Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6kNil49sQjJPK7-GHimgptuMR5Q.roa
File:                     6kNil49sQjJPK7-GHimgptuMR5Q.roa (raw, json)
Hash identifier:          mhNDxvp2U4KaPflqm14SSP42h+UnJetRL862llrVckw=
Subject key identifier:   EA:43:62:97:8F:6C:42:32:4F:2B:BF:86:1E:29:A0:A6:DB:8C:47:94
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018DD526387B0816775D5D33613CBEE7EBD8
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6kNil49sQjJPK7-GHimgptuMR5Q.roa
Signing time:             Fri 23 Feb 2024 08:47:48 +0000
ROA not before:           Fri 23 Feb 2024 08:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        77.81.182.0/24 maxlen: 24
                          89.34.106.0/24 maxlen: 24
                          89.35.129.0/24 maxlen: 24
                          89.40.215.0/24 maxlen: 24
                          91.132.49.0/24 maxlen: 24
                          93.114.183.0/24 maxlen: 24
                          128.0.41.0/24 maxlen: 24
                          185.212.119.0/24 maxlen: 24
                          188.215.31.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 23 Feb 2024 13:36:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:26:38:7b:08:16:77:5d:5d:33:61:3c:be:e7:eb:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Feb 23 08:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea4362978f6c42324f2bbf861e29a0a6db8c4794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:13:7c:a2:30:a8:70:4b:98:00:ca:4e:8b:43:
                    f1:f1:76:f6:c1:cd:7c:ba:2a:8c:4f:53:04:7a:30:
                    e0:b1:a0:28:95:c0:c7:9b:3e:70:81:48:34:5a:75:
                    d2:94:c3:09:33:70:89:fa:64:66:82:c6:7f:be:34:
                    ed:8a:da:2b:3a:40:fe:64:ca:96:7b:7c:8a:c2:3a:
                    d6:64:ce:1c:3f:2f:8a:8e:29:f3:f5:08:3a:d9:d2:
                    48:ea:13:b0:79:f6:be:d1:22:10:75:92:8e:af:36:
                    e7:00:42:02:7d:93:fc:9b:75:aa:ab:f4:9e:bf:1a:
                    6b:e6:4e:6f:32:c0:36:79:bd:6b:ad:47:9c:fc:1d:
                    1e:8b:63:84:a8:1b:86:1d:da:ef:1c:ed:77:bd:a5:
                    35:57:e5:41:64:79:51:ca:56:5d:d1:5f:e0:04:b9:
                    b0:02:cd:db:d5:30:3d:54:69:f7:db:3e:e9:8b:a8:
                    7e:74:48:b6:20:84:f1:f3:ad:09:f9:d5:17:11:67:
                    aa:e3:89:22:29:bc:11:90:54:c7:71:ab:99:3c:10:
                    88:cc:ea:a7:11:65:3a:db:84:46:56:c1:2f:a0:30:
                    ad:43:bc:80:91:f1:92:bc:d5:7f:66:c7:c3:9c:27:
                    bf:fb:6f:e5:da:07:53:b1:c9:01:87:0c:2e:2d:31:
                    62:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:43:62:97:8F:6C:42:32:4F:2B:BF:86:1E:29:A0:A6:DB:8C:47:94
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6kNil49sQjJPK7-GHimgptuMR5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.182.0/24
                  89.34.106.0/24
                  89.35.129.0/24
                  89.40.215.0/24
                  91.132.49.0/24
                  93.114.183.0/24
                  128.0.41.0/24
                  185.212.119.0/24
                  188.215.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:6d:b1:3f:44:4c:da:e3:d6:f1:c8:9d:90:71:9f:81:88:b4:
         43:36:9a:19:17:5a:52:ce:fb:0d:e1:28:6b:f7:9f:4f:44:87:
         ce:ff:11:fe:bf:d4:6a:79:c4:cb:96:5c:0b:48:6a:e7:3a:9c:
         ad:7e:8f:21:b1:2a:da:48:a8:56:72:df:9a:09:e4:84:93:f8:
         11:bb:55:d4:aa:13:4a:4d:8c:2d:a6:4c:9b:f1:ce:e5:2d:b2:
         f0:d0:57:bf:73:ef:53:9f:a5:7a:6d:e1:7a:59:f2:ca:94:b2:
         0c:f4:53:97:86:d6:7e:78:9b:14:a2:f6:be:a7:dc:c7:45:6b:
         4a:96:00:ad:97:45:29:b5:b9:05:ec:3a:c4:fd:e6:6e:af:56:
         91:27:7f:2f:11:22:69:df:f7:e8:93:93:57:a5:1d:28:66:9e:
         b1:ff:d8:6f:1c:4b:35:83:2f:51:27:26:1d:3e:f3:ca:c3:7c:
         45:3b:29:3d:3d:e0:18:3a:8e:70:b2:f8:a9:5f:85:f7:98:28:
         78:fe:2e:96:2e:dc:a3:e2:29:6c:82:f8:fc:4e:ad:09:7f:be:
         b6:bf:a9:34:dc:cf:66:ed:33:1c:03:7c:43:b2:3e:7b:c6:2f:
         f3:4d:5c:20:f3:1d:13:f4:54:55:cd:10:87:34:91:70:19:f7:
         87:88:86:9a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY3VJjh7CBZ3XV0zYTy+5+vYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMjIzMDg0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQzNjI5NzhmNmM0MjMyNGYyYmJmODYxZTI5YTBhNmRiOGM0Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhN8ojCocEuYAMpOi0Px8Xb2wc18
uiqMT1MEejDgsaAolcDHmz5wgUg0WnXSlMMJM3CJ+mRmgsZ/vjTtitorOkD+ZMqW
e3yKwjrWZM4cPy+Kjinz9Qg62dJI6hOwefa+0SIQdZKOrzbnAEICfZP8m3Wqq/Se
vxpr5k5vMsA2eb1rrUec/B0ei2OEqBuGHdrvHO13vaU1V+VBZHlRylZd0V/gBLmw
As3b1TA9VGn32z7pi6h+dEi2IITx860J+dUXEWeq44kiKbwRkFTHcauZPBCIzOqn
EWU624RGVsEvoDCtQ7yAkfGSvNV/ZsfDnCe/+2/l2gdTsckBhwwuLTFiKQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFOpDYpePbEIyTyu/hh4poKbbjEeUMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvNmtOaWw0OXNRakpQSzctR0hpbWdwdHVNUjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQATVG2AwQA
WSJqAwQAWSOBAwQAWSjXAwQAW4QxAwQAXXK3AwQAgAApAwQAudR3AwQAvNcfMA0G
CSqGSIb3DQEBCwUAA4IBAQBEbbE/REza49bxyJ2QcZ+BiLRDNpoZF1pSzvsN4Shr
959PRIfO/xH+v9RqecTLllwLSGrnOpytfo8hsSraSKhWct+aCeSEk/gRu1XUqhNK
TYwtpkyb8c7lLbLw0Fe/c+9Tn6V6beF6WfLKlLIM9FOXhtZ+eJsUova+p9zHRWtK
lgCtl0UptbkF7DrE/eZur1aRJ38vESJp3/fok5NXpR0oZp6x/9hvHEs1gy9RJyYd
PvPKw3xFOyk9PeAYOo5wsvipX4X3mCh4/i6WLtyj4ilsgvj8Tq0Jf762v6k03M9m
7TMcA3xDsj57xi/zTVwg8x0T9FRVzRCHNJFwGfeHiIaa
-----END CERTIFICATE-----