Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/qOQ3gjqj_eQmizcWTvWTDRnd_r8.roa
File:                     qOQ3gjqj_eQmizcWTvWTDRnd_r8.roa (raw, json)
Hash identifier:          sD9Ph40T1H0IdyVm0Zo326FnaQCNnUxzQhgkCWv3css=
Subject key identifier:   A8:E4:37:82:3A:A3:FD:E4:26:8B:37:16:4E:F5:93:0D:19:DD:FE:BF
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018CC493349FDE5B08CD4FA44FB569C699A8
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/qOQ3gjqj_eQmizcWTvWTDRnd_r8.roa
Signing time:             Mon 01 Jan 2024 10:30:30 +0000
ROA not before:           Mon 01 Jan 2024 10:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        188.212.121.0/24 maxlen: 24
                          89.36.140.0/24 maxlen: 24
                          94.177.51.0/24 maxlen: 24
                          188.215.31.0/24 maxlen: 24
                          89.46.42.0/24 maxlen: 24
                          94.198.171.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          86.107.100.0/24 maxlen: 24
                          217.19.4.0/24 maxlen: 24
                          89.45.35.0/24 maxlen: 24
                          89.40.36.0/24 maxlen: 24
                          62.192.152.0/24 maxlen: 24
                          176.223.188.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 21 Jan 2024 06:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:34:9f:de:5b:08:cd:4f:a4:4f:b5:69:c6:99:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  1 10:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8e437823aa3fde4268b37164ef5930d19ddfebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:09:9a:c1:c7:9e:3d:84:58:a5:dc:90:5e:73:
                    e2:19:e2:e0:64:d3:e1:e4:82:ad:be:75:04:04:31:
                    cb:b4:bb:54:1d:03:72:e7:4b:82:87:6f:8e:13:a8:
                    86:46:d0:3c:91:7b:a5:1e:ab:7c:3c:1f:05:0e:d3:
                    a0:1a:65:5c:5e:ca:98:84:d3:65:57:fc:f0:4f:58:
                    81:36:38:cc:3a:01:a9:e4:6b:cc:46:a0:3c:1a:12:
                    18:c0:6d:c0:4a:63:5e:62:cb:35:12:10:e4:52:d2:
                    70:0a:01:5d:aa:2a:6b:98:be:3c:fe:0f:2b:eb:d1:
                    73:88:3a:9c:72:18:41:03:52:07:8e:90:2e:59:38:
                    81:25:d4:20:06:30:64:29:68:33:6d:f2:92:21:67:
                    be:04:dc:c1:c8:7b:79:6d:89:bc:24:f7:3a:15:7d:
                    26:6b:5b:b8:cd:32:e8:2d:a7:63:b5:cf:83:21:0d:
                    44:4c:b4:a3:62:07:98:79:02:12:a8:d9:28:3c:55:
                    09:66:d0:9a:f5:53:9b:4b:bc:22:b0:03:f0:5c:f1:
                    27:fc:46:92:de:bc:a6:a8:e7:1b:99:06:65:43:5c:
                    b4:e8:96:8d:6a:2f:4d:19:16:df:27:2d:07:61:e8:
                    51:13:d3:03:84:de:46:5b:e0:ec:a7:d8:99:86:9a:
                    25:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E4:37:82:3A:A3:FD:E4:26:8B:37:16:4E:F5:93:0D:19:DD:FE:BF
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/qOQ3gjqj_eQmizcWTvWTDRnd_r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.152.0/24
                  86.107.100.0/24
                  89.36.140.0/24
                  89.40.36.0/24
                  89.45.35.0/24
                  89.46.42.0/24
                  89.47.36.0/24
                  94.177.51.0/24
                  94.198.171.0/24
                  176.223.188.0/24
                  188.212.121.0/24
                  188.215.31.0/24
                  217.19.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:00:49:66:41:2f:cb:24:74:c6:94:b7:7b:22:9c:25:a0:2c:
         c3:ea:40:c1:f7:b8:45:44:99:b2:3d:4d:cd:55:98:7f:7d:a2:
         df:d3:96:9c:20:81:a0:b5:d2:d9:5e:02:ca:f5:83:01:e6:dd:
         be:19:ac:a0:ca:64:ae:37:6c:e1:3c:83:67:a9:2a:df:11:39:
         36:8a:ff:9b:2b:d5:54:9f:2a:44:7d:4b:44:56:43:49:c2:89:
         43:ee:64:ef:e9:27:17:6f:96:af:da:9e:57:cc:73:28:5c:9e:
         4f:45:14:1c:58:90:ad:1c:73:f5:24:0f:0f:2c:c9:87:e9:f2:
         26:bd:2f:21:7b:08:a2:3e:d4:64:ee:79:81:bb:f8:0c:79:90:
         02:ba:ab:e4:62:16:7b:c3:2c:88:67:08:7f:dc:0e:8e:c8:81:
         48:c6:67:a6:13:5f:42:3a:0b:7b:46:7d:dc:ed:92:45:1c:7d:
         69:e2:bb:58:c9:0d:1f:24:dd:01:fb:9d:d4:b3:94:66:b5:7b:
         94:aa:48:62:d6:a7:f9:17:ee:1f:a7:01:41:f9:b7:08:67:76:
         c6:68:f9:d8:84:fe:09:62:a1:85:2a:62:e6:3c:27:45:4c:f9:
         06:ee:cf:b9:f1:4f:8d:6a:87:f5:5e:6e:6c:c8:d5:b7:ac:44:
         08:33:ed:3d
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYzEkzSf3lsIzU+kT7VpxpmoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMTAxMTAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGU0Mzc4MjNhYTNmZGU0MjY4YjM3MTY0ZWY1OTMwZDE5ZGRmZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigmawceePYRYpdyQXnPiGeLgZNPh
5IKtvnUEBDHLtLtUHQNy50uCh2+OE6iGRtA8kXulHqt8PB8FDtOgGmVcXsqYhNNl
V/zwT1iBNjjMOgGp5GvMRqA8GhIYwG3ASmNeYss1EhDkUtJwCgFdqiprmL48/g8r
69FziDqcchhBA1IHjpAuWTiBJdQgBjBkKWgzbfKSIWe+BNzByHt5bYm8JPc6FX0m
a1u4zTLoLadjtc+DIQ1ETLSjYgeYeQISqNkoPFUJZtCa9VObS7wisAPwXPEn/EaS
3rymqOcbmQZlQ1y06JaNai9NGRbfJy0HYehRE9MDhN5GW+Dsp9iZhpolrQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFKjkN4I6o/3kJos3Fk71kw0Z3f6/MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvcU9RM2dqcWpfZVFtaXpjV1R2V1REUm5kX3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAPsCYAwQA
VmtkAwQAWSSMAwQAWSgkAwQAWS0jAwQAWS4qAwQAWS8kAwQAXrEzAwQAXsarAwQA
sN+8AwQAvNR5AwQAvNcfAwQA2RMEMA0GCSqGSIb3DQEBCwUAA4IBAQAmAElmQS/L
JHTGlLd7IpwloCzD6kDB97hFRJmyPU3NVZh/faLf05acIIGgtdLZXgLK9YMB5t2+
GaygymSuN2zhPINnqSrfETk2iv+bK9VUnypEfUtEVkNJwolD7mTv6ScXb5av2p5X
zHMoXJ5PRRQcWJCtHHP1JA8PLMmH6fImvS8hewiiPtRk7nmBu/gMeZACuqvkYhZ7
wyyIZwh/3A6OyIFIxmemE19COgt7Rn3c7ZJFHH1p4rtYyQ0fJN0B+53Us5RmtXuU
qkhi1qf5F+4fpwFB+bcIZ3bGaPnYhP4JYqGFKmLmPCdFTPkG7s+58U+Naof1Xm5s
yNW3rEQIM+09
-----END CERTIFICATE-----