Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/5HBIMUWylAaHdvRVYF9Aq_Hwqq8.roa
File:                     5HBIMUWylAaHdvRVYF9Aq_Hwqq8.roa (raw, json)
Hash identifier:          D/Z+6OZPWNDBqteVAa0VNxR2LXcFZNf9sruq3+VINP0=
Subject key identifier:   E4:70:48:31:45:B2:94:06:87:76:F4:55:60:5F:40:AB:F1:F0:AA:AF
Certificate issuer:       /CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
Certificate serial:       018A13F82820B294ADF8C76CB9EA870D1D13
Authority key identifier: 76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/5HBIMUWylAaHdvRVYF9Aq_Hwqq8.roa
Signing time:             Sun 20 Aug 2023 17:22:24 +0000
ROA not before:           Sun 20 Aug 2023 17:22:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        46.162.3.0/24 maxlen: 24
                          46.162.0.0/24 maxlen: 24
                          46.162.8.0/24 maxlen: 24
                          46.162.9.0/24 maxlen: 24
                          46.162.10.0/23 maxlen: 24
                          46.162.10.0/24 maxlen: 24
                          46.162.11.0/24 maxlen: 24
                          46.162.15.0/24 maxlen: 24
                          46.162.12.0/24 maxlen: 24
                          46.162.18.0/24 maxlen: 24
                          46.162.23.0/24 maxlen: 24
                          46.162.21.0/24 maxlen: 24
                          46.162.26.0/24 maxlen: 24
                          46.162.32.0/24 maxlen: 24
                          46.162.50.0/24 maxlen: 24
                          46.162.51.0/24 maxlen: 24
                          46.162.48.0/24 maxlen: 24
                          46.162.49.0/24 maxlen: 24
                          46.162.52.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 21 Aug 2023 12:36:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:13:f8:28:20:b2:94:ad:f8:c7:6c:b9:ea:87:0d:1d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
        Validity
            Not Before: Aug 20 17:22:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e470483145b294068776f455605f40abf1f0aaaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d2:6f:b4:d0:1e:67:c8:0d:c9:33:f4:f1:cf:
                    b6:3f:7c:9a:df:7e:60:4b:bb:53:d2:52:cb:4a:34:
                    27:f7:bb:11:9e:60:7b:01:32:b4:0a:14:cb:af:d2:
                    58:7d:83:ad:5b:49:27:6b:a5:ad:ed:13:38:c2:70:
                    ed:73:92:02:26:d8:71:c4:d4:1a:c6:2e:aa:22:a7:
                    c8:99:57:e9:23:c5:40:54:a9:f3:ea:8f:ed:a4:17:
                    0d:89:f6:4b:19:31:cb:c9:1c:88:06:fc:8d:1d:5a:
                    6f:33:47:5c:93:ed:0e:70:cd:8b:41:5c:6a:58:09:
                    17:e9:0a:25:d4:56:60:f4:63:2f:22:e1:10:43:a9:
                    f3:e1:a6:e8:7e:43:f9:f9:ae:04:3d:00:22:00:89:
                    51:b3:07:04:0c:01:58:9f:69:c7:98:6f:30:82:d4:
                    e7:5b:eb:c5:68:4d:de:2a:c0:1f:ea:41:e4:b8:1f:
                    a2:15:0c:7c:f8:3d:8f:df:d1:2f:3d:6f:fd:dc:57:
                    9b:4c:00:d5:e0:c8:29:28:66:89:cc:f5:0e:e5:d9:
                    b8:8b:6d:11:0b:cf:b9:37:d7:32:d1:5d:10:ab:ad:
                    d8:b5:8d:11:9e:b8:6e:30:75:fe:81:4e:ef:3b:a4:
                    95:e9:68:51:40:d3:8b:38:2d:e7:89:3a:20:23:90:
                    7a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:70:48:31:45:B2:94:06:87:76:F4:55:60:5F:40:AB:F1:F0:AA:AF
            X509v3 Authority Key Identifier:
                keyid:76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/5HBIMUWylAaHdvRVYF9Aq_Hwqq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/dkL9PzNs5u6Z5h-pdwSabGqSPko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.162.0.0/24
                  46.162.3.0/24
                  46.162.8.0-46.162.12.255
                  46.162.15.0/24
                  46.162.18.0/24
                  46.162.21.0/24
                  46.162.23.0/24
                  46.162.26.0/24
                  46.162.32.0/24
                  46.162.48.0-46.162.53.255

    Signature Algorithm: sha256WithRSAEncryption
         02:3e:41:fd:40:8e:20:7c:96:f2:4d:5c:8e:a3:c9:72:c4:39:
         9f:d8:79:fd:75:34:48:38:7e:be:63:26:f6:2e:de:cd:f9:5b:
         3e:da:5c:a5:f3:e7:ef:23:38:d5:af:3f:0e:4a:59:b1:0e:7c:
         5f:99:ee:19:0e:c3:f7:b0:9e:05:f1:e8:11:67:6e:24:e8:0c:
         bd:6d:b6:b1:8c:2e:11:4d:a4:20:27:29:f8:86:65:4a:c8:23:
         e2:aa:12:cc:c7:7c:6b:02:f8:89:87:dd:dc:a9:1d:ec:31:8a:
         c2:78:af:b9:99:09:d9:60:bc:aa:1b:06:5a:95:b1:de:e2:10:
         da:f7:33:57:d1:13:1f:ec:45:b3:71:64:00:77:49:08:61:53:
         39:a0:42:17:d7:35:44:b8:c5:ef:b0:3d:a7:d4:45:02:fa:74:
         a1:3d:1f:a4:06:53:28:e4:e2:cc:d1:5d:c2:9f:67:80:58:e8:
         10:4b:1b:56:64:9c:3b:f1:60:dc:90:53:93:c2:5e:ed:87:87:
         6e:16:f3:4c:d5:b6:7d:f1:10:23:27:18:94:4b:eb:c5:dc:43:
         3a:02:54:ef:e9:c4:a5:a9:d5:9d:ba:f6:b1:c3:8c:2e:25:d3:
         17:4f:77:21:a0:92:53:f9:ac:91:6a:81:1e:d7:c2:80:da:df:
         b9:8f:04:ff
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYoT+CggspSt+MdsueqHDR0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDJmZDNmMzM2Y2U2ZWU5OWU2MWZhOTc3MDQ5YTZjNmE5
MjNlNGEwHhcNMjMwODIwMTcyMjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDcwNDgzMTQ1YjI5NDA2ODc3NmY0NTU2MDVmNDBhYmYxZjBhYWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNJvtNAeZ8gNyTP08c+2P3ya335g
S7tT0lLLSjQn97sRnmB7ATK0ChTLr9JYfYOtW0kna6Wt7RM4wnDtc5ICJthxxNQa
xi6qIqfImVfpI8VAVKnz6o/tpBcNifZLGTHLyRyIBvyNHVpvM0dck+0OcM2LQVxq
WAkX6Qol1FZg9GMvIuEQQ6nz4abofkP5+a4EPQAiAIlRswcEDAFYn2nHmG8wgtTn
W+vFaE3eKsAf6kHkuB+iFQx8+D2P39EvPW/93FebTADV4MgpKGaJzPUO5dm4i20R
C8+5N9cy0V0Qq63YtY0RnrhuMHX+gU7vO6SV6WhRQNOLOC3niTogI5B6PwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFORwSDFFspQGh3b0VWBfQKvx8KqvMB8GA1UdIwQY
MBaAFHZC/T8zbObumeYfqXcEmmxqkj5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAt
NjJjNDNhYzdjMDJmLzEvNUhCSU1VV3lsQWFIZHZSVllGOUFxX0h3cXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAtNjJjNDNhYzdjMDJm
LzEvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQALqIAAwQA
LqIDMAwDBAMuoggDBAAuogwDBAAuog8DBAAuohIDBAAuohUDBAAuohcDBAAuohoD
BAAuoiAwDAMEBC6iMAMEAS6iNDANBgkqhkiG9w0BAQsFAAOCAQEAAj5B/UCOIHyW
8k1cjqPJcsQ5n9h5/XU0SDh+vmMm9i7ezflbPtpcpfPn7yM41a8/DkpZsQ58X5nu
GQ7D97CeBfHoEWduJOgMvW22sYwuEU2kICcp+IZlSsgj4qoSzMd8awL4iYfd3Kkd
7DGKwnivuZkJ2WC8qhsGWpWx3uIQ2vczV9ETH+xFs3FkAHdJCGFTOaBCF9c1RLjF
77A9p9RFAvp0oT0fpAZTKOTizNFdwp9ngFjoEEsbVmScO/Fg3JBTk8Je7YeHbhbz
TNW2ffEQIycYlEvrxdxDOgJU7+nEpanVnbr2scOMLiXTF093IaCSU/mskWqBHtfC
gNrfuY8E/w==
-----END CERTIFICATE-----