Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/KGC3Wa87Bh1WfdfmVFo7YkzMSps.roa
File:                     KGC3Wa87Bh1WfdfmVFo7YkzMSps.roa (raw, json)
Hash identifier:          JWNE+Lnt9ytl+jzlKyfnlhjJ4hOe+7nqooB8o09/vzI=
Subject key identifier:   28:60:B7:59:AF:3B:06:1D:56:7D:D7:E6:54:5A:3B:62:4C:CC:4A:9B
Certificate issuer:       /CN=b35002ba088d5bd09c1553dced5b0bf3907ff736
Certificate serial:       018CF72141E738D78646773E7FC4FC40D442
Authority key identifier: B3:50:02:BA:08:8D:5B:D0:9C:15:53:DC:ED:5B:0B:F3:90:7F:F7:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/KGC3Wa87Bh1WfdfmVFo7YkzMSps.roa
Signing time:             Thu 11 Jan 2024 06:06:40 +0000
ROA not before:           Thu 11 Jan 2024 06:06:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48108
IP address blocks:        176.116.0.0/24 maxlen: 24
                          94.247.137.0/24 maxlen: 24
                          146.19.84.0/24 maxlen: 24
                          185.235.230.0/24 maxlen: 24
                          31.222.227.0/24 maxlen: 24
                          2001:678:e30::/48 maxlen: 48
                          2a11:8481::/32 maxlen: 32
                          2a0a:2e80::/32 maxlen: 32
                          2a11:8482::/32 maxlen: 32
                          2a11:8480::/32 maxlen: 32
                          2a0a:2e82::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 28 Feb 2024 05:13:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f7:21:41:e7:38:d7:86:46:77:3e:7f:c4:fc:40:d4:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b35002ba088d5bd09c1553dced5b0bf3907ff736
        Validity
            Not Before: Jan 11 06:06:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2860b759af3b061d567dd7e6545a3b624ccc4a9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:96:47:63:c3:2f:fb:8b:80:75:12:f1:b1:ce:
                    c4:13:1a:81:62:34:d2:f4:ea:30:1c:7f:00:c1:3d:
                    b7:b1:cb:e9:9a:7b:d1:ee:20:9c:8a:7f:45:68:b0:
                    92:13:53:1d:ee:8d:0e:38:17:ea:74:5c:ab:61:38:
                    33:05:3f:90:3c:3d:1e:58:f3:8f:06:1c:be:77:86:
                    88:75:25:96:8c:10:5d:23:b0:58:9f:40:49:70:be:
                    8e:17:29:19:8c:64:77:69:61:61:91:bf:23:91:ac:
                    5f:e9:3d:48:ce:b7:89:37:5f:58:0f:41:bc:27:cb:
                    f0:35:fd:60:3a:13:d7:87:bd:43:7b:98:e3:3c:e1:
                    78:fa:27:df:3a:93:86:ad:2c:69:5e:30:54:8a:e7:
                    79:6a:a4:06:04:38:b8:1e:23:87:2a:65:ea:e7:76:
                    27:42:07:cb:73:86:dd:e7:ec:cd:e4:10:25:f5:bf:
                    2c:c1:97:ae:7f:34:52:b6:11:8d:24:ae:19:95:5e:
                    dc:ed:93:ad:95:e2:30:29:c1:ff:91:ca:96:74:48:
                    75:8b:ac:e5:ce:e2:82:c9:63:29:9d:fa:1f:54:f8:
                    e4:20:47:7c:2d:6b:19:e0:04:5e:d2:14:7c:ef:e3:
                    f8:e3:58:9f:d4:e0:da:11:d3:0e:c7:27:9b:0d:a5:
                    37:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:60:B7:59:AF:3B:06:1D:56:7D:D7:E6:54:5A:3B:62:4C:CC:4A:9B
            X509v3 Authority Key Identifier:
                keyid:B3:50:02:BA:08:8D:5B:D0:9C:15:53:DC:ED:5B:0B:F3:90:7F:F7:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/KGC3Wa87Bh1WfdfmVFo7YkzMSps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.227.0/24
                  94.247.137.0/24
                  146.19.84.0/24
                  176.116.0.0/24
                  185.235.230.0/24
                IPv6:
                  2001:678:e30::/48
                  2a0a:2e80::/32
                  2a0a:2e82::/32
                  2a11:8480::-2a11:8482:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         8e:94:ce:98:ea:3a:42:34:1a:0f:15:34:00:c4:be:d2:01:6a:
         74:9f:02:03:51:17:81:57:bb:0c:79:1d:52:a0:0d:35:86:64:
         39:9e:dc:b5:98:f8:1c:38:75:95:d7:e7:a9:04:6b:0a:80:75:
         42:b7:ec:b4:a0:92:40:1f:0b:e6:92:1e:22:2a:c7:89:c0:c7:
         aa:79:c3:ac:98:6f:17:e9:96:5f:7f:00:8b:3c:8a:b6:d4:06:
         d9:68:e7:bb:f3:76:81:9e:4c:d2:b3:84:80:07:98:0a:ee:3f:
         27:41:8a:71:13:e9:08:bc:22:79:e7:75:cb:f7:30:17:34:7b:
         c3:69:08:ea:56:6a:33:9d:b4:8d:5c:2c:e8:67:be:b4:b6:f6:
         5f:ea:6f:07:03:1f:4a:d4:7a:12:9b:00:f3:58:d8:76:45:7d:
         79:72:b6:95:dd:7b:9c:c8:73:26:1d:a3:55:a3:47:9f:84:02:
         78:dc:b2:47:8c:0c:a5:03:94:f5:72:4b:99:0b:38:a5:c2:ad:
         cb:15:7b:c4:fa:50:da:a3:ae:60:35:81:88:b9:64:a3:76:e9:
         fc:38:9e:08:69:2c:1f:65:7e:7d:1b:de:0f:a0:c7:f7:fd:16:
         60:e8:d9:77:9a:e4:89:19:d8:0d:7b:6e:df:80:3d:64:bf:87:
         80:8f:32:1d
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYz3IUHnONeGRnc+f8T8QNRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNTAwMmJhMDg4ZDViZDA5YzE1NTNkY2VkNWIwYmYzOTA3
ZmY3MzYwHhcNMjQwMTExMDYwNjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODYwYjc1OWFmM2IwNjFkNTY3ZGQ3ZTY1NDVhM2I2MjRjY2M0YTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJZHY8Mv+4uAdRLxsc7EExqBYjTS
9OowHH8AwT23scvpmnvR7iCcin9FaLCSE1Md7o0OOBfqdFyrYTgzBT+QPD0eWPOP
Bhy+d4aIdSWWjBBdI7BYn0BJcL6OFykZjGR3aWFhkb8jkaxf6T1IzreJN19YD0G8
J8vwNf1gOhPXh71De5jjPOF4+iffOpOGrSxpXjBUiud5aqQGBDi4HiOHKmXq53Yn
QgfLc4bd5+zN5BAl9b8swZeufzRSthGNJK4ZlV7c7ZOtleIwKcH/kcqWdEh1i6zl
zuKCyWMpnfofVPjkIEd8LWsZ4ARe0hR87+P441if1ODaEdMOxyebDaU36QIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFChgt1mvOwYdVn3X5lRaO2JMzEqbMB8GA1UdIwQY
MBaAFLNQAroIjVvQnBVT3O1bC/OQf/c2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczFBQ3VnaU5XOUNjRlZQYzdWc0w4NUJfOXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mZTRiMDYtZmMyZS00YmNiLTg3N2Ut
YWYxZWYxZDdhZmI4LzEvS0dDM1dhODdCaDFXZmRmbVZGbzdZa3pNU3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mZTRiMDYtZmMyZS00YmNiLTg3N2UtYWYxZWYxZDdhZmI4
LzEvczFBQ3VnaU5XOUNjRlZQYzdWc0w4NUJfOXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAkBAIAATAeAwQAH97jAwQA
XveJAwQAkhNUAwQAsHQAAwQAuevmMC0EAgACMCcDBwAgAQZ4DjADBQAqCi6AAwUA
KgougjAOAwUHKhGEgAMFACoRhIIwDQYJKoZIhvcNAQELBQADggEBAI6UzpjqOkI0
Gg8VNADEvtIBanSfAgNRF4FXuwx5HVKgDTWGZDme3LWY+Bw4dZXX56kEawqAdUK3
7LSgkkAfC+aSHiIqx4nAx6p5w6yYbxfpll9/AIs8irbUBtlo57vzdoGeTNKzhIAH
mAruPydBinET6Qi8Innndcv3MBc0e8NpCOpWajOdtI1cLOhnvrS29l/qbwcDH0rU
ehKbAPNY2HZFfXlytpXde5zIcyYdo1WjR5+EAnjcskeMDKUDlPVyS5kLOKXCrcsV
e8T6UNqjrmA1gYi5ZKN26fw4nghpLB9lfn0b3g+gx/f9FmDo2Xea5IkZ2A17bt+A
PWS/h4CPMh0=
-----END CERTIFICATE-----