Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/P0unAMoynHwmhEzxUeSrYaoincg.roa
File:                     P0unAMoynHwmhEzxUeSrYaoincg.roa (raw, json)
Hash identifier:          phFHovTdG28Izz4pgqPAVjvLe3FUYYe5XE38Ey7iflY=
Subject key identifier:   3F:4B:A7:00:CA:32:9C:7C:26:84:4C:F1:51:E4:AB:61:AA:22:9D:C8
Certificate issuer:       /CN=579ade9feaedc406df5e11bcef0393cd5e9fd0dd
Certificate serial:       01904F5DA0D7757543E1CCCFDF244A0BF4BE
Authority key identifier: 57:9A:DE:9F:EA:ED:C4:06:DF:5E:11:BC:EF:03:93:CD:5E:9F:D0:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5ren-rtxAbfXhG87wOTzV6f0N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/P0unAMoynHwmhEzxUeSrYaoincg.roa
Signing time:             Tue 25 Jun 2024 12:27:34 +0000
ROA not before:           Tue 25 Jun 2024 12:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49121
IP address blocks:        5.57.209.0/24 maxlen: 24
                          37.221.68.0/24 maxlen: 24
                          37.221.69.0/24 maxlen: 24
                          37.221.70.0/24 maxlen: 24
                          37.221.71.0/24 maxlen: 24
                          45.87.117.0/24 maxlen: 24
                          45.87.118.0/24 maxlen: 24
                          45.87.119.0/24 maxlen: 24
                          185.186.0.0/24 maxlen: 24
                          185.232.166.0/24 maxlen: 24
                          194.61.10.0/23 maxlen: 23
                          194.147.74.0/23 maxlen: 23
                          2a09:e200::/48 maxlen: 48
                          2a09:e200:e200::/48 maxlen: 48
                          2a09:e207:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 14 Sep 2024 09:42:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:5d:a0:d7:75:75:43:e1:cc:cf:df:24:4a:0b:f4:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=579ade9feaedc406df5e11bcef0393cd5e9fd0dd
        Validity
            Not Before: Jun 25 12:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f4ba700ca329c7c26844cf151e4ab61aa229dc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c8:4c:5b:39:d9:60:eb:70:bc:14:c0:2a:91:
                    c5:aa:67:dc:98:49:97:2b:93:5d:49:fe:c9:74:98:
                    96:d6:22:71:9d:c6:8f:78:b4:41:7e:ad:24:c5:b6:
                    b1:8e:b0:e1:59:a3:cc:6c:5c:27:0b:84:7d:1c:74:
                    52:cc:99:3a:33:8c:7a:38:c5:18:48:2f:4b:8e:cb:
                    91:1c:08:1a:02:4d:8e:dc:24:a9:fe:1e:32:a0:23:
                    94:ef:c2:5b:0d:55:4f:4d:1c:ea:d1:93:39:1c:f8:
                    c7:8c:35:d0:88:94:14:91:ce:82:d7:98:f1:0b:2f:
                    f4:25:8b:7e:1f:5c:23:96:17:a2:53:02:fc:34:90:
                    0d:55:82:9f:64:3c:bc:cb:20:35:90:94:98:40:7e:
                    1e:dc:8e:cd:67:d3:b1:95:40:e7:b3:c8:6c:7e:ca:
                    4d:ad:11:b2:01:aa:f1:03:84:4e:1f:2c:55:80:65:
                    c8:d5:39:82:08:aa:6b:84:51:ca:de:10:21:83:c0:
                    3c:79:84:01:95:3f:65:1a:4c:7a:98:3c:51:da:2e:
                    b2:aa:28:a1:42:1c:0a:be:2e:1c:a7:ce:36:ea:39:
                    91:38:6c:c2:47:19:9a:b5:1e:ab:51:c7:ee:8f:bd:
                    55:36:00:b0:42:26:04:71:36:12:85:8a:24:f8:d0:
                    4b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:4B:A7:00:CA:32:9C:7C:26:84:4C:F1:51:E4:AB:61:AA:22:9D:C8
            X509v3 Authority Key Identifier:
                keyid:57:9A:DE:9F:EA:ED:C4:06:DF:5E:11:BC:EF:03:93:CD:5E:9F:D0:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5ren-rtxAbfXhG87wOTzV6f0N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/P0unAMoynHwmhEzxUeSrYaoincg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/V5ren-rtxAbfXhG87wOTzV6f0N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.209.0/24
                  37.221.68.0/22
                  45.87.117.0-45.87.119.255
                  185.186.0.0/24
                  185.232.166.0/24
                  194.61.10.0/23
                  194.147.74.0/23
                IPv6:
                  2a09:e200::/48
                  2a09:e200:e200::/48
                  2a09:e207:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:0b:db:b9:8d:95:09:45:5f:d7:fb:81:62:ce:1d:dd:46:d7:
         dd:d0:12:e9:31:e8:2b:5d:4b:f5:62:a2:e9:de:96:ce:cd:34:
         51:5b:07:62:cd:f8:64:43:e4:77:39:23:a2:b6:1f:70:87:21:
         70:4b:ce:c4:8b:29:56:6d:8a:2e:b8:6b:6c:25:1c:3e:bc:51:
         3c:26:67:10:12:01:83:76:25:98:8d:9d:d1:a5:5a:86:78:02:
         c2:17:f6:06:c9:f8:c2:00:72:29:2a:14:68:1b:18:7f:0e:c6:
         60:61:0e:ce:a3:35:f4:81:61:05:74:51:6f:5a:3c:99:64:9c:
         f1:ca:4d:1f:76:fb:e0:e4:11:3d:f7:23:55:8f:b9:48:fe:bb:
         a3:1e:3c:70:20:ec:84:bb:fe:42:bd:2a:07:6f:5c:d9:8c:f3:
         61:22:b9:63:30:12:4a:c1:20:e2:b4:48:ab:76:fb:fe:2e:70:
         56:08:70:c0:bd:c4:c3:6a:a8:92:ce:af:47:fa:cc:01:b9:3d:
         d1:7d:e2:33:5f:2e:c7:44:65:2b:9d:92:9c:db:35:d5:00:be:
         cb:de:09:ed:22:5d:83:af:48:fd:07:e7:1b:ee:79:35:60:bc:
         14:e6:fe:e8:47:91:ad:48:32:02:fa:4e:4b:7e:1b:15:de:43:
         4a:90:bc:a5
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZBPXaDXdXVD4czP3yRKC/S+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OWFkZTlmZWFlZGM0MDZkZjVlMTFiY2VmMDM5M2NkNWU5
ZmQwZGQwHhcNMjQwNjI1MTIyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjRiYTcwMGNhMzI5YzdjMjY4NDRjZjE1MWU0YWI2MWFhMjI5ZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMhMWznZYOtwvBTAKpHFqmfcmEmX
K5NdSf7JdJiW1iJxncaPeLRBfq0kxbaxjrDhWaPMbFwnC4R9HHRSzJk6M4x6OMUY
SC9LjsuRHAgaAk2O3CSp/h4yoCOU78JbDVVPTRzq0ZM5HPjHjDXQiJQUkc6C15jx
Cy/0JYt+H1wjlheiUwL8NJANVYKfZDy8yyA1kJSYQH4e3I7NZ9OxlUDns8hsfspN
rRGyAarxA4ROHyxVgGXI1TmCCKprhFHK3hAhg8A8eYQBlT9lGkx6mDxR2i6yqiih
QhwKvi4cp8426jmROGzCRxmatR6rUcfuj71VNgCwQiYEcTYShYok+NBLvQIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFD9LpwDKMpx8JoRM8VHkq2GqIp3IMB8GA1UdIwQY
MBaAFFea3p/q7cQG314RvO8Dk81en9DdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVyZW4tcnR4QWJmWGhHODd3T1R6VjZmME4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yMjBlZDctOGRjMi00YzAxLTkyYmIt
MjA4ZWYzMmMwMjAyLzEvUDB1bkFNb3luSHdtaEV6eFVlU3JZYW9pbmNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yMjBlZDctOGRjMi00YzAxLTkyYmItMjA4ZWYzMmMwMjAy
LzEvVjVyZW4tcnR4QWJmWGhHODd3T1R6VjZmME4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTA4BAIAATAyAwQABTnRAwQC
Jd1EMAwDBAAtV3UDBAMtV3ADBAC5ugADBAC56KYDBAHCPQoDBAHCk0owIQQCAAIw
GwMHACoJ4gAAAAMHACoJ4gDiAAMHACoJ4gf//zANBgkqhkiG9w0BAQsFAAOCAQEA
NAvbuY2VCUVf1/uBYs4d3UbX3dAS6THoK11L9WKi6d6Wzs00UVsHYs34ZEPkdzkj
orYfcIchcEvOxIspVm2KLrhrbCUcPrxRPCZnEBIBg3YlmI2d0aVahngCwhf2Bsn4
wgByKSoUaBsYfw7GYGEOzqM19IFhBXRRb1o8mWSc8cpNH3b74OQRPfcjVY+5SP67
ox48cCDshLv+Qr0qB29c2YzzYSK5YzASSsEg4rRIq3b7/i5wVghwwL3Ew2qoks6v
R/rMAbk90X3iM18ux0RlK52SnNs11QC+y94J7SJdg69I/QfnG+55NWC8FOb+6EeR
rUgyAvpOS34bFd5DSpC8pQ==
-----END CERTIFICATE-----