Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/xjuxb9_LbHne--CyyAppsyaG4x8.roa
File:                     xjuxb9_LbHne--CyyAppsyaG4x8.roa (raw, json)
Hash identifier:          xdfDBZcdVsrcW0CHebUhJrdTjMUuHZOzZj29vXmJtDM=
Subject key identifier:   C6:3B:B1:6F:DF:CB:6C:79:DE:FB:E0:B2:C8:0A:69:B3:26:86:E3:1F
Certificate issuer:       /CN=7fcad89df1bf99a36f290cc3ef0f1e7b4d027533
Certificate serial:       018F7C4B12ED440A2B3662B2345E2F51C52B
Authority key identifier: 7F:CA:D8:9D:F1:BF:99:A3:6F:29:0C:C3:EF:0F:1E:7B:4D:02:75:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f8rYnfG_maNvKQzD7w8ee00CdTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/xjuxb9_LbHne--CyyAppsyaG4x8.roa
Signing time:             Wed 15 May 2024 12:47:25 +0000
ROA not before:           Wed 15 May 2024 12:47:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211381
IP address blocks:        5.8.248.0/24 maxlen: 24
                          62.233.53.0/24 maxlen: 24
                          109.107.157.0/24 maxlen: 24
                          185.229.251.0/24 maxlen: 24
                          185.237.165.0/24 maxlen: 24
                          185.241.61.0/24 maxlen: 24
                          185.251.25.0/24 maxlen: 24
                          193.3.168.0/24 maxlen: 24
                          193.169.105.0/24 maxlen: 24
                          194.15.46.0/24 maxlen: 24
                          194.26.232.0/24 maxlen: 24
                          194.62.105.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 26 May 2024 18:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7c:4b:12:ed:44:0a:2b:36:62:b2:34:5e:2f:51:c5:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fcad89df1bf99a36f290cc3ef0f1e7b4d027533
        Validity
            Not Before: May 15 12:47:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c63bb16fdfcb6c79defbe0b2c80a69b32686e31f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ad:93:0f:d5:66:43:3b:2b:5f:c6:7c:e5:d1:
                    47:13:43:6e:ac:23:88:6b:51:cf:79:cf:2d:c5:ae:
                    14:a8:74:1c:c4:54:16:0f:d5:db:af:1f:b1:13:28:
                    9f:70:83:3c:d3:bc:b3:9a:6f:5a:f9:37:b9:24:bc:
                    eb:b2:16:f9:84:aa:27:6c:00:d5:4e:8a:a1:b8:9d:
                    4d:c8:60:73:70:59:59:07:27:af:4b:c5:1d:ed:2e:
                    05:5d:b2:6f:7e:11:8e:f4:d2:db:37:50:b9:8c:6d:
                    01:80:bb:75:2d:df:00:7f:6a:a8:f3:9e:8e:30:be:
                    0a:cb:46:52:f6:e1:48:2a:ab:b7:34:92:a5:21:d8:
                    26:ff:d7:40:a2:4f:af:45:61:13:8f:92:bc:7d:18:
                    b0:d7:e6:3d:cc:7d:4f:a0:7d:cc:0a:9d:51:5c:84:
                    09:de:65:6c:61:0e:02:a1:ab:7a:e2:59:d3:1f:9b:
                    cf:f3:08:07:b8:06:b3:66:f0:59:18:fd:e2:1b:4b:
                    48:e8:26:fa:c1:d8:ec:29:66:9e:f0:b5:53:d2:34:
                    a3:84:36:da:07:16:1d:29:40:d4:23:e6:e3:83:c7:
                    c3:77:55:ce:2c:3c:33:1f:ab:64:10:a2:f1:b9:a1:
                    1a:59:a6:4a:6c:32:9b:3a:77:bb:db:4a:fc:7e:cb:
                    26:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3B:B1:6F:DF:CB:6C:79:DE:FB:E0:B2:C8:0A:69:B3:26:86:E3:1F
            X509v3 Authority Key Identifier:
                keyid:7F:CA:D8:9D:F1:BF:99:A3:6F:29:0C:C3:EF:0F:1E:7B:4D:02:75:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8rYnfG_maNvKQzD7w8ee00CdTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/xjuxb9_LbHne--CyyAppsyaG4x8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/f8rYnfG_maNvKQzD7w8ee00CdTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.248.0/24
                  62.233.53.0/24
                  109.107.157.0/24
                  185.229.251.0/24
                  185.237.165.0/24
                  185.241.61.0/24
                  185.251.25.0/24
                  193.3.168.0/24
                  193.169.105.0/24
                  194.15.46.0/24
                  194.26.232.0/24
                  194.62.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:11:26:7c:eb:6d:71:d2:8b:46:8d:07:12:b0:3f:df:f0:27:
         e4:d3:a9:e8:a7:b7:11:72:f4:9f:ff:79:2a:f1:76:21:89:47:
         97:1a:d6:6e:a0:22:33:04:e4:88:47:1c:22:c6:c6:42:92:52:
         71:e4:de:1b:de:bc:0c:d2:c7:a8:bc:7d:40:c3:1c:a8:5c:2d:
         ba:b0:24:45:81:9c:8c:d5:69:a1:13:72:15:91:9a:fc:d2:48:
         59:14:91:19:bb:46:e5:f3:3f:1f:6b:07:51:bd:ec:ea:8f:77:
         52:17:a1:f6:a0:3d:33:ac:31:4a:db:16:97:f4:d7:a7:9b:30:
         68:3e:47:b9:8e:c8:de:35:db:e2:2d:6e:e1:55:69:a0:53:dc:
         33:57:55:6a:ec:75:0b:9d:dc:76:3b:5f:82:29:6d:d4:15:86:
         b7:71:46:55:e9:05:2a:01:28:f2:b4:de:da:72:d4:01:b1:25:
         f1:05:50:29:c0:67:ed:43:22:4f:06:9f:bd:cf:20:d3:70:c7:
         f1:b0:24:fb:a4:b8:7e:95:5e:5f:ce:d5:fd:ad:41:21:28:d8:
         01:7f:f4:68:bc:7d:7e:45:78:25:94:96:32:cd:a9:0a:2b:40:
         c3:6c:39:7c:a3:6e:77:a1:ba:7a:1c:79:8b:fc:c2:02:e0:32:
         dc:e6:35:0d
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY98SxLtRAorNmKyNF4vUcUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmY2FkODlkZjFiZjk5YTM2ZjI5MGNjM2VmMGYxZTdiNGQw
Mjc1MzMwHhcNMjQwNTE1MTI0NzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjNiYjE2ZmRmY2I2Yzc5ZGVmYmUwYjJjODBhNjliMzI2ODZlMzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqa2TD9VmQzsrX8Z85dFHE0NurCOI
a1HPec8txa4UqHQcxFQWD9Xbrx+xEyifcIM807yzmm9a+Te5JLzrshb5hKonbADV
ToqhuJ1NyGBzcFlZByevS8Ud7S4FXbJvfhGO9NLbN1C5jG0BgLt1Ld8Af2qo856O
ML4Ky0ZS9uFIKqu3NJKlIdgm/9dAok+vRWETj5K8fRiw1+Y9zH1PoH3MCp1RXIQJ
3mVsYQ4Coat64lnTH5vP8wgHuAazZvBZGP3iG0tI6Cb6wdjsKWae8LVT0jSjhDba
BxYdKUDUI+bjg8fDd1XOLDwzH6tkEKLxuaEaWaZKbDKbOne720r8fssmFQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFMY7sW/fy2x53vvgssgKabMmhuMfMB8GA1UdIwQY
MBaAFH/K2J3xv5mjbykMw+8PHntNAnUzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjhyWW5mR19tYU52S1F6RDd3OGVlMDBDZFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85ZjhiMTYtMjg0Zi00NTEyLWIzZGMt
MDE1ZDlmMWI0YjUwLzEveGp1eGI5X0xiSG5lLS1DeXlBcHBzeWFHNHg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85ZjhiMTYtMjg0Zi00NTEyLWIzZGMtMDE1ZDlmMWI0YjUw
LzEvZjhyWW5mR19tYU52S1F6RDd3OGVlMDBDZFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQABQj4AwQA
Puk1AwQAbWudAwQAueX7AwQAue2lAwQAufE9AwQAufsZAwQAwQOoAwQAwalpAwQA
wg8uAwQAwhroAwQAwj5pMA0GCSqGSIb3DQEBCwUAA4IBAQAdESZ8621x0otGjQcS
sD/f8Cfk06nop7cRcvSf/3kq8XYhiUeXGtZuoCIzBOSIRxwixsZCklJx5N4b3rwM
0seovH1AwxyoXC26sCRFgZyM1WmhE3IVkZr80khZFJEZu0bl8z8fawdRvezqj3dS
F6H2oD0zrDFK2xaX9NenmzBoPke5jsjeNdviLW7hVWmgU9wzV1Vq7HULndx2O1+C
KW3UFYa3cUZV6QUqASjytN7actQBsSXxBVApwGftQyJPBp+9zyDTcMfxsCT7pLh+
lV5fztX9rUEhKNgBf/RovH1+RXgllJYyzakKK0DDbDl8o253obp6HHmL/MIC4DLc
5jUN
-----END CERTIFICATE-----