Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/ltCy19jDLXKoGUtEBmbuvDNO7Ek.roa
File:                     ltCy19jDLXKoGUtEBmbuvDNO7Ek.roa (raw, json)
Hash identifier:          7tQyZTpZG0HrWnfH/tcJn+tBbSPf2uLBh0wouAGN1Ps=
Subject key identifier:   96:D0:B2:D7:D8:C3:2D:72:A8:19:4B:44:06:66:EE:BC:33:4E:EC:49
Certificate issuer:       /CN=0f0f9f044e2b929878d747c5ffbb80ad10e3d6bd
Certificate serial:       018CC56EF38016E962B57A92E4253885B23C
Authority key identifier: 0F:0F:9F:04:4E:2B:92:98:78:D7:47:C5:FF:BB:80:AD:10:E3:D6:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dw-fBE4rkph410fF_7uArRDj1r0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/ltCy19jDLXKoGUtEBmbuvDNO7Ek.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201589
IP address blocks:        5.101.71.0/24 maxlen: 24
                          185.238.152.0/24 maxlen: 24
                          185.238.153.0/24 maxlen: 24
                          185.238.155.0/24 maxlen: 24
                          185.238.154.0/24 maxlen: 24
                          5.101.37.0/24 maxlen: 24
                          5.101.38.0/24 maxlen: 24
                          5.101.36.0/24 maxlen: 24
                          5.101.39.0/24 maxlen: 24
                          31.184.233.0/24 maxlen: 24
                          31.184.232.0/24 maxlen: 24
                          31.184.235.0/24 maxlen: 24
                          31.184.234.0/24 maxlen: 24
                          2a13:1ec0::/44 maxlen: 44
                          2a13:1ec0:1010::/44 maxlen: 44
                          2a13:1ec0:1000::/44 maxlen: 44

Validation:               Failed, certificate revoked on Fri 12 Jan 2024 14:52:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f3:80:16:e9:62:b5:7a:92:e4:25:38:85:b2:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f0f9f044e2b929878d747c5ffbb80ad10e3d6bd
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96d0b2d7d8c32d72a8194b440666eebc334eec49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:23:77:bf:8f:73:5e:f6:8e:2c:82:f7:56:a6:
                    94:fd:ed:b5:03:da:b8:8f:33:49:88:ab:d5:4d:8b:
                    78:91:a0:9e:b3:a6:94:fe:a6:3b:ee:2f:53:65:4d:
                    57:89:d0:be:41:e3:72:c1:37:44:5b:e2:fd:bb:81:
                    01:60:0e:8d:7b:8e:53:4f:6f:63:39:1a:84:59:5a:
                    c8:9a:db:6a:f7:30:8a:b7:b9:11:cf:70:d6:f6:8e:
                    ea:83:98:8c:29:0c:fc:f4:bc:e6:52:66:00:de:19:
                    b3:ed:e0:d9:3b:19:a4:b4:0b:62:e2:c0:cf:0e:56:
                    69:15:4b:37:00:2c:af:d0:09:89:90:88:25:e9:7b:
                    33:19:30:02:89:fe:a6:f3:93:e3:40:44:e4:99:63:
                    88:94:b2:2f:7d:58:02:77:50:14:6b:65:b8:d9:92:
                    03:63:29:2c:93:c4:8a:08:75:a9:ba:fb:08:dc:dd:
                    cd:71:5c:bd:40:8f:90:ab:36:f8:44:21:46:d3:ea:
                    fe:64:2a:fc:73:f2:dc:4f:32:91:d1:07:61:9a:f8:
                    1b:aa:29:ce:a7:d0:59:92:09:81:8e:96:37:12:d2:
                    31:30:b5:ee:19:09:c4:d3:e8:92:eb:84:c8:17:5a:
                    87:58:d9:cf:16:50:f3:e8:70:7c:c3:ad:ac:16:9d:
                    ab:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:D0:B2:D7:D8:C3:2D:72:A8:19:4B:44:06:66:EE:BC:33:4E:EC:49
            X509v3 Authority Key Identifier:
                keyid:0F:0F:9F:04:4E:2B:92:98:78:D7:47:C5:FF:BB:80:AD:10:E3:D6:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dw-fBE4rkph410fF_7uArRDj1r0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/ltCy19jDLXKoGUtEBmbuvDNO7Ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/93d460-368c-46d7-8e7a-cdbd3b6ce777/1/Dw-fBE4rkph410fF_7uArRDj1r0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.36.0/22
                  5.101.71.0/24
                  31.184.232.0/22
                  185.238.152.0/22
                IPv6:
                  2a13:1ec0::/44
                  2a13:1ec0:1000::/43

    Signature Algorithm: sha256WithRSAEncryption
         27:ec:07:e2:e3:08:1b:b9:e6:e2:f8:58:62:51:20:50:c8:60:
         9c:02:fa:0e:eb:2f:3a:98:2b:e7:ff:d5:34:bb:05:2a:d5:74:
         7f:da:8f:32:ec:12:48:cb:71:74:46:5a:0b:4d:de:b3:49:17:
         cb:06:cd:8c:51:74:e4:70:6c:3b:09:57:00:cc:7f:4b:76:06:
         26:30:52:69:68:8b:db:2d:25:fb:89:22:d3:28:35:2f:92:13:
         86:bd:f8:72:85:ea:a1:3d:f6:00:45:98:9e:ba:7c:b1:fe:8f:
         e3:fb:0e:d6:b4:26:80:40:7d:2d:64:6d:50:02:54:3c:4a:bc:
         1e:5b:6b:40:8c:eb:ee:b5:50:17:fb:97:08:30:84:10:90:37:
         56:fb:36:43:d7:6a:02:cd:fe:81:b0:d1:b4:57:a2:7c:0a:e5:
         1a:b5:71:f6:65:13:dd:b3:5d:07:a7:34:f0:7d:16:91:76:eb:
         cf:02:b1:8c:49:0a:33:ad:bf:af:b1:53:38:89:57:6e:d3:f6:
         ce:e7:0a:d9:6e:51:af:38:f4:a6:03:bf:ef:92:62:b8:f2:43:
         ea:2f:44:2a:1b:f8:1e:64:25:88:b9:f3:c4:05:6e:07:82:81:
         f4:79:9d:16:fa:55:5d:be:03:e6:2f:4c:8c:4b:50:c9:99:ad:
         cc:40:0a:10
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzFbvOAFulitXqS5CU4hbI8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMGY5ZjA0NGUyYjkyOTg3OGQ3NDdjNWZmYmI4MGFkMTBl
M2Q2YmQwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmQwYjJkN2Q4YzMyZDcyYTgxOTRiNDQwNjY2ZWViYzMzNGVlYzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiN3v49zXvaOLIL3VqaU/e21A9q4
jzNJiKvVTYt4kaCes6aU/qY77i9TZU1XidC+QeNywTdEW+L9u4EBYA6Ne45TT29j
ORqEWVrImttq9zCKt7kRz3DW9o7qg5iMKQz89LzmUmYA3hmz7eDZOxmktAti4sDP
DlZpFUs3ACyv0AmJkIgl6XszGTACif6m85PjQETkmWOIlLIvfVgCd1AUa2W42ZID
Yyksk8SKCHWpuvsI3N3NcVy9QI+Qqzb4RCFG0+r+ZCr8c/LcTzKR0QdhmvgbqinO
p9BZkgmBjpY3EtIxMLXuGQnE0+iS64TIF1qHWNnPFlDz6HB8w62sFp2r7QIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFJbQstfYwy1yqBlLRAZm7rwzTuxJMB8GA1UdIwQY
MBaAFA8PnwROK5KYeNdHxf+7gK0Q49a9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHctZkJFNHJrcGg0MTBmRl83dUFyUkRqMXIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85M2Q0NjAtMzY4Yy00NmQ3LThlN2Et
Y2RiZDNiNmNlNzc3LzEvbHRDeTE5akRMWEtvR1V0RUJtYnV2RE5PN0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85M2Q0NjAtMzY4Yy00NmQ3LThlN2EtY2RiZDNiNmNlNzc3
LzEvRHctZkJFNHJrcGg0MTBmRl83dUFyUkRqMXIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAeBAIAATAYAwQCBWUkAwQA
BWVHAwQCH7joAwQCue6YMBgEAgACMBIDBwQqEx7AAAADBwUqEx7AEAAwDQYJKoZI
hvcNAQELBQADggEBACfsB+LjCBu55uL4WGJRIFDIYJwC+g7rLzqYK+f/1TS7BSrV
dH/ajzLsEkjLcXRGWgtN3rNJF8sGzYxRdORwbDsJVwDMf0t2BiYwUmloi9stJfuJ
ItMoNS+SE4a9+HKF6qE99gBFmJ66fLH+j+P7Dta0JoBAfS1kbVACVDxKvB5ba0CM
6+61UBf7lwgwhBCQN1b7NkPXagLN/oGw0bRXonwK5Rq1cfZlE92zXQenNPB9FpF2
688CsYxJCjOtv6+xUziJV27T9s7nCtluUa849KYDv++SYrjyQ+ovRCob+B5kJYi5
88QFbgeCgfR5nRb6VV2+A+YvTIxLUMmZrcxAChA=
-----END CERTIFICATE-----