Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/xOO8OH_goW70p0KLEGOZ9X8rOG8.roa
File:                     xOO8OH_goW70p0KLEGOZ9X8rOG8.roa (raw, json)
Hash identifier:          9VkloXcZV+PkTtmL5xy4uI1L1aO8J3U+wOMW/hHqkoo=
Subject key identifier:   C4:E3:BC:38:7F:E0:A1:6E:F4:A7:42:8B:10:63:99:F5:7F:2B:38:6F
Certificate issuer:       /CN=a088b0547f09fe9224050d70a523da5bedbe0738
Certificate serial:       0190BC0AACAA0E17EFE2E03C39D6C7E0F436
Authority key identifier: A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/xOO8OH_goW70p0KLEGOZ9X8rOG8.roa
Signing time:             Tue 16 Jul 2024 14:55:34 +0000
ROA not before:           Tue 16 Jul 2024 14:55:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        37.230.138.0/24 maxlen: 24
                          45.143.196.0/22 maxlen: 24
                          81.16.176.0/24 maxlen: 24
                          81.16.177.0/24 maxlen: 24
                          91.208.92.0/24 maxlen: 24
                          185.83.152.0/24 maxlen: 24
                          185.83.153.0/24 maxlen: 24
                          185.83.154.0/24 maxlen: 24
                          185.83.155.0/24 maxlen: 24
                          185.206.148.0/24 maxlen: 24
                          185.206.149.0/24 maxlen: 24
                          185.206.150.0/24 maxlen: 24
                          185.206.151.0/24 maxlen: 24
                          188.64.33.0/24 maxlen: 24
                          194.164.96.0/24 maxlen: 24
                          194.213.3.0/24 maxlen: 24
                          213.170.135.0/24 maxlen: 24
                          2a10:e780::/40 maxlen: 40

Validation:               Failed, certificate revoked on Mon 18 Nov 2024 18:36:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bc:0a:ac:aa:0e:17:ef:e2:e0:3c:39:d6:c7:e0:f4:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a088b0547f09fe9224050d70a523da5bedbe0738
        Validity
            Not Before: Jul 16 14:55:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4e3bc387fe0a16ef4a7428b106399f57f2b386f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:55:fd:42:6f:37:b4:95:34:b6:7e:d5:a8:85:
                    27:8b:3d:65:89:59:0a:21:54:f1:ca:aa:a7:de:2e:
                    f0:65:50:d3:28:9d:e5:af:c1:51:9b:50:c9:bd:8f:
                    fa:84:33:f7:ec:b6:07:1c:55:f0:a1:fe:35:3e:04:
                    2b:c3:10:64:90:aa:23:fb:b1:a7:2b:7d:c4:4a:12:
                    43:50:8d:d0:f7:54:81:f1:3a:17:61:c4:d9:50:77:
                    cf:24:38:5f:83:bd:70:2d:65:12:4b:9d:55:b2:ce:
                    d3:2e:f0:e9:1a:01:43:43:b9:ff:d6:25:7d:9d:e1:
                    b8:59:fb:4c:be:5a:78:2f:74:1d:4f:00:24:2c:15:
                    af:61:ba:ec:15:cb:78:6b:a3:16:31:0b:bb:9b:32:
                    6a:0e:87:e4:d4:04:b0:8c:a3:21:5d:6a:70:46:32:
                    f1:8f:62:4d:5d:5a:16:b9:ef:b3:4a:dc:de:d7:b2:
                    30:dd:ec:36:b8:e5:42:3a:b9:76:2f:da:d3:79:bb:
                    3e:82:2c:14:dd:87:c9:fd:a0:b3:7c:99:98:9f:8b:
                    36:98:c7:c4:43:9c:a5:8f:e2:ca:8a:be:39:c5:f9:
                    07:c6:86:3b:ff:69:8a:c3:a8:f2:82:24:35:e1:17:
                    34:43:ce:69:bb:8d:54:d2:08:72:4e:0b:d4:e1:7e:
                    fa:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E3:BC:38:7F:E0:A1:6E:F4:A7:42:8B:10:63:99:F5:7F:2B:38:6F
            X509v3 Authority Key Identifier:
                keyid:A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/xOO8OH_goW70p0KLEGOZ9X8rOG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.138.0/24
                  45.143.196.0/22
                  81.16.176.0/23
                  91.208.92.0/24
                  185.83.152.0/22
                  185.206.148.0/22
                  188.64.33.0/24
                  194.164.96.0/24
                  194.213.3.0/24
                  213.170.135.0/24
                IPv6:
                  2a10:e780::/40

    Signature Algorithm: sha256WithRSAEncryption
         0f:0e:fe:c8:5d:0f:e7:7f:d3:01:bb:fd:c9:37:82:46:02:08:
         1f:cd:2f:7a:32:0d:32:26:ab:f2:66:75:b3:54:4b:58:91:c1:
         b7:8c:43:43:ca:74:58:77:42:cf:2b:85:6a:1c:24:cd:b6:5e:
         60:06:e1:ed:c8:1e:da:2a:21:e7:f3:93:e0:49:47:6e:6e:1a:
         99:1c:38:4c:2f:28:41:97:d3:93:4f:15:36:4c:0a:5c:7f:20:
         1b:11:64:fb:15:e3:c8:ef:72:43:3c:64:e5:e6:a6:32:a8:8d:
         6f:c1:04:30:a1:b3:62:30:ba:fd:ec:ec:f6:05:61:b3:7a:44:
         d1:9f:4c:57:69:ef:eb:11:2a:a8:2e:0e:4b:b3:9a:bb:fd:5d:
         7f:38:a4:90:dc:43:62:a5:1c:fc:47:e9:1d:38:67:00:98:67:
         83:f3:65:6d:b3:ef:42:22:fd:3e:d2:c7:10:cc:e0:f6:89:34:
         0d:bc:d2:db:fe:75:10:04:97:8d:34:45:5a:71:d0:f1:09:05:
         07:8d:25:81:c3:5e:f4:50:1e:0f:ae:73:69:12:b6:38:f4:26:
         f8:37:05:ab:d3:ed:ee:cf:63:73:88:22:ec:73:fa:b3:be:9c:
         87:19:3e:2d:c6:87:39:09:db:db:11:41:33:0d:74:84:9f:95:
         4f:9d:70:8b
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZC8CqyqDhfv4uA8OdbH4PQ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwODhiMDU0N2YwOWZlOTIyNDA1MGQ3MGE1MjNkYTViZWRi
ZTA3MzgwHhcNMjQwNzE2MTQ1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGUzYmMzODdmZTBhMTZlZjRhNzQyOGIxMDYzOTlmNTdmMmIzODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31X9Qm83tJU0tn7VqIUniz1liVkK
IVTxyqqn3i7wZVDTKJ3lr8FRm1DJvY/6hDP37LYHHFXwof41PgQrwxBkkKoj+7Gn
K33EShJDUI3Q91SB8ToXYcTZUHfPJDhfg71wLWUSS51Vss7TLvDpGgFDQ7n/1iV9
neG4WftMvlp4L3QdTwAkLBWvYbrsFct4a6MWMQu7mzJqDofk1ASwjKMhXWpwRjLx
j2JNXVoWue+zStze17Iw3ew2uOVCOrl2L9rTebs+giwU3YfJ/aCzfJmYn4s2mMfE
Q5ylj+LKir45xfkHxoY7/2mKw6jygiQ14Rc0Q85pu41U0ghyTgvU4X76CQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFMTjvDh/4KFu9KdCixBjmfV/KzhvMB8GA1UdIwQY
MBaAFKCIsFR/Cf6SJAUNcKUj2lvtvgc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMt
ZGY4MmZhODk3MzI2LzEveE9POE9IX2dvVzcwcDBLTEVHT1o5WDhyT0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMtZGY4MmZhODk3MzI2
LzEvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBCBAIAATA8AwQAJeaKAwQC
LY/EAwQBURCwAwQAW9BcAwQCuVOYAwQCuc6UAwQAvEAhAwQAwqRgAwQAwtUDAwQA
1aqHMA4EAgACMAgDBgAqEOeAADANBgkqhkiG9w0BAQsFAAOCAQEADw7+yF0P53/T
Abv9yTeCRgIIH80vejINMiar8mZ1s1RLWJHBt4xDQ8p0WHdCzyuFahwkzbZeYAbh
7cge2ioh5/OT4ElHbm4amRw4TC8oQZfTk08VNkwKXH8gGxFk+xXjyO9yQzxk5eam
MqiNb8EEMKGzYjC6/ezs9gVhs3pE0Z9MV2nv6xEqqC4OS7Oau/1dfzikkNxDYqUc
/EfpHThnAJhng/NlbbPvQiL9PtLHEMzg9ok0DbzS2/51EASXjTRFWnHQ8QkFB40l
gcNe9FAeD65zaRK2OPQm+DcFq9Pt7s9jc4gi7HP6s76chxk+LcaHOQnb2xFBMw10
hJ+VT51wiw==
-----END CERTIFICATE-----