Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/AqKPMYckCxMqy-PTveuACZe34r8.roa
File:                     AqKPMYckCxMqy-PTveuACZe34r8.roa (raw, json)
Hash identifier:          wd0KdWcsrdXi8s4q5PoXcHjqQu5XsGssNHld+wS+IAk=
Subject key identifier:   02:A2:8F:31:87:24:0B:13:2A:CB:E3:D3:BD:EB:80:09:97:B7:E2:BF
Certificate issuer:       /CN=3692fedf59c60d3254e37a9c8ecde11c9ba1282a
Certificate serial:       018CF232BD62A629066198E9CF227B5E7EF5
Authority key identifier: 36:92:FE:DF:59:C6:0D:32:54:E3:7A:9C:8E:CD:E1:1C:9B:A1:28:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpL-31nGDTJU43qcjs3hHJuhKCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/AqKPMYckCxMqy-PTveuACZe34r8.roa
Signing time:             Wed 10 Jan 2024 07:07:40 +0000
ROA not before:           Wed 10 Jan 2024 07:07:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.90.106.0/24 maxlen: 24
                          62.201.237.0/24 maxlen: 24
                          62.201.249.0/24 maxlen: 24
                          62.201.248.0/24 maxlen: 24
                          62.201.192.0/24 maxlen: 24
                          62.201.196.0/24 maxlen: 24
                          62.201.199.0/24 maxlen: 24
                          62.201.200.0/24 maxlen: 24
                          62.201.201.0/24 maxlen: 24
                          62.201.202.0/24 maxlen: 24
                          62.201.203.0/24 maxlen: 24
                          62.201.204.0/24 maxlen: 24
                          62.201.205.0/24 maxlen: 24
                          62.201.207.0/24 maxlen: 24
                          62.201.208.0/24 maxlen: 24
                          62.201.209.0/24 maxlen: 24
                          62.201.210.0/24 maxlen: 24
                          62.201.211.0/24 maxlen: 24
                          62.201.216.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 10 Jan 2024 11:43:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f2:32:bd:62:a6:29:06:61:98:e9:cf:22:7b:5e:7e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3692fedf59c60d3254e37a9c8ecde11c9ba1282a
        Validity
            Not Before: Jan 10 07:07:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02a28f3187240b132acbe3d3bdeb800997b7e2bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1d:e8:1f:1d:bb:83:19:83:14:c6:34:98:9d:
                    2c:a1:2a:cf:b5:09:c2:89:0f:a1:a9:6b:2f:c8:bd:
                    df:56:01:93:1f:85:35:17:71:ec:26:03:48:ea:38:
                    8f:84:c7:df:37:f0:68:5a:03:38:b2:b2:9a:21:73:
                    77:a2:2c:5c:7b:12:c3:ab:2b:b7:af:5e:33:7a:04:
                    58:c6:fa:d8:aa:e8:71:b8:2d:31:17:c3:00:70:fa:
                    80:8c:d7:a8:d2:58:ee:b0:21:15:5e:2c:7f:35:ee:
                    a7:cc:9c:3b:03:e9:d2:46:69:cd:26:9e:00:47:0d:
                    9e:1f:1f:09:62:96:61:6f:bd:86:fe:9e:c9:ff:4d:
                    c2:e6:26:b6:ad:11:16:0c:c9:50:d1:85:a0:dd:fb:
                    be:57:c8:ce:a6:31:cd:dc:ea:a1:66:4a:60:1f:38:
                    34:a2:e1:c5:80:d1:3e:ec:a4:26:09:78:d2:7e:af:
                    63:1e:20:95:35:51:4b:37:11:c9:d3:e2:a3:47:22:
                    28:0f:1b:06:a4:fe:fe:ec:11:05:e0:75:b7:91:9c:
                    c9:2b:05:ad:f7:2b:31:34:de:03:c1:33:7b:3e:36:
                    59:5a:99:cd:c3:ea:ee:59:a5:19:29:b3:f7:fa:c3:
                    e9:cd:e9:5e:a4:27:49:5c:a0:45:c5:15:f4:37:48:
                    8f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A2:8F:31:87:24:0B:13:2A:CB:E3:D3:BD:EB:80:09:97:B7:E2:BF
            X509v3 Authority Key Identifier:
                keyid:36:92:FE:DF:59:C6:0D:32:54:E3:7A:9C:8E:CD:E1:1C:9B:A1:28:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpL-31nGDTJU43qcjs3hHJuhKCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/AqKPMYckCxMqy-PTveuACZe34r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/5c5ad0-d2da-40db-95d1-e7be5e30ad2d/1/NpL-31nGDTJU43qcjs3hHJuhKCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.192.0/24
                  62.201.196.0/24
                  62.201.199.0-62.201.205.255
                  62.201.207.0-62.201.211.255
                  62.201.216.0/24
                  62.201.237.0/24
                  62.201.248.0/23
                  185.90.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:f9:6e:c4:76:d1:0a:e8:b4:22:c3:0a:df:d5:26:c7:6c:f9:
         7f:ba:0c:3b:0b:e1:a2:91:fc:bf:7b:70:76:ac:5f:a0:ad:da:
         b1:b1:5d:45:ec:93:c8:ec:72:4c:a9:74:b0:0e:f8:1f:ec:96:
         f8:85:24:80:ed:0a:c4:73:cf:c4:22:b5:87:ce:8e:82:2f:d7:
         68:8d:d4:dc:51:c3:b0:6b:08:4e:9a:c5:60:6e:ff:2b:0a:5b:
         2e:77:d7:52:e1:3d:d8:f0:95:7b:4f:5d:6b:cd:99:9a:20:74:
         cf:1b:c8:d0:e0:1f:7c:4f:cd:15:5f:3e:d5:f0:ac:61:ca:8b:
         a3:df:8e:39:9c:98:7d:f8:64:69:32:0c:45:d2:ca:9e:40:3e:
         b6:b3:89:84:69:c0:3a:79:4e:6b:11:13:61:b1:7a:a8:88:93:
         0a:4e:f8:2c:82:db:2c:c6:31:83:2a:12:77:1d:c8:6d:dc:1d:
         83:e8:3e:59:57:9a:f7:e9:b5:b9:a5:d9:9e:0f:a5:fa:41:47:
         47:31:d9:0c:28:ab:9f:fa:78:56:14:0c:44:aa:58:fd:5f:9d:
         84:dc:f1:78:4e:95:db:c7:13:70:45:78:bf:e3:87:d3:a8:9c:
         b0:0a:1c:ca:29:28:89:0d:3d:d5:d1:3a:c8:6b:70:b3:e3:7d:
         62:fc:4f:6b
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYzyMr1ipikGYZjpzyJ7Xn71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTJmZWRmNTljNjBkMzI1NGUzN2E5YzhlY2RlMTFjOWJh
MTI4MmEwHhcNMjQwMTEwMDcwNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmEyOGYzMTg3MjQwYjEzMmFjYmUzZDNiZGViODAwOTk3YjdlMmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArx3oHx27gxmDFMY0mJ0soSrPtQnC
iQ+hqWsvyL3fVgGTH4U1F3HsJgNI6jiPhMffN/BoWgM4srKaIXN3oixcexLDqyu3
r14zegRYxvrYquhxuC0xF8MAcPqAjNeo0ljusCEVXix/Ne6nzJw7A+nSRmnNJp4A
Rw2eHx8JYpZhb72G/p7J/03C5ia2rREWDMlQ0YWg3fu+V8jOpjHN3OqhZkpgHzg0
ouHFgNE+7KQmCXjSfq9jHiCVNVFLNxHJ0+KjRyIoDxsGpP7+7BEF4HW3kZzJKwWt
9ysxNN4DwTN7PjZZWpnNw+ruWaUZKbP3+sPpzelepCdJXKBFxRX0N0iPUQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFAKijzGHJAsTKsvj073rgAmXt+K/MB8GA1UdIwQY
MBaAFDaS/t9Zxg0yVON6nI7N4RyboSgqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBMLTMxbkdEVEpVNDNxY2pzM2hISnVoS0NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi81YzVhZDAtZDJkYS00MGRiLTk1ZDEt
ZTdiZTVlMzBhZDJkLzEvQXFLUE1ZY2tDeE1xeS1QVHZldUFDWmUzNHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi81YzVhZDAtZDJkYS00MGRiLTk1ZDEtZTdiZTVlMzBhZDJk
LzEvTnBMLTMxbkdEVEpVNDNxY2pzM2hISnVoS0NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQAPsnAAwQA
PsnEMAwDBAA+yccDBAE+ycwwDAMEAD7JzwMEAj7J0AMEAD7J2AMEAD7J7QMEAT7J
+AMEALlaajANBgkqhkiG9w0BAQsFAAOCAQEAY/luxHbRCui0IsMK39Umx2z5f7oM
OwvhopH8v3twdqxfoK3asbFdReyTyOxyTKl0sA74H+yW+IUkgO0KxHPPxCK1h86O
gi/XaI3U3FHDsGsITprFYG7/KwpbLnfXUuE92PCVe09da82ZmiB0zxvI0OAffE/N
FV8+1fCsYcqLo9+OOZyYffhkaTIMRdLKnkA+trOJhGnAOnlOaxETYbF6qIiTCk74
LILbLMYxgyoSdx3Ibdwdg+g+WVea9+m1uaXZng+l+kFHRzHZDCirn/p4VhQMRKpY
/V+dhNzxeE6V28cTcEV4v+OH06icsAocyikoiQ091dE6yGtws+N9YvxPaw==
-----END CERTIFICATE-----