Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/H8fgHUw7iQsikMtW7eu52weJHWQ.roa
File:                     H8fgHUw7iQsikMtW7eu52weJHWQ.roa (raw, json)
Hash identifier:          k5Fy6wihyfmviStjiwKGOZfvYrBWctsBpgB99ELOVlw=
Subject key identifier:   1F:C7:E0:1D:4C:3B:89:0B:22:90:CB:56:ED:EB:B9:DB:07:89:1D:64
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       01928D0250B677274F7835A6260883ACDF06
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/H8fgHUw7iQsikMtW7eu52weJHWQ.roa
Signing time:             Mon 14 Oct 2024 21:49:52 +0000
ROA not before:           Mon 14 Oct 2024 21:49:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3319
IP address blocks:        77.47.148.0/22 maxlen: 24
                          77.47.212.0/23 maxlen: 24
                          77.47.240.0/23 maxlen: 24
                          185.143.56.0/22 maxlen: 24
                          195.178.132.0/24 maxlen: 24
                          195.178.133.0/24 maxlen: 24
                          195.178.134.0/24 maxlen: 24
                          195.178.135.0/24 maxlen: 24
                          195.178.144.0/23 maxlen: 23
                          195.178.146.0/24 maxlen: 24
                          195.178.147.0/24 maxlen: 24
                          195.178.152.0/22 maxlen: 22
                          195.178.156.0/24 maxlen: 24
                          212.111.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 31 Oct 2024 15:48:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8d:02:50:b6:77:27:4f:78:35:a6:26:08:83:ac:df:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Oct 14 21:49:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fc7e01d4c3b890b2290cb56edebb9db07891d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:82:42:dc:d5:42:3e:68:78:4e:89:5f:a9:ea:
                    8f:f8:e6:38:ce:a3:f1:d7:3e:41:38:ef:4a:65:2c:
                    38:a3:a5:ff:3a:fc:98:0c:b1:92:f2:d2:6b:f7:97:
                    9d:bd:26:81:23:3d:c2:f8:15:81:b4:22:3c:76:a6:
                    70:27:68:bf:2c:e3:b3:46:64:ec:ba:1a:dc:32:30:
                    26:dc:4a:50:80:8c:4a:93:6d:58:c6:f7:a0:21:b2:
                    a6:c5:fb:5d:c5:85:55:6c:76:5e:c0:3a:85:db:d3:
                    1e:a0:57:61:9c:56:78:c9:96:ea:6f:c7:59:f0:89:
                    b8:29:4b:20:13:cc:65:fa:fe:53:cd:55:e9:8f:1d:
                    ad:7b:ce:0c:a7:11:d8:5c:b4:cd:6c:93:36:88:b2:
                    ff:5c:b8:c5:9c:6b:87:fb:0b:55:89:f1:e4:53:67:
                    41:12:a6:08:cf:55:94:40:3b:d1:52:66:80:c5:21:
                    00:57:2a:3f:36:12:60:7f:d6:e1:65:37:31:3d:4c:
                    37:57:7a:42:4b:cc:f8:90:29:8c:51:b0:74:ff:3c:
                    60:2c:82:5b:7d:03:65:04:17:1d:04:0f:a2:06:00:
                    4f:7b:ad:2e:b3:87:ad:4c:89:9f:d4:fe:35:ed:46:
                    d6:cd:fc:d7:03:9d:a0:d9:14:28:06:d8:3a:d3:cf:
                    cf:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:C7:E0:1D:4C:3B:89:0B:22:90:CB:56:ED:EB:B9:DB:07:89:1D:64
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/H8fgHUw7iQsikMtW7eu52weJHWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.148.0/22
                  77.47.212.0/23
                  77.47.240.0/23
                  185.143.56.0/22
                  195.178.132.0/22
                  195.178.144.0/22
                  195.178.152.0-195.178.156.255
                  212.111.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:38:cf:aa:f8:a4:bb:3c:db:77:b7:1e:43:fc:ed:1f:6a:e8:
         6b:96:11:8d:05:78:a7:bf:51:3a:c3:eb:c3:89:61:63:8b:04:
         34:68:f9:1c:0b:41:5a:61:6c:e4:80:e2:87:6a:44:7d:cc:cc:
         a7:c1:65:fc:70:af:81:59:eb:56:72:93:92:3d:31:6a:a3:2b:
         5c:60:bf:a4:4d:b2:f0:7a:2e:0b:20:e7:4c:83:30:ba:70:85:
         b6:8c:05:c9:d4:4b:7e:3a:6a:32:9d:02:7b:75:e5:76:50:ce:
         c9:de:11:6c:da:dc:36:3c:18:44:e4:43:b3:fa:b3:6c:2b:6d:
         a8:7e:81:cd:de:94:99:76:48:1f:f5:db:f2:05:80:17:bb:a8:
         f8:c6:76:fb:e4:44:df:18:75:bc:92:39:04:b1:f0:22:2c:ab:
         fe:e9:67:6f:1b:74:cc:dd:eb:8d:60:06:d2:1a:ec:63:03:cf:
         97:b5:d9:bc:05:39:6d:3c:32:59:45:89:23:63:aa:03:5d:c8:
         0d:8e:ff:44:26:d1:7e:3e:d3:be:37:07:a2:c1:cb:de:e8:f7:
         10:7a:25:41:da:71:37:ce:67:7d:d3:91:76:06:b0:35:bb:83:
         9f:bc:6e:5f:e4:de:82:14:df:d8:6a:7d:37:a3:ec:9d:80:2d:
         e7:6f:91:d9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZKNAlC2dydPeDWmJgiDrN8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQxMDE0MjE0OTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmM3ZTAxZDRjM2I4OTBiMjI5MGNiNTZlZGViYjlkYjA3ODkxZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIJC3NVCPmh4TolfqeqP+OY4zqPx
1z5BOO9KZSw4o6X/OvyYDLGS8tJr95edvSaBIz3C+BWBtCI8dqZwJ2i/LOOzRmTs
uhrcMjAm3EpQgIxKk21YxvegIbKmxftdxYVVbHZewDqF29MeoFdhnFZ4yZbqb8dZ
8Im4KUsgE8xl+v5TzVXpjx2te84MpxHYXLTNbJM2iLL/XLjFnGuH+wtVifHkU2dB
EqYIz1WUQDvRUmaAxSEAVyo/NhJgf9bhZTcxPUw3V3pCS8z4kCmMUbB0/zxgLIJb
fQNlBBcdBA+iBgBPe60us4etTImf1P417UbWzfzXA52g2RQoBtg608/P5wIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFB/H4B1MO4kLIpDLVu3rudsHiR1kMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvSDhmZ0hVdzdpUXNpa010VzdldTUyd2VKSFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCTS+UAwQB
TS/UAwQBTS/wAwQCuY84AwQCw7KEAwQCw7KQMAwDBAPDspgDBADDspwDBADUb88w
DQYJKoZIhvcNAQELBQADggEBAA04z6r4pLs823e3HkP87R9q6GuWEY0FeKe/UTrD
68OJYWOLBDRo+RwLQVphbOSA4odqRH3MzKfBZfxwr4FZ61Zyk5I9MWqjK1xgv6RN
svB6Lgsg50yDMLpwhbaMBcnUS346ajKdAnt15XZQzsneEWza3DY8GETkQ7P6s2wr
bah+gc3elJl2SB/12/IFgBe7qPjGdvvkRN8YdbySOQSx8CIsq/7pZ28bdMzd641g
BtIa7GMDz5e12bwFOW08MllFiSNjqgNdyA2O/0Qm0X4+0743B6LBy97o9xB6JUHa
cTfOZ33TkXYGsDW7g5+8bl/k3oIU39hqfTej7J2ALedvkdk=
-----END CERTIFICATE-----