtiQqYewqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODQyNjU2MTc3YjQyNjdhYjU1ZTRiYTE2NWE1ZWMwMGY1
MDg0YmMwHhcNMjMwMTAxMDcwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGM0MmE3Yjc5NDczYWU5N2Y5YWIyMTdkOTMwZTlkYWE5NDcwNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPhCPeZ0FdTkU8CLzqq/nsioA1Bp
YkwAwN8oAwx9kTd1mwEmJYJKmQisAMNwHzi7emyWJwth7Jlx/rLRI0d4aoXfxQAB
zkM0FAqY8pfVTHwqePJT+Hk/hcSmz3zQN2LE2+2Up1Y7jbs/gjdX30LJurcGy1yF
OneHvPkmcRSxfSXncXrzrG3VM4FFMLVENEFbFdNguRcowxoAcg2OI/bO5OQT+MmA
yqeAO/pRmwzXv3bN2ali5cptC1Ay/tItbPPwiHXHPDeoJRpHjmeC0DXrfnzyBN/+
drbWCCYOW/75VqmKJfWMQUtTJnxWexXd0Q4f1ydjETmDNdbVPL0SUu6QCQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFFjEKnt5Rzrpf5qyF9kw6dqpRwVuMB8GA1UdIwQY
MBaAFI2EJlYXe0Jnq1XkuhZaXsAPUIS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallRbVZoZDdRbWVyVmVTNkZscGV3QTlRaEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS85MzYwZWMtOWNkMS00YzAwLTg2Njgt
OTRjMmY4MjY5ZTljLzEvV01RcWUzbEhPdWxfbXJJWDJURHAycWxIQlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS85MzYwZWMtOWNkMS00YzAwLTg2NjgtOTRjMmY4MjY5ZTlj
LzEvallRbVZoZDdRbWVyVmVTNkZscGV3QTlRaEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTASBAIAATAMAwQEUEzgAwQD
bevQMBcEAgACMBEwDwMEASoDUgMHACoDUgAAAjANBgkqhkiG9w0BAQsFAAOCAQEA
dJpskv3WufN+B7WHQtah8Z1/VkoEO+u08uR74RdDNXrXgpjkGrNCPLRfhLskYUFX
RGa0wxJVE79aACbsB3nmjlTkhot80KGKtF0s2wdNKqz/wO3u+9ypeYX004fu7/ao
9podEke640Y3j6rGvMyLM91L1ikDVGoEIFh9iNT7UE7r3nNiOfGym7DSkrkX3af3
vusG9Bw6yzDJuBagxHVR2WEfycTIZVEu+lTvOKBvA7/Q4VKQfW9cOmfOOJyTfmYS
ujZwp/PZdPbaVx/jVUnLXaAhAYGfOWBWjN6oUKBdsEhdHUxaGHcOekyRzLCgsr19
y6BM/ZcC3SsrnJsabcZESA==
-----END CERTIFICATE-----