Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/9DPZHz8uadbtQiKExew3gOiMM0o.roa
File:                     9DPZHz8uadbtQiKExew3gOiMM0o.roa (raw, json)
Hash identifier:          BzzFPYXBTp1ozltAU9yvPZ6RqCLaG15HTdrBuc39zaM=
Subject key identifier:   F4:33:D9:1F:3F:2E:69:D6:ED:42:22:84:C5:EC:37:80:E8:8C:33:4A
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       01915BBA9F0F36C0CED324EB33A928B889EB
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/9DPZHz8uadbtQiKExew3gOiMM0o.roa
Signing time:             Fri 16 Aug 2024 15:07:22 +0000
ROA not before:           Fri 16 Aug 2024 15:07:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        213.182.196.0/24 maxlen: 24
                          213.182.197.0/24 maxlen: 24
                          213.182.198.0/24 maxlen: 24
                          213.182.200.0/24 maxlen: 24
                          213.182.203.0/24 maxlen: 24
                          213.182.205.0/24 maxlen: 24
                          213.182.206.0/24 maxlen: 24
                          213.182.208.0/24 maxlen: 24
                          213.182.209.0/24 maxlen: 24
                          213.182.214.0/24 maxlen: 24
                          213.182.217.0/24 maxlen: 24
                          213.182.219.0/24 maxlen: 24
                          213.182.220.0/24 maxlen: 24
                          213.182.222.0/24 maxlen: 24
                          213.182.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 17 Aug 2024 11:45:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5b:ba:9f:0f:36:c0:ce:d3:24:eb:33:a9:28:b8:89:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Aug 16 15:07:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f433d91f3f2e69d6ed422284c5ec3780e88c334a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a9:96:ba:aa:6b:44:67:bd:a4:18:6d:5b:27:
                    60:a9:9a:73:fd:54:26:76:39:82:d7:70:62:8e:0d:
                    0b:50:26:21:c6:10:5c:9d:3c:db:d1:31:76:a3:75:
                    34:e2:70:38:bf:c9:81:ee:f4:69:68:c0:3f:29:a8:
                    49:df:59:8d:cc:6d:51:68:56:f6:07:07:5c:d1:da:
                    41:d6:72:46:31:35:a0:7e:44:be:d0:34:d9:bb:ec:
                    b0:5c:3f:a3:eb:14:96:32:5e:06:14:42:ca:77:a4:
                    d6:a3:51:71:3f:9e:d6:aa:1f:ca:4c:bb:dd:46:54:
                    d3:5d:36:a7:01:03:a3:2e:49:12:26:de:bd:4d:4a:
                    cc:f4:f9:68:7a:c8:94:1b:31:d6:9f:f0:41:99:62:
                    32:b3:71:3e:b7:25:d1:6a:dc:88:5a:3d:69:26:d6:
                    1d:08:85:52:e3:2b:b8:7d:74:3d:a0:77:2b:22:ac:
                    c5:98:20:bd:cb:b8:c7:d2:6c:f6:9d:29:fa:41:ad:
                    32:1b:f9:5a:08:2f:3b:68:9a:6a:46:6c:40:06:16:
                    df:1f:2d:6b:86:53:d7:eb:48:1b:b1:a0:43:bc:9e:
                    29:b1:b4:2e:16:39:10:96:cc:43:ef:50:95:80:38:
                    9e:f7:87:b8:b5:3c:5c:55:04:49:85:a2:4c:e9:83:
                    5a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:33:D9:1F:3F:2E:69:D6:ED:42:22:84:C5:EC:37:80:E8:8C:33:4A
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/9DPZHz8uadbtQiKExew3gOiMM0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.196.0-213.182.198.255
                  213.182.200.0/24
                  213.182.203.0/24
                  213.182.205.0-213.182.206.255
                  213.182.208.0/23
                  213.182.214.0/24
                  213.182.217.0/24
                  213.182.219.0-213.182.220.255
                  213.182.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:ba:08:fb:b8:fc:d6:6d:d1:64:b0:05:54:95:72:db:48:d9:
         36:a2:6d:b8:f9:80:36:db:c0:b1:15:a4:c5:da:74:9a:1f:95:
         e4:12:ca:aa:b9:51:cd:e9:eb:88:5c:d8:6f:1a:f3:85:5d:4a:
         b6:bc:88:4c:c7:b5:71:fb:19:0f:2c:af:b0:c9:46:55:f3:9d:
         ec:b6:3e:6d:f8:1d:a2:e3:87:f3:c8:40:b5:58:99:af:39:c7:
         99:ff:b0:eb:61:a4:4b:89:95:4e:48:56:81:e2:2b:f1:4a:4f:
         be:5f:c7:98:9b:e0:2d:21:10:35:52:21:66:db:38:40:0d:1e:
         c2:fa:03:d7:60:5f:d6:8f:64:64:97:f0:9a:77:f7:6f:a9:6d:
         dd:75:a3:c9:fa:92:93:be:29:72:19:aa:01:df:df:41:23:63:
         90:54:c9:d5:b4:0f:ea:fa:61:39:1c:25:8c:1f:ce:1a:bf:f4:
         b1:47:5e:ab:58:e2:2e:55:12:a5:70:46:e8:68:b8:a8:33:96:
         bb:97:35:3b:68:c1:05:41:2d:e4:81:52:1d:70:d0:ec:eb:d2:
         b9:ac:70:75:7f:6a:85:33:5f:57:fe:4e:d3:49:73:b0:1f:ae:
         63:75:04:d4:1e:41:c1:dd:ab:f5:ad:22:37:cf:76:66:37:eb:
         79:22:eb:24
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZFbup8PNsDO0yTrM6kouInrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwODE2MTUwNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDMzZDkxZjNmMmU2OWQ2ZWQ0MjIyODRjNWVjMzc4MGU4OGMzMzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26mWuqprRGe9pBhtWydgqZpz/VQm
djmC13Bijg0LUCYhxhBcnTzb0TF2o3U04nA4v8mB7vRpaMA/KahJ31mNzG1RaFb2
Bwdc0dpB1nJGMTWgfkS+0DTZu+ywXD+j6xSWMl4GFELKd6TWo1FxP57Wqh/KTLvd
RlTTXTanAQOjLkkSJt69TUrM9PloesiUGzHWn/BBmWIys3E+tyXRatyIWj1pJtYd
CIVS4yu4fXQ9oHcrIqzFmCC9y7jH0mz2nSn6Qa0yG/laCC87aJpqRmxABhbfHy1r
hlPX60gbsaBDvJ4psbQuFjkQlsxD71CVgDie94e4tTxcVQRJhaJM6YNaKwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFPQz2R8/LmnW7UIihMXsN4DojDNKMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvOURQWkh6OHVhZGJ0UWlLRXhldzNnT2lNTTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBALVtsQD
BADVtsYDBADVtsgDBADVtsswDAMEANW2zQMEANW2zgMEAdW20AMEANW21gMEANW2
2TAMAwQA1bbbAwQA1bbcAwQB1bbeMA0GCSqGSIb3DQEBCwUAA4IBAQATugj7uPzW
bdFksAVUlXLbSNk2om24+YA228CxFaTF2nSaH5XkEsqquVHN6euIXNhvGvOFXUq2
vIhMx7Vx+xkPLK+wyUZV853stj5t+B2i44fzyEC1WJmvOceZ/7DrYaRLiZVOSFaB
4ivxSk++X8eYm+AtIRA1UiFm2zhADR7C+gPXYF/Wj2Rkl/Cad/dvqW3ddaPJ+pKT
vilyGaoB399BI2OQVMnVtA/q+mE5HCWMH84av/SxR16rWOIuVRKlcEboaLioM5a7
lzU7aMEFQS3kgVIdcNDs69K5rHB1f2qFM19X/k7TSXOwH65jdQTUHkHB3av1rSI3
z3ZmN+t5Iusk
-----END CERTIFICATE-----