Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/KcIir5EyqM729sRVT3PsohtMNv8.roa
File:                     KcIir5EyqM729sRVT3PsohtMNv8.roa (raw, json)
Hash identifier:          cLPtTOrXIvnlML0+sU2AFJDaqIUB+IZl/hiJn+NydTk=
Subject key identifier:   29:C2:22:AF:91:32:A8:CE:F6:F6:C4:55:4F:73:EC:A2:1B:4C:36:FF
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF7F9B0138F3F7989EFBAEC0CB2B60
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/KcIir5EyqM729sRVT3PsohtMNv8.roa
Signing time:             Tue 02 Jan 2024 06:32:19 +0000
ROA not before:           Tue 02 Jan 2024 06:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61135
IP address blocks:        78.135.97.0/24 maxlen: 24
                          78.135.100.0/24 maxlen: 24
                          78.135.104.0/24 maxlen: 24
                          188.132.236.0/24 maxlen: 24
                          212.68.35.0/24 maxlen: 24
                          188.132.249.0/24 maxlen: 24
                          212.68.60.0/24 maxlen: 24
                          212.68.59.0/24 maxlen: 24
                          188.132.189.0/24 maxlen: 24
                          188.132.191.0/24 maxlen: 24
                          78.135.73.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 16 Feb 2024 13:17:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7f:9b:01:38:f3:f7:98:9e:fb:ae:c0:cb:2b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29c222af9132a8cef6f6c4554f73eca21b4c36ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:42:de:c0:2d:5d:20:8a:35:a6:8a:f4:58:8c:
                    cd:20:6f:bb:71:c6:5e:d5:d8:e8:ed:2c:48:d4:2f:
                    c4:6a:2b:b6:5f:c4:a9:41:a5:93:5d:2c:bf:59:1d:
                    96:b3:6f:b8:b5:91:ba:ab:3f:9a:20:1e:b0:21:e8:
                    3a:09:43:ea:a0:76:c5:d2:04:7d:c4:79:e3:4e:2e:
                    b1:42:9e:96:72:cb:50:d6:79:a6:11:45:09:f5:44:
                    61:f0:a6:7a:80:56:5a:ee:ad:3a:bb:bb:fa:f3:bd:
                    e9:54:b2:76:19:ae:d4:0f:c2:2e:79:3e:25:69:d2:
                    7e:9f:52:83:22:ee:fc:19:28:97:bc:24:e3:55:d8:
                    cd:c0:9b:6e:60:11:23:9e:5b:f6:4e:08:ed:28:3f:
                    4c:31:81:8a:7c:7d:dd:b1:55:a2:b4:b9:6b:ed:26:
                    10:d6:0b:71:43:80:fa:f1:eb:31:27:f7:9a:35:94:
                    7b:27:f6:1e:32:1e:3f:04:4a:24:66:c5:0c:0b:af:
                    23:23:8c:aa:c5:12:86:96:b4:ea:5e:c2:37:4e:1e:
                    f3:9b:8e:cb:6b:e0:b6:de:38:c8:60:00:9b:ef:67:
                    ed:28:a2:e5:2a:14:21:4a:a9:ac:e9:44:be:f8:f9:
                    32:ee:d7:7b:25:9b:fa:cd:2d:30:84:5b:83:14:0a:
                    ac:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C2:22:AF:91:32:A8:CE:F6:F6:C4:55:4F:73:EC:A2:1B:4C:36:FF
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/KcIir5EyqM729sRVT3PsohtMNv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.73.0/24
                  78.135.97.0/24
                  78.135.100.0/24
                  78.135.104.0/24
                  188.132.189.0/24
                  188.132.191.0/24
                  188.132.236.0/24
                  188.132.249.0/24
                  212.68.35.0/24
                  212.68.59.0-212.68.60.255

    Signature Algorithm: sha256WithRSAEncryption
         7b:97:56:51:a9:ea:ea:0b:1c:5a:c0:5c:a5:66:ff:cc:dd:e3:
         c0:ef:af:75:40:b4:dc:20:49:17:73:dc:57:3a:00:be:83:60:
         77:29:41:f4:65:b7:81:25:c0:eb:63:99:e3:9b:f6:26:6a:df:
         0c:80:c2:6b:03:40:12:13:00:d3:e1:73:54:3d:40:da:a9:ac:
         ba:d2:b2:b0:f8:44:96:db:d0:ff:53:1f:20:f8:a0:ce:57:cd:
         8b:81:04:25:bf:00:ff:1d:3a:cc:68:4b:a3:c7:a8:bc:7c:68:
         e6:f4:ff:5c:82:36:a3:02:8d:8f:f0:ca:89:72:0e:72:d3:2b:
         7b:80:6e:d7:73:67:32:a6:db:e1:3b:1f:fe:09:a2:bc:f9:fc:
         73:18:67:0b:76:de:64:bb:82:2c:50:45:70:e8:df:f6:7e:8b:
         59:ce:64:4f:d4:b1:89:18:ff:a2:73:72:c6:a6:7f:5a:82:47:
         d3:bd:8b:8f:44:40:04:3a:dd:7b:31:58:33:aa:0e:2f:75:2e:
         45:5e:5b:55:74:4e:e9:05:13:47:07:da:06:82:33:d6:75:5d:
         ce:17:af:65:40:ed:25:86:4a:1d:59:fa:82:65:62:fa:17:88:
         c3:9b:50:93:70:b9:0c:b0:0f:42:e1:c5:d9:86:94:16:9f:e0:
         34:54:da:73
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYzI33+bATjz95ie+67AyytgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWMyMjJhZjkxMzJhOGNlZjZmNmM0NTU0ZjczZWNhMjFiNGMzNmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlULewC1dIIo1por0WIzNIG+7ccZe
1djo7SxI1C/Eaiu2X8SpQaWTXSy/WR2Ws2+4tZG6qz+aIB6wIeg6CUPqoHbF0gR9
xHnjTi6xQp6WcstQ1nmmEUUJ9URh8KZ6gFZa7q06u7v6873pVLJ2Ga7UD8IueT4l
adJ+n1KDIu78GSiXvCTjVdjNwJtuYBEjnlv2TgjtKD9MMYGKfH3dsVWitLlr7SYQ
1gtxQ4D68esxJ/eaNZR7J/YeMh4/BEokZsUMC68jI4yqxRKGlrTqXsI3Th7zm47L
a+C23jjIYACb72ftKKLlKhQhSqms6US++Pky7td7JZv6zS0whFuDFAqssQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFCnCIq+RMqjO9vbEVU9z7KIbTDb/MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvS2NJaXI1RXlxTTcyOXNSVlQzUHNvaHRNTnY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQATodJAwQA
TodhAwQATodkAwQATodoAwQAvIS9AwQAvIS/AwQAvITsAwQAvIT5AwQA1EQjMAwD
BADURDsDBADURDwwDQYJKoZIhvcNAQELBQADggEBAHuXVlGp6uoLHFrAXKVm/8zd
48Dvr3VAtNwgSRdz3Fc6AL6DYHcpQfRlt4ElwOtjmeOb9iZq3wyAwmsDQBITANPh
c1Q9QNqprLrSsrD4RJbb0P9THyD4oM5XzYuBBCW/AP8dOsxoS6PHqLx8aOb0/1yC
NqMCjY/wyolyDnLTK3uAbtdzZzKm2+E7H/4Jorz5/HMYZwt23mS7gixQRXDo3/Z+
i1nOZE/UsYkY/6Jzcsamf1qCR9O9i49EQAQ63XsxWDOqDi91LkVeW1V0TukFE0cH
2gaCM9Z1Xc4Xr2VA7SWGSh1Z+oJlYvoXiMObUJNwuQywD0LhxdmGlBaf4DRU2nM=
-----END CERTIFICATE-----