Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cigaFvSJGEG_EZIO2i0CAu5dUiI.roa
File:                     cigaFvSJGEG_EZIO2i0CAu5dUiI.roa (raw, json)
Hash identifier:          u5aV1MBTQLIdDhp98JaHGSHgGN0hiXeHAs02o+oNJ8g=
Subject key identifier:   72:28:1A:16:F4:89:18:41:BF:11:92:0E:DA:2D:02:02:EE:5D:52:22
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0189F33A1C55F43A0865AF17C931BE07596D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cigaFvSJGEG_EZIO2i0CAu5dUiI.roa
Signing time:             Mon 14 Aug 2023 08:46:59 +0000
ROA not before:           Mon 14 Aug 2023 08:46:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198276
IP address blocks:        2a0e:b107:2030::/48 maxlen: 48
                          2a0e:b107:2035::/48 maxlen: 48
                          2a0e:b107:203a::/48 maxlen: 48
                          2a0e:b107:203f::/48 maxlen: 48
                          2a0e:b107:2034::/48 maxlen: 48
                          2a0e:b107:2039::/48 maxlen: 48
                          2a0e:b107:203e::/48 maxlen: 48
                          2a0e:b107:2033::/48 maxlen: 48
                          2a0e:b107:2038::/48 maxlen: 48
                          2a0e:b107:203d::/48 maxlen: 48
                          2a0e:b107:2030::/44 maxlen: 48
                          2a0e:b107:2032::/48 maxlen: 48
                          2a0e:b107:2037::/48 maxlen: 48
                          2a0e:b107:203c::/48 maxlen: 48
                          2a0e:b107:2031::/48 maxlen: 48
                          2a0e:b107:2036::/48 maxlen: 48
                          2a0e:b107:203b::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:f3:3a:1c:55:f4:3a:08:65:af:17:c9:31:be:07:59:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 14 08:46:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72281a16f4891841bf11920eda2d0202ee5d5222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:54:c6:5b:2f:f1:33:2f:13:cc:d0:df:59:73:
                    d9:1c:b6:9b:65:38:7e:b7:bb:e5:d0:cd:8d:66:9b:
                    66:a9:71:49:3d:4e:16:c8:1f:5a:19:b1:15:c7:2d:
                    e0:27:b0:26:e3:8c:94:4e:02:79:45:06:ca:69:fc:
                    f7:0c:1b:c8:d0:14:f3:e2:81:00:1a:f7:24:3b:8e:
                    88:db:ad:f6:7d:ab:71:f5:a9:8d:75:b0:d0:d6:08:
                    43:3e:13:03:c4:dd:6e:0a:2f:04:0f:fd:c5:dd:cc:
                    5e:50:d9:7b:06:f2:c2:ed:7d:e9:ac:85:0f:02:b8:
                    0c:2e:11:5c:00:26:0b:5a:11:e3:64:86:3a:63:c9:
                    f3:57:c9:07:68:a5:bf:b9:72:f1:c7:a6:ec:e9:ab:
                    ed:9d:7f:cc:dd:96:38:2d:a3:e9:d0:e0:45:98:56:
                    06:a3:21:a8:51:9f:a1:e8:dd:e3:66:0f:50:c5:dd:
                    14:cd:7f:4a:67:66:f9:d8:99:87:22:a5:1b:13:fc:
                    e2:8d:ab:63:4f:db:40:fe:d5:37:77:ff:8f:80:21:
                    e7:77:df:52:a4:5a:04:0a:a6:bf:4a:f7:2a:9e:f5:
                    54:7a:a3:bf:48:cb:d6:7a:39:0e:44:8f:5a:74:8c:
                    ef:83:89:28:61:78:18:fc:93:57:85:bd:da:40:1c:
                    cc:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:28:1A:16:F4:89:18:41:BF:11:92:0E:DA:2D:02:02:EE:5D:52:22
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cigaFvSJGEG_EZIO2i0CAu5dUiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2030::/44

    Signature Algorithm: sha256WithRSAEncryption
         bd:a3:17:5d:17:33:48:cd:6f:ed:86:e5:28:67:b3:65:fd:16:
         b7:79:a3:7a:dd:cb:ec:c5:49:81:65:c1:00:fe:f2:5f:52:15:
         cc:af:75:ab:29:5f:17:55:45:52:40:92:ad:c8:43:ed:46:27:
         2e:7c:8e:c6:01:36:cd:eb:d7:6e:6a:44:83:58:83:e1:fb:af:
         14:bc:5a:8b:d2:96:0b:8e:c6:e8:63:56:c5:8b:bf:fd:c7:16:
         21:8c:f3:70:6c:e5:44:45:b4:41:60:9b:ae:e5:e7:50:d2:e6:
         7a:3d:9a:88:96:c8:ab:48:8a:cd:9f:be:6e:f4:be:27:de:1b:
         5b:69:98:77:ed:a7:e9:69:87:98:16:3b:fd:d4:21:55:7f:25:
         9d:bf:db:2a:0c:11:45:42:81:3c:ee:0e:2e:1d:fb:b5:dc:0b:
         bd:ab:0e:8c:0f:72:0b:0c:3f:ef:bf:93:71:05:f1:51:a3:1e:
         b9:fa:d0:c6:bd:c7:11:b7:4b:ee:d4:06:21:44:c0:8c:15:9e:
         26:91:04:c0:22:67:3c:34:29:65:e1:aa:67:8e:95:c8:6f:73:
         87:65:b7:70:f7:13:b0:a4:08:e8:9e:28:17:4a:fa:1f:38:28:
         7b:f7:17:95:53:cd:f2:a1:57:e4:c3:de:19:53:dd:70:a5:83:
         5a:fb:e5:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYnzOhxV9DoIZa8XyTG+B1ltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwODE0MDg0NjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjI4MWExNmY0ODkxODQxYmYxMTkyMGVkYTJkMDIwMmVlNWQ1MjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1TGWy/xMy8TzNDfWXPZHLabZTh+
t7vl0M2NZptmqXFJPU4WyB9aGbEVxy3gJ7Am44yUTgJ5RQbKafz3DBvI0BTz4oEA
GvckO46I2632fatx9amNdbDQ1ghDPhMDxN1uCi8ED/3F3cxeUNl7BvLC7X3prIUP
ArgMLhFcACYLWhHjZIY6Y8nzV8kHaKW/uXLxx6bs6avtnX/M3ZY4LaPp0OBFmFYG
oyGoUZ+h6N3jZg9Qxd0UzX9KZ2b52JmHIqUbE/zijatjT9tA/tU3d/+PgCHnd99S
pFoECqa/SvcqnvVUeqO/SMvWejkORI9adIzvg4koYXgY/JNXhb3aQBzMHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHIoGhb0iRhBvxGSDtotAgLuXVIiMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvY2lnYUZ2U0pHRUdfRVpJTzJpMENBdTVkVWlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xByAw
MA0GCSqGSIb3DQEBCwUAA4IBAQC9oxddFzNIzW/thuUoZ7Nl/Ra3eaN63cvsxUmB
ZcEA/vJfUhXMr3WrKV8XVUVSQJKtyEPtRicufI7GATbN69duakSDWIPh+68UvFqL
0pYLjsboY1bFi7/9xxYhjPNwbOVERbRBYJuu5edQ0uZ6PZqIlsirSIrNn75u9L4n
3htbaZh37afpaYeYFjv91CFVfyWdv9sqDBFFQoE87g4uHfu13Au9qw6MD3ILDD/v
v5NxBfFRox65+tDGvccRt0vu1AYhRMCMFZ4mkQTAImc8NCll4apnjpXIb3OHZbdw
9xOwpAjonigXSvofOCh79xeVU83yoVfkw94ZU91wpYNa++XV
-----END CERTIFICATE-----