Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/gh7vYTUG1hOvMTKmmRGw-tGeYFg.roa
File:                     gh7vYTUG1hOvMTKmmRGw-tGeYFg.roa (raw, json)
Hash identifier:          sR6uyKixJoZpYifkcIdbmxtDNCxj0cgVxTr7fQC6rZQ=
Subject key identifier:   82:1E:EF:61:35:06:D6:13:AF:31:32:A6:99:11:B0:FA:D1:9E:60:58
Certificate issuer:       /CN=e07e008d6ed2388ad31b7422423152a92a54de71
Certificate serial:       018CC64B3B365520DC509D85E20B331287B5
Authority key identifier: E0:7E:00:8D:6E:D2:38:8A:D3:1B:74:22:42:31:52:A9:2A:54:DE:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4H4AjW7SOIrTG3QiQjFSqSpU3nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/gh7vYTUG1hOvMTKmmRGw-tGeYFg.roa
Signing time:             Mon 01 Jan 2024 18:31:08 +0000
ROA not before:           Mon 01 Jan 2024 18:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197227
IP address blocks:        145.14.240.0/21 maxlen: 24
                          46.243.156.0/22 maxlen: 24
                          185.131.160.0/22 maxlen: 22
                          213.5.208.0/21 maxlen: 24
                          185.81.56.0/22 maxlen: 24
                          46.175.40.0/21 maxlen: 24
                          85.234.248.0/21 maxlen: 24
                          37.247.56.0/21 maxlen: 24
                          5.133.248.0/21 maxlen: 24
                          195.80.128.0/21 maxlen: 24
                          188.211.16.0/21 maxlen: 24
                          2a03:1280::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 18 Dec 2024 10:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3b:36:55:20:dc:50:9d:85:e2:0b:33:12:87:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e07e008d6ed2388ad31b7422423152a92a54de71
        Validity
            Not Before: Jan  1 18:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=821eef613506d613af3132a69911b0fad19e6058
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3e:05:11:04:2e:ab:f2:59:10:48:31:4b:f8:
                    e9:1b:59:cc:e3:b7:c3:c4:c0:23:58:a1:f4:3c:b0:
                    15:48:9a:10:cb:d4:98:d9:1a:51:20:c7:24:53:fb:
                    ed:e2:54:fb:d9:68:23:69:fb:e1:f1:c2:fc:f6:e5:
                    e3:e7:6c:4f:2c:90:74:9f:e0:fc:91:d9:68:c0:27:
                    45:78:74:21:9e:67:b2:16:01:ce:a0:88:44:e1:4b:
                    c7:73:e4:b0:39:32:d1:6c:37:91:06:b2:61:7a:40:
                    1c:03:1f:86:89:e2:1c:a6:39:c6:1e:7b:b3:9f:4e:
                    bc:e2:2e:08:4f:3d:32:3a:32:72:a4:5f:c1:c4:38:
                    c5:d6:0d:e8:6a:0c:1a:71:f9:15:d6:56:1a:8f:43:
                    7b:74:fa:bf:3d:b3:7b:47:28:31:69:92:ba:dc:ad:
                    a1:7e:3a:04:26:45:41:bd:ad:01:5e:cc:9e:a1:ac:
                    79:34:e1:bd:f6:b1:36:04:c3:01:28:ee:a0:ae:9e:
                    81:20:40:da:64:34:66:8d:51:d8:bc:8b:92:47:e7:
                    d6:51:07:81:08:50:c2:0a:f2:99:21:f6:0e:5f:e7:
                    0d:40:46:7d:1a:26:16:5b:ca:e7:59:d1:7c:dc:20:
                    90:32:fa:b5:02:f9:44:6f:f7:89:aa:a4:fc:d7:a2:
                    9f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:1E:EF:61:35:06:D6:13:AF:31:32:A6:99:11:B0:FA:D1:9E:60:58
            X509v3 Authority Key Identifier:
                keyid:E0:7E:00:8D:6E:D2:38:8A:D3:1B:74:22:42:31:52:A9:2A:54:DE:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4H4AjW7SOIrTG3QiQjFSqSpU3nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/gh7vYTUG1hOvMTKmmRGw-tGeYFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d479cc-a712-4bc3-832d-2727247af210/1/4H4AjW7SOIrTG3QiQjFSqSpU3nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.248.0/21
                  37.247.56.0/21
                  46.175.40.0/21
                  46.243.156.0/22
                  85.234.248.0/21
                  145.14.240.0/21
                  185.81.56.0/22
                  185.131.160.0/22
                  188.211.16.0/21
                  195.80.128.0/21
                  213.5.208.0/21
                IPv6:
                  2a03:1280::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:85:5b:01:eb:0d:b1:53:9d:b2:e2:43:69:ae:03:64:16:44:
         f1:e8:bf:86:5d:8e:5f:98:0b:34:bd:f7:71:21:4a:a7:c9:0b:
         93:aa:bb:12:69:fa:45:03:b9:76:71:b3:5b:17:a5:86:f2:2a:
         ed:d2:58:61:de:89:c1:01:7f:77:9d:bc:6b:5c:56:fa:5b:b4:
         a1:d5:e1:01:99:d3:cb:98:90:ef:88:8c:09:6e:f5:0b:24:0b:
         b9:64:04:d0:d2:8e:e7:c0:85:a7:85:52:cd:d5:2e:75:17:69:
         7d:86:7b:b6:d8:4c:07:05:c4:d9:ef:ef:67:45:0a:0b:50:5a:
         f9:45:54:0b:ba:cd:9b:e9:40:7e:81:1a:65:42:72:31:d9:e2:
         ff:e7:c3:fe:00:c7:de:a9:a2:2e:2b:e8:fc:22:27:07:de:78:
         13:bc:68:fc:ce:c3:64:f3:25:09:6e:94:6f:e4:9d:9f:2b:fc:
         55:1c:a7:ec:43:a4:4a:ab:28:d0:32:5d:4f:f9:97:01:48:bb:
         1a:cd:fb:18:f1:c3:d2:02:14:ff:49:48:05:34:e9:71:84:fb:
         5b:f6:fe:05:6e:b0:e5:07:90:7a:a0:c5:e7:4b:e0:28:99:0b:
         5b:9b:e7:c9:e9:2a:1e:cc:04:bc:f4:d3:fb:ea:87:6f:09:5e:
         5c:00:e7:29
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYzGSzs2VSDcUJ2F4gszEoe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwN2UwMDhkNmVkMjM4OGFkMzFiNzQyMjQyMzE1MmE5MmE1
NGRlNzEwHhcNMjQwMTAxMTgzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjFlZWY2MTM1MDZkNjEzYWYzMTMyYTY5OTExYjBmYWQxOWU2MDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkj4FEQQuq/JZEEgxS/jpG1nM47fD
xMAjWKH0PLAVSJoQy9SY2RpRIMckU/vt4lT72Wgjafvh8cL89uXj52xPLJB0n+D8
kdlowCdFeHQhnmeyFgHOoIhE4UvHc+SwOTLRbDeRBrJhekAcAx+GieIcpjnGHnuz
n0684i4ITz0yOjJypF/BxDjF1g3oagwacfkV1lYaj0N7dPq/PbN7RygxaZK63K2h
fjoEJkVBva0BXsyeoax5NOG99rE2BMMBKO6grp6BIEDaZDRmjVHYvIuSR+fWUQeB
CFDCCvKZIfYOX+cNQEZ9GiYWW8rnWdF83CCQMvq1AvlEb/eJqqT816Kf0QIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFIIe72E1BtYTrzEyppkRsPrRnmBYMB8GA1UdIwQY
MBaAFOB+AI1u0jiK0xt0IkIxUqkqVN5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEg0QWpXN1NPSXJURzNRaVFqRlNxU3BVM25FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9kNDc5Y2MtYTcxMi00YmMzLTgzMmQt
MjcyNzI0N2FmMjEwLzEvZ2g3dllUVUcxaE92TVRLbW1SR3ctdEdlWUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9kNDc5Y2MtYTcxMi00YmMzLTgzMmQtMjcyNzI0N2FmMjEw
LzEvNEg0QWpXN1NPSXJURzNRaVFqRlNxU3BVM25FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDBYX4AwQD
Jfc4AwQDLq8oAwQCLvOcAwQDVer4AwQDkQ7wAwQCuVE4AwQCuYOgAwQDvNMQAwQD
w1CAAwQD1QXQMA0EAgACMAcDBQAqAxKAMA0GCSqGSIb3DQEBCwUAA4IBAQBbhVsB
6w2xU52y4kNprgNkFkTx6L+GXY5fmAs0vfdxIUqnyQuTqrsSafpFA7l2cbNbF6WG
8irt0lhh3onBAX93nbxrXFb6W7Sh1eEBmdPLmJDviIwJbvULJAu5ZATQ0o7nwIWn
hVLN1S51F2l9hnu22EwHBcTZ7+9nRQoLUFr5RVQLus2b6UB+gRplQnIx2eL/58P+
AMfeqaIuK+j8IicH3ngTvGj8zsNk8yUJbpRv5J2fK/xVHKfsQ6RKqyjQMl1P+ZcB
SLsazfsY8cPSAhT/SUgFNOlxhPtb9v4FbrDlB5B6oMXnS+AomQtbm+fJ6SoezAS8
9NP76odvCV5cAOcp
-----END CERTIFICATE-----