Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/acmMnzHYBgG_LAh-RbWgE3Q7N6I.roa
File:                     acmMnzHYBgG_LAh-RbWgE3Q7N6I.roa (raw, json)
Hash identifier:          tktEQ+I+9jGsbZyLsuKa+G2XiY9WAcmtlwfBtBwKzkk=
Subject key identifier:   69:C9:8C:9F:31:D8:06:01:BF:2C:08:7E:45:B5:A0:13:74:3B:37:A2
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       0192AEFB4AC3F2768F03A3FD882781EE90DF
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/acmMnzHYBgG_LAh-RbWgE3Q7N6I.roa
Signing time:             Mon 21 Oct 2024 12:09:17 +0000
ROA not before:           Mon 21 Oct 2024 12:09:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8903
IP address blocks:        84.18.0.0/19 maxlen: 24
                          92.60.160.0/20 maxlen: 24
                          176.98.220.0/22 maxlen: 24
                          185.66.60.0/22 maxlen: 24
                          185.145.224.0/22 maxlen: 24
                          185.155.64.0/22 maxlen: 24
                          185.173.44.0/22 maxlen: 24
                          185.187.180.0/22 maxlen: 24
                          185.224.76.0/22 maxlen: 24
                          193.34.240.0/22 maxlen: 24
                          212.49.128.0/18 maxlen: 24
                          212.49.189.0/24 maxlen: 24
                          2a0d:59c0::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 21 Oct 2024 12:19:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ae:fb:4a:c3:f2:76:8f:03:a3:fd:88:27:81:ee:90:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: Oct 21 12:09:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69c98c9f31d80601bf2c087e45b5a013743b37a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ea:13:db:f3:89:a8:db:d6:ba:59:55:46:dc:
                    c7:fb:f4:6a:5d:c4:00:11:e2:b6:c2:9f:c1:1d:30:
                    37:82:e7:b1:e9:84:76:56:10:f6:ac:0f:ca:b7:09:
                    65:37:64:51:10:37:b4:a9:15:9c:b1:42:86:18:ca:
                    28:14:a0:db:d7:c3:8a:26:4e:db:b0:46:b0:6c:4a:
                    67:9e:1b:57:c8:cc:d2:c7:ac:b0:3d:e2:ce:d2:9e:
                    58:15:c3:ac:82:75:96:b8:58:61:e0:e4:98:6a:94:
                    1c:bc:40:7b:03:8e:0b:30:3d:ee:3a:73:2f:90:c0:
                    d4:eb:31:47:97:80:01:d4:ad:fe:85:21:3f:94:97:
                    41:85:cf:16:4f:07:72:2e:f8:12:6b:b7:c4:1f:e3:
                    f6:af:48:79:37:b4:05:ff:c6:04:9c:75:b8:b9:4f:
                    7c:78:ee:a9:be:ae:61:4f:c8:b7:c9:9b:4e:07:c8:
                    db:49:e2:ae:83:55:80:3b:d5:4d:69:c5:91:0b:a2:
                    d1:38:b7:f4:b9:84:82:56:09:ee:6c:bf:38:00:42:
                    00:f8:8a:c9:85:9a:52:6b:be:04:96:52:49:83:b1:
                    ed:0a:98:d2:1e:08:ac:c9:b7:6f:6d:72:90:ea:e9:
                    10:b7:ad:31:0c:50:47:45:8f:6b:33:bf:c7:f3:22:
                    32:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C9:8C:9F:31:D8:06:01:BF:2C:08:7E:45:B5:A0:13:74:3B:37:A2
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/acmMnzHYBgG_LAh-RbWgE3Q7N6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.18.0.0/19
                  92.60.160.0/20
                  176.98.220.0/22
                  185.66.60.0/22
                  185.145.224.0/22
                  185.155.64.0/22
                  185.173.44.0/22
                  185.187.180.0/22
                  185.224.76.0/22
                  193.34.240.0/22
                  212.49.128.0/18
                IPv6:
                  2a0d:59c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:20:b2:ce:ef:e6:94:52:25:d9:b6:af:50:5b:e2:b5:32:ca:
         8c:7c:00:aa:7f:1f:20:33:18:47:58:f5:f6:71:36:39:e4:c3:
         69:64:dc:f2:0d:8a:47:e2:56:74:2f:7c:2f:f7:f0:5a:6c:20:
         2b:86:f4:e4:99:e5:42:86:82:47:c3:23:a0:00:6c:9e:04:5b:
         6e:99:a0:23:a7:e3:1c:a6:2d:98:2e:a0:ff:7d:e7:f3:5d:23:
         bf:0b:b8:f3:ee:bd:49:55:51:ff:5a:01:48:51:f2:98:bd:ee:
         ee:e8:10:89:7f:05:7f:f8:62:e6:2a:f7:45:86:c3:8f:73:f7:
         75:e7:93:44:5b:29:4a:1c:b4:a3:69:61:d9:ba:42:9d:17:dc:
         73:9b:bc:f4:5a:f3:86:77:97:a0:6e:5c:eb:49:43:ca:77:ac:
         14:81:7a:b0:b9:07:c3:88:2b:da:1f:7a:8c:d3:cf:0c:fa:e4:
         41:86:c6:a2:f6:fe:e7:67:bc:72:ac:ef:08:bd:24:23:0f:87:
         37:f9:21:63:39:5b:99:7d:aa:61:59:5e:65:0e:03:60:88:6d:
         bf:be:fe:87:b7:16:65:48:e0:67:c2:ea:4b:4b:63:be:6b:72:
         48:c2:88:3d:cd:80:0f:af:4a:2d:6b:d8:6a:69:b8:df:be:2a:
         5a:25:28:45
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAZKu+0rD8naPA6P9iCeB7pDfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjQxMDIxMTIwOTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM5OGM5ZjMxZDgwNjAxYmYyYzA4N2U0NWI1YTAxMzc0M2IzN2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eoT2/OJqNvWullVRtzH+/RqXcQA
EeK2wp/BHTA3guex6YR2VhD2rA/KtwllN2RREDe0qRWcsUKGGMooFKDb18OKJk7b
sEawbEpnnhtXyMzSx6ywPeLO0p5YFcOsgnWWuFhh4OSYapQcvEB7A44LMD3uOnMv
kMDU6zFHl4AB1K3+hSE/lJdBhc8WTwdyLvgSa7fEH+P2r0h5N7QF/8YEnHW4uU98
eO6pvq5hT8i3yZtOB8jbSeKug1WAO9VNacWRC6LROLf0uYSCVgnubL84AEIA+IrJ
hZpSa74EllJJg7HtCpjSHgisybdvbXKQ6ukQt60xDFBHRY9rM7/H8yIyEwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFGnJjJ8x2AYBvywIfkW1oBN0OzeiMB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvYWNtTW56SFlCZ0dfTEFoLVJiV2dFM1E3TjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQFVBIAAwQE
XDygAwQCsGLcAwQCuUI8AwQCuZHgAwQCuZtAAwQCua0sAwQCubu0AwQCueBMAwQC
wSLwAwQG1DGAMA0EAgACMAcDBQMqDVnAMA0GCSqGSIb3DQEBCwUAA4IBAQChILLO
7+aUUiXZtq9QW+K1MsqMfACqfx8gMxhHWPX2cTY55MNpZNzyDYpH4lZ0L3wv9/Ba
bCArhvTkmeVChoJHwyOgAGyeBFtumaAjp+Mcpi2YLqD/fefzXSO/C7jz7r1JVVH/
WgFIUfKYve7u6BCJfwV/+GLmKvdFhsOPc/d155NEWylKHLSjaWHZukKdF9xzm7z0
WvOGd5egblzrSUPKd6wUgXqwuQfDiCvaH3qM088M+uRBhsai9v7nZ7xyrO8IvSQj
D4c3+SFjOVuZfaphWV5lDgNgiG2/vv6HtxZlSOBnwupLS2O+a3JIwog9zYAPr0ot
a9hqabjfvipaJShF
-----END CERTIFICATE-----