Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/IZgdjWVC7SOYQeFrHZJhXlGqtjI.roa
File:                     IZgdjWVC7SOYQeFrHZJhXlGqtjI.roa (raw, json)
Hash identifier:          pJ9fuKwNu0uSOxanp3foxGBq6dqyR5pJ6LV52og59pk=
Subject key identifier:   21:98:1D:8D:65:42:ED:23:98:41:E1:6B:1D:92:61:5E:51:AA:B6:32
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       01918E421CB55FC16289842B8D413EC4AC0B
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/IZgdjWVC7SOYQeFrHZJhXlGqtjI.roa
Signing time:             Mon 26 Aug 2024 10:36:22 +0000
ROA not before:           Mon 26 Aug 2024 10:36:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        195.216.160.0/24 maxlen: 24
                          195.216.161.0/24 maxlen: 24
                          213.182.196.0/24 maxlen: 24
                          213.182.197.0/24 maxlen: 24
                          213.182.198.0/24 maxlen: 24
                          213.182.201.0/24 maxlen: 24
                          213.182.205.0/24 maxlen: 24
                          213.182.206.0/24 maxlen: 24
                          213.182.212.0/24 maxlen: 24
                          213.182.213.0/24 maxlen: 24
                          213.182.214.0/24 maxlen: 24
                          213.182.215.0/24 maxlen: 24
                          213.182.217.0/24 maxlen: 24
                          213.182.219.0/24 maxlen: 24
                          213.182.220.0/24 maxlen: 24
                          213.182.221.0/24 maxlen: 24
                          213.182.222.0/24 maxlen: 24
                          213.182.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 29 Aug 2024 12:43:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:42:1c:b5:5f:c1:62:89:84:2b:8d:41:3e:c4:ac:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Aug 26 10:36:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21981d8d6542ed239841e16b1d92615e51aab632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e7:dd:65:6c:8c:ad:60:fb:72:7b:24:2d:6a:
                    40:31:77:09:be:76:b4:33:91:be:ee:33:b4:67:2e:
                    6f:0c:b8:5e:2b:de:5b:0f:82:bc:ab:33:6c:ae:aa:
                    6d:7e:d9:28:b9:4c:10:e3:94:a1:eb:22:c7:b4:40:
                    ce:aa:e8:f3:6b:64:a3:3c:74:6c:47:31:58:ce:41:
                    ec:7b:dd:64:cf:9b:10:65:2b:de:62:6d:d9:8c:2c:
                    ac:69:f6:7a:0c:99:5f:14:07:9e:0a:55:2f:00:f5:
                    dc:d2:07:5c:6f:1d:21:b5:06:20:02:a6:c3:3f:c9:
                    9b:d1:b6:49:ee:a8:49:80:95:bb:1f:60:69:2b:c3:
                    df:00:57:71:38:79:00:da:3b:98:c0:4f:c5:79:e2:
                    c0:02:10:59:3b:a4:43:0d:c2:c3:3d:33:ec:11:26:
                    06:76:e5:ed:ad:71:c1:bd:91:7d:cc:fe:31:f6:25:
                    1e:81:1b:9c:24:bb:4c:de:b2:55:6d:7b:ad:92:19:
                    7d:c2:62:76:1a:54:d2:c4:5b:04:d3:cc:1e:08:d2:
                    af:e6:ee:71:92:b0:63:04:01:be:17:6f:62:91:86:
                    f7:ee:24:a4:80:d1:8d:ad:b3:ad:2e:0b:9b:7f:d3:
                    17:84:cd:db:b5:c1:14:3e:f7:e9:54:db:48:07:ca:
                    b1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:98:1D:8D:65:42:ED:23:98:41:E1:6B:1D:92:61:5E:51:AA:B6:32
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/IZgdjWVC7SOYQeFrHZJhXlGqtjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.160.0/23
                  213.182.196.0-213.182.198.255
                  213.182.201.0/24
                  213.182.205.0-213.182.206.255
                  213.182.212.0/22
                  213.182.217.0/24
                  213.182.219.0-213.182.223.255

    Signature Algorithm: sha256WithRSAEncryption
         7a:56:0d:60:03:e0:83:fc:02:16:da:01:9f:3b:79:33:91:96:
         b6:7e:84:93:f8:3e:6f:1f:cf:51:2f:af:ac:92:0e:6d:00:57:
         b5:d1:85:9d:47:13:12:74:b2:66:b0:75:bf:c2:32:c4:a8:74:
         1a:87:61:44:f2:79:42:84:e0:aa:24:53:9b:f8:ed:3a:3c:68:
         00:fd:8b:54:94:a6:90:81:f2:15:d7:3a:87:eb:91:e6:c6:bb:
         33:49:bd:c4:a2:a4:0c:57:12:a9:cc:70:d4:48:50:ad:ee:d1:
         63:96:be:51:34:b3:ff:af:a3:e8:0c:fa:e5:dd:0c:92:a2:5e:
         ab:c0:66:1f:d7:e8:97:1e:3f:95:1f:de:9c:6b:70:0c:49:22:
         2b:90:8e:2e:5f:bd:94:a5:a7:67:93:97:f3:24:32:16:47:34:
         e7:83:94:4f:e8:80:50:c7:60:83:fc:b4:0e:81:d4:5d:91:fe:
         7a:d2:ce:f2:18:90:59:db:0d:1f:59:73:d9:3c:1b:16:b0:4a:
         d3:b4:68:8c:41:16:c7:81:fc:76:9b:66:f4:c4:dd:0e:ee:0b:
         42:75:39:78:65:47:49:2e:23:81:e1:4c:bd:99:e3:ee:78:d4:
         34:04:c9:b1:92:82:bf:dd:99:13:20:5d:40:6c:dd:2e:1e:ed:
         fd:8f:aa:be
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZGOQhy1X8FiiYQrjUE+xKwLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwODI2MTAzNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTk4MWQ4ZDY1NDJlZDIzOTg0MWUxNmIxZDkyNjE1ZTUxYWFiNjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzufdZWyMrWD7cnskLWpAMXcJvna0
M5G+7jO0Zy5vDLheK95bD4K8qzNsrqptftkouUwQ45Sh6yLHtEDOqujza2SjPHRs
RzFYzkHse91kz5sQZSveYm3ZjCysafZ6DJlfFAeeClUvAPXc0gdcbx0htQYgAqbD
P8mb0bZJ7qhJgJW7H2BpK8PfAFdxOHkA2juYwE/FeeLAAhBZO6RDDcLDPTPsESYG
duXtrXHBvZF9zP4x9iUegRucJLtM3rJVbXutkhl9wmJ2GlTSxFsE08weCNKv5u5x
krBjBAG+F29ikYb37iSkgNGNrbOtLgubf9MXhM3btcEUPvfpVNtIB8qxfwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFCGYHY1lQu0jmEHhax2SYV5RqrYyMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvSVpnZGpXVkM3U09ZUWVGckhaSmhYbEdxdGpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBw9igMAwD
BALVtsQDBADVtsYDBADVtskwDAMEANW2zQMEANW2zgMEAtW21AMEANW22TAMAwQA
1bbbAwQF1bbAMA0GCSqGSIb3DQEBCwUAA4IBAQB6Vg1gA+CD/AIW2gGfO3kzkZa2
foST+D5vH89RL6+skg5tAFe10YWdRxMSdLJmsHW/wjLEqHQah2FE8nlChOCqJFOb
+O06PGgA/YtUlKaQgfIV1zqH65HmxrszSb3EoqQMVxKpzHDUSFCt7tFjlr5RNLP/
r6PoDPrl3QySol6rwGYf1+iXHj+VH96ca3AMSSIrkI4uX72Upadnk5fzJDIWRzTn
g5RP6IBQx2CD/LQOgdRdkf560s7yGJBZ2w0fWXPZPBsWsErTtGiMQRbHgfx2m2b0
xN0O7gtCdTl4ZUdJLiOB4Uy9mePueNQ0BMmxkoK/3ZkTIF1AbN0uHu39j6q+
-----END CERTIFICATE-----