Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/VsNkNgkFxeUL4AjOhlUnwH6xphw.roa
File:                     VsNkNgkFxeUL4AjOhlUnwH6xphw.roa (raw, json)
Hash identifier:          oiswBYlgS8M8MY/xVtughfgiqNsW85YJ6zknQ6OOvbI=
Subject key identifier:   56:C3:64:36:09:05:C5:E5:0B:E0:08:CE:86:55:27:C0:7E:B1:A6:1C
Certificate issuer:       /CN=9de783e9acd56992f5835fb4882183500ca03c83
Certificate serial:       018D6919D183379DA471339984EC9BFD2E69
Authority key identifier: 9D:E7:83:E9:AC:D5:69:92:F5:83:5F:B4:88:21:83:50:0C:A0:3C:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/neeD6azVaZL1g1-0iCGDUAygPIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/VsNkNgkFxeUL4AjOhlUnwH6xphw.roa
Signing time:             Fri 02 Feb 2024 09:15:16 +0000
ROA not before:           Fri 02 Feb 2024 09:15:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        62.182.168.0/21 maxlen: 21
                          62.182.168.0/24 maxlen: 24
                          62.182.169.0/24 maxlen: 24
                          62.182.170.0/24 maxlen: 24
                          62.182.171.0/24 maxlen: 24
                          62.182.172.0/24 maxlen: 24
                          62.182.173.0/24 maxlen: 24
                          62.182.174.0/24 maxlen: 24
                          62.182.175.0/24 maxlen: 24
                          83.97.96.0/21 maxlen: 21
                          83.97.96.0/24 maxlen: 24
                          83.97.97.0/24 maxlen: 24
                          83.97.98.0/24 maxlen: 24
                          83.97.99.0/24 maxlen: 24
                          83.97.100.0/24 maxlen: 24
                          83.97.101.0/24 maxlen: 24
                          83.97.102.0/24 maxlen: 24
                          83.97.103.0/24 maxlen: 24
                          89.47.52.0/24 maxlen: 24
                          89.47.252.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 02 Feb 2024 15:48:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:19:d1:83:37:9d:a4:71:33:99:84:ec:9b:fd:2e:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9de783e9acd56992f5835fb4882183500ca03c83
        Validity
            Not Before: Feb  2 09:15:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56c364360905c5e50be008ce865527c07eb1a61c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4a:81:ec:e4:73:4b:be:b5:bc:b0:af:f8:4a:
                    50:b6:7f:b5:b4:6c:14:8f:92:7e:93:b8:c0:04:01:
                    f0:25:a5:c1:00:c9:67:94:8a:42:6a:e4:6e:b2:e6:
                    53:0c:75:1a:12:0b:07:8a:7f:97:05:41:47:a5:de:
                    8e:d6:be:63:49:6c:fe:b0:84:4b:f4:b8:21:ac:4d:
                    9f:25:79:b7:43:ab:27:23:a0:c6:98:d7:5b:3d:2b:
                    c3:4f:53:f8:31:53:92:d4:bb:a7:a6:23:04:02:8e:
                    35:66:00:1d:ef:13:6d:53:d9:d6:7d:90:1d:3c:65:
                    d6:56:bd:f5:ad:1b:f5:5a:36:f9:60:86:f7:1f:6f:
                    38:da:66:50:1b:e7:9c:10:ad:24:b2:96:a1:1b:a5:
                    16:cf:ce:15:f9:2b:cf:48:d8:b5:10:f3:16:db:4f:
                    5f:46:d4:49:81:65:ed:d6:10:4b:cb:81:c8:bc:6c:
                    57:98:d6:35:74:2c:7a:8f:37:8a:1b:09:65:a6:23:
                    94:85:57:da:0d:ca:f6:cb:0d:d3:87:29:5e:12:c6:
                    d3:c9:bb:20:e0:36:f1:2a:7c:bb:6f:18:8d:38:94:
                    76:04:9e:97:1e:79:78:e4:58:a0:93:ea:9f:03:e5:
                    2c:55:17:21:34:ca:41:1f:49:2f:5e:b3:82:ef:e9:
                    06:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:C3:64:36:09:05:C5:E5:0B:E0:08:CE:86:55:27:C0:7E:B1:A6:1C
            X509v3 Authority Key Identifier:
                keyid:9D:E7:83:E9:AC:D5:69:92:F5:83:5F:B4:88:21:83:50:0C:A0:3C:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/neeD6azVaZL1g1-0iCGDUAygPIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/VsNkNgkFxeUL4AjOhlUnwH6xphw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4f05ce-a382-49a0-9999-e52f70c06c29/1/neeD6azVaZL1g1-0iCGDUAygPIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.168.0/21
                  83.97.96.0/21
                  89.47.52.0/24
                  89.47.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:8f:be:e7:e3:a0:70:88:2e:88:d5:6c:32:28:7d:a7:76:2e:
         de:79:de:0d:84:90:e0:c0:38:e0:32:d8:7d:70:e7:75:28:2c:
         65:1b:c4:3a:eb:db:96:aa:b5:86:c0:07:47:35:9a:a5:65:91:
         e1:ff:b4:53:b2:f6:45:c5:61:ff:be:34:ec:f1:ff:f3:82:e1:
         f7:86:13:b5:3b:b1:aa:7b:2c:09:a9:cd:de:d9:a2:c5:e6:4f:
         5e:00:b7:83:0f:91:cf:37:38:0c:25:b2:70:85:cb:c2:43:4f:
         b5:f3:f3:79:72:12:e1:8f:79:40:59:a6:ae:f6:f4:ab:48:d0:
         be:78:3a:89:34:f4:31:c2:98:bb:36:af:2e:ef:2f:48:77:a3:
         ca:19:4b:7b:94:7a:0b:40:9c:22:a6:ed:c3:39:25:2d:c9:cc:
         75:2c:bc:fb:22:35:c8:0f:80:f5:c6:29:b8:a4:53:05:46:9b:
         1e:fa:28:74:3e:e5:2a:50:65:68:ae:82:40:51:2f:1b:9e:d7:
         83:c2:20:f2:1a:97:1f:4a:e9:7e:a9:a4:22:40:5e:cf:47:66:
         ce:cc:e7:ac:8f:19:ce:08:15:2a:8a:71:4f:6c:da:a9:bd:41:
         02:fc:45:04:df:27:5b:51:0a:8b:3d:a4:f2:2a:86:51:44:dc:
         de:58:4f:f6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY1pGdGDN52kcTOZhOyb/S5pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZTc4M2U5YWNkNTY5OTJmNTgzNWZiNDg4MjE4MzUwMGNh
MDNjODMwHhcNMjQwMjAyMDkxNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmMzNjQzNjA5MDVjNWU1MGJlMDA4Y2U4NjU1MjdjMDdlYjFhNjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkqB7ORzS761vLCv+EpQtn+1tGwU
j5J+k7jABAHwJaXBAMlnlIpCauRusuZTDHUaEgsHin+XBUFHpd6O1r5jSWz+sIRL
9LghrE2fJXm3Q6snI6DGmNdbPSvDT1P4MVOS1LunpiMEAo41ZgAd7xNtU9nWfZAd
PGXWVr31rRv1Wjb5YIb3H2842mZQG+ecEK0kspahG6UWz84V+SvPSNi1EPMW209f
RtRJgWXt1hBLy4HIvGxXmNY1dCx6jzeKGwllpiOUhVfaDcr2yw3ThyleEsbTybsg
4DbxKny7bxiNOJR2BJ6XHnl45Figk+qfA+UsVRchNMpBH0kvXrOC7+kGjwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFbDZDYJBcXlC+AIzoZVJ8B+saYcMB8GA1UdIwQY
MBaAFJ3ng+ms1WmS9YNftIghg1AMoDyDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmVlRDZhelZhWkwxZzEtMGlDR0RVQXlnUElNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi80ZjA1Y2UtYTM4Mi00OWEwLTk5OTkt
ZTUyZjcwYzA2YzI5LzEvVnNOa05na0Z4ZVVMNEFqT2hsVW53SDZ4cGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi80ZjA1Y2UtYTM4Mi00OWEwLTk5OTktZTUyZjcwYzA2YzI5
LzEvbmVlRDZhelZhWkwxZzEtMGlDR0RVQXlnUElNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDPraoAwQD
U2FgAwQAWS80AwQAWS/8MA0GCSqGSIb3DQEBCwUAA4IBAQBsj77n46BwiC6I1Wwy
KH2ndi7eed4NhJDgwDjgMth9cOd1KCxlG8Q669uWqrWGwAdHNZqlZZHh/7RTsvZF
xWH/vjTs8f/zguH3hhO1O7GqeywJqc3e2aLF5k9eALeDD5HPNzgMJbJwhcvCQ0+1
8/N5chLhj3lAWaau9vSrSNC+eDqJNPQxwpi7Nq8u7y9Id6PKGUt7lHoLQJwipu3D
OSUtycx1LLz7IjXID4D1xim4pFMFRpse+ih0PuUqUGVoroJAUS8bnteDwiDyGpcf
Sul+qaQiQF7PR2bOzOesjxnOCBUqinFPbNqpvUEC/EUE3ydbUQqLPaTyKoZRRNze
WE/2
-----END CERTIFICATE-----