Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lDNa5UFyWP6HkZ4KU4ePXZnMHjU.roa
File:                     lDNa5UFyWP6HkZ4KU4ePXZnMHjU.roa (raw, json)
Hash identifier:          nSgGtr3N0Vu21rppo3PRvqSiTI50hfa7tN8tcvKcR7Y=
Subject key identifier:   94:33:5A:E5:41:72:58:FE:87:91:9E:0A:53:87:8F:5D:99:CC:1E:35
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018FDF311C8F94EFF38EB39AD69D7CA4B3D2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lDNa5UFyWP6HkZ4KU4ePXZnMHjU.roa
Signing time:             Mon 03 Jun 2024 17:41:28 +0000
ROA not before:           Mon 03 Jun 2024 17:41:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.50.111.0/24 maxlen: 24
                          2a06:de00:10::/48 maxlen: 48
                          2a0e:97c0:411::/48 maxlen: 48
                          2a0e:97c0:8e0::/48 maxlen: 48
                          2a0e:b107:19a0::/48 maxlen: 48
                          2a0e:b107:1a63::/48 maxlen: 48
                          2a0e:b107:1a64::/48 maxlen: 48
                          2a0e:b107:2880::/46 maxlen: 48

Validation:               Failed, certificate revoked on Thu 20 Jun 2024 22:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:df:31:1c:8f:94:ef:f3:8e:b3:9a:d6:9d:7c:a4:b3:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun  3 17:41:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94335ae5417258fe87919e0a53878f5d99cc1e35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:13:ec:43:5a:86:8c:20:8e:46:4d:91:2c:c1:
                    6e:3f:3a:09:a3:9d:91:dd:34:ef:45:1e:c9:7d:a6:
                    a9:31:54:c5:c5:65:ae:11:0d:55:70:df:0f:5c:ac:
                    52:bd:cb:1b:6b:4f:27:a3:dd:35:6a:18:8c:1c:fa:
                    1e:3a:30:ab:e7:cc:c0:ab:75:c9:fa:66:74:43:a9:
                    fc:96:a7:70:a6:d3:a1:94:6e:38:a9:a8:46:31:f8:
                    a4:c2:08:5e:f4:d7:7c:58:4d:19:0d:ca:02:d6:44:
                    90:13:05:bb:d5:b8:01:26:67:53:a0:73:31:a5:1a:
                    9d:e6:1f:51:21:49:ca:17:c4:bb:73:e5:f1:d2:11:
                    bb:bf:ec:0a:86:dd:a6:68:f0:7a:84:fd:c2:f6:2a:
                    37:05:35:8c:a8:8e:52:cf:e3:09:32:28:a7:3d:4a:
                    04:7d:15:9a:15:33:30:31:f5:48:30:9f:7b:36:ec:
                    0f:b5:2c:d3:22:97:3c:51:c4:e6:ef:05:cd:6e:c8:
                    d6:90:a7:3d:69:6f:5d:fb:fa:a1:2c:43:27:b0:6c:
                    42:9c:83:17:b4:af:f5:a6:ad:e7:0e:00:9f:9b:ec:
                    53:be:7a:80:84:61:bd:1f:6e:c5:59:28:cf:9b:72:
                    ed:ba:e5:b6:fe:08:f2:6b:c2:84:e4:7e:3c:2e:91:
                    8a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:33:5A:E5:41:72:58:FE:87:91:9E:0A:53:87:8F:5D:99:CC:1E:35
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lDNa5UFyWP6HkZ4KU4ePXZnMHjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.111.0/24
                IPv6:
                  2a06:de00:10::/48
                  2a0e:97c0:411::/48
                  2a0e:97c0:8e0::/48
                  2a0e:b107:19a0::/48
                  2a0e:b107:1a63::-2a0e:b107:1a64:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:2880::/46

    Signature Algorithm: sha256WithRSAEncryption
         8e:e3:d7:5d:b7:a0:c6:a8:4a:af:80:de:cf:4e:06:b1:e7:0c:
         81:53:ae:ef:7d:3e:e3:5b:60:17:b8:5e:40:56:c3:d2:d5:67:
         f3:24:88:2d:17:fb:a6:91:b7:aa:a1:cd:e4:89:fe:cf:5e:5c:
         ef:70:93:c7:7b:f7:ac:11:32:e7:df:05:13:36:1d:c6:03:b1:
         4d:d5:1c:d5:c1:6e:0c:4f:77:e6:0c:b4:d8:92:b9:8d:15:d5:
         4a:20:89:82:5e:83:33:b9:c9:d0:1b:19:cc:98:17:2f:fc:60:
         03:01:15:50:d8:26:a4:39:d1:42:48:b5:57:cd:6e:41:5b:e7:
         a4:7c:e7:a7:24:a8:99:77:db:fb:9f:b0:04:4d:1f:4c:bd:b5:
         ea:31:5c:ef:9b:d8:e3:f0:53:b9:11:61:5a:07:80:c1:b5:23:
         82:74:bd:31:8f:59:00:8f:99:14:c2:94:d3:28:0f:ed:9c:a2:
         a1:94:b4:75:af:f8:d4:93:1a:a8:77:a5:59:bd:00:d3:17:74:
         a2:25:16:da:91:06:2c:75:60:39:05:3c:15:b2:29:b1:65:40:
         ca:e5:57:c5:9c:e0:e9:9e:81:2b:f5:58:1c:87:0b:34:d9:b9:
         d8:d8:cd:bd:f5:05:eb:95:dd:2f:26:5c:7b:bf:7d:b7:80:64:
         44:0f:46:2c
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAY/fMRyPlO/zjrOa1p18pLPSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNjAzMTc0MTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDMzNWFlNTQxNzI1OGZlODc5MTllMGE1Mzg3OGY1ZDk5Y2MxZTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hPsQ1qGjCCORk2RLMFuPzoJo52R
3TTvRR7JfaapMVTFxWWuEQ1VcN8PXKxSvcsba08no901ahiMHPoeOjCr58zAq3XJ
+mZ0Q6n8lqdwptOhlG44qahGMfikwghe9Nd8WE0ZDcoC1kSQEwW71bgBJmdToHMx
pRqd5h9RIUnKF8S7c+Xx0hG7v+wKht2maPB6hP3C9io3BTWMqI5Sz+MJMiinPUoE
fRWaFTMwMfVIMJ97NuwPtSzTIpc8UcTm7wXNbsjWkKc9aW9d+/qhLEMnsGxCnIMX
tK/1pq3nDgCfm+xTvnqAhGG9H27FWSjPm3LtuuW2/gjya8KE5H48LpGKYQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFJQzWuVBclj+h5GeClOHj12ZzB41MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbEROYTVVRnlXUDZIa1o0S1U0ZVBYWm5NSGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzAMBAIAATAGAwQAwjJvMEcE
AgACMEEDBwAqBt4AABADBwAqDpfABBEDBwAqDpfACOADBwAqDrEHGaAwEgMHACoO
sQcaYwMHACoOsQcaZAMHAioOsQcogDANBgkqhkiG9w0BAQsFAAOCAQEAjuPXXbeg
xqhKr4Dez04GsecMgVOu730+41tgF7heQFbD0tVn8ySILRf7ppG3qqHN5In+z15c
73CTx3v3rBEy598FEzYdxgOxTdUc1cFuDE935gy02JK5jRXVSiCJgl6DM7nJ0BsZ
zJgXL/xgAwEVUNgmpDnRQki1V81uQVvnpHznpySomXfb+5+wBE0fTL216jFc75vY
4/BTuRFhWgeAwbUjgnS9MY9ZAI+ZFMKU0ygP7ZyioZS0da/41JMaqHelWb0A0xd0
oiUW2pEGLHVgOQU8FbIpsWVAyuVXxZzg6Z6BK/VYHIcLNNm52NjNvfUF65XdLyZc
e799t4BkRA9GLA==
-----END CERTIFICATE-----