Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/vSN1mxeTDikuw7tkmJackkVkZ3g.roa
File:                     vSN1mxeTDikuw7tkmJackkVkZ3g.roa (raw, json)
Hash identifier:          ywtDT5Idlno/QE72wJRV+EUmmhV5gFsMaIkiyzWCbwk=
Subject key identifier:   BD:23:75:9B:17:93:0E:29:2E:C3:BB:64:98:96:9C:92:45:64:67:78
Certificate issuer:       /CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
Certificate serial:       0193447AF8617F7209D81C2A09F32F858ADA
Authority key identifier: 04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/vSN1mxeTDikuw7tkmJackkVkZ3g.roa
Signing time:             Tue 19 Nov 2024 12:52:09 +0000
ROA not before:           Tue 19 Nov 2024 12:52:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43451
IP address blocks:        31.24.176.0/21 maxlen: 22
                          78.41.168.0/21 maxlen: 22
                          81.92.248.0/21 maxlen: 22
                          93.174.176.0/21 maxlen: 22
                          185.22.212.0/22 maxlen: 23
                          185.134.212.0/22 maxlen: 22
                          185.213.144.0/22 maxlen: 23
                          188.121.160.0/19 maxlen: 20
                          2a03:a200::/32 maxlen: 32
                          2a0b:f100::/29 maxlen: 29
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 15:48:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:7a:f8:61:7f:72:09:d8:1c:2a:09:f3:2f:85:8a:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a2ae2cd094333018c41daafb474c6cfa80d07d
        Validity
            Not Before: Nov 19 12:52:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd23759b17930e292ec3bb6498969c9245646778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2e:88:65:4a:5c:3f:08:47:fc:18:59:8f:ef:
                    95:df:20:31:32:45:6b:bd:f0:28:43:9d:1d:53:89:
                    53:96:15:37:c8:10:e2:16:8b:4a:3b:1e:6c:84:e2:
                    b1:7a:97:d2:36:20:3e:01:a3:98:9a:43:bb:85:92:
                    4f:64:8b:24:14:cc:c4:0d:ff:ae:72:a3:93:a5:3f:
                    c0:0c:fa:f6:24:13:1d:54:1b:f6:44:4e:01:42:97:
                    f4:92:67:45:3a:9f:6e:0a:51:37:97:70:00:46:f0:
                    b4:1f:2c:e8:8f:d4:e7:d4:33:74:08:42:39:80:48:
                    f6:36:e2:ef:85:79:28:7d:d6:fb:47:cc:16:97:94:
                    85:49:80:a6:7a:54:45:c6:e4:b7:2e:fc:3a:ec:a3:
                    8a:2c:c1:68:5e:f9:eb:a4:f5:4c:0f:8c:e0:8b:f2:
                    20:60:05:b1:68:6f:5d:37:1a:40:7f:82:5f:bf:53:
                    d3:04:2e:41:70:07:5b:c3:4a:90:36:21:83:df:36:
                    3b:8b:7e:32:3b:80:db:83:00:d6:35:d8:9e:9c:6f:
                    65:d3:cd:cd:8e:63:38:03:dd:a3:db:7c:70:e0:ac:
                    97:69:73:5f:23:d4:bb:30:37:32:5a:ad:ff:b3:9c:
                    58:b6:b8:33:f8:1f:88:cb:1a:81:07:6f:1c:29:04:
                    4a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:23:75:9B:17:93:0E:29:2E:C3:BB:64:98:96:9C:92:45:64:67:78
            X509v3 Authority Key Identifier:
                keyid:04:A2:AE:2C:D0:94:33:30:18:C4:1D:AA:FB:47:4C:6C:FA:80:D0:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKKuLNCUMzAYxB2q-0dMbPqA0H0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/vSN1mxeTDikuw7tkmJackkVkZ3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/634a12-e58c-455c-8933-6e6e8d9303e9/1/BKKuLNCUMzAYxB2q-0dMbPqA0H0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.176.0/21
                  78.41.168.0/21
                  81.92.248.0/21
                  93.174.176.0/21
                  185.22.212.0/22
                  185.134.212.0/22
                  185.213.144.0/22
                  188.121.160.0/19
                IPv6:
                  2a03:a200::/32
                  2a0b:f100::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:f2:06:9a:02:df:c3:45:5b:77:e6:f4:97:0d:70:f6:90:25:
         4f:d5:72:db:81:46:ea:ca:a7:9a:21:45:36:b1:1e:93:8e:8b:
         36:c7:7c:04:d0:cf:1f:da:66:1b:d4:2c:e3:38:86:02:c6:50:
         14:83:0a:c2:15:85:19:08:15:16:bc:5e:99:6d:3a:ee:71:21:
         45:f4:78:14:01:3f:2b:86:b7:52:ae:26:c2:25:41:42:b4:16:
         e1:39:c6:58:19:56:cb:1d:94:2b:3d:38:4c:22:11:7b:01:0e:
         64:52:ee:3a:0c:48:89:eb:11:22:d0:86:22:84:c3:93:06:c5:
         8d:13:42:e5:6b:b1:b8:e3:07:68:df:12:4b:8d:32:0c:ab:1e:
         31:7f:7e:0e:68:bb:8c:6b:8c:6e:03:f9:9a:f6:57:3f:85:fe:
         87:41:11:c3:ab:e7:a1:4c:31:73:5a:2d:6c:07:24:ae:8c:44:
         bf:87:3c:62:ae:c3:70:3f:f3:93:89:d8:95:fa:77:3d:e4:15:
         c3:ec:42:c9:03:b8:01:ea:7d:54:ec:9c:ee:ce:ac:37:1f:85:
         74:7d:65:f2:ab:ce:75:2c:f0:67:63:c1:3e:20:9b:b9:e7:b1:
         b2:2d:8b:43:f4:d7:aa:21:02:98:91:8d:04:14:4d:9e:13:db:
         0c:49:a0:26
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZNEevhhf3IJ2BwqCfMvhYraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTJhZTJjZDA5NDMzMzAxOGM0MWRhYWZiNDc0YzZjZmE4
MGQwN2QwHhcNMjQxMTE5MTI1MjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDIzNzU5YjE3OTMwZTI5MmVjM2JiNjQ5ODk2OWM5MjQ1NjQ2Nzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxy6IZUpcPwhH/BhZj++V3yAxMkVr
vfAoQ50dU4lTlhU3yBDiFotKOx5shOKxepfSNiA+AaOYmkO7hZJPZIskFMzEDf+u
cqOTpT/ADPr2JBMdVBv2RE4BQpf0kmdFOp9uClE3l3AARvC0Hyzoj9Tn1DN0CEI5
gEj2NuLvhXkofdb7R8wWl5SFSYCmelRFxuS3Lvw67KOKLMFoXvnrpPVMD4zgi/Ig
YAWxaG9dNxpAf4Jfv1PTBC5BcAdbw0qQNiGD3zY7i34yO4DbgwDWNdienG9l083N
jmM4A92j23xw4KyXaXNfI9S7MDcyWq3/s5xYtrgz+B+IyxqBB28cKQRKAQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFL0jdZsXkw4pLsO7ZJiWnJJFZGd4MB8GA1UdIwQY
MBaAFASirizQlDMwGMQdqvtHTGz6gNB9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMt
NmU2ZThkOTMwM2U5LzEvdlNOMW14ZVREaWt1dzd0a21KYWNra1ZrWjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS82MzRhMTItZTU4Yy00NTVjLTg5MzMtNmU2ZThkOTMwM2U5
LzEvQktLdUxOQ1VNekFZeEIycS0wZE1iUHFBMEgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDHxiwAwQD
TimoAwQDUVz4AwQDXa6wAwQCuRbUAwQCuYbUAwQCudWQAwQFvHmgMBQEAgACMA4D
BQAqA6IAAwUDKgvxADANBgkqhkiG9w0BAQsFAAOCAQEAcvIGmgLfw0Vbd+b0lw1w
9pAlT9Vy24FG6sqnmiFFNrEek46LNsd8BNDPH9pmG9Qs4ziGAsZQFIMKwhWFGQgV
FrxemW067nEhRfR4FAE/K4a3Uq4mwiVBQrQW4TnGWBlWyx2UKz04TCIRewEOZFLu
OgxIiesRItCGIoTDkwbFjRNC5WuxuOMHaN8SS40yDKseMX9+Dmi7jGuMbgP5mvZX
P4X+h0ERw6vnoUwxc1otbAckroxEv4c8Yq7DcD/zk4nYlfp3PeQVw+xCyQO4Aep9
VOyc7s6sNx+FdH1l8qvOdSzwZ2PBPiCbueexsi2LQ/TXqiECmJGNBBRNnhPbDEmg
Jg==
-----END CERTIFICATE-----