Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/bb2647-0950-46a4-b56d-34eb67b475f6/1/6sz2bi8PAyhYFona3-QARxONEPo.roa
File:                     6sz2bi8PAyhYFona3-QARxONEPo.roa (raw, json)
Hash identifier:          cqXy4LXikhDBSR4QmTQj/ozndBmht3NPX9t0HygjSqM=
Subject key identifier:   EA:CC:F6:6E:2F:0F:03:28:58:16:89:DA:DF:E4:00:47:13:8D:10:FA
Certificate issuer:       /CN=7a6735b7a553a1680c11add3e48c3635b53979ca
Certificate serial:       018D54A471C2BFAD868C7905300D91B4A54D
Authority key identifier: 7A:67:35:B7:A5:53:A1:68:0C:11:AD:D3:E4:8C:36:35:B5:39:79:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/emc1t6VToWgMEa3T5Iw2NbU5eco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/bb2647-0950-46a4-b56d-34eb67b475f6/1/6sz2bi8PAyhYFona3-QARxONEPo.roa
Signing time:             Mon 29 Jan 2024 09:54:39 +0000
ROA not before:           Mon 29 Jan 2024 09:54:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49604
IP address blocks:        45.151.4.0/23 maxlen: 23
                          45.151.6.0/23 maxlen: 23
                          85.222.232.0/22 maxlen: 24
                          85.234.242.0/23 maxlen: 23
                          85.234.244.0/23 maxlen: 23
                          85.234.246.0/23 maxlen: 24
                          185.31.240.0/22 maxlen: 24
                          217.146.64.0/20 maxlen: 24
                          2a02:29e8::/32 maxlen: 32
                          2a02:29ea:a::/48 maxlen: 48
                          2a02:29ea:14::/48 maxlen: 48
                          2a02:29ea:1e::/48 maxlen: 48
Validation:               Failed, certificate revoked on Fri 13 Dec 2024 08:31:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:54:a4:71:c2:bf:ad:86:8c:79:05:30:0d:91:b4:a5:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a6735b7a553a1680c11add3e48c3635b53979ca
        Validity
            Not Before: Jan 29 09:54:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eaccf66e2f0f0328581689dadfe40047138d10fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d4:b8:ab:19:68:58:23:75:9f:60:e1:8e:9e:
                    ac:2b:6a:6d:ae:60:85:e6:b8:d3:b4:96:2f:73:8d:
                    2c:7f:0a:e5:49:75:e1:fd:e6:25:31:ff:32:45:41:
                    43:7f:6b:48:7c:b2:6c:b1:c3:c6:6c:bc:7c:e5:79:
                    aa:f7:ef:75:e1:89:82:35:3b:a3:7f:82:91:ce:cf:
                    eb:c2:5e:b5:ac:7f:fa:e7:a6:8e:1f:4d:67:b6:81:
                    0f:f7:bb:79:3a:ba:bb:8c:3b:fe:41:c0:ff:40:83:
                    c3:eb:c7:2a:6b:4f:d4:0f:ad:b6:09:da:1e:75:16:
                    e0:5b:3c:00:70:5a:ba:f0:1a:2f:8d:59:c7:ee:b7:
                    24:fb:fe:1b:0c:8e:c6:36:06:14:e9:f1:41:10:b1:
                    59:8f:00:7a:2e:3a:d5:94:d8:c2:fd:91:1e:28:10:
                    88:56:fc:9d:50:66:ca:06:7a:8a:11:e0:a2:37:bb:
                    c4:c1:29:9b:43:4b:30:fd:9e:05:6f:c1:f1:89:fb:
                    f6:62:7b:b2:84:33:61:d4:45:8d:30:28:02:20:f1:
                    34:7f:d4:0d:09:2a:22:0a:35:e5:31:3f:8b:a9:45:
                    67:be:c1:1b:83:93:77:b8:4c:83:12:73:ba:cc:3d:
                    0f:12:cc:ca:e0:26:9d:51:e4:0e:38:72:a6:90:f8:
                    0f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:CC:F6:6E:2F:0F:03:28:58:16:89:DA:DF:E4:00:47:13:8D:10:FA
            X509v3 Authority Key Identifier:
                keyid:7A:67:35:B7:A5:53:A1:68:0C:11:AD:D3:E4:8C:36:35:B5:39:79:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/emc1t6VToWgMEa3T5Iw2NbU5eco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/bb2647-0950-46a4-b56d-34eb67b475f6/1/6sz2bi8PAyhYFona3-QARxONEPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/bb2647-0950-46a4-b56d-34eb67b475f6/1/emc1t6VToWgMEa3T5Iw2NbU5eco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.4.0/22
                  85.222.232.0/22
                  85.234.242.0-85.234.247.255
                  185.31.240.0/22
                  217.146.64.0/20
                IPv6:
                  2a02:29e8::/32
                  2a02:29ea:a::/48
                  2a02:29ea:14::/48
                  2a02:29ea:1e::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:76:fc:34:1b:8d:d6:9f:6a:11:ff:a4:e0:17:8f:2c:98:57:
         1b:20:e1:bd:7d:6f:a5:3d:19:72:ce:fd:96:e7:34:8d:3c:89:
         61:de:1c:1f:7b:52:3c:a4:c5:fb:a6:43:3e:6b:a4:8c:fc:7b:
         f7:8b:6c:2c:1e:4e:fd:ad:80:4e:18:ee:1e:1d:91:cf:1f:e1:
         21:16:e5:d6:c2:fe:91:c0:16:fe:2e:42:c7:8a:6b:59:79:06:
         a3:e4:85:62:c4:7d:75:39:fc:b7:d1:e4:5d:7d:5a:13:d3:60:
         ed:5f:77:dc:1b:17:13:4f:bd:a8:a5:a9:8d:f8:58:bf:66:cf:
         22:50:ff:5a:1b:74:6c:3e:71:37:3c:59:e8:93:a1:1d:57:f0:
         d7:02:05:9b:44:f5:96:86:b9:0f:28:a3:11:21:c2:04:d5:e6:
         25:fc:2d:5f:b6:6c:e2:53:a6:9a:e9:22:1b:6f:76:e9:e4:b0:
         20:3b:ea:be:37:ea:b7:f9:22:81:36:28:95:1e:c4:33:c0:05:
         1a:13:a0:aa:18:5f:c3:ac:aa:10:7b:31:c7:e0:fe:e9:3d:d8:
         60:73:13:ed:8b:b8:45:3a:be:92:e5:53:61:eb:cb:1f:fd:7f:
         54:59:01:b6:fe:cf:dd:79:b2:88:26:6d:f0:b6:ed:23:62:00:
         7d:28:e1:5b
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAY1UpHHCv62GjHkFMA2RtKVNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhNjczNWI3YTU1M2ExNjgwYzExYWRkM2U0OGMzNjM1YjUz
OTc5Y2EwHhcNMjQwMTI5MDk1NDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWNjZjY2ZTJmMGYwMzI4NTgxNjg5ZGFkZmU0MDA0NzEzOGQxMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodS4qxloWCN1n2Dhjp6sK2ptrmCF
5rjTtJYvc40sfwrlSXXh/eYlMf8yRUFDf2tIfLJsscPGbLx85Xmq9+914YmCNTuj
f4KRzs/rwl61rH/656aOH01ntoEP97t5Orq7jDv+QcD/QIPD68cqa0/UD622Cdoe
dRbgWzwAcFq68BovjVnH7rck+/4bDI7GNgYU6fFBELFZjwB6LjrVlNjC/ZEeKBCI
VvydUGbKBnqKEeCiN7vEwSmbQ0sw/Z4Fb8Hxifv2YnuyhDNh1EWNMCgCIPE0f9QN
CSoiCjXlMT+LqUVnvsEbg5N3uEyDEnO6zD0PEszK4CadUeQOOHKmkPgPrQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFOrM9m4vDwMoWBaJ2t/kAEcTjRD6MB8GA1UdIwQY
MBaAFHpnNbelU6FoDBGt0+SMNjW1OXnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZW1jMXQ2VlRvV2dNRWEzVDVJdzJOYlU1ZWNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9iYjI2NDctMDk1MC00NmE0LWI1NmQt
MzRlYjY3YjQ3NWY2LzEvNnN6MmJpOFBBeWhZRm9uYTMtUUFSeE9ORVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9iYjI2NDctMDk1MC00NmE0LWI1NmQtMzRlYjY3YjQ3NWY2
LzEvZW1jMXQ2VlRvV2dNRWEzVDVJdzJOYlU1ZWNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDAsBAIAATAmAwQCLZcEAwQC
Vd7oMAwDBAFV6vIDBANV6vADBAK5H/ADBATZkkAwKAQCAAIwIgMFACoCKegDBwAq
AinqAAoDBwAqAinqABQDBwAqAinqAB4wDQYJKoZIhvcNAQELBQADggEBAER2/DQb
jdafahH/pOAXjyyYVxsg4b19b6U9GXLO/ZbnNI08iWHeHB97UjykxfumQz5rpIz8
e/eLbCweTv2tgE4Y7h4dkc8f4SEW5dbC/pHAFv4uQseKa1l5BqPkhWLEfXU5/LfR
5F19WhPTYO1fd9wbFxNPvailqY34WL9mzyJQ/1obdGw+cTc8WeiToR1X8NcCBZtE
9ZaGuQ8ooxEhwgTV5iX8LV+2bOJTpprpIhtvdunksCA76r436rf5IoE2KJUexDPA
BRoToKoYX8OsqhB7Mcfg/uk92GBzE+2LuEU6vpLlU2Hryx/9f1RZAbb+z915sogm
bfC27SNiAH0o4Vs=
-----END CERTIFICATE-----