Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/PJmTroh_ac2mTdq3L_CSDjj78D4.roa
File:                     PJmTroh_ac2mTdq3L_CSDjj78D4.roa (raw, json)
Hash identifier:          VSQxa/ehKR1Fu29yiqaueoewvRnGkjPnxC9pzTm+WSI=
Subject key identifier:   3C:99:93:AE:88:7F:69:CD:A6:4D:DA:B7:2F:F0:92:0E:38:FB:F0:3E
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018CE2CC97F258C04FA23B567979F1B8AFEC
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/PJmTroh_ac2mTdq3L_CSDjj78D4.roa
Signing time:             Sun 07 Jan 2024 07:21:48 +0000
ROA not before:           Sun 07 Jan 2024 07:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44889
IP address blocks:        212.16.64.0/19 maxlen: 24
                          212.16.71.0/24 maxlen: 24
                          212.16.72.0/24 maxlen: 25
                          212.16.86.0/23 maxlen: 23
                          212.16.89.0/24 maxlen: 24
                          212.16.92.0/23 maxlen: 23
                          212.80.0.0/19 maxlen: 24
                          212.80.2.0/24 maxlen: 24
                          212.80.29.0/24 maxlen: 24
                          46.38.141.0/24 maxlen: 24
                          46.38.144.0/21 maxlen: 21
                          46.38.144.0/23 maxlen: 23
                          46.38.140.0/24 maxlen: 24
                          46.38.150.0/24 maxlen: 24
                          46.38.152.0/22 maxlen: 22
                          46.38.156.0/23 maxlen: 23
                          46.38.158.0/24 maxlen: 24
                          46.38.129.0/24 maxlen: 24
                          46.38.131.0/24 maxlen: 24
                          2a00:7d80::/29 maxlen: 64

Validation:               Failed, certificate revoked on Thu 11 Jan 2024 06:19:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e2:cc:97:f2:58:c0:4f:a2:3b:56:79:79:f1:b8:af:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  7 07:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c9993ae887f69cda64ddab72ff0920e38fbf03e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ad:99:3e:9e:f2:98:1f:0a:6a:77:fc:c0:1e:
                    67:e1:cc:5c:c6:03:13:df:76:dc:a3:79:2d:ac:f8:
                    79:82:bf:d9:23:eb:44:d4:51:46:bb:ff:23:c7:95:
                    e3:59:f3:91:ba:46:37:37:72:c9:90:f7:f9:da:a5:
                    e1:b1:92:66:a4:01:e5:bf:80:90:87:19:fe:20:5e:
                    43:6c:6d:dd:2f:9c:9f:e2:6a:0f:16:7b:6e:41:ae:
                    3e:55:1f:c2:20:c4:06:ce:fa:1d:92:f7:31:25:9b:
                    3e:c1:d4:7d:0e:8d:ff:d5:7c:48:3d:7a:6b:6f:8a:
                    b9:5d:a8:41:0c:1f:6c:e9:53:16:f7:20:91:9c:d3:
                    cf:bc:69:26:f5:6b:a4:20:4f:01:7e:3a:92:81:62:
                    51:1b:cf:f3:22:79:62:42:9e:ad:92:c7:bb:a0:a2:
                    62:a0:14:cd:4b:17:88:b7:0d:5f:da:70:93:e0:b8:
                    22:9d:d4:b5:d9:f4:df:64:ec:96:c5:09:b6:0e:d7:
                    65:c6:d0:1b:8b:88:03:af:92:8e:8a:a8:57:db:8f:
                    83:bb:1b:89:39:24:2f:46:68:f9:11:c8:98:4d:78:
                    7e:e0:3f:12:04:22:ae:44:00:69:9d:e1:f3:84:94:
                    27:eb:2c:a8:a1:78:65:f8:eb:fd:d6:13:ea:c8:93:
                    8b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:99:93:AE:88:7F:69:CD:A6:4D:DA:B7:2F:F0:92:0E:38:FB:F0:3E
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/PJmTroh_ac2mTdq3L_CSDjj78D4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.129.0/24
                  46.38.131.0/24
                  46.38.140.0/23
                  46.38.144.0-46.38.158.255
                  212.16.64.0/19
                  212.80.0.0/19
                IPv6:
                  2a00:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:d6:23:5e:27:cd:9c:d5:72:05:aa:38:81:54:5a:5c:e0:46:
         05:75:f2:c5:c6:e1:eb:5d:d2:f3:01:76:8d:1f:ce:e9:ce:07:
         7e:89:40:13:23:48:f5:dc:26:ba:79:3a:7e:55:6f:36:ed:f9:
         1c:b8:9c:4e:2f:d8:86:5f:2f:5f:af:05:72:9c:69:2f:b4:9d:
         d8:3e:2c:97:98:18:d5:fe:38:05:83:23:87:38:b0:fb:79:af:
         26:20:ee:9c:cb:77:ee:14:73:72:40:0d:5e:7d:24:30:28:99:
         5d:c8:80:f4:20:fb:d2:dc:af:15:0f:15:c8:28:99:65:af:c2:
         5f:e0:36:7f:22:87:29:5f:51:8a:8e:50:ac:6f:05:04:64:34:
         d2:2a:3d:df:4a:48:b7:eb:c9:b4:0b:0a:2e:26:81:22:f3:1c:
         4c:27:f6:fe:e3:37:6b:7e:a1:fb:23:49:d2:00:2b:7e:a9:b2:
         99:50:d7:ee:ce:ac:5e:13:24:b8:65:ca:be:60:5a:f0:e7:01:
         1c:c3:f4:19:3a:cf:5f:a4:57:88:0c:b4:2b:36:19:c3:fb:80:
         ab:8e:13:de:83:41:4f:21:55:6c:2f:33:1a:7d:56:7f:63:fd:
         48:81:06:4f:a9:4c:1b:f1:7b:94:c3:d8:23:7b:ac:50:be:81:
         2c:85:4b:1a
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYzizJfyWMBPojtWeXnxuK/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwMTA3MDcyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzk5OTNhZTg4N2Y2OWNkYTY0ZGRhYjcyZmYwOTIwZTM4ZmJmMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAya2ZPp7ymB8Kanf8wB5n4cxcxgMT
33bco3ktrPh5gr/ZI+tE1FFGu/8jx5XjWfORukY3N3LJkPf52qXhsZJmpAHlv4CQ
hxn+IF5DbG3dL5yf4moPFntuQa4+VR/CIMQGzvodkvcxJZs+wdR9Do3/1XxIPXpr
b4q5XahBDB9s6VMW9yCRnNPPvGkm9WukIE8BfjqSgWJRG8/zInliQp6tkse7oKJi
oBTNSxeItw1f2nCT4LgindS12fTfZOyWxQm2DtdlxtAbi4gDr5KOiqhX24+DuxuJ
OSQvRmj5EciYTXh+4D8SBCKuRABpneHzhJQn6yyooXhl+Ov91hPqyJOL4QIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFDyZk66If2nNpk3aty/wkg44+/A+MB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvUEptVHJvaF9hYzJtVGRxM0xfQ1NEamo3OEQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQALiaBAwQA
LiaDAwQBLiaMMAwDBAQuJpADBAAuJp4DBAXUEEADBAXUUAAwDQQCAAIwBwMFAyoA
fYAwDQYJKoZIhvcNAQELBQADggEBADXWI14nzZzVcgWqOIFUWlzgRgV18sXG4etd
0vMBdo0fzunOB36JQBMjSPXcJrp5On5Vbzbt+Ry4nE4v2IZfL1+vBXKcaS+0ndg+
LJeYGNX+OAWDI4c4sPt5ryYg7pzLd+4Uc3JADV59JDAomV3IgPQg+9LcrxUPFcgo
mWWvwl/gNn8ihylfUYqOUKxvBQRkNNIqPd9KSLfrybQLCi4mgSLzHEwn9v7jN2t+
ofsjSdIAK36psplQ1+7OrF4TJLhlyr5gWvDnARzD9Bk6z1+kV4gMtCs2GcP7gKuO
E96DQU8hVWwvMxp9Vn9j/UiBBk+pTBvxe5TD2CN7rFC+gSyFSxo=
-----END CERTIFICATE-----