Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cIiP70psK6rEXqL9FnrSgCt4QII.roa
File:                     cIiP70psK6rEXqL9FnrSgCt4QII.roa (raw, json)
Hash identifier:          jWsvtaL6cU51jDQoDj0CGiBa9hJmaBXONX1vv+WhG2k=
Subject key identifier:   70:88:8F:EF:4A:6C:2B:AA:C4:5E:A2:FD:16:7A:D2:80:2B:78:40:82
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0193CF52AFDD65EE146314E24257B08699C6
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cIiP70psK6rEXqL9FnrSgCt4QII.roa
Signing time:             Mon 16 Dec 2024 11:55:22 +0000
ROA not before:           Mon 16 Dec 2024 11:55:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201021
IP address blocks:        77.81.88.0/24 maxlen: 24
                          77.81.100.0/24 maxlen: 24
                          86.107.51.0/24 maxlen: 24
                          89.37.194.0/24 maxlen: 24
                          89.39.125.0/24 maxlen: 24
                          89.43.62.0/24 maxlen: 24
                          89.45.162.0/24 maxlen: 24
                          93.90.75.0/24 maxlen: 24
                          93.115.105.0/24 maxlen: 24
                          188.241.137.0/24 maxlen: 24
                          212.192.5.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 17:54:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:cf:52:af:dd:65:ee:14:63:14:e2:42:57:b0:86:99:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Dec 16 11:55:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70888fef4a6c2baac45ea2fd167ad2802b784082
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:11:61:a0:4c:54:8b:b9:9b:b5:34:2f:31:aa:
                    10:3e:1f:74:bb:06:95:53:12:c3:8a:7e:8e:38:3b:
                    d5:cb:de:37:d8:79:30:be:c5:a8:c2:71:a4:46:98:
                    df:6a:a3:c3:37:38:b8:4b:91:7a:f3:5e:80:6e:20:
                    5c:e4:48:98:2d:eb:3d:ee:41:c7:6b:3d:6b:3c:86:
                    9d:b3:f9:9e:66:2c:a7:82:d4:8b:3f:2c:c9:a6:14:
                    9c:f2:e8:33:19:26:26:f5:ad:8a:51:3d:03:65:89:
                    53:78:27:71:de:52:cc:29:4f:86:fb:09:85:e9:87:
                    02:63:43:07:5d:02:19:15:25:a1:1f:3a:19:56:1c:
                    fe:d5:2e:f8:97:88:7a:47:f8:55:6b:89:36:97:4a:
                    b6:89:55:2a:53:df:20:0c:90:6a:fc:13:bc:92:bc:
                    0e:a9:63:2c:e8:40:bc:7a:c4:9c:71:e2:b7:80:67:
                    c7:98:66:49:53:64:f2:b6:19:3c:06:c3:ab:21:a7:
                    bc:bd:a1:df:da:dc:03:06:6a:2a:7f:4d:6d:09:fb:
                    a7:41:38:ad:a9:ba:ce:19:b3:17:46:77:6f:6d:cb:
                    9b:83:f3:1f:87:05:61:ea:19:f1:15:bf:f9:ca:df:
                    ad:87:61:04:a1:64:a9:40:71:40:ea:fa:99:5a:8f:
                    97:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:88:8F:EF:4A:6C:2B:AA:C4:5E:A2:FD:16:7A:D2:80:2B:78:40:82
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cIiP70psK6rEXqL9FnrSgCt4QII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.88.0/24
                  77.81.100.0/24
                  86.107.51.0/24
                  89.37.194.0/24
                  89.39.125.0/24
                  89.43.62.0/24
                  89.45.162.0/24
                  93.90.75.0/24
                  93.115.105.0/24
                  188.241.137.0/24
                  212.192.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:24:ee:0f:70:2a:1b:b8:a7:c4:a6:0d:a3:f8:20:7b:41:fe:
         25:a0:e7:06:de:e8:14:e9:1f:00:8d:93:f6:08:23:3e:1a:a9:
         55:f3:7d:92:8e:3d:73:0e:aa:2c:ec:de:1f:c9:1c:f3:f9:6b:
         4e:f3:30:f4:50:e9:1a:dc:9f:2f:2a:1b:04:77:17:6d:f4:4b:
         25:48:e8:91:ca:97:8b:81:74:f4:90:81:db:33:d7:78:57:37:
         13:be:5c:bc:72:be:d5:af:ed:da:8f:59:f0:63:ee:a5:55:ec:
         ac:ef:68:df:53:78:d4:f7:a0:7e:e0:a0:73:bb:f2:f3:94:a9:
         89:86:f6:01:02:b5:2d:6e:5e:62:43:b6:ce:01:81:66:73:cf:
         76:d1:b2:71:80:97:d3:03:21:bb:d1:19:d6:83:38:b8:5d:97:
         37:3a:70:31:f7:af:ea:b7:77:7f:a1:25:4c:e8:b4:df:ad:b8:
         35:84:c2:39:98:6d:51:cb:11:9c:b8:32:8d:65:72:ed:80:2b:
         3b:f0:56:c3:a5:90:af:ad:a9:8a:14:15:55:05:4b:68:07:37:
         75:b1:9b:d4:5e:cc:8f:fa:6b:b6:ad:b4:38:7b:61:92:a1:d9:
         68:cd:b1:4c:b6:cf:9a:04:09:15:25:6e:a6:8c:fe:f7:90:a3:
         97:15:3b:e2
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZPPUq/dZe4UYxTiQlewhpnGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQxMjE2MTE1NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg4OGZlZjRhNmMyYmFhYzQ1ZWEyZmQxNjdhZDI4MDJiNzg0MDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthFhoExUi7mbtTQvMaoQPh90uwaV
UxLDin6OODvVy9432HkwvsWownGkRpjfaqPDNzi4S5F6816AbiBc5EiYLes97kHH
az1rPIads/meZiyngtSLPyzJphSc8ugzGSYm9a2KUT0DZYlTeCdx3lLMKU+G+wmF
6YcCY0MHXQIZFSWhHzoZVhz+1S74l4h6R/hVa4k2l0q2iVUqU98gDJBq/BO8krwO
qWMs6EC8esScceK3gGfHmGZJU2Tythk8BsOrIae8vaHf2twDBmoqf01tCfunQTit
qbrOGbMXRndvbcubg/MfhwVh6hnxFb/5yt+th2EEoWSpQHFA6vqZWo+XQwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFHCIj+9KbCuqxF6i/RZ60oAreECCMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvY0lpUDcwcHNLNnJFWHFMOUZuclNnQ3Q0UUlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQATVFYAwQA
TVFkAwQAVmszAwQAWSXCAwQAWSd9AwQAWSs+AwQAWS2iAwQAXVpLAwQAXXNpAwQA
vPGJAwQA1MAFMA0GCSqGSIb3DQEBCwUAA4IBAQCOJO4PcCobuKfEpg2j+CB7Qf4l
oOcG3ugU6R8AjZP2CCM+GqlV832Sjj1zDqos7N4fyRzz+WtO8zD0UOka3J8vKhsE
dxdt9EslSOiRypeLgXT0kIHbM9d4VzcTvly8cr7Vr+3aj1nwY+6lVeys72jfU3jU
96B+4KBzu/LzlKmJhvYBArUtbl5iQ7bOAYFmc8920bJxgJfTAyG70RnWgzi4XZc3
OnAx96/qt3d/oSVM6LTfrbg1hMI5mG1RyxGcuDKNZXLtgCs78FbDpZCvramKFBVV
BUtoBzd1sZvUXsyP+mu2rbQ4e2GSodlozbFMts+aBAkVJW6mjP73kKOXFTvi
-----END CERTIFICATE-----