Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2C7XumS-Uo2eS9kWccH3bJd7qH8.roa
File:                     2C7XumS-Uo2eS9kWccH3bJd7qH8.roa (raw, json)
Hash identifier:          yWYWhU9HlannEU36McUcN1VjOBcfJgqVXfdlbnvXGl0=
Subject key identifier:   D8:2E:D7:BA:64:BE:52:8D:9E:4B:D9:16:71:C1:F7:6C:97:7B:A8:7F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F94DC6CB1699F70BA147CB56682567E53
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2C7XumS-Uo2eS9kWccH3bJd7qH8.roa
Signing time:             Mon 20 May 2024 07:17:04 +0000
ROA not before:           Mon 20 May 2024 07:17:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        82.152.7.0/24 maxlen: 24
                          82.153.225.0/24 maxlen: 24
                          89.213.43.0/24 maxlen: 24
                          89.213.99.0/24 maxlen: 24
                          89.213.131.0/24 maxlen: 24
                          89.213.145.0/24 maxlen: 24
                          89.213.146.0/24 maxlen: 24
                          109.176.200.0/24 maxlen: 24
                          109.176.239.0/24 maxlen: 24
                          213.130.155.0/24 maxlen: 24
                          213.218.213.0/24 maxlen: 24
                          213.218.225.0/24 maxlen: 24
                          213.218.227.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 26 May 2024 07:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:94:dc:6c:b1:69:9f:70:ba:14:7c:b5:66:82:56:7e:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 20 07:17:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d82ed7ba64be528d9e4bd91671c1f76c977ba87f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:81:f5:86:eb:fa:86:14:28:71:95:ad:fb:19:
                    34:51:ef:f5:e8:5e:aa:62:7a:ea:6e:50:c3:8f:5d:
                    af:64:d4:cf:4b:c4:b9:60:92:49:2e:bf:93:e4:30:
                    fe:66:7d:21:1c:59:75:ad:0b:ed:1b:a2:8c:78:82:
                    26:36:a2:6f:e0:4a:9b:fa:a1:bb:bc:cf:79:9e:c9:
                    2a:80:57:f2:35:77:54:77:52:2b:8b:82:90:06:12:
                    77:5c:a8:f8:23:75:cf:65:ac:45:76:f0:be:19:51:
                    f8:c2:af:a5:91:9f:5a:72:b2:68:59:9b:2a:90:a9:
                    7e:67:b1:3e:8c:af:37:1d:d4:b7:6b:f9:98:84:14:
                    02:5e:6d:6b:1e:60:61:79:5f:1b:0e:0a:49:9e:e3:
                    cf:d8:f3:07:f9:f2:a4:7a:d5:39:8b:7b:b1:47:b1:
                    d7:23:cd:c9:39:02:3f:73:91:ca:78:d1:29:7a:42:
                    6d:2c:65:9d:6e:e0:dc:c6:79:49:d3:31:eb:24:91:
                    ab:b1:06:28:e3:87:69:67:4f:5f:55:5f:5b:fb:0f:
                    57:f9:bf:04:27:75:5c:0f:6d:c2:cc:88:87:0c:d9:
                    8c:2c:f8:ad:f7:7c:ec:77:09:b6:63:7d:09:f0:c0:
                    c3:cc:e2:f6:42:ed:b5:07:17:9a:95:26:e9:13:b7:
                    59:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:2E:D7:BA:64:BE:52:8D:9E:4B:D9:16:71:C1:F7:6C:97:7B:A8:7F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2C7XumS-Uo2eS9kWccH3bJd7qH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.7.0/24
                  82.153.225.0/24
                  89.213.43.0/24
                  89.213.99.0/24
                  89.213.131.0/24
                  89.213.145.0-89.213.146.255
                  109.176.200.0/24
                  109.176.239.0/24
                  213.130.155.0/24
                  213.218.213.0/24
                  213.218.225.0/24
                  213.218.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:c0:51:1c:6c:5d:27:46:ba:de:9a:84:be:19:46:d4:c4:9b:
         a9:90:f8:3f:4a:84:56:80:5a:0d:1a:c2:78:02:26:03:97:00:
         f5:a8:04:d9:05:4c:ec:e0:3f:ff:41:06:7c:82:06:25:3d:79:
         8c:bc:ec:c2:92:e1:34:bc:81:d8:e0:63:99:75:7d:95:15:70:
         f1:2d:12:b6:d4:85:cc:69:ef:0f:b1:67:a8:aa:17:34:76:a3:
         52:90:2b:9e:b9:fa:4b:4f:12:51:35:88:5d:f9:60:ef:27:56:
         d9:03:df:71:2a:d9:51:63:5d:19:2e:f0:71:5c:a5:c2:f6:a4:
         d2:ed:6a:e1:84:5d:8c:56:0e:9e:ab:53:3d:2c:21:92:96:5a:
         53:04:0a:18:74:17:88:b1:be:5c:cd:35:c4:1c:ee:81:cf:d6:
         24:67:df:0a:ae:b9:86:79:ce:c4:b2:3d:ac:1d:19:8b:0c:a2:
         cc:12:fd:c9:00:35:c2:87:f9:93:fb:9c:cb:b7:9b:59:d5:6e:
         a4:7b:c0:69:92:6c:01:f6:e9:4c:3c:74:36:e5:03:b6:fa:08:
         1b:b0:21:e0:a2:b4:87:11:a1:e0:8d:11:4e:9b:ef:94:67:b1:
         e1:a4:0d:c5:b3:74:20:be:4a:18:5b:3a:26:0d:9c:5e:06:75:
         f5:96:9c:7a
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAY+U3GyxaZ9wuhR8tWaCVn5TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTIwMDcxNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODJlZDdiYTY0YmU1MjhkOWU0YmQ5MTY3MWMxZjc2Yzk3N2JhODdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroH1huv6hhQocZWt+xk0Ue/16F6q
YnrqblDDj12vZNTPS8S5YJJJLr+T5DD+Zn0hHFl1rQvtG6KMeIImNqJv4Eqb+qG7
vM95nskqgFfyNXdUd1Iri4KQBhJ3XKj4I3XPZaxFdvC+GVH4wq+lkZ9acrJoWZsq
kKl+Z7E+jK83HdS3a/mYhBQCXm1rHmBheV8bDgpJnuPP2PMH+fKketU5i3uxR7HX
I83JOQI/c5HKeNEpekJtLGWdbuDcxnlJ0zHrJJGrsQYo44dpZ09fVV9b+w9X+b8E
J3VcD23CzIiHDNmMLPit93zsdwm2Y30J8MDDzOL2Qu21BxealSbpE7dZrwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFNgu17pkvlKNnkvZFnHB92yXe6h/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMkM3WHVtUy1VbzJlUzlrV2NjSDNiSmQ3cUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAUpgHAwQA
UpnhAwQAWdUrAwQAWdVjAwQAWdWDMAwDBABZ1ZEDBABZ1ZIDBABtsMgDBABtsO8D
BADVgpsDBADV2tUDBADV2uEDBADV2uMwDQYJKoZIhvcNAQELBQADggEBAJzAURxs
XSdGut6ahL4ZRtTEm6mQ+D9KhFaAWg0awngCJgOXAPWoBNkFTOzgP/9BBnyCBiU9
eYy87MKS4TS8gdjgY5l1fZUVcPEtErbUhcxp7w+xZ6iqFzR2o1KQK565+ktPElE1
iF35YO8nVtkD33Eq2VFjXRku8HFcpcL2pNLtauGEXYxWDp6rUz0sIZKWWlMEChh0
F4ixvlzNNcQc7oHP1iRn3wquuYZ5zsSyPawdGYsMoswS/ckANcKH+ZP7nMu3m1nV
bqR7wGmSbAH26Uw8dDblA7b6CBuwIeCitIcRoeCNEU6b75RnseGkDcWzdCC+Shhb
OiYNnF4GdfWWnHo=
-----END CERTIFICATE-----