Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UDozdpCdODc_pQyHUMRZvs-AWZc.roa
File:                     UDozdpCdODc_pQyHUMRZvs-AWZc.roa (raw, json)
Hash identifier:          hEpEuKUfV1NFzBRQ1aNz3g5uxyRoq1do8u+LGpUyZR0=
Subject key identifier:   50:3A:33:76:90:9D:38:37:3F:A5:0C:87:50:C4:59:BE:CF:80:59:97
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E90BE2905526A7F53E0A3056AAC7D8833
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UDozdpCdODc_pQyHUMRZvs-AWZc.roa
Signing time:             Sat 30 Mar 2024 19:02:45 +0000
ROA not before:           Sat 30 Mar 2024 19:02:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215727
IP address blocks:        89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.114.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.223.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 05 Apr 2024 08:04:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:90:be:29:05:52:6a:7f:53:e0:a3:05:6a:ac:7d:88:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 30 19:02:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=503a3376909d38373fa50c8750c459becf805997
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:44:68:5e:54:df:72:e4:e4:05:3e:57:cc:06:
                    e9:90:63:0d:f6:19:b9:39:89:4e:30:dd:9a:a3:a5:
                    f3:a8:2b:1c:9a:bd:17:79:df:0e:bb:c2:44:f4:62:
                    2c:f4:84:4d:0b:2e:53:08:9d:33:ba:31:80:0a:a8:
                    67:b9:a6:3e:0f:4e:f8:95:70:b2:e0:9a:b6:e8:38:
                    db:87:0a:68:3f:bb:4a:42:da:a6:6e:d7:d0:c4:77:
                    7f:64:36:06:9f:62:0a:48:1e:e1:65:e9:a7:0b:43:
                    08:00:8f:f4:a3:ed:30:7d:57:81:75:62:64:d9:6b:
                    c9:f1:df:c8:b1:9f:67:2c:93:26:11:80:92:ec:a2:
                    29:30:91:c2:09:d0:37:50:2d:df:81:0f:54:46:e5:
                    75:6d:7b:d0:07:1b:a9:9a:3d:05:15:70:7d:f6:0e:
                    d0:0d:d0:87:b5:78:66:cb:03:31:38:ff:1c:e8:d1:
                    94:2d:42:ed:19:a3:a1:0c:41:41:95:73:9a:ae:6d:
                    d6:a4:76:ae:21:bf:82:7a:e1:b3:33:e4:fb:02:cc:
                    b6:d5:72:94:d4:fd:c1:8b:23:84:5d:e6:8e:37:f6:
                    25:62:2f:81:f6:ae:62:4e:3f:40:46:2a:3e:b3:60:
                    43:2c:cb:dd:2b:53:bb:01:63:47:e2:20:e7:14:47:
                    6c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:3A:33:76:90:9D:38:37:3F:A5:0C:87:50:C4:59:BE:CF:80:59:97
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/UDozdpCdODc_pQyHUMRZvs-AWZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.107.0/24
                  89.213.112.0-89.213.114.255
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.223.0/24
                  89.213.227.0/24
                  213.130.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:84:21:e0:b9:e2:1b:fb:2d:93:c7:a9:19:b8:cf:73:84:a4:
         df:bf:97:52:12:fd:53:ae:1c:d4:d2:9a:0a:e1:07:1a:52:4b:
         63:77:29:b8:aa:95:2d:7e:77:56:b1:59:a8:5d:85:f7:a0:61:
         04:a9:ee:c3:1d:80:0f:4c:30:c5:19:7c:44:2f:f5:08:f3:8c:
         67:22:d7:94:c6:ab:85:fd:1d:68:50:85:d1:89:80:c5:5d:45:
         91:69:63:87:c8:8e:3d:9a:7e:80:e4:8b:76:bf:51:a8:d6:19:
         c4:e9:c3:17:91:67:7d:2f:4d:5e:e3:8b:5e:cc:cc:53:f1:c4:
         6f:7d:54:b6:73:05:ca:8b:d7:e4:ab:be:b2:33:6b:e1:d3:18:
         77:00:9f:48:f6:fe:16:ad:7b:48:c8:7a:2f:11:08:dc:15:af:
         bd:8e:bb:78:ee:cd:a9:2a:1b:a8:ce:92:f8:78:6b:18:54:ee:
         60:ea:26:1e:8b:d8:69:b0:f1:da:8b:52:cf:84:9b:c6:e5:9b:
         84:e0:f9:f8:00:90:c6:d5:34:3e:fc:80:bf:ac:27:0f:41:aa:
         e8:f7:24:1f:32:c4:5f:95:76:2c:49:a7:a6:79:39:08:a2:40:
         80:c2:37:fd:1d:05:a4:f3:6e:e0:da:86:c7:ef:cf:a1:21:79:
         06:9e:da:93
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY6QvikFUmp/U+CjBWqsfYgzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzMwMTkwMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDNhMzM3NjkwOWQzODM3M2ZhNTBjODc1MGM0NTliZWNmODA1OTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlURoXlTfcuTkBT5XzAbpkGMN9hm5
OYlOMN2ao6XzqCscmr0Xed8Ou8JE9GIs9IRNCy5TCJ0zujGACqhnuaY+D074lXCy
4Jq26DjbhwpoP7tKQtqmbtfQxHd/ZDYGn2IKSB7hZemnC0MIAI/0o+0wfVeBdWJk
2WvJ8d/IsZ9nLJMmEYCS7KIpMJHCCdA3UC3fgQ9URuV1bXvQBxupmj0FFXB99g7Q
DdCHtXhmywMxOP8c6NGULULtGaOhDEFBlXOarm3WpHauIb+CeuGzM+T7Asy21XKU
1P3BiyOEXeaON/YlYi+B9q5iTj9ARio+s2BDLMvdK1O7AWNH4iDnFEdsRwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFFA6M3aQnTg3P6UMh1DEWb7PgFmXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVURvemRwQ2RPRGNfcFF5SFVNUlp2cy1BV1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAWdVrMAwD
BARZ1XADBABZ1XIDBABZ1XQDBABZ1XkDBABZ1Z0DBABZ1d8DBABZ1eMDBADVgokw
DQYJKoZIhvcNAQELBQADggEBAFmEIeC54hv7LZPHqRm4z3OEpN+/l1IS/VOuHNTS
mgrhBxpSS2N3KbiqlS1+d1axWahdhfegYQSp7sMdgA9MMMUZfEQv9QjzjGci15TG
q4X9HWhQhdGJgMVdRZFpY4fIjj2afoDki3a/UajWGcTpwxeRZ30vTV7ji17MzFPx
xG99VLZzBcqL1+SrvrIza+HTGHcAn0j2/hate0jIei8RCNwVr72Ou3juzakqG6jO
kvh4axhU7mDqJh6L2Gmw8dqLUs+Em8blm4Tg+fgAkMbVND78gL+sJw9Bquj3JB8y
xF+VdixJp6Z5OQiiQIDCN/0dBaTzbuDahsfvz6EheQae2pM=
-----END CERTIFICATE-----