Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/54b0d0-e9fe-48d1-968d-9e243c2d8821/1/tQfh335bv5ri1w6-4t2Pnx6pqoo.roa
File:                     tQfh335bv5ri1w6-4t2Pnx6pqoo.roa (raw, json)
Hash identifier:          gambxHl4z6flArsbWurBNR4KGfRnsIG873soy9znfXA=
Subject key identifier:   B5:07:E1:DF:7E:5B:BF:9A:E2:D7:0E:BE:E2:DD:8F:9F:1E:A9:AA:8A
Certificate issuer:       /CN=4df2c6fa54a8cc2dc71e802cf83f5c776ce974c9
Certificate serial:       018B61BA868F63387DE5DA0EE24817E26619
Authority key identifier: 4D:F2:C6:FA:54:A8:CC:2D:C7:1E:80:2C:F8:3F:5C:77:6C:E9:74:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TfLG-lSozC3HHoAs-D9cd2zpdMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/54b0d0-e9fe-48d1-968d-9e243c2d8821/1/tQfh335bv5ri1w6-4t2Pnx6pqoo.roa
Signing time:             Tue 24 Oct 2023 12:48:15 +0000
ROA not before:           Tue 24 Oct 2023 12:48:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35205
IP address blocks:        77.78.166.0/24 maxlen: 24
                          77.78.160.0/20 maxlen: 20
                          77.78.160.0/19 maxlen: 19
                          77.78.176.0/20 maxlen: 20
                          77.78.181.0/24 maxlen: 24
                          77.78.184.0/22 maxlen: 22
                          212.37.176.0/20 maxlen: 20
                          185.27.152.0/22 maxlen: 22
                          77.78.188.0/22 maxlen: 22
                          46.28.80.0/21 maxlen: 21
                          212.37.160.0/20 maxlen: 20
                          212.37.164.0/22 maxlen: 22
                          212.37.160.0/19 maxlen: 19
                          212.37.168.0/21 maxlen: 21
                          2a03:ed00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:61:ba:86:8f:63:38:7d:e5:da:0e:e2:48:17:e2:66:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4df2c6fa54a8cc2dc71e802cf83f5c776ce974c9
        Validity
            Not Before: Oct 24 12:48:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b507e1df7e5bbf9ae2d70ebee2dd8f9f1ea9aa8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f7:0f:70:8b:94:c1:fb:95:c6:c9:fa:0c:64:
                    f9:b9:ae:24:0e:53:45:e6:be:d8:87:5c:95:07:bd:
                    6e:a2:6c:d7:3e:66:69:6f:31:53:53:cf:ec:ee:c0:
                    a4:6b:19:ee:49:e5:70:30:a7:f1:28:a5:bd:5e:6a:
                    10:e6:75:60:47:11:d4:e0:91:4d:da:42:4c:5d:49:
                    9c:78:7a:2f:fb:e0:c4:1a:d1:8a:fb:d6:b3:20:ef:
                    d5:3f:da:d3:85:9d:08:3a:5c:56:fc:b0:d4:93:b9:
                    0c:c8:86:54:d8:57:a2:15:80:9a:2d:22:60:8b:46:
                    3f:93:55:83:9a:84:cb:a0:a7:1a:77:fb:40:90:c6:
                    24:8f:f1:cb:81:54:61:b0:91:ca:ca:a2:fa:a3:01:
                    ec:f8:74:66:da:3e:4a:42:41:04:a5:72:e5:1d:1c:
                    4b:95:6a:87:cd:78:c9:fa:9f:a6:0e:d8:7a:77:81:
                    23:c9:a2:45:5a:f9:e4:4b:cd:b9:5b:b8:9a:65:fc:
                    35:e2:0f:63:1c:ea:ac:a0:cf:95:ab:88:26:86:71:
                    2a:b4:57:3f:13:af:1a:e6:47:4a:67:d0:b1:39:1a:
                    e1:bf:95:fc:4a:b6:5c:f8:26:63:a4:e8:2f:64:74:
                    ff:80:e4:6a:d8:b1:c2:db:a1:2f:6a:86:c3:44:0e:
                    44:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:07:E1:DF:7E:5B:BF:9A:E2:D7:0E:BE:E2:DD:8F:9F:1E:A9:AA:8A
            X509v3 Authority Key Identifier:
                keyid:4D:F2:C6:FA:54:A8:CC:2D:C7:1E:80:2C:F8:3F:5C:77:6C:E9:74:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TfLG-lSozC3HHoAs-D9cd2zpdMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/54b0d0-e9fe-48d1-968d-9e243c2d8821/1/tQfh335bv5ri1w6-4t2Pnx6pqoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/54b0d0-e9fe-48d1-968d-9e243c2d8821/1/TfLG-lSozC3HHoAs-D9cd2zpdMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.80.0/21
                  77.78.160.0/19
                  185.27.152.0/22
                  212.37.160.0/19
                IPv6:
                  2a03:ed00::/32

    Signature Algorithm: sha256WithRSAEncryption
         d8:24:ac:bc:ae:e2:89:d4:33:5e:d4:45:4e:c7:01:79:db:b2:
         7c:d1:14:45:38:55:50:2c:d5:38:2a:9d:a0:fb:4b:7e:46:f5:
         71:48:e3:7c:14:63:a5:0a:60:8f:63:10:4f:9d:61:5c:d2:8f:
         1e:74:61:8a:3d:38:4f:38:4f:e6:4b:54:72:47:e8:e7:a3:7b:
         27:63:06:d7:72:c9:7d:d2:23:70:8a:06:1a:33:8f:18:4b:25:
         73:ee:7e:04:90:02:68:7d:b8:5d:2e:42:86:f9:0a:58:8c:dd:
         fa:c1:ab:33:1c:68:6e:5e:eb:40:6e:c4:4d:1d:e7:3b:87:f6:
         2d:99:30:5f:cd:e9:0f:7f:d4:09:3e:7a:26:91:5f:22:99:16:
         41:77:0c:20:ce:54:b6:f9:16:fe:e3:77:b6:6c:6f:20:c7:b0:
         4e:db:45:c1:41:bc:12:29:3b:f3:d0:b0:ec:ca:57:f4:38:ce:
         c4:f7:54:45:13:f5:3f:8b:26:00:83:df:f9:8a:ec:09:e5:bf:
         2a:c9:e2:68:52:f4:c1:65:48:2f:2f:ed:30:0b:8c:52:3d:b0:
         92:c3:a2:45:50:b9:3a:6a:ce:21:84:c7:bd:80:2c:40:6f:91:
         c8:4c:3e:11:2f:a2:38:79:bd:08:6f:f0:56:82:60:5a:f2:03:
         bb:d3:1b:33
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYthuoaPYzh95doO4kgX4mYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZjJjNmZhNTRhOGNjMmRjNzFlODAyY2Y4M2Y1Yzc3NmNl
OTc0YzkwHhcNMjMxMDI0MTI0ODE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTA3ZTFkZjdlNWJiZjlhZTJkNzBlYmVlMmRkOGY5ZjFlYTlhYThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfcPcIuUwfuVxsn6DGT5ua4kDlNF
5r7Yh1yVB71uomzXPmZpbzFTU8/s7sCkaxnuSeVwMKfxKKW9XmoQ5nVgRxHU4JFN
2kJMXUmceHov++DEGtGK+9azIO/VP9rThZ0IOlxW/LDUk7kMyIZU2FeiFYCaLSJg
i0Y/k1WDmoTLoKcad/tAkMYkj/HLgVRhsJHKyqL6owHs+HRm2j5KQkEEpXLlHRxL
lWqHzXjJ+p+mDth6d4EjyaJFWvnkS825W7iaZfw14g9jHOqsoM+Vq4gmhnEqtFc/
E68a5kdKZ9CxORrhv5X8SrZc+CZjpOgvZHT/gORq2LHC26EvaobDRA5EPQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLUH4d9+W7+a4tcOvuLdj58eqaqKMB8GA1UdIwQY
MBaAFE3yxvpUqMwtxx6ALPg/XHds6XTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGZMRy1sU296QzNISG9Bcy1EOWNkMnpwZE1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy81NGIwZDAtZTlmZS00OGQxLTk2OGQt
OWUyNDNjMmQ4ODIxLzEvdFFmaDMzNWJ2NXJpMXc2LTR0MlBueDZwcW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy81NGIwZDAtZTlmZS00OGQxLTk2OGQtOWUyNDNjMmQ4ODIx
LzEvVGZMRy1sU296QzNISG9Bcy1EOWNkMnpwZE1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDLhxQAwQF
TU6gAwQCuRuYAwQF1CWgMA0EAgACMAcDBQAqA+0AMA0GCSqGSIb3DQEBCwUAA4IB
AQDYJKy8ruKJ1DNe1EVOxwF527J80RRFOFVQLNU4Kp2g+0t+RvVxSON8FGOlCmCP
YxBPnWFc0o8edGGKPThPOE/mS1RyR+jno3snYwbXcsl90iNwigYaM48YSyVz7n4E
kAJofbhdLkKG+QpYjN36waszHGhuXutAbsRNHec7h/YtmTBfzekPf9QJPnomkV8i
mRZBdwwgzlS2+Rb+43e2bG8gx7BO20XBQbwSKTvz0LDsylf0OM7E91RFE/U/iyYA
g9/5iuwJ5b8qyeJoUvTBZUgvL+0wC4xSPbCSw6JFULk6as4hhMe9gCxAb5HITD4R
L6I4eb0Ib/BWgmBa8gO70xsz
-----END CERTIFICATE-----