Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/4d27bb-f85c-4bfd-b1c3-47bcd39c3d86/1/t4FMSCzRvZyVza7v4Q0cPKLkKx4.roa
File:                     t4FMSCzRvZyVza7v4Q0cPKLkKx4.roa (raw, json)
Hash identifier:          hZouz84yS22z6AWZciGTwYQLXMLkJ0Bbd9Oh1LU52VM=
Subject key identifier:   B7:81:4C:48:2C:D1:BD:9C:95:CD:AE:EF:E1:0D:1C:3C:A2:E4:2B:1E
Certificate issuer:       /CN=5ae8c78f161397ae1dbd0ac322584f62fb740097
Certificate serial:       018D07F2FA0224344B624452ED39586DD318
Authority key identifier: 5A:E8:C7:8F:16:13:97:AE:1D:BD:0A:C3:22:58:4F:62:FB:74:00:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WujHjxYTl64dvQrDIlhPYvt0AJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/4d27bb-f85c-4bfd-b1c3-47bcd39c3d86/1/t4FMSCzRvZyVza7v4Q0cPKLkKx4.roa
Signing time:             Sun 14 Jan 2024 12:29:40 +0000
ROA not before:           Sun 14 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6893
IP address blocks:        185.125.199.0/24 maxlen: 24
                          185.125.198.0/24 maxlen: 24
                          185.125.197.0/24 maxlen: 24
                          185.125.196.0/22 maxlen: 22
                          185.125.196.0/23 maxlen: 23
                          185.125.196.0/24 maxlen: 24
                          62.220.128.0/19 maxlen: 19
                          62.220.150.0/24 maxlen: 24
                          62.220.149.0/24 maxlen: 24
                          62.220.158.0/24 maxlen: 24
                          2001:788::/29 maxlen: 29
                          2001:788::/32 maxlen: 32
                          2001:789::/32 maxlen: 32
                          2001:78c::/32 maxlen: 32
                          2001:78a::/40 maxlen: 40

Validation:               Failed, certificate revoked on Mon 04 Mar 2024 15:08:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:07:f2:fa:02:24:34:4b:62:44:52:ed:39:58:6d:d3:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae8c78f161397ae1dbd0ac322584f62fb740097
        Validity
            Not Before: Jan 14 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7814c482cd1bd9c95cdaeefe10d1c3ca2e42b1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:64:f7:62:43:64:24:ea:5e:04:ff:50:38:c9:
                    c8:b9:f4:4a:9b:24:9a:04:8a:39:23:d1:5e:fe:2e:
                    28:8e:a6:75:ce:57:79:0f:47:b9:d8:56:61:96:8c:
                    47:32:3a:5a:1e:fa:05:30:43:7f:f8:8a:ea:4b:0c:
                    a3:3c:e4:32:a7:8c:76:a9:76:08:8b:fa:13:cf:40:
                    3f:6c:5c:f5:82:ff:33:e9:45:5e:21:3b:a3:b4:37:
                    73:ec:3f:08:20:e4:87:9c:bc:dc:9e:2b:86:36:c0:
                    c1:98:fb:b4:2b:8f:72:76:9f:73:37:5c:68:c3:55:
                    d5:71:ab:20:03:06:1c:09:5c:23:51:68:0c:da:2d:
                    0c:18:5d:26:d3:47:6a:3c:53:85:f3:b8:90:e5:dc:
                    b4:7e:59:c9:b6:29:8a:42:47:16:07:6b:4b:3d:00:
                    c0:6d:9b:96:a8:41:1e:dd:a7:a4:45:85:8b:5f:f8:
                    8c:92:0c:08:79:52:52:5d:c2:be:7e:4c:6d:0c:95:
                    0e:e0:34:4a:eb:2a:c4:74:b0:a6:88:dd:3d:71:cf:
                    00:16:77:cf:11:a5:57:ff:eb:09:34:90:b9:58:c9:
                    44:dc:7e:e8:11:1d:e9:49:bd:e1:8d:1f:0a:d9:72:
                    07:f8:19:d8:e4:8e:57:08:ad:50:51:0e:8f:3b:ba:
                    1a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:81:4C:48:2C:D1:BD:9C:95:CD:AE:EF:E1:0D:1C:3C:A2:E4:2B:1E
            X509v3 Authority Key Identifier:
                keyid:5A:E8:C7:8F:16:13:97:AE:1D:BD:0A:C3:22:58:4F:62:FB:74:00:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WujHjxYTl64dvQrDIlhPYvt0AJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4d27bb-f85c-4bfd-b1c3-47bcd39c3d86/1/t4FMSCzRvZyVza7v4Q0cPKLkKx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4d27bb-f85c-4bfd-b1c3-47bcd39c3d86/1/WujHjxYTl64dvQrDIlhPYvt0AJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.220.128.0/19
                  185.125.196.0/22
                IPv6:
                  2001:788::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:17:9f:16:38:5e:92:5d:82:a3:77:fe:25:01:b7:25:16:f6:
         70:9d:bb:65:17:29:62:ed:59:57:6a:2f:07:74:9b:0f:3a:df:
         76:e4:40:28:c3:96:22:4b:2f:db:8e:e4:f1:85:c5:a9:8f:00:
         80:e4:b4:0b:14:cc:63:2a:7e:3e:55:03:32:e7:05:fe:b1:10:
         99:c9:28:07:84:c8:ca:ae:00:53:a1:b2:32:97:a5:46:c9:9b:
         6b:dd:a2:ec:bb:95:8e:b1:a1:26:ca:fc:86:89:32:a5:18:f5:
         f4:b6:62:ef:e5:d1:7c:5c:54:36:ad:1b:95:34:5f:ad:20:b2:
         3c:77:28:fc:6f:0f:5e:96:4c:42:d5:4a:2e:a5:8a:22:03:53:
         36:7c:08:da:06:19:9d:8f:f5:fe:bc:db:00:88:9c:3e:2c:36:
         38:c4:98:60:0a:4e:fd:c6:63:22:92:c9:17:dc:84:df:44:46:
         3d:a5:7d:5f:4d:f4:51:95:bb:1a:9a:10:a3:8e:5c:09:eb:66:
         ab:1b:58:4b:57:d9:26:b0:f8:95:7c:66:88:0b:ab:35:fb:62:
         c3:83:63:0f:c8:e5:3c:74:fc:8e:12:08:4d:36:5d:6b:e7:1c:
         f7:c5:d5:e8:53:30:91:49:ec:3a:86:5e:12:a8:50:3a:35:66:
         e1:4e:f3:f9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY0H8voCJDRLYkRS7TlYbdMYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZThjNzhmMTYxMzk3YWUxZGJkMGFjMzIyNTg0ZjYyZmI3
NDAwOTcwHhcNMjQwMTE0MTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzgxNGM0ODJjZDFiZDljOTVjZGFlZWZlMTBkMWMzY2EyZTQyYjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWT3YkNkJOpeBP9QOMnIufRKmySa
BIo5I9Fe/i4ojqZ1zld5D0e52FZhloxHMjpaHvoFMEN/+IrqSwyjPOQyp4x2qXYI
i/oTz0A/bFz1gv8z6UVeITujtDdz7D8IIOSHnLzcniuGNsDBmPu0K49ydp9zN1xo
w1XVcasgAwYcCVwjUWgM2i0MGF0m00dqPFOF87iQ5dy0flnJtimKQkcWB2tLPQDA
bZuWqEEe3aekRYWLX/iMkgwIeVJSXcK+fkxtDJUO4DRK6yrEdLCmiN09cc8AFnfP
EaVX/+sJNJC5WMlE3H7oER3pSb3hjR8K2XIH+BnY5I5XCK1QUQ6PO7oaqQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLeBTEgs0b2clc2u7+ENHDyi5CseMB8GA1UdIwQY
MBaAFFrox48WE5euHb0KwyJYT2L7dACXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3VqSGp4WVRsNjRkdlFyRElsaFBZdnQwQUpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni80ZDI3YmItZjg1Yy00YmZkLWIxYzMt
NDdiY2QzOWMzZDg2LzEvdDRGTVNDelJ2WnlWemE3djRRMGNQS0xrS3g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni80ZDI3YmItZjg1Yy00YmZkLWIxYzMtNDdiY2QzOWMzZDg2
LzEvV3VqSGp4WVRsNjRkdlFyRElsaFBZdnQwQUpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFPtyAAwQC
uX3EMA0EAgACMAcDBQMgAQeIMA0GCSqGSIb3DQEBCwUAA4IBAQBqF58WOF6SXYKj
d/4lAbclFvZwnbtlFyli7VlXai8HdJsPOt925EAow5YiSy/bjuTxhcWpjwCA5LQL
FMxjKn4+VQMy5wX+sRCZySgHhMjKrgBTobIyl6VGyZtr3aLsu5WOsaEmyvyGiTKl
GPX0tmLv5dF8XFQ2rRuVNF+tILI8dyj8bw9elkxC1UoupYoiA1M2fAjaBhmdj/X+
vNsAiJw+LDY4xJhgCk79xmMikskX3ITfREY9pX1fTfRRlbsamhCjjlwJ62arG1hL
V9kmsPiVfGaIC6s1+2LDg2MPyOU8dPyOEghNNl1r5xz3xdXoUzCRSew6hl4SqFA6
NWbhTvP5
-----END CERTIFICATE-----