Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/VQFRNJYd4o8c_bL8EJG7Msot3yU.roa
File:                     VQFRNJYd4o8c_bL8EJG7Msot3yU.roa (raw, json)
Hash identifier:          o4JzFwsKS118jINls4W4WbZbhoyDWl2A5sMY0WsCJqI=
Subject key identifier:   55:01:51:34:96:1D:E2:8F:1C:FD:B2:FC:10:91:BB:32:CA:2D:DF:25
Certificate issuer:       /CN=e4984f8f36ebf9f8f54c12174f463664d7b23aee
Certificate serial:       0193F81F0E63CEB2F1A3F2C3FA262FE37B3D
Authority key identifier: E4:98:4F:8F:36:EB:F9:F8:F5:4C:12:17:4F:46:36:64:D7:B2:3A:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/VQFRNJYd4o8c_bL8EJG7Msot3yU.roa
Signing time:             Tue 24 Dec 2024 10:03:25 +0000
ROA not before:           Tue 24 Dec 2024 10:03:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211251
IP address blocks:        79.98.176.0/22 maxlen: 24
                          79.98.176.0/24 maxlen: 24
                          79.98.177.0/24 maxlen: 24
                          79.98.179.0/24 maxlen: 24
                          213.171.64.0/23 maxlen: 23
                          213.171.66.0/23 maxlen: 23
                          213.171.66.0/24 maxlen: 24
                          213.171.67.0/24 maxlen: 24
                          213.171.68.0/23 maxlen: 23
                          213.171.72.0/23 maxlen: 23
                          213.171.72.0/24 maxlen: 24
                          213.171.73.0/24 maxlen: 24
                          213.171.74.0/24 maxlen: 24
                          213.171.75.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 17:49:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:f8:1f:0e:63:ce:b2:f1:a3:f2:c3:fa:26:2f:e3:7b:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4984f8f36ebf9f8f54c12174f463664d7b23aee
        Validity
            Not Before: Dec 24 10:03:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55015134961de28f1cfdb2fc1091bb32ca2ddf25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:18:48:dc:36:89:1e:8e:d4:33:a8:05:ab:3e:
                    b2:34:33:99:62:80:10:8b:77:ca:00:0e:fa:52:dd:
                    27:be:b3:19:f0:de:d8:93:32:4c:d4:78:f9:93:84:
                    87:dd:57:92:05:fc:8f:bb:ed:ce:ff:de:6c:9c:6b:
                    ae:e0:a2:77:49:ba:1f:dd:84:11:0f:1e:ae:4c:ca:
                    c1:40:6e:8f:69:ea:bb:b9:2b:a8:e7:66:60:27:d3:
                    ef:99:b2:0a:69:1b:29:18:65:31:ec:73:27:27:5b:
                    f0:41:64:ad:7f:7a:3e:6c:d8:6e:4d:70:c8:5e:da:
                    f2:2c:74:0f:f7:cb:c0:92:95:dd:c0:32:d0:67:e5:
                    16:f3:5d:79:08:7b:9e:fe:1e:fd:af:73:84:9d:45:
                    d7:5c:37:07:5a:7f:44:67:7a:a0:f6:97:ef:9f:c4:
                    1f:f7:27:36:7c:eb:fe:0a:9f:9a:54:c4:b0:a6:99:
                    f6:2c:e7:cd:18:ff:ab:96:2e:5d:ed:0b:db:89:4a:
                    fb:c7:e4:06:93:16:99:8a:5a:16:7d:9e:46:fe:13:
                    58:64:55:f1:92:4e:68:a7:b2:72:45:60:af:01:9b:
                    03:a6:41:ed:d0:c5:29:60:11:db:34:3c:e9:24:15:
                    6d:d1:04:38:77:e4:79:fd:5c:5d:31:76:6c:79:7a:
                    a3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:01:51:34:96:1D:E2:8F:1C:FD:B2:FC:10:91:BB:32:CA:2D:DF:25
            X509v3 Authority Key Identifier:
                keyid:E4:98:4F:8F:36:EB:F9:F8:F5:4C:12:17:4F:46:36:64:D7:B2:3A:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/VQFRNJYd4o8c_bL8EJG7Msot3yU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.176.0/22
                  213.171.64.0-213.171.69.255
                  213.171.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:de:b5:81:39:dd:3e:cd:74:70:31:e6:65:7f:0a:4d:5b:e2:
         05:b7:82:4c:36:d2:3c:f3:6f:ec:fd:92:97:7f:41:9b:54:03:
         a8:69:7c:7a:68:15:89:37:72:d6:49:e9:b3:13:d8:a0:23:2c:
         ce:2a:cf:68:4d:17:f7:78:5f:52:cb:6c:a2:c2:13:39:1d:12:
         3a:38:32:bf:99:c0:de:6b:d9:34:88:9a:5f:99:95:de:36:a0:
         85:87:e3:30:e1:de:61:45:9c:1e:75:05:65:bd:70:a5:d4:aa:
         1a:24:4f:ca:11:fd:1b:d1:eb:43:18:76:2f:6e:03:7e:94:79:
         a9:8f:e4:0b:f7:29:6b:0a:4f:64:41:c6:9e:6a:f2:22:e0:a0:
         66:09:74:f4:fb:22:3b:0e:1a:25:42:91:5c:71:ca:6c:00:87:
         c9:da:27:4f:e6:6c:9f:c4:54:59:cb:73:63:4b:00:4c:c2:c9:
         47:11:cb:7d:fe:f3:b5:ae:e9:f2:c2:fa:46:7d:2e:e5:08:a6:
         6d:82:2f:e8:86:aa:ff:9d:70:38:02:2c:89:37:71:c9:67:ad:
         11:bb:f8:7a:d6:cd:cd:dc:cc:ad:6b:a2:d1:52:22:c7:06:2d:
         2e:df:21:95:a9:60:c8:24:04:db:02:a6:09:70:09:d5:cc:55:
         ef:ef:41:f8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZP4Hw5jzrLxo/LD+iYv43s9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0OTg0ZjhmMzZlYmY5ZjhmNTRjMTIxNzRmNDYzNjY0ZDdi
MjNhZWUwHhcNMjQxMjI0MTAwMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTAxNTEzNDk2MWRlMjhmMWNmZGIyZmMxMDkxYmIzMmNhMmRkZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/hhI3DaJHo7UM6gFqz6yNDOZYoAQ
i3fKAA76Ut0nvrMZ8N7YkzJM1Hj5k4SH3VeSBfyPu+3O/95snGuu4KJ3Sbof3YQR
Dx6uTMrBQG6Paeq7uSuo52ZgJ9PvmbIKaRspGGUx7HMnJ1vwQWStf3o+bNhuTXDI
XtryLHQP98vAkpXdwDLQZ+UW8115CHue/h79r3OEnUXXXDcHWn9EZ3qg9pfvn8Qf
9yc2fOv+Cp+aVMSwppn2LOfNGP+rli5d7QvbiUr7x+QGkxaZiloWfZ5G/hNYZFXx
kk5op7JyRWCvAZsDpkHt0MUpYBHbNDzpJBVt0QQ4d+R5/VxdMXZseXqjDQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFFUBUTSWHeKPHP2y/BCRuzLKLd8lMB8GA1UdIwQY
MBaAFOSYT4826/n49UwSF09GNmTXsjruMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUpoUGp6YnItZmoxVEJJWFQwWTJaTmV5T3U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81N2Q5MDgtMjA3ZC00OTdjLWFiMTgt
ZGU3YmUxZTVjNzc2LzEvVlFGUk5KWWQ0bzhjX2JMOEVKRzdNc290M3lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81N2Q5MDgtMjA3ZC00OTdjLWFiMTgtZGU3YmUxZTVjNzc2
LzEvNUpoUGp6YnItZmoxVEJJWFQwWTJaTmV5T3U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCT2KwMAwD
BAbVq0ADBAHVq0QDBALVq0gwDQYJKoZIhvcNAQELBQADggEBACfetYE53T7NdHAx
5mV/Ck1b4gW3gkw20jzzb+z9kpd/QZtUA6hpfHpoFYk3ctZJ6bMT2KAjLM4qz2hN
F/d4X1LLbKLCEzkdEjo4Mr+ZwN5r2TSIml+Zld42oIWH4zDh3mFFnB51BWW9cKXU
qhokT8oR/RvR60MYdi9uA36UeamP5Av3KWsKT2RBxp5q8iLgoGYJdPT7IjsOGiVC
kVxxymwAh8naJ0/mbJ/EVFnLc2NLAEzCyUcRy33+87Wu6fLC+kZ9LuUIpm2CL+iG
qv+dcDgCLIk3cclnrRG7+HrWzc3czK1rotFSIscGLS7fIZWpYMgkBNsCpglwCdXM
Ve/vQfg=
-----END CERTIFICATE-----