Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/6Zr481mWFw0zRr1BFJVY2YQAGfk.roa
File:                     6Zr481mWFw0zRr1BFJVY2YQAGfk.roa (raw, json)
Hash identifier:          y19m30gYGgoW96dUMP+sfLKEHmIIxJ+eXit9KEn0H4g=
Subject key identifier:   E9:9A:F8:F3:59:96:17:0D:33:46:BD:41:14:95:58:D9:84:00:19:F9
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01921370BDE380BC594EF3C908AE57F91107
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/6Zr481mWFw0zRr1BFJVY2YQAGfk.roa
Signing time:             Sat 21 Sep 2024 07:16:48 +0000
ROA not before:           Sat 21 Sep 2024 07:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6762
IP address blocks:        14.102.16.0/22 maxlen: 24
                          107.150.168.0/24 maxlen: 24
                          107.150.172.0/24 maxlen: 24
                          162.218.176.0/24 maxlen: 24
                          162.218.179.0/24 maxlen: 24
                          167.160.0.0/24 maxlen: 24
                          167.160.3.0/24 maxlen: 24
                          185.192.212.0/24 maxlen: 24
                          185.192.215.0/24 maxlen: 24
                          185.203.148.0/24 maxlen: 24
                          185.203.151.0/24 maxlen: 24
                          185.212.172.0/24 maxlen: 24
                          185.212.175.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 10 Oct 2024 18:21:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:13:70:bd:e3:80:bc:59:4e:f3:c9:08:ae:57:f9:11:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Sep 21 07:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e99af8f35996170d3346bd41149558d9840019f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:df:d1:c3:4b:32:22:3b:c5:d9:6c:76:8e:b0:
                    54:83:38:a4:56:17:3f:ba:44:8d:8d:8d:0c:9f:34:
                    d7:84:dd:46:2b:8b:2b:26:c9:d6:d0:b5:45:56:b4:
                    f3:05:b5:83:92:5b:89:d2:6e:e3:5a:cd:af:ac:d8:
                    c8:c7:52:9f:12:da:47:2c:72:9b:5a:f2:c8:2b:79:
                    68:6b:ef:f2:78:00:b5:ba:34:26:f5:7b:17:c8:f1:
                    ea:f2:36:02:ec:80:46:e9:78:60:bd:57:c8:1d:26:
                    cb:2e:85:11:7d:5f:19:53:50:37:09:75:1a:16:d4:
                    85:f4:6c:bb:16:0f:1c:c7:19:2a:e0:32:75:0d:29:
                    39:b4:61:29:df:3e:49:5d:84:9b:57:03:b8:2f:85:
                    c9:b7:7e:50:4a:5f:33:1b:e1:d7:19:93:bc:05:48:
                    e3:2a:b3:0e:36:45:92:55:cf:4f:66:f8:4f:4d:2b:
                    16:34:e5:4a:f2:2c:81:db:4a:67:df:8d:f3:3a:b7:
                    b6:58:b7:1e:50:d8:da:89:38:9b:c3:76:cd:1b:e3:
                    14:35:6c:b3:5b:20:22:59:b7:40:69:68:dd:39:14:
                    cf:31:78:e5:e7:94:c2:ee:aa:40:6a:be:c4:e0:18:
                    63:95:42:90:de:dd:c9:34:7b:36:31:90:8d:56:ea:
                    a3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:9A:F8:F3:59:96:17:0D:33:46:BD:41:14:95:58:D9:84:00:19:F9
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/6Zr481mWFw0zRr1BFJVY2YQAGfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.16.0/22
                  107.150.168.0/24
                  107.150.172.0/24
                  162.218.176.0/24
                  162.218.179.0/24
                  167.160.0.0/24
                  167.160.3.0/24
                  185.192.212.0/24
                  185.192.215.0/24
                  185.203.148.0/24
                  185.203.151.0/24
                  185.212.172.0/24
                  185.212.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:49:a7:af:1d:c3:db:23:6a:7c:15:d6:ce:fe:2b:34:a5:55:
         15:cc:e3:91:8f:77:bf:bb:ad:c4:86:d5:5f:00:2f:e1:3b:cb:
         54:4c:da:7c:43:42:a9:97:73:fa:7d:6f:94:01:9a:03:64:62:
         e6:bd:32:27:5b:f7:51:51:28:3b:8e:b6:d6:c5:82:5a:64:2f:
         3a:0e:f1:1e:77:b7:92:a4:81:3f:b4:5f:d5:33:7c:3b:92:50:
         93:53:75:2f:a0:c4:d5:97:9b:e5:af:60:92:b5:3d:72:f7:1d:
         a8:26:a4:74:b4:a5:e7:fb:d4:6d:9b:46:c3:90:37:75:73:d7:
         74:12:f9:ef:e5:b2:4f:fe:c0:bd:aa:20:9e:2f:37:8d:1d:bf:
         66:0f:26:bd:c5:f7:d6:34:89:1f:35:ae:7c:a2:78:b5:3c:40:
         4f:de:6d:08:81:fb:06:00:0b:47:6a:b8:09:25:1a:45:95:60:
         36:2b:68:e6:da:36:aa:9d:7e:5d:c6:92:3c:c3:db:39:73:a7:
         df:38:e1:06:23:10:ac:4d:04:23:cc:d4:8c:b8:a2:9f:cb:d1:
         25:6c:df:2e:c9:62:70:34:b3:4c:e1:18:f7:dd:f6:d5:da:83:
         9f:6b:0a:24:a2:d8:03:80:1d:96:fd:16:e5:d7:8e:b9:be:bb:
         d8:4f:10:f4
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZITcL3jgLxZTvPJCK5X+REHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQwOTIxMDcxNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTlhZjhmMzU5OTYxNzBkMzM0NmJkNDExNDk1NThkOTg0MDAxOWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN/Rw0syIjvF2Wx2jrBUgzikVhc/
ukSNjY0MnzTXhN1GK4srJsnW0LVFVrTzBbWDkluJ0m7jWs2vrNjIx1KfEtpHLHKb
WvLIK3loa+/yeAC1ujQm9XsXyPHq8jYC7IBG6XhgvVfIHSbLLoURfV8ZU1A3CXUa
FtSF9Gy7Fg8cxxkq4DJ1DSk5tGEp3z5JXYSbVwO4L4XJt35QSl8zG+HXGZO8BUjj
KrMONkWSVc9PZvhPTSsWNOVK8iyB20pn343zOre2WLceUNjaiTibw3bNG+MUNWyz
WyAiWbdAaWjdORTPMXjl55TC7qpAar7E4BhjlUKQ3t3JNHs2MZCNVuqjRQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFOma+PNZlhcNM0a9QRSVWNmEABn5MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvNlpyNDgxbVdGdzB6UnIxQkZKVlkyWVFBR2ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQCDmYQAwQA
a5aoAwQAa5asAwQAotqwAwQAotqzAwQAp6AAAwQAp6ADAwQAucDUAwQAucDXAwQA
ucuUAwQAucuXAwQAudSsAwQAudSvMA0GCSqGSIb3DQEBCwUAA4IBAQBBSaevHcPb
I2p8FdbO/is0pVUVzOORj3e/u63EhtVfAC/hO8tUTNp8Q0Kpl3P6fW+UAZoDZGLm
vTInW/dRUSg7jrbWxYJaZC86DvEed7eSpIE/tF/VM3w7klCTU3UvoMTVl5vlr2CS
tT1y9x2oJqR0tKXn+9Rtm0bDkDd1c9d0Evnv5bJP/sC9qiCeLzeNHb9mDya9xffW
NIkfNa58oni1PEBP3m0IgfsGAAtHargJJRpFlWA2K2jm2jaqnX5dxpI8w9s5c6ff
OOEGIxCsTQQjzNSMuKKfy9ElbN8uyWJwNLNM4Rj33fbV2oOfawokotgDgB2W/Rbl
1465vrvYTxD0
-----END CERTIFICATE-----