Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/m8pNJFaEV-A7Kq-qSXN1kTxuO24.roa
File:                     m8pNJFaEV-A7Kq-qSXN1kTxuO24.roa (raw, json)
Hash identifier:          qqS1sxybHHlJ6ZlRsyl8Xz9TMyKgTg29tuvKHyRbB6s=
Subject key identifier:   9B:CA:4D:24:56:84:57:E0:3B:2A:AF:AA:49:73:75:91:3C:6E:3B:6E
Certificate issuer:       /CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
Certificate serial:       018CC3B6D33E18AC189BADE2E17EA55F5188
Authority key identifier: B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/m8pNJFaEV-A7Kq-qSXN1kTxuO24.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199775
IP address blocks:        45.94.32.0/22 maxlen: 24
                          194.126.152.0/22 maxlen: 24
                          185.95.108.0/22 maxlen: 24
                          185.6.152.0/22 maxlen: 24
                          185.182.52.0/22 maxlen: 24
                          185.242.218.0/24 maxlen: 24
                          185.65.164.0/22 maxlen: 24
                          185.208.240.0/22 maxlen: 22
                          185.168.132.0/23 maxlen: 24
                          185.168.135.0/24 maxlen: 24
                          46.36.192.0/21 maxlen: 24
                          185.168.134.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 Apr 2024 14:36:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d3:3e:18:ac:18:9b:ad:e2:e1:7e:a5:5f:51:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bca4d24568457e03b2aafaa497375913c6e3b6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:31:92:e3:a6:63:98:dc:5f:72:92:a4:90:54:
                    b9:6b:da:ee:7f:d0:8f:24:bf:27:4c:3b:db:a7:76:
                    50:c2:3b:cf:b2:b2:ab:d8:f7:53:be:bd:57:12:89:
                    bb:48:53:50:25:7d:4f:6e:d6:a9:d5:49:cc:77:b6:
                    66:9b:ed:0d:cf:08:27:ca:bd:e6:3f:51:35:4e:b7:
                    f8:d6:a1:9f:47:25:dd:08:d5:d1:79:fb:ae:88:aa:
                    3f:c5:01:7d:7f:a6:1a:39:8e:0f:67:92:4c:ef:b4:
                    a9:21:31:46:26:0d:a1:73:94:72:ed:d4:69:11:36:
                    64:d0:29:d2:ec:77:64:86:53:f5:ac:e2:0a:68:c6:
                    15:37:f5:3f:8f:bd:0f:51:3f:c6:cd:a6:6d:ed:29:
                    7a:65:94:e6:f7:fe:5f:6c:c6:2e:59:61:d7:41:f7:
                    99:b5:e9:81:dd:1b:20:92:20:90:43:49:6c:3f:2f:
                    d3:bf:27:fe:25:19:bf:4c:c1:60:1b:b2:95:42:0e:
                    ab:6f:87:66:3c:c0:40:80:ca:c7:99:89:ab:bc:69:
                    37:86:c5:b2:0e:ba:fd:59:34:53:a9:a6:cf:79:c3:
                    bf:8d:05:1e:95:cd:bd:38:8b:bc:fb:cd:bd:ca:10:
                    56:d1:e0:5c:ab:d1:63:47:d7:79:3c:4c:0d:e6:76:
                    e6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:CA:4D:24:56:84:57:E0:3B:2A:AF:AA:49:73:75:91:3C:6E:3B:6E
            X509v3 Authority Key Identifier:
                keyid:B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/m8pNJFaEV-A7Kq-qSXN1kTxuO24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.32.0/22
                  46.36.192.0/21
                  185.6.152.0/22
                  185.65.164.0/22
                  185.95.108.0/22
                  185.168.132.0/22
                  185.182.52.0/22
                  185.208.240.0/22
                  185.242.218.0/24
                  194.126.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:56:f2:22:e7:0e:ef:af:2f:cd:df:26:ab:9c:1b:d1:a3:65:
         6a:59:db:5f:d0:ea:08:63:a3:bc:f6:e3:56:d5:70:b5:aa:c3:
         92:ba:91:34:5f:07:d5:f0:0b:d9:3c:5b:21:99:c8:91:a4:20:
         ed:b5:7e:ec:37:18:ce:93:8b:14:84:84:af:29:cb:ba:f3:42:
         50:f8:2c:91:ce:07:d5:f9:5d:ff:e4:13:f9:f1:1b:51:2e:70:
         01:24:7c:f8:a3:b3:ee:9b:13:fc:e1:c1:3b:a2:92:e6:af:09:
         c5:eb:77:04:8c:ec:39:18:5a:fb:8f:18:28:8c:89:85:fa:9b:
         fd:d0:95:9a:12:a1:b9:fa:e9:94:56:86:02:45:76:5d:7b:d2:
         de:20:ce:c0:75:a0:bf:70:de:04:94:da:70:9d:74:c8:d6:a5:
         dc:d0:d5:36:b3:5e:c6:0a:b0:5d:de:40:55:a8:16:73:6b:33:
         86:4d:a0:9b:7b:8f:8d:e0:9a:2f:77:a6:eb:9c:78:4a:43:78:
         e0:32:82:ab:ee:c2:04:22:be:14:f5:88:b0:18:5b:31:cd:13:
         e5:fc:e4:d8:5e:b7:5a:c7:42:02:bb:a7:90:58:58:16:a6:40:
         af:14:fc:8f:5c:4c:b2:4d:5c:d8:0a:e3:a4:41:17:28:4c:8f:
         5d:e8:65:8f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYzDttM+GKwYm63i4X6lX1GIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NWEwNTY2ZDBiNjNhMWY4NjJkODM0NThlNGYyZWE2ZmQ4
ZjdkMjEwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmNhNGQyNDU2ODQ1N2UwM2IyYWFmYWE0OTczNzU5MTNjNmUzYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDGS46ZjmNxfcpKkkFS5a9ruf9CP
JL8nTDvbp3ZQwjvPsrKr2PdTvr1XEom7SFNQJX1Pbtap1UnMd7Zmm+0Nzwgnyr3m
P1E1Trf41qGfRyXdCNXRefuuiKo/xQF9f6YaOY4PZ5JM77SpITFGJg2hc5Ry7dRp
ETZk0CnS7HdkhlP1rOIKaMYVN/U/j70PUT/GzaZt7Sl6ZZTm9/5fbMYuWWHXQfeZ
temB3RsgkiCQQ0lsPy/Tvyf+JRm/TMFgG7KVQg6rb4dmPMBAgMrHmYmrvGk3hsWy
Drr9WTRTqabPecO/jQUelc29OIu8+829yhBW0eBcq9FjR9d5PEwN5nbmWQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJvKTSRWhFfgOyqvqklzdZE8bjtuMB8GA1UdIwQY
MBaAFLdaBWbQtjofhi2DRY5PLqb9j30hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQt
ODNmNjAxYzNmYjU5LzEvbThwTkpGYUVWLUE3S3EtcVNYTjFrVHh1TzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQtODNmNjAxYzNmYjU5
LzEvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCLV4gAwQD
LiTAAwQCuQaYAwQCuUGkAwQCuV9sAwQCuaiEAwQCubY0AwQCudDwAwQAufLaAwQC
wn6YMA0GCSqGSIb3DQEBCwUAA4IBAQCIVvIi5w7vry/N3yarnBvRo2VqWdtf0OoI
Y6O89uNW1XC1qsOSupE0XwfV8AvZPFshmciRpCDttX7sNxjOk4sUhISvKcu680JQ
+CyRzgfV+V3/5BP58RtRLnABJHz4o7PumxP84cE7opLmrwnF63cEjOw5GFr7jxgo
jImF+pv90JWaEqG5+umUVoYCRXZde9LeIM7AdaC/cN4ElNpwnXTI1qXc0NU2s17G
CrBd3kBVqBZzazOGTaCbe4+N4Jovd6brnHhKQ3jgMoKr7sIEIr4U9YiwGFsxzRPl
/OTYXrdax0ICu6eQWFgWpkCvFPyPXEyyTVzYCuOkQRcoTI9d6GWP
-----END CERTIFICATE-----