Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/ZBw6pHSHi5PEHBrK7EK375k83MM.roa
File:                     ZBw6pHSHi5PEHBrK7EK375k83MM.roa (raw, json)
Hash identifier:          N/cKCJPJArUHilfKTQK6vcdppc9z2i3yqZBtosXIlwc=
Subject key identifier:   64:1C:3A:A4:74:87:8B:93:C4:1C:1A:CA:EC:42:B7:EF:99:3C:DC:C3
Certificate issuer:       /CN=3ec63e5db0435c2d3e74a6b28ad3d9c30d6a8cee
Certificate serial:       0190A0F477AB1720789CC204B46E6B27F71F
Authority key identifier: 3E:C6:3E:5D:B0:43:5C:2D:3E:74:A6:B2:8A:D3:D9:C3:0D:6A:8C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsY-XbBDXC0-dKayitPZww1qjO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/ZBw6pHSHi5PEHBrK7EK375k83MM.roa
Signing time:             Thu 11 Jul 2024 08:41:34 +0000
ROA not before:           Thu 11 Jul 2024 08:41:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20253
IP address blocks:        84.201.208.0/20 maxlen: 24
                          146.19.181.0/24 maxlen: 26
                          217.20.48.0/24 maxlen: 24
                          217.20.49.0/24 maxlen: 24
                          217.20.50.0/24 maxlen: 24
                          217.20.51.0/24 maxlen: 24
                          217.20.52.0/24 maxlen: 24
                          217.20.53.0/24 maxlen: 24
                          217.20.54.0/24 maxlen: 24
                          217.20.55.0/24 maxlen: 24
                          217.20.56.0/24 maxlen: 24
                          217.20.57.0/24 maxlen: 24
                          217.20.58.0/24 maxlen: 24
                          217.20.59.0/24 maxlen: 24
                          217.20.60.0/24 maxlen: 24
                          217.20.61.0/24 maxlen: 24
                          217.20.62.0/24 maxlen: 24
                          217.20.63.0/24 maxlen: 24
                          2a12:45c7:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 13 Aug 2024 15:51:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a0:f4:77:ab:17:20:78:9c:c2:04:b4:6e:6b:27:f7:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec63e5db0435c2d3e74a6b28ad3d9c30d6a8cee
        Validity
            Not Before: Jul 11 08:41:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=641c3aa474878b93c41c1acaec42b7ef993cdcc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:84:df:04:62:2a:e9:7f:24:cb:ee:5f:c2:1a:
                    3f:b9:61:b5:64:54:ba:43:07:82:2f:f5:f8:3a:fc:
                    6f:f0:fd:06:7e:9f:18:7c:68:43:3d:ef:f5:03:27:
                    45:0b:0f:74:d5:b7:6d:54:0c:6e:ae:38:4e:33:82:
                    b6:bc:f4:bc:7f:f6:df:52:a0:c2:15:01:76:96:35:
                    ee:28:ba:9d:5f:da:26:bd:de:2b:aa:e9:0d:21:ae:
                    81:bb:0b:0e:57:5d:17:1a:0b:e4:9c:ee:a4:11:42:
                    63:00:ef:f0:54:92:18:61:15:c7:59:4f:fa:e5:cf:
                    0c:44:d8:ac:15:e2:1f:0c:14:77:dd:94:35:60:ff:
                    9e:38:7c:09:7d:4b:7e:8f:57:07:f5:70:ef:9e:67:
                    44:8f:5c:e1:f8:1b:01:3c:0d:bb:89:6a:72:b9:8d:
                    f6:6c:0b:c0:de:61:72:33:3c:2b:b4:e5:b0:0d:28:
                    35:6e:2c:77:07:db:c7:79:73:fb:2d:2c:c9:28:c2:
                    56:8b:6f:12:3a:ff:04:8b:c4:c1:3b:a9:d4:c6:8e:
                    d8:63:1a:18:be:30:63:fe:8d:42:90:57:e9:13:9f:
                    03:93:ba:3e:95:fd:7f:13:09:2a:a7:84:09:db:32:
                    e4:7a:23:1d:24:ca:b1:84:0d:b1:16:29:55:77:d7:
                    80:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:1C:3A:A4:74:87:8B:93:C4:1C:1A:CA:EC:42:B7:EF:99:3C:DC:C3
            X509v3 Authority Key Identifier:
                keyid:3E:C6:3E:5D:B0:43:5C:2D:3E:74:A6:B2:8A:D3:D9:C3:0D:6A:8C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsY-XbBDXC0-dKayitPZww1qjO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/ZBw6pHSHi5PEHBrK7EK375k83MM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/PsY-XbBDXC0-dKayitPZww1qjO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.201.208.0/20
                  146.19.181.0/24
                  217.20.48.0/20
                IPv6:
                  2a12:45c7:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:e3:75:5b:09:e4:59:34:33:ef:03:f2:63:e3:a3:04:bb:f7:
         e3:5a:85:ed:f2:84:09:05:ad:59:67:5d:ef:ad:2f:be:8c:be:
         80:ae:74:04:90:b4:62:25:c3:5f:3c:fb:cd:c1:3b:aa:35:3b:
         2e:29:5c:9f:5a:50:12:30:d9:62:ee:8d:16:3c:74:2c:0f:80:
         26:ac:34:08:a0:9b:8e:b2:38:66:c6:35:86:cc:1c:81:33:35:
         71:a0:28:9a:ba:72:ab:e5:7b:fc:10:0d:33:a0:6b:28:68:49:
         a1:77:ae:a3:a8:ac:90:2a:48:51:f5:7a:a9:a8:91:17:8e:09:
         b5:0c:60:6b:04:43:5d:1d:a3:b4:12:a3:5c:72:b5:aa:5b:e4:
         b6:7e:2e:90:8a:d5:36:32:5f:36:a1:52:80:9a:b1:a9:fb:d0:
         72:e4:41:0d:2c:fc:5c:51:f1:a4:00:35:7c:32:30:02:35:1b:
         1a:26:f4:ad:eb:a7:16:f0:dc:bd:5d:22:e7:81:dd:bb:e9:8b:
         41:ec:6c:2a:31:17:ca:96:38:55:81:c3:a1:ff:8a:d3:78:3e:
         01:68:f8:e5:1d:4f:7f:01:f0:c1:9f:23:48:6a:55:c3:1d:08:
         2e:a3:f6:c6:45:7a:25:15:d0:e6:05:ff:32:c4:9d:e8:1b:3f:
         e7:8f:e6:4a
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZCg9HerFyB4nMIEtG5rJ/cfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzYzZTVkYjA0MzVjMmQzZTc0YTZiMjhhZDNkOWMzMGQ2
YThjZWUwHhcNMjQwNzExMDg0MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDFjM2FhNDc0ODc4YjkzYzQxYzFhY2FlYzQyYjdlZjk5M2NkY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYTfBGIq6X8ky+5fwho/uWG1ZFS6
QweCL/X4Ovxv8P0Gfp8YfGhDPe/1AydFCw901bdtVAxurjhOM4K2vPS8f/bfUqDC
FQF2ljXuKLqdX9omvd4rqukNIa6BuwsOV10XGgvknO6kEUJjAO/wVJIYYRXHWU/6
5c8MRNisFeIfDBR33ZQ1YP+eOHwJfUt+j1cH9XDvnmdEj1zh+BsBPA27iWpyuY32
bAvA3mFyMzwrtOWwDSg1bix3B9vHeXP7LSzJKMJWi28SOv8Ei8TBO6nUxo7YYxoY
vjBj/o1CkFfpE58Dk7o+lf1/Ewkqp4QJ2zLkeiMdJMqxhA2xFilVd9eAeQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFGQcOqR0h4uTxBwayuxCt++ZPNzDMB8GA1UdIwQY
MBaAFD7GPl2wQ1wtPnSmsorT2cMNaozuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNZLVhiQkRYQzAtZEtheWl0UFp3dzFxak80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS80NmQ5NDMtOGNiZC00MWEyLWI5ZjIt
NTIwNThmOGE5YTFhLzEvWkJ3NnBIU0hpNVBFSEJySzdFSzM3NWs4M01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS80NmQ5NDMtOGNiZC00MWEyLWI5ZjItNTIwNThmOGE5YTFh
LzEvUHNZLVhiQkRYQzAtZEtheWl0UFp3dzFxak80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQEVMnQAwQA
khO1AwQE2RQwMA8EAgACMAkDBwAqEkXH//8wDQYJKoZIhvcNAQELBQADggEBADjj
dVsJ5Fk0M+8D8mPjowS79+Nahe3yhAkFrVlnXe+tL76MvoCudASQtGIlw188+83B
O6o1Oy4pXJ9aUBIw2WLujRY8dCwPgCasNAigm46yOGbGNYbMHIEzNXGgKJq6cqvl
e/wQDTOgayhoSaF3rqOorJAqSFH1eqmokReOCbUMYGsEQ10do7QSo1xytapb5LZ+
LpCK1TYyXzahUoCasan70HLkQQ0s/FxR8aQANXwyMAI1Gxom9K3rpxbw3L1dIueB
3bvpi0HsbCoxF8qWOFWBw6H/itN4PgFo+OUdT38B8MGfI0hqVcMdCC6j9sZFeiUV
0OYF/zLEnegbP+eP5ko=
-----END CERTIFICATE-----