Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/wDvRb0KrFszMEHnL0vT0RgGRLxc.roa
File:                     wDvRb0KrFszMEHnL0vT0RgGRLxc.roa (raw, json)
Hash identifier:          QOGYez1jgoGJLPxMw7vTEXElzOOuOmoFMlGM+ipzhsQ=
Subject key identifier:   C0:3B:D1:6F:42:AB:16:CC:CC:10:79:CB:D2:F4:F4:46:01:91:2F:17
Certificate issuer:       /CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Certificate serial:       018D5A684663E9837C46F22C6ADB38972206
Authority key identifier: FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/wDvRb0KrFszMEHnL0vT0RgGRLxc.roa
Signing time:             Tue 30 Jan 2024 12:46:39 +0000
ROA not before:           Tue 30 Jan 2024 12:46:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25717
IP address blocks:        193.221.54.0/23 maxlen: 23
                          193.221.56.0/24 maxlen: 24
                          193.221.57.0/24 maxlen: 24
                          193.221.68.0/24 maxlen: 24
                          193.221.69.0/24 maxlen: 24
                          193.221.70.0/23 maxlen: 23
                          193.221.72.0/24 maxlen: 24
                          193.221.74.0/24 maxlen: 24
                          193.221.75.0/24 maxlen: 24
                          193.221.76.0/24 maxlen: 24
                          193.221.77.0/24 maxlen: 24
                          193.221.78.0/24 maxlen: 24
                          193.221.79.0/24 maxlen: 24
                          193.221.80.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 01 Mar 2024 12:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5a:68:46:63:e9:83:7c:46:f2:2c:6a:db:38:97:22:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
        Validity
            Not Before: Jan 30 12:46:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c03bd16f42ab16cccc1079cbd2f4f44601912f17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:88:e3:72:ac:4f:fe:18:cb:71:18:b8:e6:2b:
                    35:3e:68:9a:93:6b:4c:72:c4:77:55:bf:0e:84:35:
                    03:e9:9e:25:7f:03:0f:4d:0c:56:84:71:3c:22:da:
                    9d:d3:3a:fd:11:5d:fd:21:cd:9f:1c:b2:3b:5f:2c:
                    8b:86:a7:40:28:f0:ea:48:e9:c2:73:f0:08:f0:1c:
                    20:11:04:34:82:9e:55:ee:dd:cc:e9:bb:72:eb:40:
                    3c:5c:12:f5:c4:18:a2:da:a0:c7:5d:4b:bd:04:5e:
                    f6:bc:ba:d2:16:2a:83:3c:79:8d:79:cf:3e:59:b4:
                    ae:7e:59:4d:2d:5d:f7:65:63:0f:a2:7d:a4:eb:8a:
                    3c:a4:cb:1d:c7:74:ca:51:0c:8a:ef:55:5e:69:14:
                    5a:c0:89:04:69:24:53:2c:c0:5c:55:0c:ce:57:69:
                    a8:7e:e2:d6:ea:d8:8a:86:8b:e6:aa:1f:42:c0:b1:
                    8c:86:fe:c8:ce:b9:8b:d9:ce:8d:c8:77:b9:0e:55:
                    03:49:ca:49:18:64:8d:34:7e:f1:a7:5b:65:2b:27:
                    51:f1:21:52:80:44:fd:5d:64:6e:59:c7:92:ec:4d:
                    10:9d:01:63:f3:77:4a:e3:5b:8b:cd:cd:40:a6:15:
                    18:c0:2d:81:f2:19:c0:b5:21:ef:bb:ea:4c:7e:13:
                    42:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:3B:D1:6F:42:AB:16:CC:CC:10:79:CB:D2:F4:F4:46:01:91:2F:17
            X509v3 Authority Key Identifier:
                keyid:FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/wDvRb0KrFszMEHnL0vT0RgGRLxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.54.0-193.221.57.255
                  193.221.68.0-193.221.72.255
                  193.221.74.0-193.221.80.255

    Signature Algorithm: sha256WithRSAEncryption
         46:75:49:25:dc:0e:19:25:73:a2:ce:9c:15:33:f8:2a:a7:e6:
         65:35:70:46:2e:5d:22:d6:fa:9f:eb:e1:ab:d2:91:c6:df:37:
         cb:fd:e3:5e:ec:60:f2:cf:d2:3f:25:a1:2a:5f:8a:59:50:a5:
         a9:47:2f:5a:b2:74:20:23:ab:4d:6c:ce:d0:b2:ba:95:70:a1:
         a9:40:e5:87:f7:50:db:c6:1b:84:a2:d3:eb:b1:cd:41:80:56:
         6e:51:e9:e3:4e:b0:3a:aa:16:c8:73:8f:c9:31:8a:3a:d4:e7:
         b5:28:44:88:75:05:5e:d4:5b:dc:0c:6d:ed:d5:cd:20:8d:c9:
         6a:b2:ea:8a:95:14:e7:d0:7a:e0:ec:78:4b:61:3b:a3:f9:f1:
         2d:9c:1e:18:9e:41:b5:55:f5:c0:84:0c:9c:f9:81:d5:23:4c:
         0c:af:48:7b:6a:d9:fc:2f:3f:2e:23:1c:79:31:23:40:37:c3:
         54:cd:70:87:bd:10:4b:94:fe:54:9e:8c:df:84:4f:fe:89:0f:
         13:d7:1b:ae:95:de:54:80:42:26:60:85:d9:db:8c:8b:43:c8:
         da:65:fc:62:21:5a:22:48:24:13:83:df:ad:90:5d:53:e2:08:
         8b:ab:f8:5c:6c:d9:fd:a3:fa:ae:f2:a6:8e:ef:b6:55:cb:ea:
         04:c7:71:8d
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY1aaEZj6YN8RvIsats4lyIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTRhYjJkNDgxY2YxNjIyYTJjNTIxODNhYjRmNWE5MzBh
NGFlNDEwHhcNMjQwMTMwMTI0NjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDNiZDE2ZjQyYWIxNmNjY2MxMDc5Y2JkMmY0ZjQ0NjAxOTEyZjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYjjcqxP/hjLcRi45is1Pmiak2tM
csR3Vb8OhDUD6Z4lfwMPTQxWhHE8Itqd0zr9EV39Ic2fHLI7XyyLhqdAKPDqSOnC
c/AI8BwgEQQ0gp5V7t3M6bty60A8XBL1xBii2qDHXUu9BF72vLrSFiqDPHmNec8+
WbSufllNLV33ZWMPon2k64o8pMsdx3TKUQyK71VeaRRawIkEaSRTLMBcVQzOV2mo
fuLW6tiKhovmqh9CwLGMhv7IzrmL2c6NyHe5DlUDScpJGGSNNH7xp1tlKydR8SFS
gET9XWRuWceS7E0QnQFj83dK41uLzc1AphUYwC2B8hnAtSHvu+pMfhNCZwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMA70W9CqxbMzBB5y9L09EYBkS8XMB8GA1UdIwQY
MBaAFP5Uqy1IHPFiKixSGDq09akwpK5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYt
MWIxMzYyYjliNmEyLzEvd0R2UmIwS3JGc3pNRUhuTDB2VDBSZ0dSTHhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYtMWIxMzYyYjliNmEy
LzEvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqMAwDBAHB3TYD
BAHB3TgwDAMEAsHdRAMEAMHdSDAMAwQBwd1KAwQAwd1QMA0GCSqGSIb3DQEBCwUA
A4IBAQBGdUkl3A4ZJXOizpwVM/gqp+ZlNXBGLl0i1vqf6+Gr0pHG3zfL/eNe7GDy
z9I/JaEqX4pZUKWpRy9asnQgI6tNbM7QsrqVcKGpQOWH91DbxhuEotPrsc1BgFZu
UenjTrA6qhbIc4/JMYo61Oe1KESIdQVe1FvcDG3t1c0gjclqsuqKlRTn0Hrg7HhL
YTuj+fEtnB4YnkG1VfXAhAyc+YHVI0wMr0h7atn8Lz8uIxx5MSNAN8NUzXCHvRBL
lP5UnozfhE/+iQ8T1xuuld5UgEImYIXZ24yLQ8jaZfxiIVoiSCQTg9+tkF1T4giL
q/hcbNn9o/qu8qaO77ZVy+oEx3GN
-----END CERTIFICATE-----