Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/5429d8-f411-4692-b0a7-155fd0b43f9f/1/tiJLiyabzLUQNdPgJ8bDRE-9f6E.roa
File:                     tiJLiyabzLUQNdPgJ8bDRE-9f6E.roa (raw, json)
Hash identifier:          nZQ4ygnFUe5SwUYbLFElIYn5n5iJkMpIm6O38cby4h0=
Subject key identifier:   B6:22:4B:8B:26:9B:CC:B5:10:35:D3:E0:27:C6:C3:44:4F:BD:7F:A1
Certificate issuer:       /CN=d77796e16b565d727366986cc9ca9ca63d1a4e58
Certificate serial:       01924282EA4DE89F79A347AF572CBEFE6BDC
Authority key identifier: D7:77:96:E1:6B:56:5D:72:73:66:98:6C:C9:CA:9C:A6:3D:1A:4E:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/13eW4WtWXXJzZphsycqcpj0aTlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/5429d8-f411-4692-b0a7-155fd0b43f9f/1/tiJLiyabzLUQNdPgJ8bDRE-9f6E.roa
Signing time:             Mon 30 Sep 2024 10:38:48 +0000
ROA not before:           Mon 30 Sep 2024 10:38:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52148
IP address blocks:        37.26.104.0/21 maxlen: 21
                          91.204.208.0/22 maxlen: 22
                          91.238.160.0/22 maxlen: 22
                          91.238.164.0/23 maxlen: 23
                          185.73.8.0/24 maxlen: 24
                          185.73.10.0/24 maxlen: 24
                          185.73.11.0/24 maxlen: 24
                          193.33.186.0/23 maxlen: 23
                          193.105.61.0/24 maxlen: 24
                          213.5.176.0/22 maxlen: 22
                          213.5.180.0/22 maxlen: 22
                          2a00:c980::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 02 Oct 2024 06:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:82:ea:4d:e8:9f:79:a3:47:af:57:2c:be:fe:6b:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d77796e16b565d727366986cc9ca9ca63d1a4e58
        Validity
            Not Before: Sep 30 10:38:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6224b8b269bccb51035d3e027c6c3444fbd7fa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c0:c0:b7:06:f6:a2:b0:95:b9:c0:3d:80:eb:
                    d3:9c:2e:65:ed:34:3b:02:56:2a:3d:4c:0b:60:a0:
                    c7:76:5c:c1:b1:70:4e:63:5f:45:e8:01:b7:77:7e:
                    a4:7a:5f:2d:d4:95:3a:cd:43:b0:4e:fb:eb:d7:58:
                    4f:b2:f3:93:0b:a6:e7:79:8b:61:36:59:ca:69:9c:
                    ea:f3:f5:30:c5:bd:4f:11:bd:8c:ce:51:fc:8d:83:
                    fa:88:5c:84:45:02:76:28:57:6e:e5:e6:83:1a:5a:
                    7b:b5:4b:39:b8:0a:bc:ef:82:db:2b:9d:9a:e3:03:
                    12:db:09:77:f7:5c:24:29:38:fd:22:4d:2d:2e:8a:
                    46:c5:a9:bc:9a:c5:ef:ad:ec:fb:b7:6a:47:84:cf:
                    76:7d:2b:52:42:a5:48:d8:0d:49:9a:a3:c4:91:60:
                    c7:43:dc:3a:a5:bf:02:63:b6:90:ca:52:d8:a8:59:
                    ca:59:f5:78:25:4c:1c:25:0b:54:54:3c:ef:71:bd:
                    c3:f1:03:b3:ab:c6:06:b0:78:6b:26:6f:5e:c0:80:
                    60:ad:9a:5d:b1:43:ed:4b:84:23:20:50:53:2c:27:
                    a7:b2:75:df:46:45:15:af:2a:62:fc:31:67:1b:05:
                    ff:04:5f:a1:e6:a5:68:5e:91:f6:42:32:8d:6a:b4:
                    44:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:22:4B:8B:26:9B:CC:B5:10:35:D3:E0:27:C6:C3:44:4F:BD:7F:A1
            X509v3 Authority Key Identifier:
                keyid:D7:77:96:E1:6B:56:5D:72:73:66:98:6C:C9:CA:9C:A6:3D:1A:4E:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/13eW4WtWXXJzZphsycqcpj0aTlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/5429d8-f411-4692-b0a7-155fd0b43f9f/1/tiJLiyabzLUQNdPgJ8bDRE-9f6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/5429d8-f411-4692-b0a7-155fd0b43f9f/1/13eW4WtWXXJzZphsycqcpj0aTlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.26.104.0/21
                  91.204.208.0/22
                  91.238.160.0-91.238.165.255
                  185.73.8.0/24
                  185.73.10.0/23
                  193.33.186.0/23
                  193.105.61.0/24
                  213.5.176.0/21
                IPv6:
                  2a00:c980::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:1b:1d:f0:8e:bf:df:2e:d1:25:67:0b:c0:1b:c2:4e:ac:79:
         dd:60:b8:d4:01:d6:e2:9a:95:66:8a:26:68:71:87:f6:4c:41:
         39:63:2e:12:8d:56:bc:a2:a7:4b:3a:e5:51:7d:d1:fb:2d:47:
         a2:5b:cc:dc:66:06:39:73:92:9f:ec:46:7e:5e:5f:5a:c5:3e:
         42:48:7e:5a:37:10:10:b6:da:58:63:d5:30:ca:b7:0f:65:bd:
         0a:55:dd:97:7b:1a:3b:86:6f:0e:c1:f7:a2:19:dc:f0:9d:ff:
         4f:4b:56:81:3b:0e:7a:40:17:fe:af:29:69:60:f2:ce:68:14:
         6f:78:f0:c4:60:70:cf:0d:2b:66:99:f5:88:97:b6:30:0c:6c:
         4e:cc:14:84:64:c4:8d:87:c0:ab:ea:8f:96:15:ef:dc:ac:0f:
         6f:3f:45:f0:32:12:23:24:e2:7e:45:61:5f:98:5e:c0:98:7b:
         4f:c9:9e:cf:5f:49:e5:b0:6c:56:e6:37:64:59:54:c8:3b:a5:
         50:4f:a6:b5:7b:c3:51:97:12:12:63:27:56:61:e8:fe:c4:14:
         86:0e:9c:a5:5d:1f:95:55:d3:31:4c:96:f2:0d:f1:a1:4e:cc:
         5b:7b:f7:7e:5d:98:54:81:5e:0f:40:87:a2:7c:e2:4a:63:da:
         2b:be:e5:dd
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAZJCgupN6J95o0evVyy+/mvcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3Nzc5NmUxNmI1NjVkNzI3MzY2OTg2Y2M5Y2E5Y2E2M2Qx
YTRlNTgwHhcNMjQwOTMwMTAzODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjIyNGI4YjI2OWJjY2I1MTAzNWQzZTAyN2M2YzM0NDRmYmQ3ZmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMDAtwb2orCVucA9gOvTnC5l7TQ7
AlYqPUwLYKDHdlzBsXBOY19F6AG3d36kel8t1JU6zUOwTvvr11hPsvOTC6bneYth
NlnKaZzq8/Uwxb1PEb2MzlH8jYP6iFyERQJ2KFdu5eaDGlp7tUs5uAq874LbK52a
4wMS2wl391wkKTj9Ik0tLopGxam8msXvrez7t2pHhM92fStSQqVI2A1JmqPEkWDH
Q9w6pb8CY7aQylLYqFnKWfV4JUwcJQtUVDzvcb3D8QOzq8YGsHhrJm9ewIBgrZpd
sUPtS4QjIFBTLCensnXfRkUVrypi/DFnGwX/BF+h5qVoXpH2QjKNarRENwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLYiS4smm8y1EDXT4CfGw0RPvX+hMB8GA1UdIwQY
MBaAFNd3luFrVl1yc2aYbMnKnKY9Gk5YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTNlVzRXdFdYWEp6WnBoc3ljcWNwajBhVGxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My81NDI5ZDgtZjQxMS00NjkyLWIwYTct
MTU1ZmQwYjQzZjlmLzEvdGlKTGl5YWJ6TFVRTmRQZ0o4YkRSRS05ZjZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My81NDI5ZDgtZjQxMS00NjkyLWIwYTctMTU1ZmQwYjQzZjlm
LzEvMTNlVzRXdFdYWEp6WnBoc3ljcWNwajBhVGxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQDJRpoAwQC
W8zQMAwDBAVb7qADBAFb7qQDBAC5SQgDBAG5SQoDBAHBIboDBADBaT0DBAPVBbAw
DQQCAAIwBwMFAyoAyYAwDQYJKoZIhvcNAQELBQADggEBACMbHfCOv98u0SVnC8Ab
wk6sed1guNQB1uKalWaKJmhxh/ZMQTljLhKNVryip0s65VF90fstR6JbzNxmBjlz
kp/sRn5eX1rFPkJIflo3EBC22lhj1TDKtw9lvQpV3Zd7GjuGbw7B96IZ3PCd/09L
VoE7DnpAF/6vKWlg8s5oFG948MRgcM8NK2aZ9YiXtjAMbE7MFIRkxI2HwKvqj5YV
79ysD28/RfAyEiMk4n5FYV+YXsCYe0/Jns9fSeWwbFbmN2RZVMg7pVBPprV7w1GX
EhJjJ1Zh6P7EFIYOnKVdH5VV0zFMlvIN8aFOzFt7935dmFSBXg9Ah6J84kpj2iu+
5d0=
-----END CERTIFICATE-----