Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/g3VdNhHZ_8v9WHRAEp_3HLnc4TU.roa
File:                     g3VdNhHZ_8v9WHRAEp_3HLnc4TU.roa (raw, json)
Hash identifier:          oafbuu+bvUp2ja6vnLne1a3NVyN490D94jiPo+s07TU=
Subject key identifier:   83:75:5D:36:11:D9:FF:CB:FD:58:74:40:12:9F:F7:1C:B9:DC:E1:35
Certificate issuer:       /CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Certificate serial:       018CC79532AEFBC62965FA2470D25F51D11C
Authority key identifier: 22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/g3VdNhHZ_8v9WHRAEp_3HLnc4TU.roa
Signing time:             Tue 02 Jan 2024 00:31:32 +0000
ROA not before:           Tue 02 Jan 2024 00:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49074
IP address blocks:        193.242.196.0/22 maxlen: 22
                          109.166.32.0/22 maxlen: 22
                          91.228.140.0/22 maxlen: 22
                          194.40.204.0/22 maxlen: 22
                          91.234.56.0/22 maxlen: 22
                          151.248.64.0/24 maxlen: 24
                          151.248.65.0/24 maxlen: 24
                          151.248.66.0/24 maxlen: 24
                          151.248.67.0/24 maxlen: 24
                          151.248.95.0/24 maxlen: 24
                          176.113.104.0/22 maxlen: 22
                          2a04:2043::/32 maxlen: 32
                          2a04:2047::/32 maxlen: 32
                          2a04:2041::/32 maxlen: 32
                          2a04:2045::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 24 May 2024 14:55:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:32:ae:fb:c6:29:65:fa:24:70:d2:5f:51:d1:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
        Validity
            Not Before: Jan  2 00:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83755d3611d9ffcbfd587440129ff71cb9dce135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d2:59:2c:2d:1e:7b:e4:f6:ca:47:74:ab:1a:
                    52:4d:f7:11:40:40:fa:ef:ff:79:05:e9:45:19:fb:
                    97:05:b1:ce:f8:15:13:8b:7e:49:c1:33:04:fc:69:
                    77:cb:93:f7:ce:3c:a5:31:af:d9:7c:27:6e:58:6e:
                    a5:64:29:6b:ef:f3:d8:7d:6f:11:4d:8a:8c:db:f8:
                    78:11:a3:8e:1c:d7:d9:08:d8:a5:8e:cd:75:eb:32:
                    5d:47:01:96:ae:31:f2:45:2f:bf:3a:b4:5c:f9:10:
                    5b:96:31:a9:58:ae:96:f9:df:e8:68:f6:27:89:6c:
                    56:29:83:cf:76:d7:20:78:a7:8a:d3:03:ad:09:f9:
                    46:be:2b:7a:04:fa:23:be:f1:ce:6e:3d:98:a0:3f:
                    45:e8:65:b7:af:78:0c:cc:60:cf:4a:c4:6f:cc:d5:
                    ef:53:d1:b2:54:1e:a3:80:f4:ec:d5:79:da:97:74:
                    ae:27:fb:aa:79:e0:bd:dc:aa:a7:2c:f5:b2:43:1a:
                    a7:1d:64:5d:18:7c:dc:05:df:eb:05:9f:4d:02:80:
                    c6:26:b9:e2:c0:3a:18:1e:b0:1d:f8:4d:d5:b9:d8:
                    9e:6f:f7:b0:78:53:0c:e7:0c:af:0a:b7:2d:3f:35:
                    13:7e:dd:ee:2c:20:0a:00:83:3f:c0:66:ed:76:3b:
                    af:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:75:5D:36:11:D9:FF:CB:FD:58:74:40:12:9F:F7:1C:B9:DC:E1:35
            X509v3 Authority Key Identifier:
                keyid:22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/g3VdNhHZ_8v9WHRAEp_3HLnc4TU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.140.0/22
                  91.234.56.0/22
                  109.166.32.0/22
                  151.248.64.0/22
                  151.248.95.0/24
                  176.113.104.0/22
                  193.242.196.0/22
                  194.40.204.0/22
                IPv6:
                  2a04:2041::/32
                  2a04:2043::/32
                  2a04:2045::/32
                  2a04:2047::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:26:71:2d:44:a7:48:99:1c:04:30:f5:2a:45:4b:b2:76:fc:
         24:da:af:f4:78:55:90:ed:21:23:3b:32:eb:5c:cd:a9:59:ea:
         22:d3:75:85:93:69:bb:57:a9:44:ef:dd:70:b2:2e:85:70:f1:
         90:47:35:42:56:ca:c2:c9:1f:4c:44:87:21:a8:37:29:98:31:
         4c:8e:d6:73:00:0b:20:e1:b6:70:98:14:c3:b6:48:b2:5e:38:
         8a:f9:4e:d0:2a:e3:b4:c3:54:7c:80:06:9f:65:7d:e9:ff:b0:
         88:72:f0:d8:d0:38:0a:de:b2:d4:6d:40:2d:42:b6:fb:11:60:
         eb:74:26:30:c0:db:4b:87:2a:ed:ee:30:39:96:aa:9d:0e:93:
         0b:25:c0:af:57:6b:d5:af:ca:16:1c:9c:f4:a1:3f:80:b5:77:
         3f:d1:09:1b:6e:95:14:5f:d0:c7:0b:78:9e:06:79:b0:8c:77:
         46:3a:72:95:2a:9c:7e:e0:f0:6d:d9:7d:ad:30:45:1e:c7:01:
         40:b7:9f:36:07:91:34:f5:2f:f6:0d:2e:3b:ed:85:a3:4d:66:
         5c:b0:90:05:d8:46:74:92:cc:8b:bd:77:be:77:f6:02:42:21:
         2e:96:62:e3:25:ed:e0:51:e9:7f:d8:e8:40:7f:2d:39:61:d3:
         05:0b:52:aa
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYzHlTKu+8YpZfokcNJfUdEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjJjMmU3YmMxZGE1NGQ5MTljYTViNTk0MWQzNzg4OTJi
MmNjYjIwHhcNMjQwMTAyMDAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzc1NWQzNjExZDlmZmNiZmQ1ODc0NDAxMjlmZjcxY2I5ZGNlMTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitJZLC0ee+T2ykd0qxpSTfcRQED6
7/95BelFGfuXBbHO+BUTi35JwTME/Gl3y5P3zjylMa/ZfCduWG6lZClr7/PYfW8R
TYqM2/h4EaOOHNfZCNiljs116zJdRwGWrjHyRS+/OrRc+RBbljGpWK6W+d/oaPYn
iWxWKYPPdtcgeKeK0wOtCflGvit6BPojvvHObj2YoD9F6GW3r3gMzGDPSsRvzNXv
U9GyVB6jgPTs1Xnal3SuJ/uqeeC93KqnLPWyQxqnHWRdGHzcBd/rBZ9NAoDGJrni
wDoYHrAd+E3Vudieb/eweFMM5wyvCrctPzUTft3uLCAKAIM/wGbtdjuvRQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFIN1XTYR2f/L/Vh0QBKf9xy53OE1MB8GA1UdIwQY
MBaAFCLywue8HaVNkZyltZQdN4iSssyyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUt
MDJkZWY2ZTg0YzkxLzEvZzNWZE5oSFpfOHY5V0hSQUVwXzNITG5jNFRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUtMDJkZWY2ZTg0Yzkx
LzEvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDA2BAIAATAwAwQCW+SMAwQC
W+o4AwQCbaYgAwQCl/hAAwQAl/hfAwQCsHFoAwQCwfLEAwQCwijMMCIEAgACMBwD
BQAqBCBBAwUAKgQgQwMFACoEIEUDBQAqBCBHMA0GCSqGSIb3DQEBCwUAA4IBAQCP
JnEtRKdImRwEMPUqRUuydvwk2q/0eFWQ7SEjOzLrXM2pWeoi03WFk2m7V6lE791w
si6FcPGQRzVCVsrCyR9MRIchqDcpmDFMjtZzAAsg4bZwmBTDtkiyXjiK+U7QKuO0
w1R8gAafZX3p/7CIcvDY0DgK3rLUbUAtQrb7EWDrdCYwwNtLhyrt7jA5lqqdDpML
JcCvV2vVr8oWHJz0oT+AtXc/0QkbbpUUX9DHC3ieBnmwjHdGOnKVKpx+4PBt2X2t
MEUexwFAt582B5E09S/2DS477YWjTWZcsJAF2EZ0ksyLvXe+d/YCQiEulmLjJe3g
Uel/2OhAfy05YdMFC1Kq
-----END CERTIFICATE-----