Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/YhzoU3dTChO9ij9H4WHDv0_64Jk.roa
File:                     YhzoU3dTChO9ij9H4WHDv0_64Jk.roa (raw, json)
Hash identifier:          rb278pVdRbokAJc+dqA1YFSkxKygndD+LDO+01rCANM=
Subject key identifier:   62:1C:E8:53:77:53:0A:13:BD:8A:3F:47:E1:61:C3:BF:4F:FA:E0:99
Certificate issuer:       /CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
Certificate serial:       0190BAA85D2F5591409EBC68C1FF31793BA4
Authority key identifier: 9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/YhzoU3dTChO9ij9H4WHDv0_64Jk.roa
Signing time:             Tue 16 Jul 2024 08:28:34 +0000
ROA not before:           Tue 16 Jul 2024 08:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35237
IP address blocks:        84.252.144.0/23 maxlen: 24
                          84.252.144.0/24 maxlen: 24
                          84.252.145.0/24 maxlen: 24
                          84.252.146.0/24 maxlen: 24
                          84.252.147.0/24 maxlen: 24
                          84.252.149.0/24 maxlen: 24
                          84.252.150.0/24 maxlen: 24
                          84.252.151.0/24 maxlen: 24
                          91.217.194.0/24 maxlen: 24
                          185.157.96.0/23 maxlen: 24
                          185.157.99.0/24 maxlen: 24
                          194.54.14.0/24 maxlen: 24
                          194.54.15.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 22 Jul 2024 08:15:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ba:a8:5d:2f:55:91:40:9e:bc:68:c1:ff:31:79:3b:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
        Validity
            Not Before: Jul 16 08:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=621ce85377530a13bd8a3f47e161c3bf4ffae099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:98:fd:c9:6c:e0:b6:1a:26:b6:bd:38:f8:d7:
                    49:7d:db:47:90:81:54:0c:fa:75:8b:7d:72:18:f1:
                    34:0d:83:99:f3:f0:4d:ef:fd:87:5a:04:9e:95:28:
                    f9:f8:91:8f:bf:2e:bb:57:15:bf:d1:bf:ad:d9:8c:
                    26:26:69:bd:23:8f:31:0a:fd:e0:7f:f8:8e:66:4d:
                    a9:98:af:12:60:34:58:09:e2:e4:7e:6c:03:48:81:
                    86:e5:c5:27:d8:34:b3:18:aa:42:99:88:f2:35:75:
                    d0:33:3c:73:ed:cc:4a:8a:40:63:4b:ef:d8:b7:08:
                    21:63:44:7e:f1:6d:e8:4f:9b:8f:87:9c:cd:6a:74:
                    e2:95:0c:13:d5:2b:ed:9d:bb:17:fe:71:87:fa:ed:
                    0c:59:7b:2a:7d:e8:a8:cf:2c:94:cb:d3:7f:61:c4:
                    86:93:89:67:7c:a7:03:af:ce:21:dc:15:51:20:c1:
                    e0:96:18:23:4a:3e:e3:93:a7:d3:d4:c9:6e:8c:8e:
                    b0:53:6b:cd:a6:f7:33:df:74:ba:f3:11:88:46:32:
                    e8:84:84:e6:df:cf:8c:86:aa:18:4f:6a:c0:a0:db:
                    4d:27:bc:29:5a:15:72:24:04:b7:b1:fa:65:43:c3:
                    75:ec:f1:f6:e2:95:28:a9:2f:c3:75:1a:79:64:6f:
                    b0:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:1C:E8:53:77:53:0A:13:BD:8A:3F:47:E1:61:C3:BF:4F:FA:E0:99
            X509v3 Authority Key Identifier:
                keyid:9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/YhzoU3dTChO9ij9H4WHDv0_64Jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/mlJqc86Pn2LBShGi6pE-wnPVjEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.144.0/22
                  84.252.149.0-84.252.151.255
                  91.217.194.0/24
                  185.157.96.0/23
                  185.157.99.0/24
                  194.54.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:86:96:e6:51:08:70:e2:df:6e:45:75:8c:e3:3f:51:1d:ca:
         14:d8:1a:b4:7b:77:45:5c:bf:12:4f:71:73:42:bd:e2:55:40:
         ae:cb:6b:4b:cc:2d:57:fe:43:c8:ff:9b:7b:69:5a:81:39:69:
         1d:98:d5:9f:e6:d5:49:f9:d9:1a:4d:b3:31:3b:b3:2e:c0:45:
         a2:00:05:42:0c:96:9f:47:6f:df:45:06:4d:5d:e7:3b:24:32:
         b3:65:8c:49:0a:e5:22:5e:6f:22:2f:a2:b5:bc:33:70:f6:64:
         aa:ad:97:05:87:99:05:0e:58:0d:53:15:b4:21:15:da:83:10:
         63:3a:e4:e2:67:f5:61:f4:90:59:b3:7b:59:c1:8e:f7:63:4d:
         ad:e8:2a:f4:cd:94:1d:1f:df:2b:ae:6a:7e:a7:f6:3e:21:49:
         20:d5:b5:5e:af:85:df:51:cb:05:c4:b6:ad:ce:c7:82:cf:30:
         d2:3f:aa:39:58:ad:da:60:ce:60:d4:44:de:48:e4:ad:28:d2:
         d3:a0:3b:d9:12:39:dc:69:34:68:16:f5:5d:1a:be:bb:e9:68:
         6e:35:09:ef:4c:85:03:a5:f4:80:ee:48:7d:c6:25:4c:0e:4a:
         ff:13:c4:39:49:fe:4b:c0:a4:2a:1d:72:6a:ef:5f:f4:8a:a9:
         06:6b:98:89
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZC6qF0vVZFAnrxowf8xeTukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNTI2YTczY2U4ZjlmNjJjMTRhMTFhMmVhOTEzZWMyNzNk
NThjNDYwHhcNMjQwNzE2MDgyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjFjZTg1Mzc3NTMwYTEzYmQ4YTNmNDdlMTYxYzNiZjRmZmFlMDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA55j9yWzgthomtr04+NdJfdtHkIFU
DPp1i31yGPE0DYOZ8/BN7/2HWgSelSj5+JGPvy67VxW/0b+t2YwmJmm9I48xCv3g
f/iOZk2pmK8SYDRYCeLkfmwDSIGG5cUn2DSzGKpCmYjyNXXQMzxz7cxKikBjS+/Y
twghY0R+8W3oT5uPh5zNanTilQwT1SvtnbsX/nGH+u0MWXsqfeiozyyUy9N/YcSG
k4lnfKcDr84h3BVRIMHglhgjSj7jk6fT1MlujI6wU2vNpvcz33S68xGIRjLohITm
38+MhqoYT2rAoNtNJ7wpWhVyJAS3sfplQ8N17PH24pUoqS/DdRp5ZG+wmwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFGIc6FN3UwoTvYo/R+Fhw79P+uCZMB8GA1UdIwQY
MBaAFJpSanPOj59iwUoRouqRPsJz1YxGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWxKcWM4NlBuMkxCU2hHaTZwRS13blBWakVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82ZmNkY2EtZDEyMS00MzkxLTljZmMt
N2QxNmI5MGRiZTcyLzEvWWh6b1UzZFRDaE85aWo5SDRXSER2MF82NEprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82ZmNkY2EtZDEyMS00MzkxLTljZmMtN2QxNmI5MGRiZTcy
LzEvbWxKcWM4NlBuMkxCU2hHaTZwRS13blBWakVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQCVPyQMAwD
BABU/JUDBANU/JADBABb2cIDBAG5nWADBAC5nWMDBAHCNg4wDQYJKoZIhvcNAQEL
BQADggEBAG2GluZRCHDi325FdYzjP1EdyhTYGrR7d0VcvxJPcXNCveJVQK7La0vM
LVf+Q8j/m3tpWoE5aR2Y1Z/m1Un52RpNszE7sy7ARaIABUIMlp9Hb99FBk1d5zsk
MrNljEkK5SJebyIvorW8M3D2ZKqtlwWHmQUOWA1TFbQhFdqDEGM65OJn9WH0kFmz
e1nBjvdjTa3oKvTNlB0f3yuuan6n9j4hSSDVtV6vhd9RywXEtq3Ox4LPMNI/qjlY
rdpgzmDURN5I5K0o0tOgO9kSOdxpNGgW9V0avrvpaG41Ce9MhQOl9IDuSH3GJUwO
Sv8TxDlJ/kvApCodcmrvX/SKqQZrmIk=
-----END CERTIFICATE-----