Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/FAOKlR3Ea4BMjXuhZJimkh3SmqI.roa
File:                     FAOKlR3Ea4BMjXuhZJimkh3SmqI.roa (raw, json)
Hash identifier:          v5QPy8+7e29sxxYWYr2YK+CVUDf2w4tfbeXWr5QGn68=
Subject key identifier:   14:03:8A:95:1D:C4:6B:80:4C:8D:7B:A1:64:98:A6:92:1D:D2:9A:A2
Certificate issuer:       /CN=50d4ac320965ab4991108501a0602a6893e63fec
Certificate serial:       018CC6B8A84C226A0D7CE8C0CF238D23FFF7
Authority key identifier: 50:D4:AC:32:09:65:AB:49:91:10:85:01:A0:60:2A:68:93:E6:3F:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UNSsMgllq0mREIUBoGAqaJPmP-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/FAOKlR3Ea4BMjXuhZJimkh3SmqI.roa
Signing time:             Mon 01 Jan 2024 20:30:39 +0000
ROA not before:           Mon 01 Jan 2024 20:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24953
IP address blocks:        185.34.196.0/22 maxlen: 22
                          83.216.192.0/20 maxlen: 20
                          185.167.240.0/22 maxlen: 24
                          185.213.124.0/22 maxlen: 22
                          185.224.120.0/22 maxlen: 22
                          195.95.163.0/24 maxlen: 24
                          89.185.96.0/19 maxlen: 19
                          80.64.140.0/22 maxlen: 22
                          2a0b:c200::/29 maxlen: 32
                          2001:1ad0:c4fc::/46 maxlen: 48
                          2001:1ad0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 30 Jan 2024 08:22:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a8:4c:22:6a:0d:7c:e8:c0:cf:23:8d:23:ff:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50d4ac320965ab4991108501a0602a6893e63fec
        Validity
            Not Before: Jan  1 20:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14038a951dc46b804c8d7ba16498a6921dd29aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f1:9e:d6:4d:be:e7:ec:f4:e0:18:ce:d7:52:
                    8a:b2:bf:74:27:d1:93:e4:7b:b1:6d:47:9d:ba:ca:
                    0d:1d:57:37:9a:87:2a:b7:0c:03:63:83:e3:f2:5b:
                    01:40:67:1e:b9:6d:b7:73:13:fe:b1:94:c7:5e:84:
                    ea:59:ca:cb:03:05:7f:7d:ec:09:d5:83:96:3b:d2:
                    5f:0c:44:94:77:02:b6:b3:c5:63:7c:da:ac:6d:6b:
                    a3:29:f6:d7:85:5c:33:58:ec:9d:06:c6:53:ac:e7:
                    ed:63:a9:fd:92:7b:cf:3a:0d:57:fe:14:e0:5d:10:
                    b7:5a:99:26:e5:1c:28:4c:c3:13:31:bd:14:74:5d:
                    96:50:0d:07:2f:39:8d:25:7f:3c:08:03:39:8b:b7:
                    cf:e3:e8:c2:c8:30:77:c3:58:2f:76:5c:c3:fb:e4:
                    dc:e5:44:56:cb:a4:58:72:53:0e:a9:2b:2d:ab:b9:
                    66:bc:96:4e:64:28:4d:a3:7f:97:2b:f3:6d:d3:99:
                    d4:cc:30:96:6e:3d:61:b6:1e:44:3c:cf:72:e9:e5:
                    a5:d9:98:21:13:54:21:ed:ce:b7:db:06:37:0c:06:
                    e3:77:34:85:8a:d4:ae:ec:2e:cc:21:9a:89:a1:30:
                    76:c8:b8:10:42:f2:f6:6f:54:93:7b:43:8f:95:fc:
                    9e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:03:8A:95:1D:C4:6B:80:4C:8D:7B:A1:64:98:A6:92:1D:D2:9A:A2
            X509v3 Authority Key Identifier:
                keyid:50:D4:AC:32:09:65:AB:49:91:10:85:01:A0:60:2A:68:93:E6:3F:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UNSsMgllq0mREIUBoGAqaJPmP-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/FAOKlR3Ea4BMjXuhZJimkh3SmqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/403528-9e7c-4b64-9599-ba032323744c/1/UNSsMgllq0mREIUBoGAqaJPmP-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.140.0/22
                  83.216.192.0/20
                  89.185.96.0/19
                  185.34.196.0/22
                  185.167.240.0/22
                  185.213.124.0/22
                  185.224.120.0/22
                  195.95.163.0/24
                IPv6:
                  2001:1ad0::/32
                  2a0b:c200::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:cb:6b:62:7e:ae:da:9f:77:c5:96:59:7b:8b:91:39:8f:71:
         a2:c0:4f:04:f3:3e:c1:4e:35:4b:73:17:75:4d:b1:2c:46:0f:
         bb:6c:05:83:c2:d4:c3:35:54:46:c8:fb:63:18:68:b3:67:04:
         6f:d5:62:16:38:b5:1f:21:4a:30:f8:70:cd:80:6a:59:40:8b:
         32:00:87:19:5a:26:51:b0:00:7d:14:4c:66:1a:05:46:41:b9:
         d7:81:98:b9:27:e9:bc:c2:6e:69:b7:03:87:20:d0:58:86:51:
         0d:8d:31:0a:fc:fc:fc:2b:19:67:4f:d7:44:14:0d:2a:e3:18:
         ad:b2:60:11:ea:df:74:69:81:eb:78:8a:d8:df:ed:50:ab:1d:
         b2:f6:46:1b:e1:94:f9:66:5a:9f:14:fc:7a:78:a7:89:38:81:
         02:5d:b5:d4:aa:f8:c9:56:bc:8e:99:df:ae:21:05:9a:e5:30:
         ed:a2:59:25:53:88:dc:ae:9e:a2:56:92:0d:a4:21:25:21:5f:
         fe:36:28:92:91:82:7b:82:c9:72:7e:8e:7d:67:c8:35:9d:a5:
         dd:0c:56:ac:a2:e9:89:b8:a5:c3:38:bf:ea:53:8a:b3:aa:1d:
         e4:9f:8f:49:32:49:9b:08:53:28:94:3a:12:e9:54:a9:d9:b9:
         a2:15:c9:85
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzGuKhMImoNfOjAzyONI//3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZDRhYzMyMDk2NWFiNDk5MTEwODUwMWEwNjAyYTY4OTNl
NjNmZWMwHhcNMjQwMTAxMjAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDAzOGE5NTFkYzQ2YjgwNGM4ZDdiYTE2NDk4YTY5MjFkZDI5YWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/Ge1k2+5+z04BjO11KKsr90J9GT
5HuxbUedusoNHVc3mocqtwwDY4Pj8lsBQGceuW23cxP+sZTHXoTqWcrLAwV/fewJ
1YOWO9JfDESUdwK2s8VjfNqsbWujKfbXhVwzWOydBsZTrOftY6n9knvPOg1X/hTg
XRC3Wpkm5RwoTMMTMb0UdF2WUA0HLzmNJX88CAM5i7fP4+jCyDB3w1gvdlzD++Tc
5URWy6RYclMOqSstq7lmvJZOZChNo3+XK/Nt05nUzDCWbj1hth5EPM9y6eWl2Zgh
E1Qh7c632wY3DAbjdzSFitSu7C7MIZqJoTB2yLgQQvL2b1STe0OPlfyenQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFBQDipUdxGuATI17oWSYppId0pqiMB8GA1UdIwQY
MBaAFFDUrDIJZatJkRCFAaBgKmiT5j/sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU5Tc01nbGxxMG1SRUlVQm9HQXFhSlBtUC13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80MDM1MjgtOWU3Yy00YjY0LTk1OTkt
YmEwMzIzMjM3NDRjLzEvRkFPS2xSM0VhNEJNalh1aFpKaW1raDNTbXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80MDM1MjgtOWU3Yy00YjY0LTk1OTktYmEwMzIzMjM3NDRj
LzEvVU5Tc01nbGxxMG1SRUlVQm9HQXFhSlBtUC13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQCUECMAwQE
U9jAAwQFWblgAwQCuSLEAwQCuafwAwQCudV8AwQCueB4AwQAw1+jMBQEAgACMA4D
BQAgARrQAwUDKgvCADANBgkqhkiG9w0BAQsFAAOCAQEAXctrYn6u2p93xZZZe4uR
OY9xosBPBPM+wU41S3MXdU2xLEYPu2wFg8LUwzVURsj7Yxhos2cEb9ViFji1HyFK
MPhwzYBqWUCLMgCHGVomUbAAfRRMZhoFRkG514GYuSfpvMJuabcDhyDQWIZRDY0x
Cvz8/CsZZ0/XRBQNKuMYrbJgEerfdGmB63iK2N/tUKsdsvZGG+GU+WZanxT8enin
iTiBAl211Kr4yVa8jpnfriEFmuUw7aJZJVOI3K6eolaSDaQhJSFf/jYokpGCe4LJ
cn6OfWfINZ2l3QxWrKLpibilwzi/6lOKs6od5J+PSTJJmwhTKJQ6EulUqdm5ohXJ
hQ==
-----END CERTIFICATE-----