Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/02mbsNwqSpFA4F9gBQC_VX_Jg5w.roa
File:                     02mbsNwqSpFA4F9gBQC_VX_Jg5w.roa (raw, json)
Hash identifier:          2SZzg/tgj7Oq9Qe5jXYqaEOPstLj39TSNf1uIMj3l/s=
Subject key identifier:   D3:69:9B:B0:DC:2A:4A:91:40:E0:5F:60:05:00:BF:55:7F:C9:83:9C
Certificate issuer:       /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial:       01900CA2CD75EC0AC144F6092FB8C7C6F61A
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/02mbsNwqSpFA4F9gBQC_VX_Jg5w.roa
Signing time:             Wed 12 Jun 2024 13:28:34 +0000
ROA not before:           Wed 12 Jun 2024 13:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.80.28.0/24 maxlen: 24
                          45.80.30.0/24 maxlen: 24
                          45.80.31.0/24 maxlen: 24
                          86.62.28.0/24 maxlen: 24
                          86.62.29.0/24 maxlen: 24
                          86.62.30.0/24 maxlen: 24
                          86.62.31.0/24 maxlen: 24
                          185.81.127.0/24 maxlen: 24
                          193.228.139.0/24 maxlen: 24
                          194.36.32.0/23 maxlen: 23
                          194.107.160.0/24 maxlen: 24
                          194.107.162.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 18 Jun 2024 20:38:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0c:a2:cd:75:ec:0a:c1:44:f6:09:2f:b8:c7:c6:f6:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
        Validity
            Not Before: Jun 12 13:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3699bb0dc2a4a9140e05f600500bf557fc9839c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ac:5c:f3:2e:a2:ec:47:86:88:c2:61:3e:3b:
                    e9:7e:cf:1f:e4:98:20:b5:5d:d6:ac:2c:43:fd:3c:
                    2d:34:d0:18:81:4d:d2:9c:1b:aa:b1:84:fa:3c:ba:
                    7e:af:0c:26:4e:77:c0:5f:a4:95:cc:d8:52:25:3d:
                    31:74:60:4c:08:a4:1e:8e:d5:e4:5b:bd:49:cc:d1:
                    e7:7e:fe:ca:a9:c8:34:b7:cb:42:62:aa:77:1d:0e:
                    ed:f4:d5:51:cb:5b:2e:f9:dc:cc:c9:ae:08:4d:fb:
                    90:8a:c7:d0:85:ce:c5:30:ec:21:9e:2f:89:a3:38:
                    ec:59:32:09:62:c2:43:11:f3:aa:0e:bd:00:6f:5c:
                    cf:9b:b6:71:27:89:c1:dc:d9:79:3c:2c:54:f4:43:
                    69:29:08:9b:93:bf:d3:e6:7a:c7:ae:db:ce:6b:e7:
                    70:60:cf:5d:b5:01:b1:bd:1a:b9:32:93:da:05:ee:
                    3d:79:3e:cf:63:f6:83:34:32:de:71:cb:1c:32:36:
                    6d:37:72:af:66:db:5f:d1:5f:ea:ba:7f:94:28:96:
                    f1:06:ba:ac:bd:1d:d4:d0:1d:82:fb:9c:03:82:c0:
                    f1:73:5d:b3:6f:6f:8c:0d:da:39:f8:df:d8:e2:d1:
                    77:96:1f:ed:36:06:ce:5f:56:ed:52:b1:69:9d:7c:
                    1f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:69:9B:B0:DC:2A:4A:91:40:E0:5F:60:05:00:BF:55:7F:C9:83:9C
            X509v3 Authority Key Identifier:
                keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/02mbsNwqSpFA4F9gBQC_VX_Jg5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.28.0/24
                  45.80.30.0/23
                  86.62.28.0/22
                  185.81.127.0/24
                  193.228.139.0/24
                  194.36.32.0/23
                  194.107.160.0/24
                  194.107.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:39:48:63:b1:b9:0e:3d:e0:0c:6a:aa:7c:78:75:a1:82:37:
         50:c2:59:fd:55:30:e3:51:05:59:0b:e6:f9:17:4c:1c:12:e8:
         7a:7b:39:34:ec:f9:75:4e:99:16:6b:b1:c6:89:a4:0e:d4:63:
         2a:de:48:a4:8b:e2:d6:38:6c:dc:fa:4f:8a:03:ea:bd:7a:85:
         1a:89:d7:c0:dc:39:e7:dc:bf:7b:ff:2d:7f:f0:aa:87:a5:0d:
         5a:e6:f9:ee:67:9d:41:69:61:4f:b9:57:11:50:0c:d8:d9:b6:
         21:a1:58:95:36:8e:d8:80:27:d4:39:db:bc:8e:6d:8f:a4:77:
         c6:88:f7:e8:00:b6:5a:5c:1a:96:65:d7:b5:c4:5d:f1:9f:06:
         9c:79:14:76:12:88:d8:1f:0e:04:aa:94:df:92:d5:4b:c0:7c:
         27:79:68:9f:47:67:54:16:7e:9d:51:84:8c:f9:2d:57:c7:a0:
         ed:25:59:80:9e:76:f4:fa:0b:63:6c:cd:29:02:b7:aa:51:aa:
         eb:c7:14:85:fe:67:e8:b8:d6:e1:cf:95:1a:3a:f1:e7:f9:cd:
         16:ec:39:7a:3a:53:4b:32:dd:b6:26:1d:a0:37:72:9d:09:52:
         7a:30:9c:d0:17:79:44:61:e6:45:f4:60:30:b5:e7:33:bd:f6:
         a1:9c:42:70
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZAMos117ArBRPYJL7jHxvYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwNjEyMTMyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzY5OWJiMGRjMmE0YTkxNDBlMDVmNjAwNTAwYmY1NTdmYzk4MzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqxc8y6i7EeGiMJhPjvpfs8f5Jgg
tV3WrCxD/TwtNNAYgU3SnBuqsYT6PLp+rwwmTnfAX6SVzNhSJT0xdGBMCKQejtXk
W71JzNHnfv7Kqcg0t8tCYqp3HQ7t9NVRy1su+dzMya4ITfuQisfQhc7FMOwhni+J
ozjsWTIJYsJDEfOqDr0Ab1zPm7ZxJ4nB3Nl5PCxU9ENpKQibk7/T5nrHrtvOa+dw
YM9dtQGxvRq5MpPaBe49eT7PY/aDNDLeccscMjZtN3KvZttf0V/qun+UKJbxBrqs
vR3U0B2C+5wDgsDxc12zb2+MDdo5+N/Y4tF3lh/tNgbOX1btUrFpnXwfewIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNNpm7DcKkqRQOBfYAUAv1V/yYOcMB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvMDJtYnNOd3FTcEZBNEY5Z0JRQ19WWF9KZzV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALVAcAwQB
LVAeAwQCVj4cAwQAuVF/AwQAweSLAwQBwiQgAwQAwmugAwQAwmuiMA0GCSqGSIb3
DQEBCwUAA4IBAQAHOUhjsbkOPeAMaqp8eHWhgjdQwln9VTDjUQVZC+b5F0wcEuh6
ezk07Pl1TpkWa7HGiaQO1GMq3kiki+LWOGzc+k+KA+q9eoUaidfA3Dnn3L97/y1/
8KqHpQ1a5vnuZ51BaWFPuVcRUAzY2bYhoViVNo7YgCfUOdu8jm2PpHfGiPfoALZa
XBqWZde1xF3xnwaceRR2EojYHw4EqpTfktVLwHwneWifR2dUFn6dUYSM+S1Xx6Dt
JVmAnnb0+gtjbM0pAreqUarrxxSF/mfouNbhz5UaOvHn+c0W7Dl6OlNLMt22Jh2g
N3KdCVJ6MJzQF3lEYeZF9GAwteczvfahnEJw
-----END CERTIFICATE-----