Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/oSIDwZ3ue5Duld5SbT4k1FMz5Kk.roa
File:                     oSIDwZ3ue5Duld5SbT4k1FMz5Kk.roa (raw, json)
Hash identifier:          j5Sgujzf6fujcI4Mgt6v7HuCKqaFaY6Lf4wSedJbTfE=
Subject key identifier:   A1:22:03:C1:9D:EE:7B:90:EE:95:DE:52:6D:3E:24:D4:53:33:E4:A9
Certificate issuer:       /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial:       018CC6B77F12D5E85EA5337A21A242E15AF0
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/oSIDwZ3ue5Duld5SbT4k1FMz5Kk.roa
Signing time:             Mon 01 Jan 2024 20:29:23 +0000
ROA not before:           Mon 01 Jan 2024 20:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        153.112.216.0/24 maxlen: 24
                          153.112.217.0/24 maxlen: 24
                          153.112.223.0/24 maxlen: 24
                          153.112.224.0/24 maxlen: 24
                          153.112.225.0/24 maxlen: 24
                          153.112.226.0/24 maxlen: 24
                          153.112.230.0/24 maxlen: 24
                          153.112.231.0/24 maxlen: 24
                          193.53.29.0/24 maxlen: 24
                          153.112.227.0/24 maxlen: 24
                          153.112.228.0/24 maxlen: 24
                          153.112.229.0/24 maxlen: 24
                          153.112.205.0/24 maxlen: 24
                          192.157.14.0/24 maxlen: 24
                          192.157.15.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 08 May 2024 07:56:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7f:12:d5:e8:5e:a5:33:7a:21:a2:42:e1:5a:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
        Validity
            Not Before: Jan  1 20:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a12203c19dee7b90ee95de526d3e24d45333e4a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a0:8f:f0:c9:86:47:db:89:f6:ca:32:e7:db:
                    bd:84:d1:23:b0:09:cd:ff:a9:73:3b:68:46:e9:00:
                    c9:8e:54:66:8a:af:44:95:66:fc:b0:4e:ec:6e:64:
                    0e:4f:c0:5c:ca:1c:81:1c:1e:78:45:7d:86:ae:dd:
                    c2:a4:0f:b0:3b:1c:c1:f0:de:8d:2c:a9:27:4a:a0:
                    56:05:7b:a2:31:a9:9a:3b:fe:53:6c:8b:79:98:a4:
                    df:17:d8:c2:41:2f:ea:70:ee:b6:cc:ef:3e:8a:30:
                    67:49:3c:83:80:cf:74:0e:e3:f3:2c:56:62:63:1b:
                    c1:17:b0:3e:70:97:a5:0a:5e:40:8a:92:e4:ca:82:
                    da:52:79:6e:8c:6c:8e:49:31:d6:fe:2b:72:c5:83:
                    87:75:40:d1:94:7d:7f:00:ff:c0:61:df:19:b8:fe:
                    95:7c:73:48:50:a8:89:7f:19:ce:4d:c9:43:39:f5:
                    d6:7e:49:da:81:20:55:a3:62:9d:65:d6:7c:5a:31:
                    77:9e:62:cb:24:1a:4a:2b:9c:59:97:41:59:15:8a:
                    f2:74:ce:cf:61:77:21:9d:8a:04:c4:15:23:22:df:
                    91:3f:64:6b:be:4d:81:6f:38:f5:b5:74:93:c7:a6:
                    eb:48:90:a0:d8:00:21:e5:3b:d6:b6:63:5c:1c:ee:
                    db:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:22:03:C1:9D:EE:7B:90:EE:95:DE:52:6D:3E:24:D4:53:33:E4:A9
            X509v3 Authority Key Identifier:
                keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/oSIDwZ3ue5Duld5SbT4k1FMz5Kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.112.205.0/24
                  153.112.216.0/23
                  153.112.223.0-153.112.231.255
                  192.157.14.0/23
                  193.53.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:82:64:61:fc:b3:ed:b3:ba:10:ed:59:b0:cd:1f:a4:bb:23:
         0c:c0:17:5c:b3:9a:18:a3:4f:34:8d:fc:df:94:bf:e2:8f:6a:
         5a:37:63:48:f6:8b:a4:eb:98:0e:dd:eb:11:eb:bd:e4:94:91:
         50:c5:6a:88:4d:8b:2b:33:3a:03:e4:49:21:cb:17:51:3e:78:
         5e:d3:5f:4c:34:0b:7a:ce:64:a1:81:9c:8a:5c:ff:5a:c7:2b:
         4b:13:b2:57:59:06:dc:09:90:bd:b0:32:81:d4:1b:4c:d5:78:
         a4:a1:22:a0:e0:89:66:7d:47:39:8c:a4:2d:4c:f1:e5:e5:7f:
         ff:b5:2b:4c:cd:25:c7:c5:02:c5:c9:c0:34:6b:02:fc:57:b8:
         49:15:74:67:fa:b9:f2:03:2b:a3:c6:28:ea:11:c9:96:16:22:
         d4:17:89:4c:35:d1:7b:34:4a:4b:b9:d0:84:4b:65:00:97:24:
         e0:2f:98:6c:9c:04:27:e8:32:c6:4e:bd:99:4f:99:c8:f1:27:
         84:72:de:2a:43:e6:8e:6d:7d:b3:36:c3:31:b0:d1:d2:bc:0c:
         1f:56:48:1f:e4:ad:56:1f:af:27:91:b9:c7:e4:4f:56:42:f5:
         32:5e:b3:db:78:6a:34:a1:df:6d:fa:aa:a0:15:de:1d:1c:79:
         dd:16:b0:56
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzGt38S1ehepTN6IaJC4VrwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTIyMDNjMTlkZWU3YjkwZWU5NWRlNTI2ZDNlMjRkNDUzMzNlNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKCP8MmGR9uJ9soy59u9hNEjsAnN
/6lzO2hG6QDJjlRmiq9ElWb8sE7sbmQOT8BcyhyBHB54RX2Grt3CpA+wOxzB8N6N
LKknSqBWBXuiMamaO/5TbIt5mKTfF9jCQS/qcO62zO8+ijBnSTyDgM90DuPzLFZi
YxvBF7A+cJelCl5AipLkyoLaUnlujGyOSTHW/ityxYOHdUDRlH1/AP/AYd8ZuP6V
fHNIUKiJfxnOTclDOfXWfknagSBVo2KdZdZ8WjF3nmLLJBpKK5xZl0FZFYrydM7P
YXchnYoExBUjIt+RP2Rrvk2Bbzj1tXSTx6brSJCg2AAh5TvWtmNcHO7bmwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFKEiA8Gd7nuQ7pXeUm0+JNRTM+SpMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvb1NJRHdaM3VlNUR1bGQ1U2JUNGsxRk16NUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAmXDNAwQB
mXDYMAwDBACZcN8DBAOZcOADBAHAnQ4DBADBNR0wDQYJKoZIhvcNAQELBQADggEB
ACiCZGH8s+2zuhDtWbDNH6S7IwzAF1yzmhijTzSN/N+Uv+KPalo3Y0j2i6TrmA7d
6xHrveSUkVDFaohNiyszOgPkSSHLF1E+eF7TX0w0C3rOZKGBnIpc/1rHK0sTsldZ
BtwJkL2wMoHUG0zVeKShIqDgiWZ9RzmMpC1M8eXlf/+1K0zNJcfFAsXJwDRrAvxX
uEkVdGf6ufIDK6PGKOoRyZYWItQXiUw10Xs0Sku50IRLZQCXJOAvmGycBCfoMsZO
vZlPmcjxJ4Ry3ipD5o5tfbM2wzGw0dK8DB9WSB/krVYfryeRucfkT1ZC9TJes9t4
ajSh3236qqAV3h0ced0WsFY=
-----END CERTIFICATE-----