Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/0cOxRLzYICRp3glDHwvSQq-lKLY.roa
File:                     0cOxRLzYICRp3glDHwvSQq-lKLY.roa (raw, json)
Hash identifier:          6witLmBAU9xsIARu+Mk59kF9cLkMRxIRK7GrUkUu0Zk=
Subject key identifier:   D1:C3:B1:44:BC:D8:20:24:69:DE:09:43:1F:0B:D2:42:AF:A5:28:B6
Certificate issuer:       /CN=293e0cd8b3e044edb823aef688aafb0b75de8675
Certificate serial:       019044BF6D5330F4D68A2539AAB692048615
Authority key identifier: 29:3E:0C:D8:B3:E0:44:ED:B8:23:AE:F6:88:AA:FB:0B:75:DE:86:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KT4M2LPgRO24I672iKr7C3XehnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/0cOxRLzYICRp3glDHwvSQq-lKLY.roa
Signing time:             Sun 23 Jun 2024 10:58:34 +0000
ROA not before:           Sun 23 Jun 2024 10:58:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208555
IP address blocks:        45.129.36.0/22 maxlen: 22
                          45.129.36.0/24 maxlen: 24
                          45.129.37.0/24 maxlen: 24
                          45.129.38.0/23 maxlen: 23
                          45.129.38.0/24 maxlen: 24
                          45.129.39.0/24 maxlen: 24
                          185.53.140.0/22 maxlen: 24
                          185.53.140.0/23 maxlen: 23
                          185.53.140.0/24 maxlen: 24
                          185.53.141.0/24 maxlen: 24
                          185.53.142.0/23 maxlen: 23
                          185.53.142.0/24 maxlen: 24
                          185.53.143.0/24 maxlen: 24
                          185.126.202.0/24 maxlen: 24
                          2a0a:2fc4::/64 maxlen: 64
                          2a0e:4a40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 02 Aug 2024 15:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:44:bf:6d:53:30:f4:d6:8a:25:39:aa:b6:92:04:86:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=293e0cd8b3e044edb823aef688aafb0b75de8675
        Validity
            Not Before: Jun 23 10:58:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1c3b144bcd8202469de09431f0bd242afa528b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b3:05:61:8f:bc:6a:20:19:72:4b:28:cc:3a:
                    0d:9a:18:c7:bc:bc:dc:69:f2:be:81:b4:0e:09:25:
                    2d:3e:72:74:43:9f:fb:2d:82:22:51:26:06:a1:0c:
                    3f:ea:13:d6:6b:7a:40:9f:20:ea:3e:60:8d:52:a7:
                    f7:c3:1f:d4:6a:39:c0:2c:5c:18:0f:19:bf:5c:24:
                    e5:e3:d2:c1:b8:c7:7e:8c:6d:26:09:f1:a8:e5:33:
                    8e:11:54:d9:d9:5b:d4:62:fb:84:d1:42:36:a1:c6:
                    ac:88:02:74:71:4e:4e:7b:ee:d9:39:85:19:fe:c5:
                    bc:40:5e:5b:b3:53:af:7d:25:f9:8e:1f:60:d1:04:
                    f9:1a:2a:07:6b:26:d4:c4:73:20:27:96:f2:d7:9c:
                    2d:0b:6a:f7:5e:95:ca:98:23:e2:b9:bf:6a:43:b9:
                    8b:a5:3f:81:6f:9e:f6:fc:ce:63:5c:5c:b9:e5:77:
                    bb:9f:9d:a4:62:89:da:2f:fe:1f:17:96:04:d8:68:
                    1e:e0:1b:6c:1c:d8:cd:84:f0:be:83:e1:31:7b:6f:
                    88:5b:fe:e5:19:1e:ee:0e:17:5f:d2:c1:35:19:d1:
                    02:fd:96:2f:5c:2a:77:d7:cd:61:a0:24:68:53:39:
                    c2:91:5f:8a:65:f9:e5:4b:85:21:9e:7e:06:3b:75:
                    2a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:C3:B1:44:BC:D8:20:24:69:DE:09:43:1F:0B:D2:42:AF:A5:28:B6
            X509v3 Authority Key Identifier:
                keyid:29:3E:0C:D8:B3:E0:44:ED:B8:23:AE:F6:88:AA:FB:0B:75:DE:86:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KT4M2LPgRO24I672iKr7C3XehnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/0cOxRLzYICRp3glDHwvSQq-lKLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da1c2-252d-4bd2-b56c-bb217cc3b78d/1/KT4M2LPgRO24I672iKr7C3XehnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.36.0/22
                  185.53.140.0/22
                  185.126.202.0/24
                IPv6:
                  2a0a:2fc4::/64
                  2a0e:4a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:dd:12:a2:5e:2b:e2:d9:0d:34:9d:40:20:9c:98:aa:af:fe:
         fe:0c:3f:92:3b:f7:35:27:52:5d:01:5a:2a:d5:f6:1f:f1:4f:
         18:11:34:2f:88:3e:48:61:81:ec:fb:bc:48:66:bb:fd:e9:a8:
         95:9d:06:84:17:9c:1b:47:ee:6d:d9:f3:5b:71:4c:26:1f:58:
         c5:b2:63:68:59:1e:03:71:37:db:c7:22:eb:75:09:4b:0b:92:
         5e:40:af:6e:40:07:d8:7a:02:1b:19:b3:0e:b0:26:2d:59:53:
         39:26:7e:f6:89:e2:30:28:0c:05:a7:e6:00:06:af:ee:1e:96:
         fd:12:43:b9:2f:d9:56:95:0e:a7:38:dd:10:c0:b8:48:55:fc:
         e9:9e:7c:51:06:e6:88:90:28:7b:38:f4:b3:4d:45:cf:e0:b0:
         20:e6:fb:38:55:69:86:ae:17:ba:6e:c1:aa:11:c4:9f:3c:45:
         d5:f4:e0:48:7b:60:92:56:84:56:eb:a4:36:4f:66:87:4b:11:
         de:61:06:c4:56:6a:67:75:2a:4f:0d:1b:ca:c3:52:6d:8b:6d:
         2a:a6:e8:07:f1:21:8a:43:1f:fe:4d:a2:41:a1:06:a3:ed:15:
         ef:39:db:26:69:53:56:df:56:ce:46:8c:52:9e:22:30:d6:ef:
         9a:51:dc:21
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZBEv21TMPTWiiU5qraSBIYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5M2UwY2Q4YjNlMDQ0ZWRiODIzYWVmNjg4YWFmYjBiNzVk
ZTg2NzUwHhcNMjQwNjIzMTA1ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWMzYjE0NGJjZDgyMDI0NjlkZTA5NDMxZjBiZDI0MmFmYTUyOGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprMFYY+8aiAZcksozDoNmhjHvLzc
afK+gbQOCSUtPnJ0Q5/7LYIiUSYGoQw/6hPWa3pAnyDqPmCNUqf3wx/UajnALFwY
Dxm/XCTl49LBuMd+jG0mCfGo5TOOEVTZ2VvUYvuE0UI2ocasiAJ0cU5Oe+7ZOYUZ
/sW8QF5bs1OvfSX5jh9g0QT5GioHaybUxHMgJ5by15wtC2r3XpXKmCPiub9qQ7mL
pT+Bb572/M5jXFy55Xe7n52kYonaL/4fF5YE2Gge4BtsHNjNhPC+g+Exe2+IW/7l
GR7uDhdf0sE1GdEC/ZYvXCp3181hoCRoUznCkV+KZfnlS4Uhnn4GO3UqwQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFNHDsUS82CAkad4JQx8L0kKvpSi2MB8GA1UdIwQY
MBaAFCk+DNiz4ETtuCOu9oiq+wt13oZ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1Q0TTJMUGdSTzI0STY3MmlLcjdDM1hlaG5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82ZGExYzItMjUyZC00YmQyLWI1NmMt
YmIyMTdjYzNiNzhkLzEvMGNPeFJMellJQ1JwM2dsREh3dlNRcS1sS0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82ZGExYzItMjUyZC00YmQyLWI1NmMtYmIyMTdjYzNiNzhk
LzEvS1Q0TTJMUGdSTzI0STY3MmlLcjdDM1hlaG5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAYBAIAATASAwQCLYEkAwQC
uTWMAwQAuX7KMBgEAgACMBIDCQAqCi/EAAAAAAMFAyoOSkAwDQYJKoZIhvcNAQEL
BQADggEBAFvdEqJeK+LZDTSdQCCcmKqv/v4MP5I79zUnUl0BWirV9h/xTxgRNC+I
Pkhhgez7vEhmu/3pqJWdBoQXnBtH7m3Z81txTCYfWMWyY2hZHgNxN9vHIut1CUsL
kl5Ar25AB9h6AhsZsw6wJi1ZUzkmfvaJ4jAoDAWn5gAGr+4elv0SQ7kv2VaVDqc4
3RDAuEhV/OmefFEG5oiQKHs49LNNRc/gsCDm+zhVaYauF7puwaoRxJ88RdX04Eh7
YJJWhFbrpDZPZodLEd5hBsRWamd1Kk8NG8rDUm2LbSqm6AfxIYpDH/5NokGhBqPt
Fe852yZpU1bfVs5GjFKeIjDW75pR3CE=
-----END CERTIFICATE-----