Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qZAnRXKB3NUxfpMzsrEoML33dJo.roa
File:                     qZAnRXKB3NUxfpMzsrEoML33dJo.roa (raw, json)
Hash identifier:          bpy8C6wDmdgzcdu+pM5h+g79NfUbvPdfGmMoZ9P10tQ=
Subject key identifier:   A9:90:27:45:72:81:DC:D5:31:7E:93:33:B2:B1:28:30:BD:F7:74:9A
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CD0311B89DC451CE82E6899EC124A03B6
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qZAnRXKB3NUxfpMzsrEoML33dJo.roa
Signing time:             Wed 03 Jan 2024 16:38:48 +0000
ROA not before:           Wed 03 Jan 2024 16:38:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212552
IP address blocks:        202.133.88.0/24 maxlen: 24
                          212.90.102.0/23 maxlen: 24
                          185.215.244.0/23 maxlen: 24
                          89.251.8.0/23 maxlen: 24
                          46.249.98.0/23 maxlen: 24
                          193.36.84.0/23 maxlen: 24
                          46.249.100.0/22 maxlen: 24
                          103.75.196.0/22 maxlen: 24
                          82.115.17.0/24 maxlen: 24
                          82.115.16.0/24 maxlen: 24
                          82.115.24.0/22 maxlen: 24
                          82.115.20.0/23 maxlen: 24
                          82.115.19.0/24 maxlen: 24
                          82.115.18.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 28 Jan 2024 13:18:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d0:31:1b:89:dc:45:1c:e8:2e:68:99:ec:12:4a:03:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  3 16:38:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a99027457281dcd5317e9333b2b12830bdf7749a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:88:38:08:32:be:a4:e0:8a:ba:ab:d6:c6:c7:
                    33:f8:6d:44:97:32:ce:9c:63:9b:f0:46:fa:1f:8a:
                    82:fb:db:d3:d9:8e:54:66:c2:e1:6a:ee:fe:71:6c:
                    a7:15:4c:d5:9e:cc:be:b9:fa:f9:bd:9f:0b:f5:f4:
                    e9:64:10:8d:8a:9f:3c:85:7a:25:56:c2:94:98:15:
                    b9:18:54:7e:87:28:5f:66:8b:b1:1f:f7:25:c2:50:
                    0a:d5:62:26:77:06:32:ec:a2:2a:f7:93:a9:83:80:
                    ed:e6:07:d8:44:ab:50:20:55:50:38:81:19:e4:84:
                    5d:6f:f6:7d:88:67:90:31:8b:9c:97:07:0f:93:dc:
                    f5:d6:40:3a:20:08:1f:c3:cc:51:17:70:ff:8e:63:
                    d7:30:63:8e:87:de:1a:ef:0d:2c:ea:5e:45:a6:13:
                    70:0b:77:59:78:22:9b:ef:73:93:ce:94:12:8e:9a:
                    1b:6c:d5:81:04:f7:82:22:f2:7d:c0:ab:d6:fb:da:
                    bd:83:59:be:73:3c:56:af:5e:0d:90:8f:b4:55:f1:
                    c5:5f:37:67:6b:f2:d1:26:3e:e7:d3:17:5b:b3:e9:
                    95:61:d3:44:81:30:b7:95:aa:b5:60:fd:d9:45:7a:
                    b6:42:27:d5:60:b8:e9:16:01:0b:0e:ed:8f:75:7b:
                    d1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:90:27:45:72:81:DC:D5:31:7E:93:33:B2:B1:28:30:BD:F7:74:9A
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qZAnRXKB3NUxfpMzsrEoML33dJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.98.0-46.249.103.255
                  82.115.16.0-82.115.21.255
                  82.115.24.0/22
                  89.251.8.0/23
                  103.75.196.0/22
                  185.215.244.0/23
                  193.36.84.0/23
                  202.133.88.0/24
                  212.90.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:24:73:7a:e0:b0:ff:5d:fd:89:1f:ca:2c:38:c3:6a:39:d3:
         1e:e7:74:ae:5b:7d:31:86:e2:0c:83:01:f6:b1:8d:6b:b7:99:
         7f:16:1d:b8:74:a9:3f:40:74:ba:44:2c:9b:6a:01:8e:f5:9d:
         1b:9f:0e:27:b7:50:fc:2f:31:ef:9c:9f:41:53:1d:bf:49:1a:
         ce:c5:1d:a1:69:f4:cb:b6:4b:e3:9f:d8:67:40:82:bd:d8:17:
         7e:63:85:ff:b3:3f:87:a2:ea:3e:50:8a:a3:56:30:55:99:f0:
         be:60:be:97:43:e8:02:3e:bc:b1:fd:ec:6e:07:38:9e:0f:d0:
         44:49:23:7c:37:bb:f6:a9:b1:c7:a1:be:10:ef:c6:b2:a6:8e:
         a1:7e:95:94:3c:a4:cd:53:3a:e9:41:68:17:49:67:a1:c5:4d:
         db:6c:7a:8f:16:2f:2a:98:3a:06:17:1d:a9:b7:3d:91:28:68:
         9e:6f:e9:9c:79:81:1f:bf:a4:24:cd:4c:46:70:6b:bb:d3:17:
         b1:db:92:a8:ef:ba:dc:c6:3f:a0:da:bb:c9:6b:d1:b2:d3:cf:
         8f:45:3a:14:53:8b:05:41:82:05:5e:4a:1a:d5:a2:d7:ca:5f:
         da:25:f4:43:d1:58:d8:8e:f6:f9:29:bc:e6:a9:c8:d6:9e:65:
         95:de:42:3d
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzQMRuJ3EUc6C5omewSSgO2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAzMTYzODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTkwMjc0NTcyODFkY2Q1MzE3ZTkzMzNiMmIxMjgzMGJkZjc3NDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYg4CDK+pOCKuqvWxscz+G1ElzLO
nGOb8Eb6H4qC+9vT2Y5UZsLhau7+cWynFUzVnsy+ufr5vZ8L9fTpZBCNip88hXol
VsKUmBW5GFR+hyhfZouxH/clwlAK1WImdwYy7KIq95Opg4Dt5gfYRKtQIFVQOIEZ
5IRdb/Z9iGeQMYuclwcPk9z11kA6IAgfw8xRF3D/jmPXMGOOh94a7w0s6l5FphNw
C3dZeCKb73OTzpQSjpobbNWBBPeCIvJ9wKvW+9q9g1m+czxWr14NkI+0VfHFXzdn
a/LRJj7n0xdbs+mVYdNEgTC3laq1YP3ZRXq2QifVYLjpFgELDu2PdXvRMwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFKmQJ0VygdzVMX6TM7KxKDC993SaMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvcVpBblJYS0IzTlV4ZnBNenNyRW9NTDMzZEpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGMAwDBAEu+WID
BAMu+WAwDAMEBFJzEAMEAVJzFAMEAlJzGAMEAVn7CAMEAmdLxAMEAbnX9AMEAcEk
VAMEAMqFWAMEAdRaZjANBgkqhkiG9w0BAQsFAAOCAQEAgyRzeuCw/139iR/KLDjD
ajnTHud0rlt9MYbiDIMB9rGNa7eZfxYduHSpP0B0ukQsm2oBjvWdG58OJ7dQ/C8x
75yfQVMdv0kazsUdoWn0y7ZL45/YZ0CCvdgXfmOF/7M/h6LqPlCKo1YwVZnwvmC+
l0PoAj68sf3sbgc4ng/QREkjfDe79qmxx6G+EO/GsqaOoX6VlDykzVM66UFoF0ln
ocVN22x6jxYvKpg6Bhcdqbc9kShonm/pnHmBH7+kJM1MRnBru9MXsduSqO+63MY/
oNq7yWvRstPPj0U6FFOLBUGCBV5KGtWi18pf2iX0Q9FY2I72+Sm85qnI1p5lld5C
PQ==
-----END CERTIFICATE-----