Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/AsjUb6PnSEhKAT_tRu-jzqIbl38.roa
File:                     AsjUb6PnSEhKAT_tRu-jzqIbl38.roa (raw, json)
Hash identifier:          5SgPSyWB5Box6You+i71gasimIqI08O9V/20gIpEwA4=
Subject key identifier:   02:C8:D4:6F:A3:E7:48:48:4A:01:3F:ED:46:EF:A3:CE:A2:1B:97:7F
Certificate issuer:       /CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Certificate serial:       018E984382F10111E0B3A815ED695A5854B7
Authority key identifier: 0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/AsjUb6PnSEhKAT_tRu-jzqIbl38.roa
Signing time:             Mon 01 Apr 2024 06:05:44 +0000
ROA not before:           Mon 01 Apr 2024 06:05:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33852
IP address blocks:        83.139.0.0/24 maxlen: 24
                          83.139.1.0/24 maxlen: 24
                          83.139.2.0/24 maxlen: 24
                          83.139.4.0/24 maxlen: 24
                          83.139.5.0/24 maxlen: 24
                          83.139.6.0/23 maxlen: 23
                          83.139.8.0/21 maxlen: 21
                          83.139.8.0/24 maxlen: 24
                          83.139.9.0/24 maxlen: 24
                          83.139.10.0/24 maxlen: 24
                          83.139.11.0/24 maxlen: 24
                          83.139.12.0/24 maxlen: 24
                          83.139.13.0/24 maxlen: 24
                          83.139.14.0/24 maxlen: 24
                          83.139.15.0/24 maxlen: 24
                          83.139.16.0/24 maxlen: 24
                          83.139.17.0/24 maxlen: 24
                          83.139.18.0/24 maxlen: 24
                          83.139.32.0/21 maxlen: 21
                          83.139.33.0/24 maxlen: 24
                          83.139.35.0/24 maxlen: 24
                          83.139.36.0/22 maxlen: 22
                          83.139.39.0/24 maxlen: 24
                          2a01:4000::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 23:47:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:98:43:82:f1:01:11:e0:b3:a8:15:ed:69:5a:58:54:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
        Validity
            Not Before: Apr  1 06:05:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02c8d46fa3e748484a013fed46efa3cea21b977f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d2:4f:9b:0f:b7:c3:b0:0b:08:5d:b5:7c:7c:
                    18:2d:26:29:00:e2:45:26:a0:20:5f:ab:41:c7:5f:
                    83:1f:b0:69:12:ea:a3:b3:03:83:fb:89:8e:77:be:
                    7b:b1:c2:0f:e9:b8:9a:de:a0:56:7d:92:47:c9:91:
                    4a:61:27:95:b9:a9:19:7a:90:4c:96:08:f7:18:d2:
                    ae:fe:f7:d2:ad:33:de:f6:5c:9c:70:f9:db:6e:9c:
                    10:b4:f8:70:d3:38:42:c9:dc:05:c2:18:3b:ba:2c:
                    2c:99:cf:04:b6:48:fd:e3:26:d3:9f:2f:17:aa:9d:
                    4f:ea:85:96:40:4b:20:76:64:e8:d2:59:9c:6b:44:
                    6c:93:86:0f:2a:34:fa:04:3c:c8:88:85:e3:a2:90:
                    be:6c:45:23:fd:e4:ce:c6:72:af:0d:02:7b:da:5f:
                    7f:97:e5:0a:81:bc:5d:0d:6f:86:7b:7f:e8:e6:f3:
                    1d:db:d6:96:49:e3:45:c6:c2:67:de:24:10:9e:95:
                    64:57:16:c3:b9:49:0e:cf:52:02:b4:9d:a8:37:15:
                    4f:4f:22:5b:35:14:26:b4:0b:c1:7c:c9:06:99:f5:
                    8a:90:33:18:bf:4f:bb:fb:65:2d:d8:70:16:38:cc:
                    41:f0:af:f5:54:3c:cd:21:b8:23:ae:04:a3:95:55:
                    d2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:C8:D4:6F:A3:E7:48:48:4A:01:3F:ED:46:EF:A3:CE:A2:1B:97:7F
            X509v3 Authority Key Identifier:
                keyid:0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/AsjUb6PnSEhKAT_tRu-jzqIbl38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.139.0.0-83.139.2.255
                  83.139.4.0-83.139.18.255
                  83.139.32.0/21
                IPv6:
                  2a01:4000::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:79:c3:bc:20:49:89:61:a2:3f:7a:de:47:00:b5:75:bd:b9:
         27:4f:c5:1a:a9:d0:43:b2:8f:4c:3e:af:18:5a:8f:dd:1c:08:
         17:79:13:f5:d8:79:29:96:16:97:1f:b0:3a:43:fe:13:1f:b2:
         26:a3:47:6f:48:54:37:b7:27:7d:94:a5:22:16:b0:a2:12:ff:
         c4:13:92:6a:8f:90:59:f2:9f:93:d7:84:22:87:70:03:a6:77:
         7e:30:6b:19:fe:58:65:f7:79:8d:e2:65:92:68:dd:f4:75:8d:
         a4:f9:2e:8f:8a:e1:17:99:75:62:c5:c3:a9:ce:3f:10:b3:c5:
         7d:28:2f:d8:9c:b1:a9:06:25:90:d8:28:a8:d1:a5:e8:3f:ce:
         de:63:b6:f3:71:82:f2:0d:67:c1:c1:33:2a:8f:52:3b:17:e1:
         06:91:fe:61:91:cf:76:25:e2:be:2b:63:f0:49:df:61:48:01:
         b3:6a:5e:76:61:e2:98:74:cb:53:61:19:71:3a:88:4f:29:f3:
         b2:3c:4f:b8:2d:c0:85:1f:26:80:d5:c5:24:a8:5e:c6:5d:48:
         d6:51:19:3e:62:5a:a7:91:4d:cd:d7:9f:ff:42:a3:70:23:f8:
         12:84:1b:60:39:85:9e:df:ce:bf:26:66:51:ed:21:9e:c0:6d:
         a6:47:80:b4
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY6YQ4LxARHgs6gV7WlaWFS3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNzVmYjRmNTJhODI5ZDEzNmUyOWE5YTAyNWM2MzZkMTlh
ZTMyOGUwHhcNMjQwNDAxMDYwNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmM4ZDQ2ZmEzZTc0ODQ4NGEwMTNmZWQ0NmVmYTNjZWEyMWI5NzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19JPmw+3w7ALCF21fHwYLSYpAOJF
JqAgX6tBx1+DH7BpEuqjswOD+4mOd757scIP6bia3qBWfZJHyZFKYSeVuakZepBM
lgj3GNKu/vfSrTPe9lyccPnbbpwQtPhw0zhCydwFwhg7uiwsmc8Etkj94ybTny8X
qp1P6oWWQEsgdmTo0lmca0Rsk4YPKjT6BDzIiIXjopC+bEUj/eTOxnKvDQJ72l9/
l+UKgbxdDW+Ge3/o5vMd29aWSeNFxsJn3iQQnpVkVxbDuUkOz1ICtJ2oNxVPTyJb
NRQmtAvBfMkGmfWKkDMYv0+7+2Ut2HAWOMxB8K/1VDzNIbgjrgSjlVXSJwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFALI1G+j50hISgE/7Ubvo86iG5d/MB8GA1UdIwQY
MBaAFA51+09SqCnRNuKamgJcY20ZrjKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYt
MzViYTI2N2RlZDNiLzEvQXNqVWI2UG5TRWhLQVRfdFJ1LWp6cUlibDM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYtMzViYTI2N2RlZDNi
LzEvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAnBAIAATAhMAsDAwBTiwME
AFOLAjAMAwQCU4sEAwQAU4sSAwQDU4sgMA0EAgACMAcDBQAqAUAAMA0GCSqGSIb3
DQEBCwUAA4IBAQAlecO8IEmJYaI/et5HALV1vbknT8UaqdBDso9MPq8YWo/dHAgX
eRP12HkplhaXH7A6Q/4TH7Imo0dvSFQ3tyd9lKUiFrCiEv/EE5Jqj5BZ8p+T14Qi
h3ADpnd+MGsZ/lhl93mN4mWSaN30dY2k+S6PiuEXmXVixcOpzj8Qs8V9KC/YnLGp
BiWQ2Cio0aXoP87eY7bzcYLyDWfBwTMqj1I7F+EGkf5hkc92JeK+K2PwSd9hSAGz
al52YeKYdMtTYRlxOohPKfOyPE+4LcCFHyaA1cUkqF7GXUjWURk+YlqnkU3N15//
QqNwI/gShBtgOYWe386/JmZR7SGewG2mR4C0
-----END CERTIFICATE-----