Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/_SdQ9ychnYQf9CYqnV9mZC-BnGU.roa
File:                     _SdQ9ychnYQf9CYqnV9mZC-BnGU.roa (raw, json)
Hash identifier:          ewXuIC8E0QOf4RsOo9SXe9ZCE/21rc6nXZ3jzl+4B/s=
Subject key identifier:   FD:27:50:F7:27:21:9D:84:1F:F4:26:2A:9D:5F:66:64:2F:81:9C:65
Certificate issuer:       /CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
Certificate serial:       01929970AF1F53C756AD2798DB79D5A520C3
Authority key identifier: F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/_SdQ9ychnYQf9CYqnV9mZC-BnGU.roa
Signing time:             Thu 17 Oct 2024 07:45:51 +0000
ROA not before:           Thu 17 Oct 2024 07:45:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50436
IP address blocks:        5.28.64.0/18 maxlen: 19
                          37.120.0.0/17 maxlen: 17
                          92.206.8.0/21 maxlen: 24
                          92.206.32.0/20 maxlen: 24
                          92.206.48.0/20 maxlen: 24
                          92.206.209.0/24 maxlen: 24
                          92.206.254.0/23 maxlen: 24
                          94.139.0.0/19 maxlen: 20
                          217.68.167.0/24 maxlen: 24
                          2a02:2455:8000::/36 maxlen: 36
                          2a02:2455:9000::/36 maxlen: 40
Validation:               Failed, certificate revoked on Wed 04 Dec 2024 14:48:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:99:70:af:1f:53:c7:56:ad:27:98:db:79:d5:a5:20:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
        Validity
            Not Before: Oct 17 07:45:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd2750f727219d841ff4262a9d5f66642f819c65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d9:6e:85:d8:29:ad:55:2b:73:27:f5:38:45:
                    a9:c2:05:3d:0d:87:bd:cf:bf:4a:38:fd:0f:55:a5:
                    2e:88:1c:c0:71:fb:03:79:c4:a6:5c:54:30:2f:06:
                    57:1d:46:50:5a:ae:a3:21:27:8c:df:29:6e:ab:30:
                    78:7b:7f:d1:28:15:19:01:5d:41:8c:bc:bd:33:63:
                    99:6a:8a:62:f4:29:66:ae:b2:b5:37:6b:ad:48:85:
                    b3:e0:ae:17:01:84:25:32:42:46:86:61:ae:a0:1f:
                    c7:57:17:85:49:27:24:59:c0:f5:41:8a:85:34:46:
                    9e:60:15:a6:cb:42:45:91:57:0c:2f:a8:10:76:c5:
                    89:e4:55:55:e9:67:d9:74:45:6a:21:bb:cb:c0:b0:
                    11:b7:8f:dd:78:65:90:c5:34:62:f3:92:3c:eb:4e:
                    9b:9a:e8:da:d5:e3:bd:9d:fc:98:b5:9e:f8:de:ea:
                    c0:48:ad:47:c5:66:8d:46:e8:b9:24:6c:ea:a3:e5:
                    ab:5b:20:65:ac:c4:b9:84:16:96:41:4c:28:5e:8f:
                    1f:32:51:1f:be:c1:98:c6:3f:52:e2:dc:93:5c:91:
                    9e:01:90:5e:4b:c7:b8:a9:fb:c7:15:5f:bb:71:ac:
                    1b:b1:f0:9e:70:31:f3:2e:f0:21:0c:fa:a6:8e:da:
                    1a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:27:50:F7:27:21:9D:84:1F:F4:26:2A:9D:5F:66:64:2F:81:9C:65
            X509v3 Authority Key Identifier:
                keyid:F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/_SdQ9ychnYQf9CYqnV9mZC-BnGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.28.64.0/18
                  37.120.0.0/17
                  92.206.8.0/21
                  92.206.32.0/19
                  92.206.209.0/24
                  92.206.254.0/23
                  94.139.0.0/19
                  217.68.167.0/24
                IPv6:
                  2a02:2455:8000::/35

    Signature Algorithm: sha256WithRSAEncryption
         9c:34:b9:ea:cd:ec:d8:b0:48:36:51:87:f6:ce:a0:d4:94:ea:
         1b:38:d1:cf:9a:89:59:d5:9e:31:35:c4:8a:6e:fc:b6:32:4e:
         3b:43:7f:e3:9b:27:95:1e:5c:c9:28:f8:37:4d:08:84:00:ca:
         dc:c5:82:b7:2d:aa:d6:b6:4d:36:3e:6d:dc:8e:8c:2a:5d:00:
         d2:68:20:8b:26:db:4f:21:61:af:6f:80:3c:c2:44:d4:5f:a6:
         2a:19:5b:59:8c:ac:78:d2:34:86:05:32:c6:a1:e6:06:21:28:
         7a:62:30:26:54:e1:15:a6:fd:d4:57:f2:dd:68:99:96:2e:a7:
         78:ef:12:f9:25:5a:55:63:6c:ce:c0:f1:e0:d2:ac:6c:69:28:
         29:1c:46:0f:4d:be:8b:97:94:f5:65:9b:14:53:4e:30:25:91:
         49:80:48:30:23:a7:b9:69:e7:b0:91:be:b8:a7:be:9e:65:62:
         37:74:2f:29:c0:f9:4b:4c:7f:21:c9:c4:76:9c:7d:90:ab:81:
         85:76:ac:4e:4b:50:0c:53:70:1a:04:68:76:40:d1:fc:9e:8b:
         48:e3:e6:ae:16:05:42:d1:2e:9f:64:41:72:2b:7f:e4:3d:bc:
         61:50:4f:b0:5a:f7:2f:d4:46:1e:c7:79:cf:73:4d:51:ce:cb:
         4f:1d:ba:c4
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZKZcK8fU8dWrSeY23nVpSDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2OWE1M2RkODYzNTJkMzQ0MGYyMjJiZGY5MDdjZjA5
YzJkYmEwHhcNMjQxMDE3MDc0NTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDI3NTBmNzI3MjE5ZDg0MWZmNDI2MmE5ZDVmNjY2NDJmODE5YzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdluhdgprVUrcyf1OEWpwgU9DYe9
z79KOP0PVaUuiBzAcfsDecSmXFQwLwZXHUZQWq6jISeM3yluqzB4e3/RKBUZAV1B
jLy9M2OZaopi9ClmrrK1N2utSIWz4K4XAYQlMkJGhmGuoB/HVxeFSSckWcD1QYqF
NEaeYBWmy0JFkVcML6gQdsWJ5FVV6WfZdEVqIbvLwLARt4/deGWQxTRi85I8606b
muja1eO9nfyYtZ743urASK1HxWaNRui5JGzqo+WrWyBlrMS5hBaWQUwoXo8fMlEf
vsGYxj9S4tyTXJGeAZBeS8e4qfvHFV+7cawbsfCecDHzLvAhDPqmjtoaCQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFP0nUPcnIZ2EH/QmKp1fZmQvgZxlMB8GA1UdIwQY
MBaAFPS3aaU92GNS00QPIivfkHzwnC26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMt
ZDdjMzZjMjdjMDg3LzEvX1NkUTl5Y2huWVFmOUNZcW5WOW1aQy1CbkdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMtZDdjMzZjMjdjMDg3
LzEvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA2BAIAATAwAwQGBRxAAwQH
JXgAAwQDXM4IAwQFXM4gAwQAXM7RAwQBXM7+AwQFXosAAwQA2USnMA4EAgACMAgD
BgUqAiRVgDANBgkqhkiG9w0BAQsFAAOCAQEAnDS56s3s2LBINlGH9s6g1JTqGzjR
z5qJWdWeMTXEim78tjJOO0N/45snlR5cySj4N00IhADK3MWCty2q1rZNNj5t3I6M
Kl0A0mggiybbTyFhr2+APMJE1F+mKhlbWYyseNI0hgUyxqHmBiEoemIwJlThFab9
1Ffy3WiZli6neO8S+SVaVWNszsDx4NKsbGkoKRxGD02+i5eU9WWbFFNOMCWRSYBI
MCOnuWnnsJG+uKe+nmViN3QvKcD5S0x/IcnEdpx9kKuBhXasTktQDFNwGgRodkDR
/J6LSOPmrhYFQtEun2RBcit/5D28YVBPsFr3L9RGHsd5z3NNUc7LTx26xA==
-----END CERTIFICATE-----