Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/DBpYyHavcOYzrXAYBRgs92V23Gs.roa
File:                     DBpYyHavcOYzrXAYBRgs92V23Gs.roa (raw, json)
Hash identifier:          RVkjci3rSsHp/QoeVQzjl9eQwRfo9dQpLr0Ke0vIVXk=
Subject key identifier:   0C:1A:58:C8:76:AF:70:E6:33:AD:70:18:05:18:2C:F7:65:76:DC:6B
Certificate issuer:       /CN=49378660f5f01923946c35d94be5ccd7d2b71051
Certificate serial:       018CC727766DF8301E531F680CEC8379B394
Authority key identifier: 49:37:86:60:F5:F0:19:23:94:6C:35:D9:4B:E5:CC:D7:D2:B7:10:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/STeGYPXwGSOUbDXZS-XM19K3EFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/DBpYyHavcOYzrXAYBRgs92V23Gs.roa
Signing time:             Mon 01 Jan 2024 22:31:41 +0000
ROA not before:           Mon 01 Jan 2024 22:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203593
IP address blocks:        185.129.253.0/24 maxlen: 24
                          185.129.252.0/24 maxlen: 24
                          185.129.254.0/24 maxlen: 24
                          185.129.255.0/24 maxlen: 24
                          213.244.35.0/24 maxlen: 24
                          213.244.32.0/24 maxlen: 24
                          213.244.33.0/24 maxlen: 24
                          213.244.38.0/24 maxlen: 24
                          213.244.36.0/24 maxlen: 24
                          213.244.37.0/24 maxlen: 24
                          213.244.41.0/24 maxlen: 24
                          157.97.163.0/24 maxlen: 24
                          213.244.42.0/24 maxlen: 24
                          213.244.40.0/24 maxlen: 24
                          193.254.202.0/24 maxlen: 24
                          193.254.203.0/24 maxlen: 24
                          2a06:d680::/29 maxlen: 29
Validation:               Failed, certificate revoked on Fri 13 Sep 2024 07:29:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:76:6d:f8:30:1e:53:1f:68:0c:ec:83:79:b3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49378660f5f01923946c35d94be5ccd7d2b71051
        Validity
            Not Before: Jan  1 22:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c1a58c876af70e633ad701805182cf76576dc6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:92:b3:16:61:8f:27:9e:4b:0d:e0:8f:26:bc:
                    bc:8a:14:cd:07:ad:25:71:2e:e8:b7:5e:56:cc:c5:
                    f7:03:5c:05:ef:eb:54:69:4d:34:ca:c4:6b:04:78:
                    77:3e:76:38:93:1e:d3:df:10:99:02:6e:0a:46:32:
                    08:90:fd:23:b4:55:73:11:25:09:e5:6e:e4:22:64:
                    44:f2:e7:59:14:4b:1b:49:11:d4:bb:6d:8c:ff:81:
                    d2:8d:2b:40:a7:df:c8:e9:0e:c9:38:82:fe:74:f8:
                    61:7e:43:55:b8:4d:88:d3:9d:ed:f6:cb:4d:05:ac:
                    b6:55:d8:eb:fe:23:90:13:98:b5:d1:ca:0c:f1:9b:
                    b7:90:2e:b7:0c:7a:aa:ea:70:4f:97:00:ca:73:01:
                    a5:12:30:ac:dc:90:a0:4d:db:17:02:f6:17:c5:c3:
                    10:3d:0a:bc:84:7a:4f:93:23:25:25:c3:2d:5b:d3:
                    18:ee:08:ae:49:13:0f:72:61:27:58:3a:0f:cb:3c:
                    c4:ff:bc:02:fd:8e:d7:1f:d3:90:77:19:b2:41:e7:
                    59:8c:e5:0f:91:ff:24:77:12:ba:c4:0d:30:64:3b:
                    b7:02:3e:d9:b6:34:38:c9:ef:64:de:94:fc:8f:3f:
                    d8:9f:52:6b:e5:e2:4e:2b:6f:ef:87:60:96:d6:8c:
                    c9:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:1A:58:C8:76:AF:70:E6:33:AD:70:18:05:18:2C:F7:65:76:DC:6B
            X509v3 Authority Key Identifier:
                keyid:49:37:86:60:F5:F0:19:23:94:6C:35:D9:4B:E5:CC:D7:D2:B7:10:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/STeGYPXwGSOUbDXZS-XM19K3EFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/DBpYyHavcOYzrXAYBRgs92V23Gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/07cdcf-8875-4770-8c75-41b745bf53db/1/STeGYPXwGSOUbDXZS-XM19K3EFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.163.0/24
                  185.129.252.0/22
                  193.254.202.0/23
                  213.244.32.0/23
                  213.244.35.0-213.244.38.255
                  213.244.40.0-213.244.42.255
                IPv6:
                  2a06:d680::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:83:69:9a:5a:df:0f:d6:11:a9:fc:20:c0:72:fa:ea:33:44:
         e4:2a:35:41:ea:a2:a4:ae:22:67:86:c4:5b:d6:00:0e:1b:d5:
         38:e7:aa:2c:cd:b1:9a:9f:ed:ba:d7:cc:02:4e:65:0f:ca:4e:
         f2:76:6a:df:59:91:82:ae:56:19:f7:02:86:11:5d:e8:30:18:
         bb:66:85:80:94:14:30:2e:ae:0b:5d:27:c4:9a:be:87:99:03:
         6b:e5:cc:51:c7:c9:87:71:ce:cf:df:1b:ec:e1:0c:77:28:5b:
         82:aa:40:3d:af:3f:f9:da:17:4b:62:07:ed:6e:98:33:cd:95:
         e9:d7:39:9a:bb:87:c0:8a:06:34:b1:f5:4a:e4:e7:b4:dd:f1:
         9d:2f:c4:42:e8:84:0f:c8:4a:9f:82:b8:55:03:84:ab:70:fa:
         db:4d:a4:fe:f3:50:56:ed:10:9e:38:1a:c6:50:64:b0:d1:59:
         99:6b:54:b0:30:f4:e0:58:67:5b:f1:eb:5b:79:7c:7b:4a:07:
         ca:03:54:51:eb:d4:7c:cb:23:0c:25:31:aa:1a:bf:8a:ad:22:
         6f:7a:e1:be:08:9e:16:35:55:ba:e7:e0:e9:bf:65:73:b1:60:
         db:55:21:a9:4c:8b:51:24:70:3c:d0:05:2b:2c:52:44:fd:ed:
         37:a9:a3:3a
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYzHJ3Zt+DAeUx9oDOyDebOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5Mzc4NjYwZjVmMDE5MjM5NDZjMzVkOTRiZTVjY2Q3ZDJi
NzEwNTEwHhcNMjQwMTAxMjIzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzFhNThjODc2YWY3MGU2MzNhZDcwMTgwNTE4MmNmNzY1NzZkYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpKzFmGPJ55LDeCPJry8ihTNB60l
cS7ot15WzMX3A1wF7+tUaU00ysRrBHh3PnY4kx7T3xCZAm4KRjIIkP0jtFVzESUJ
5W7kImRE8udZFEsbSRHUu22M/4HSjStAp9/I6Q7JOIL+dPhhfkNVuE2I053t9stN
Bay2Vdjr/iOQE5i10coM8Zu3kC63DHqq6nBPlwDKcwGlEjCs3JCgTdsXAvYXxcMQ
PQq8hHpPkyMlJcMtW9MY7giuSRMPcmEnWDoPyzzE/7wC/Y7XH9OQdxmyQedZjOUP
kf8kdxK6xA0wZDu3Aj7ZtjQ4ye9k3pT8jz/Yn1Jr5eJOK2/vh2CW1ozJowIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFAwaWMh2r3DmM61wGAUYLPdldtxrMB8GA1UdIwQY
MBaAFEk3hmD18BkjlGw12UvlzNfStxBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1RlR1lQWHdHU09VYkRYWlMtWE0xOUszRUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8wN2NkY2YtODg3NS00NzcwLThjNzUt
NDFiNzQ1YmY1M2RiLzEvREJwWXlIYXZjT1l6clhBWUJSZ3M5MlYyM0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8wN2NkY2YtODg3NS00NzcwLThjNzUtNDFiNzQ1YmY1M2Ri
LzEvU1RlR1lQWHdHU09VYkRYWlMtWE0xOUszRUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzA6BAIAATA0AwQAnWGjAwQC
uYH8AwQBwf7KAwQB1fQgMAwDBADV9CMDBADV9CYwDAMEA9X0KAMEANX0KjANBAIA
AjAHAwUDKgbWgDANBgkqhkiG9w0BAQsFAAOCAQEAcINpmlrfD9YRqfwgwHL66jNE
5Co1QeqipK4iZ4bEW9YADhvVOOeqLM2xmp/tutfMAk5lD8pO8nZq31mRgq5WGfcC
hhFd6DAYu2aFgJQUMC6uC10nxJq+h5kDa+XMUcfJh3HOz98b7OEMdyhbgqpAPa8/
+doXS2IH7W6YM82V6dc5mruHwIoGNLH1SuTntN3xnS/EQuiED8hKn4K4VQOEq3D6
202k/vNQVu0QnjgaxlBksNFZmWtUsDD04FhnW/HrW3l8e0oHygNUUevUfMsjDCUx
qhq/iq0ib3rhvgieFjVVuufg6b9lc7Fg21UhqUyLUSRwPNAFKyxSRP3tN6mjOg==
-----END CERTIFICATE-----