Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/9d9680-ffbf-43d1-9c05-1be753fad1bf/1/fKXX702eR8eAYJqKPMYn7pfPOKM.roa
File:                     fKXX702eR8eAYJqKPMYn7pfPOKM.roa (raw, json)
Hash identifier:          DWJAXCfzIMnLAgE1csbThR9fUO0eI7ShJmQBM1nKjsg=
Subject key identifier:   7C:A5:D7:EF:4D:9E:47:C7:80:60:9A:8A:3C:C6:27:EE:97:CF:38:A3
Certificate issuer:       /CN=6c5e4ef5516799ffe0bb1b839317dbd355bb7a9b
Certificate serial:       018B3DB446D9E030216174E093CA0256103D
Authority key identifier: 6C:5E:4E:F5:51:67:99:FF:E0:BB:1B:83:93:17:DB:D3:55:BB:7A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bF5O9VFnmf_guxuDkxfb01W7eps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/9d9680-ffbf-43d1-9c05-1be753fad1bf/1/fKXX702eR8eAYJqKPMYn7pfPOKM.roa
Signing time:             Tue 17 Oct 2023 12:55:06 +0000
ROA not before:           Tue 17 Oct 2023 12:55:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47527
IP address blocks:        195.182.36.0/24 maxlen: 24
                          185.126.152.0/23 maxlen: 23
                          91.223.235.0/24 maxlen: 24
                          185.208.212.0/22 maxlen: 24
                          194.247.61.0/24 maxlen: 24
                          62.69.152.0/21 maxlen: 21
                          178.23.176.0/21 maxlen: 21
                          46.30.120.0/21 maxlen: 21
                          91.230.239.0/24 maxlen: 24
                          2a00:1cf0::/32 maxlen: 32
                          2a00:1b18::/29 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:3d:b4:46:d9:e0:30:21:61:74:e0:93:ca:02:56:10:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c5e4ef5516799ffe0bb1b839317dbd355bb7a9b
        Validity
            Not Before: Oct 17 12:55:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7ca5d7ef4d9e47c780609a8a3cc627ee97cf38a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:84:89:93:b5:7d:fe:34:bb:0e:c3:8b:fe:49:
                    ea:8b:60:02:05:eb:97:8c:48:a3:fb:43:75:61:77:
                    69:5f:d4:8b:6c:2d:58:84:0e:b1:1b:cf:a2:d1:0b:
                    93:13:b7:9d:1b:b2:d8:32:6c:b7:47:f6:80:2e:73:
                    cf:27:91:ac:c2:d7:b7:66:6d:62:15:56:d6:65:c7:
                    6a:76:7a:06:38:55:48:07:43:8d:f7:5a:aa:17:23:
                    24:50:70:c9:65:d9:d6:a5:5b:1a:d0:6a:57:d7:d6:
                    f3:10:f0:30:93:23:c0:56:49:16:00:bf:84:c9:11:
                    a9:2e:29:e9:86:ea:b0:11:50:f6:59:93:08:68:74:
                    49:ed:d6:30:54:9c:c2:62:7a:30:b2:55:8e:b1:83:
                    06:0d:ee:9e:3c:9c:d2:c8:ee:5b:7a:f1:74:d8:71:
                    3b:b4:c7:08:8e:4d:f7:62:45:92:1f:96:7a:f0:4a:
                    4b:11:48:24:12:f4:b2:42:11:09:db:e6:76:7f:46:
                    62:8a:f9:14:8d:ab:7c:30:8c:fc:bd:01:6b:83:ca:
                    dc:0b:62:47:c8:85:45:e6:e2:19:6f:03:aa:52:88:
                    45:38:d1:03:a4:f2:a7:5e:e0:d9:ee:f7:9b:e6:56:
                    68:f8:e9:c4:28:cf:d2:4c:ae:26:e1:65:e5:65:b9:
                    d4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A5:D7:EF:4D:9E:47:C7:80:60:9A:8A:3C:C6:27:EE:97:CF:38:A3
            X509v3 Authority Key Identifier:
                keyid:6C:5E:4E:F5:51:67:99:FF:E0:BB:1B:83:93:17:DB:D3:55:BB:7A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bF5O9VFnmf_guxuDkxfb01W7eps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/9d9680-ffbf-43d1-9c05-1be753fad1bf/1/fKXX702eR8eAYJqKPMYn7pfPOKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/9d9680-ffbf-43d1-9c05-1be753fad1bf/1/bF5O9VFnmf_guxuDkxfb01W7eps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.120.0/21
                  62.69.152.0/21
                  91.223.235.0/24
                  91.230.239.0/24
                  178.23.176.0/21
                  185.126.152.0/23
                  185.208.212.0/22
                  194.247.61.0/24
                  195.182.36.0/24
                IPv6:
                  2a00:1b18::/29
                  2a00:1cf0::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:9b:28:5e:ee:dc:be:7c:a2:07:79:13:e2:38:3a:bd:e1:f5:
         26:79:9a:65:1b:48:f8:63:b4:12:73:4d:93:45:1e:56:b1:01:
         77:5c:89:dc:10:8a:28:e0:db:bf:ca:e7:21:5c:e2:0f:5e:cd:
         00:38:32:aa:0f:77:a1:d9:c0:e9:6e:7b:d2:80:f4:3d:1c:90:
         57:74:a4:57:f9:65:cc:e7:01:51:a6:4b:3c:8e:ad:cc:66:cb:
         09:66:1e:78:38:ea:18:4d:a8:89:d0:dc:4d:5b:26:84:2f:38:
         1c:a4:c0:57:c5:a1:b3:f2:c8:6b:09:34:a0:9f:9d:ea:66:85:
         f6:27:9a:26:ed:d2:00:91:00:17:3a:e9:3e:f8:4f:e9:f5:96:
         b2:33:86:32:45:2c:b7:73:6b:35:c7:3d:a5:e4:c2:95:93:31:
         0d:8b:fa:82:7f:93:ba:e1:03:81:9c:d9:f6:92:3e:9b:93:6e:
         fc:0d:a3:dc:d0:9f:d2:5d:68:2e:4d:46:a0:eb:84:02:8e:4e:
         f0:e1:c5:63:39:8a:7c:96:c9:fb:41:ee:24:bf:d2:b2:c7:ce:
         86:e9:ad:44:9c:a2:47:bf:cd:08:11:cd:07:fb:be:c1:33:e3:
         d0:52:29:31:4a:de:84:3d:50:0f:78:9e:77:85:fd:bc:3a:e9:
         96:c6:10:97
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYs9tEbZ4DAhYXTgk8oCVhA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNWU0ZWY1NTE2Nzk5ZmZlMGJiMWI4MzkzMTdkYmQzNTVi
YjdhOWIwHhcNMjMxMDE3MTI1NTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2E1ZDdlZjRkOWU0N2M3ODA2MDlhOGEzY2M2MjdlZTk3Y2YzOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44SJk7V9/jS7DsOL/knqi2ACBeuX
jEij+0N1YXdpX9SLbC1YhA6xG8+i0QuTE7edG7LYMmy3R/aALnPPJ5Gswte3Zm1i
FVbWZcdqdnoGOFVIB0ON91qqFyMkUHDJZdnWpVsa0GpX19bzEPAwkyPAVkkWAL+E
yRGpLinphuqwEVD2WZMIaHRJ7dYwVJzCYnowslWOsYMGDe6ePJzSyO5bevF02HE7
tMcIjk33YkWSH5Z68EpLEUgkEvSyQhEJ2+Z2f0ZiivkUjat8MIz8vQFrg8rcC2JH
yIVF5uIZbwOqUohFONEDpPKnXuDZ7veb5lZo+OnEKM/STK4m4WXlZbnUvQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFHyl1+9NnkfHgGCaijzGJ+6XzzijMB8GA1UdIwQY
MBaAFGxeTvVRZ5n/4Lsbg5MX29NVu3qbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkY1TzlWRm5tZl9ndXh1RGt4ZmIwMVc3ZXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS85ZDk2ODAtZmZiZi00M2QxLTljMDUt
MWJlNzUzZmFkMWJmLzEvZktYWDcwMmVSOGVBWUpxS1BNWW43cGZQT0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS85ZDk2ODAtZmZiZi00M2QxLTljMDUtMWJlNzUzZmFkMWJm
LzEvYkY1TzlWRm5tZl9ndXh1RGt4ZmIwMVc3ZXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDLh54AwQD
PkWYAwQAW9/rAwQAW+bvAwQDshewAwQBuX6YAwQCudDUAwQAwvc9AwQAw7YkMBQE
AgACMA4DBQMqABsYAwUAKgAc8DANBgkqhkiG9w0BAQsFAAOCAQEAZJsoXu7cvnyi
B3kT4jg6veH1JnmaZRtI+GO0EnNNk0UeVrEBd1yJ3BCKKODbv8rnIVziD17NADgy
qg93odnA6W570oD0PRyQV3SkV/llzOcBUaZLPI6tzGbLCWYeeDjqGE2oidDcTVsm
hC84HKTAV8Whs/LIawk0oJ+d6maF9ieaJu3SAJEAFzrpPvhP6fWWsjOGMkUst3Nr
Ncc9peTClZMxDYv6gn+TuuEDgZzZ9pI+m5Nu/A2j3NCf0l1oLk1GoOuEAo5O8OHF
YzmKfJbJ+0HuJL/SssfOhumtRJyiR7/NCBHNB/u+wTPj0FIpMUrehD1QD3ied4X9
vDrplsYQlw==
-----END CERTIFICATE-----