Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/4wZX-hfqCndLzA9opNQmhR8u8dk.roa
File:                     4wZX-hfqCndLzA9opNQmhR8u8dk.roa (raw, json)
Hash identifier:          z1rN3Mm0BZBwClTuAq6v/LJoJ8YmQ8t7bi4zot0Czmk=
Subject key identifier:   E3:06:57:FA:17:EA:0A:77:4B:CC:0F:68:A4:D4:26:85:1F:2E:F1:D9
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018E2D353392F1C3BB6442D474DB034235C5
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/4wZX-hfqCndLzA9opNQmhR8u8dk.roa
Signing time:             Mon 11 Mar 2024 11:10:45 +0000
ROA not before:           Mon 11 Mar 2024 11:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.143.0/24 maxlen: 24
                          77.47.156.0/24 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.141.0/24 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.147.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          212.111.207.0/24 maxlen: 24
                          212.111.216.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 20:41:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:35:33:92:f1:c3:bb:64:42:d4:74:db:03:42:35:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Mar 11 11:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e30657fa17ea0a774bcc0f68a4d426851f2ef1d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:10:26:ae:39:ca:4e:92:5c:f1:90:9e:c4:eb:
                    04:29:74:8e:f0:2e:2d:46:fc:9d:67:c1:cd:dc:60:
                    3c:a1:6a:46:87:1c:15:02:9c:26:3e:73:50:0a:a4:
                    ea:93:85:e2:af:56:ef:3d:72:69:ca:e0:70:a6:99:
                    ed:62:81:0d:b4:c0:77:d2:05:30:e8:76:27:f4:0c:
                    6d:a5:c0:39:ed:21:5d:de:6a:4d:47:4d:27:70:c9:
                    c8:77:f6:d4:3f:0a:3a:29:6b:89:8c:01:97:ae:06:
                    86:f7:45:42:3e:5c:f2:67:32:38:1d:f6:e2:c0:6a:
                    bf:eb:ff:ad:f5:c6:48:28:30:8b:48:b9:b6:33:75:
                    0a:ab:9a:1e:4f:48:c6:bb:b4:22:15:50:16:45:97:
                    19:e5:28:79:b9:cf:8b:36:1a:3a:ee:ef:61:f0:2b:
                    ca:f1:ba:b2:53:b8:27:cd:cc:92:5e:82:be:49:7a:
                    2b:0f:e0:48:3a:30:46:12:84:68:c6:c0:79:51:07:
                    df:5a:74:bd:1b:23:f2:0c:48:7e:2b:08:2b:dc:ea:
                    d0:34:97:ae:cb:54:38:93:e6:5d:2a:d4:b2:13:01:
                    73:6e:fc:df:2f:5a:1e:a2:26:33:d3:31:b2:15:04:
                    70:7f:c9:8b:8c:5d:35:8d:68:a0:5a:00:c5:ed:df:
                    c3:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:06:57:FA:17:EA:0A:77:4B:CC:0F:68:A4:D4:26:85:1F:2E:F1:D9
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/4wZX-hfqCndLzA9opNQmhR8u8dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.143.0/24
                  77.47.156.0/24
                  185.143.56.0/22
                  195.178.141.0/24
                  195.178.144.0/23
                  195.178.147.0/24
                  195.178.152.0/22
                  212.111.207.0/24
                  212.111.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cd:5f:e4:52:ca:fa:0a:75:49:7e:d9:b8:9b:7f:51:61:5e:40:
         68:3e:f6:c8:6a:97:0c:b9:3b:1f:0b:69:d2:81:e9:52:c0:13:
         7c:70:ee:a4:04:ac:7c:c5:6e:30:90:1e:6c:04:df:d5:99:b9:
         3a:b4:29:d5:92:40:18:18:72:30:23:e8:96:32:32:73:62:b0:
         0d:47:75:8d:d2:92:a7:33:77:f6:73:eb:38:a0:e4:3b:b3:14:
         83:d0:f4:ab:ba:ca:75:c7:c0:7b:6d:8a:ab:f5:ee:27:1a:31:
         e9:46:6f:3e:d7:8f:f1:58:25:6f:03:be:c7:dd:fc:e3:23:c9:
         d5:11:f8:9d:22:3e:74:bc:01:d6:84:ef:5b:ea:58:b3:5f:c1:
         65:46:fa:b9:5c:28:17:3d:1c:17:68:9e:6a:6f:78:b6:8f:dc:
         1c:20:58:cf:af:84:a1:ab:11:db:10:14:65:65:8b:7a:44:b2:
         9a:d5:46:76:74:5f:fd:9b:d6:17:8f:57:70:48:70:46:e1:26:
         26:d5:9a:e1:b6:3c:09:8c:d3:9c:3e:83:92:82:59:79:ce:8f:
         28:1c:33:84:0e:49:c1:8f:25:bb:cb:cc:9a:ba:70:c2:76:f6:
         89:a6:a9:fa:42:4c:ee:84:1b:d9:85:b4:31:4b:b6:59:0d:55:
         15:8a:7b:ed
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY4tNTOS8cO7ZELUdNsDQjXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMzExMTExMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzA2NTdmYTE3ZWEwYTc3NGJjYzBmNjhhNGQ0MjY4NTFmMmVmMWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRAmrjnKTpJc8ZCexOsEKXSO8C4t
RvydZ8HN3GA8oWpGhxwVApwmPnNQCqTqk4Xir1bvPXJpyuBwppntYoENtMB30gUw
6HYn9AxtpcA57SFd3mpNR00ncMnId/bUPwo6KWuJjAGXrgaG90VCPlzyZzI4Hfbi
wGq/6/+t9cZIKDCLSLm2M3UKq5oeT0jGu7QiFVAWRZcZ5Sh5uc+LNho67u9h8CvK
8bqyU7gnzcySXoK+SXorD+BIOjBGEoRoxsB5UQffWnS9GyPyDEh+Kwgr3OrQNJeu
y1Q4k+ZdKtSyEwFzbvzfL1oeoiYz0zGyFQRwf8mLjF01jWigWgDF7d/D0QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFOMGV/oX6gp3S8wPaKTUJoUfLvHZMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvNHdaWC1oZnFDbmRMekE5b3BOUW1oUjh1OGRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQATS+PAwQA
TS+cAwQCuY84AwQAw7KNAwQBw7KQAwQAw7KTAwQCw7KYAwQA1G/PAwQB1G/YMA0G
CSqGSIb3DQEBCwUAA4IBAQDNX+RSyvoKdUl+2bibf1FhXkBoPvbIapcMuTsfC2nS
gelSwBN8cO6kBKx8xW4wkB5sBN/Vmbk6tCnVkkAYGHIwI+iWMjJzYrANR3WN0pKn
M3f2c+s4oOQ7sxSD0PSrusp1x8B7bYqr9e4nGjHpRm8+14/xWCVvA77H3fzjI8nV
EfidIj50vAHWhO9b6lizX8FlRvq5XCgXPRwXaJ5qb3i2j9wcIFjPr4ShqxHbEBRl
ZYt6RLKa1UZ2dF/9m9YXj1dwSHBG4SYm1ZrhtjwJjNOcPoOSgll5zo8oHDOEDknB
jyW7y8yaunDCdvaJpqn6QkzuhBvZhbQxS7ZZDVUVinvt
-----END CERTIFICATE-----