Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/6cb23e-7c65-46b3-9b6d-7c6635da892d/1/52UOVNfPqY8GWWTqFJZbj9uLxnc.roa
File:                     52UOVNfPqY8GWWTqFJZbj9uLxnc.roa (raw, json)
Hash identifier:          z7wTI/pA79tiyrs48PVIWi2w3hJKZGblDmLLkDrION4=
Subject key identifier:   E7:65:0E:54:D7:CF:A9:8F:06:59:64:EA:14:96:5B:8F:DB:8B:C6:77
Certificate issuer:       /CN=6676dff61a8305675977e86f52eee6745d6428f4
Certificate serial:       018CC2DB412A35189CF8D4B7F6A24032DD0C
Authority key identifier: 66:76:DF:F6:1A:83:05:67:59:77:E8:6F:52:EE:E6:74:5D:64:28:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Znbf9hqDBWdZd-hvUu7mdF1kKPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/6cb23e-7c65-46b3-9b6d-7c6635da892d/1/52UOVNfPqY8GWWTqFJZbj9uLxnc.roa
Signing time:             Mon 01 Jan 2024 02:29:58 +0000
ROA not before:           Mon 01 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199952
IP address blocks:        185.88.52.0/22 maxlen: 24
                          185.29.68.0/22 maxlen: 24
                          185.223.240.0/22 maxlen: 24
                          185.110.76.0/22 maxlen: 24
                          185.69.8.0/22 maxlen: 24
                          185.227.8.0/22 maxlen: 24
                          45.66.64.0/22 maxlen: 22
                          152.89.100.0/22 maxlen: 22
                          2a04:41c0::/29 maxlen: 56

Validation:               Failed, certificate revoked on Thu 16 May 2024 06:14:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:41:2a:35:18:9c:f8:d4:b7:f6:a2:40:32:dd:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6676dff61a8305675977e86f52eee6745d6428f4
        Validity
            Not Before: Jan  1 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7650e54d7cfa98f065964ea14965b8fdb8bc677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:1d:3f:d1:f4:d5:a2:71:43:ed:ef:ab:cd:24:
                    95:a7:17:55:b6:c2:d4:75:74:f2:07:fe:c9:ef:66:
                    48:ce:65:e2:f2:ef:cd:81:7d:ad:88:c2:83:d0:c8:
                    6f:d8:13:07:d3:93:4f:4e:0a:a9:d0:5a:87:dc:bf:
                    7e:73:65:27:d2:70:e7:6c:8b:7a:68:14:f7:32:f0:
                    18:1c:8f:50:4f:15:b1:c1:47:a2:00:34:c6:05:00:
                    f0:1c:51:ce:37:ea:83:41:d9:5a:05:8d:cd:7a:d8:
                    d3:8a:2e:ae:64:14:90:67:1f:09:59:bc:d8:a8:5e:
                    d9:83:b1:05:0f:08:26:f3:d8:f5:86:f2:a2:dd:cb:
                    9d:61:8a:63:c8:b7:89:67:3e:5b:0e:82:f7:1c:44:
                    65:b8:77:13:30:ec:d3:4c:fa:ab:d4:a4:94:c6:bc:
                    1f:3f:67:a8:22:25:c1:3d:a7:19:ba:bd:a4:43:cb:
                    2a:0f:f1:6a:9d:6a:56:91:a9:bc:22:8f:31:c3:9d:
                    3d:df:04:21:10:eb:7c:e3:cd:08:be:e4:75:86:d2:
                    5b:9f:a5:4e:18:df:2a:3a:65:2a:9f:f7:22:11:12:
                    69:1f:4c:46:97:ce:ca:83:13:98:ef:b8:cf:83:12:
                    d7:45:81:67:fe:01:f7:cf:ab:95:37:01:0d:04:cf:
                    9b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:65:0E:54:D7:CF:A9:8F:06:59:64:EA:14:96:5B:8F:DB:8B:C6:77
            X509v3 Authority Key Identifier:
                keyid:66:76:DF:F6:1A:83:05:67:59:77:E8:6F:52:EE:E6:74:5D:64:28:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Znbf9hqDBWdZd-hvUu7mdF1kKPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/6cb23e-7c65-46b3-9b6d-7c6635da892d/1/52UOVNfPqY8GWWTqFJZbj9uLxnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/6cb23e-7c65-46b3-9b6d-7c6635da892d/1/Znbf9hqDBWdZd-hvUu7mdF1kKPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.64.0/22
                  152.89.100.0/22
                  185.29.68.0/22
                  185.69.8.0/22
                  185.88.52.0/22
                  185.110.76.0/22
                  185.223.240.0/22
                  185.227.8.0/22
                IPv6:
                  2a04:41c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:c3:7b:9f:f3:db:fa:43:d5:19:fb:a5:9d:48:a0:a3:db:9d:
         bc:18:2a:de:3a:34:ac:dc:a6:a2:aa:e1:f6:f9:98:1c:34:f4:
         4c:31:6d:48:02:f9:91:da:77:32:55:70:c7:ad:63:ad:6f:a2:
         e0:14:53:dd:e6:34:d9:41:fb:bb:a2:90:73:74:0d:6e:82:e1:
         7d:61:a7:bf:05:1a:57:b8:08:34:b0:ac:b5:ec:b1:8a:e2:a7:
         d8:cc:92:c1:dd:1e:80:41:6e:fb:a3:d3:be:9a:55:3e:07:ae:
         69:1b:c1:3f:3a:2a:50:d7:37:1e:3a:8c:4e:e7:14:83:50:40:
         d0:13:9a:dc:d7:fe:b5:7f:b0:59:f9:18:6e:80:88:5c:23:09:
         52:48:03:a6:be:e9:78:94:48:cf:bf:36:82:69:99:3c:f4:c5:
         6c:45:4c:83:d4:3e:92:73:53:5e:de:13:66:b4:c2:36:4d:fe:
         dc:e2:d9:54:1c:d8:e5:1a:b8:c2:44:ef:7f:9d:f8:0b:5b:cc:
         18:54:22:2c:c4:55:5f:93:85:f7:89:ea:25:40:05:fd:42:5f:
         99:30:d3:d1:7a:78:92:4e:92:d0:ed:84:1c:e5:6c:e5:c9:9d:
         d2:e7:fa:ce:ba:70:44:35:61:52:c5:f4:6d:d7:e5:59:7e:de:
         b4:03:10:a3
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzC20EqNRic+NS39qJAMt0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NzZkZmY2MWE4MzA1Njc1OTc3ZTg2ZjUyZWVlNjc0NWQ2
NDI4ZjQwHhcNMjQwMTAxMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzY1MGU1NGQ3Y2ZhOThmMDY1OTY0ZWExNDk2NWI4ZmRiOGJjNjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgh0/0fTVonFD7e+rzSSVpxdVtsLU
dXTyB/7J72ZIzmXi8u/NgX2tiMKD0Mhv2BMH05NPTgqp0FqH3L9+c2Un0nDnbIt6
aBT3MvAYHI9QTxWxwUeiADTGBQDwHFHON+qDQdlaBY3NetjTii6uZBSQZx8JWbzY
qF7Zg7EFDwgm89j1hvKi3cudYYpjyLeJZz5bDoL3HERluHcTMOzTTPqr1KSUxrwf
P2eoIiXBPacZur2kQ8sqD/FqnWpWkam8Io8xw5093wQhEOt8480IvuR1htJbn6VO
GN8qOmUqn/ciERJpH0xGl87KgxOY77jPgxLXRYFn/gH3z6uVNwENBM+b0wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFOdlDlTXz6mPBllk6hSWW4/bi8Z3MB8GA1UdIwQY
MBaAFGZ23/YagwVnWXfob1Lu5nRdZCj0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm5iZjlocURCV2RaZC1odlV1N21kRjFrS1BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82Y2IyM2UtN2M2NS00NmIzLTliNmQt
N2M2NjM1ZGE4OTJkLzEvNTJVT1ZOZlBxWThHV1dUcUZKWmJqOXVMeG5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82Y2IyM2UtN2M2NS00NmIzLTliNmQtN2M2NjM1ZGE4OTJk
LzEvWm5iZjlocURCV2RaZC1odlV1N21kRjFrS1BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQCLUJAAwQC
mFlkAwQCuR1EAwQCuUUIAwQCuVg0AwQCuW5MAwQCud/wAwQCueMIMA0EAgACMAcD
BQMqBEHAMA0GCSqGSIb3DQEBCwUAA4IBAQB1w3uf89v6Q9UZ+6WdSKCj2528GCre
OjSs3KaiquH2+ZgcNPRMMW1IAvmR2ncyVXDHrWOtb6LgFFPd5jTZQfu7opBzdA1u
guF9Yae/BRpXuAg0sKy17LGK4qfYzJLB3R6AQW77o9O+mlU+B65pG8E/OipQ1zce
OoxO5xSDUEDQE5rc1/61f7BZ+RhugIhcIwlSSAOmvul4lEjPvzaCaZk89MVsRUyD
1D6Sc1Ne3hNmtMI2Tf7c4tlUHNjlGrjCRO9/nfgLW8wYVCIsxFVfk4X3ieolQAX9
Ql+ZMNPReniSTpLQ7YQc5WzlyZ3S5/rOunBENWFSxfRt1+VZft60AxCj
-----END CERTIFICATE-----