Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/LJhzDkp7zARmUui_q2FoCOaXnpo.roa
File:                     LJhzDkp7zARmUui_q2FoCOaXnpo.roa (raw, json)
Hash identifier:          SKxhDdntvAsFd9WYET99u1upIUXYcMWEzY5kJZQ2/H0=
Subject key identifier:   2C:98:73:0E:4A:7B:CC:04:66:52:E8:BF:AB:61:68:08:E6:97:9E:9A
Certificate issuer:       /CN=6416bc721c740c10fc7b0d8b1b358a2d35f488b7
Certificate serial:       018FBE4F0CA34DC6B6305496DC0A644D7870
Authority key identifier: 64:16:BC:72:1C:74:0C:10:FC:7B:0D:8B:1B:35:8A:2D:35:F4:88:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBa8chx0DBD8ew2LGzWKLTX0iLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/LJhzDkp7zARmUui_q2FoCOaXnpo.roa
Signing time:             Tue 28 May 2024 08:26:42 +0000
ROA not before:           Tue 28 May 2024 08:26:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43973
IP address blocks:        79.142.16.0/20 maxlen: 20
                          79.142.16.0/24 maxlen: 24
                          79.142.17.0/24 maxlen: 24
                          79.142.18.0/24 maxlen: 24
                          79.142.19.0/24 maxlen: 24
                          79.142.20.0/23 maxlen: 23
                          79.142.20.0/24 maxlen: 24
                          79.142.21.0/24 maxlen: 24
                          79.142.22.0/23 maxlen: 23
                          79.142.22.0/24 maxlen: 24
                          79.142.23.0/24 maxlen: 24
                          79.142.25.0/24 maxlen: 24
                          79.142.26.0/23 maxlen: 23
                          79.142.26.0/24 maxlen: 24
                          79.142.27.0/24 maxlen: 24
                          79.142.28.0/23 maxlen: 23
                          79.142.28.0/24 maxlen: 24
                          79.142.29.0/24 maxlen: 24
                          79.142.30.0/23 maxlen: 23
                          91.232.230.0/24 maxlen: 24
                          91.232.231.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 11 Jun 2024 10:42:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:be:4f:0c:a3:4d:c6:b6:30:54:96:dc:0a:64:4d:78:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6416bc721c740c10fc7b0d8b1b358a2d35f488b7
        Validity
            Not Before: May 28 08:26:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c98730e4a7bcc046652e8bfab616808e6979e9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1c:e5:a4:cd:12:d0:34:66:7d:bb:46:07:9f:
                    ab:fd:c4:11:b7:e8:1d:dc:55:86:e2:3c:54:be:28:
                    c7:a7:7e:7b:af:78:18:a5:7a:6f:33:47:25:12:61:
                    1c:28:13:7f:65:6e:e1:ee:bd:70:a2:b6:e4:b4:67:
                    82:1f:d1:82:88:b2:c0:9c:fc:ae:43:3f:d1:1b:e3:
                    fa:7c:7f:35:40:4b:f9:24:d3:a5:9e:a2:54:c7:e0:
                    bc:de:d0:13:28:df:6e:01:36:4f:c3:92:2c:94:28:
                    d3:2a:42:b7:2b:38:d0:51:06:2c:05:5e:54:41:e6:
                    c6:2f:fe:8e:dd:22:f6:92:ed:8c:c5:6e:ac:54:50:
                    00:1d:b3:ed:89:1b:d0:5f:a6:62:9f:51:b9:f1:84:
                    ca:f0:29:e2:a5:28:e7:27:d5:7a:dc:70:88:6d:a0:
                    f3:85:d4:e6:b5:e7:69:55:0b:bb:50:bb:13:2d:3f:
                    7f:3d:cd:1a:57:61:34:d2:e7:11:03:d9:0d:0a:78:
                    43:78:b9:da:17:7c:a8:aa:1b:ee:22:b8:89:9d:82:
                    48:76:1b:ac:19:3f:88:29:95:98:0d:54:cc:f1:fb:
                    25:7f:b6:40:f8:81:6a:8d:44:ae:26:b6:0a:71:11:
                    e7:9c:b4:4a:b6:bf:0f:b9:9e:af:b3:e4:07:f3:ee:
                    ef:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:98:73:0E:4A:7B:CC:04:66:52:E8:BF:AB:61:68:08:E6:97:9E:9A
            X509v3 Authority Key Identifier:
                keyid:64:16:BC:72:1C:74:0C:10:FC:7B:0D:8B:1B:35:8A:2D:35:F4:88:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBa8chx0DBD8ew2LGzWKLTX0iLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/LJhzDkp7zARmUui_q2FoCOaXnpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/6db264-73d4-43ac-a97e-590b1b2a4609/1/ZBa8chx0DBD8ew2LGzWKLTX0iLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.142.16.0/20
                  91.232.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         db:68:f6:60:45:61:6e:22:80:3e:b0:93:f4:b0:07:0a:c8:b9:
         78:31:0a:ea:0a:ba:19:25:97:84:c1:3d:5d:ab:48:34:de:5b:
         e6:dc:ce:67:b1:74:58:1f:68:0f:a1:6b:f3:22:14:c8:19:81:
         6b:ab:f0:0c:e1:a0:2e:d0:04:ac:be:14:50:95:29:32:5e:fe:
         84:c3:d0:2c:3b:e1:57:ea:69:e0:34:67:02:10:69:14:4b:77:
         1f:d1:e3:d3:3b:42:dd:87:19:30:45:87:05:b2:35:2a:f4:f8:
         0d:b6:a1:fe:ff:57:de:13:c2:94:86:ab:eb:31:ad:4e:25:b7:
         63:76:9c:a6:4d:aa:bf:ee:b2:f6:d3:57:85:b3:d8:c0:4f:27:
         4a:44:ad:ca:33:c7:0b:c2:f4:8a:f1:26:fc:70:8a:08:9d:3f:
         86:20:8c:2f:6f:05:ec:09:91:ea:cb:1c:2d:df:33:c5:96:50:
         a7:51:fd:bb:ba:70:84:2f:c6:d3:00:c7:c0:47:3d:9b:c7:65:
         00:ec:ed:7c:b8:76:69:ef:f9:9a:91:c6:a3:88:15:56:cd:e6:
         34:4d:b7:2d:f8:d7:1d:72:84:2e:81:d5:61:f1:75:bd:76:a6:
         96:da:bc:b7:ee:96:88:0e:c3:17:c4:7b:c4:2b:c5:4a:8d:25:
         dd:06:40:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY++TwyjTca2MFSW3ApkTXhwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTZiYzcyMWM3NDBjMTBmYzdiMGQ4YjFiMzU4YTJkMzVm
NDg4YjcwHhcNMjQwNTI4MDgyNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzk4NzMwZTRhN2JjYzA0NjY1MmU4YmZhYjYxNjgwOGU2OTc5ZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphzlpM0S0DRmfbtGB5+r/cQRt+gd
3FWG4jxUvijHp357r3gYpXpvM0clEmEcKBN/ZW7h7r1worbktGeCH9GCiLLAnPyu
Qz/RG+P6fH81QEv5JNOlnqJUx+C83tATKN9uATZPw5IslCjTKkK3KzjQUQYsBV5U
QebGL/6O3SL2ku2MxW6sVFAAHbPtiRvQX6Zin1G58YTK8CnipSjnJ9V63HCIbaDz
hdTmtedpVQu7ULsTLT9/Pc0aV2E00ucRA9kNCnhDeLnaF3yoqhvuIriJnYJIdhus
GT+IKZWYDVTM8fslf7ZA+IFqjUSuJrYKcRHnnLRKtr8PuZ6vs+QH8+7vlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCyYcw5Ke8wEZlLov6thaAjml56aMB8GA1UdIwQY
MBaAFGQWvHIcdAwQ/HsNixs1ii019Ii3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJhOGNoeDBEQkQ4ZXcyTEd6V0tMVFgwaUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy82ZGIyNjQtNzNkNC00M2FjLWE5N2Ut
NTkwYjFiMmE0NjA5LzEvTEpoekRrcDd6QVJtVXVpX3EyRm9DT2FYbnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy82ZGIyNjQtNzNkNC00M2FjLWE5N2UtNTkwYjFiMmE0NjA5
LzEvWkJhOGNoeDBEQkQ4ZXcyTEd6V0tMVFgwaUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQET44QAwQB
W+jmMA0GCSqGSIb3DQEBCwUAA4IBAQDbaPZgRWFuIoA+sJP0sAcKyLl4MQrqCroZ
JZeEwT1dq0g03lvm3M5nsXRYH2gPoWvzIhTIGYFrq/AM4aAu0ASsvhRQlSkyXv6E
w9AsO+FX6mngNGcCEGkUS3cf0ePTO0LdhxkwRYcFsjUq9PgNtqH+/1feE8KUhqvr
Ma1OJbdjdpymTaq/7rL201eFs9jATydKRK3KM8cLwvSK8Sb8cIoInT+GIIwvbwXs
CZHqyxwt3zPFllCnUf27unCEL8bTAMfARz2bx2UA7O18uHZp7/makcajiBVWzeY0
Tbct+NcdcoQugdVh8XW9dqaW2ry37paIDsMXxHvEK8VKjSXdBkDH
-----END CERTIFICATE-----