Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/AngDC44aoI2V2Q-FpYYmF8g2R-0.roa
File:                     AngDC44aoI2V2Q-FpYYmF8g2R-0.roa (raw, json)
Hash identifier:          6pwOghkQSYTeVl+wooEYNe6HKosR5x7nIs+yWTHIFMo=
Subject key identifier:   02:78:03:0B:8E:1A:A0:8D:95:D9:0F:85:A5:86:26:17:C8:36:47:ED
Certificate issuer:       /CN=808e238e30dcb759759fb8a394d9e211a28b9d87
Certificate serial:       01939B2F03F5001E1E2B8DDD1825484BD243
Authority key identifier: 80:8E:23:8E:30:DC:B7:59:75:9F:B8:A3:94:D9:E2:11:A2:8B:9D:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/AngDC44aoI2V2Q-FpYYmF8g2R-0.roa
Signing time:             Fri 06 Dec 2024 08:56:09 +0000
ROA not before:           Fri 06 Dec 2024 08:56:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6789
IP address blocks:        45.149.244.0/22 maxlen: 22
                          80.245.112.0/20 maxlen: 20
                          80.245.112.0/24 maxlen: 24
                          83.222.0.0/24 maxlen: 24
                          83.222.1.0/24 maxlen: 24
                          83.222.2.0/24 maxlen: 24
                          83.222.3.0/24 maxlen: 24
                          85.91.192.0/19 maxlen: 19
                          91.235.12.0/24 maxlen: 24
                          91.235.13.0/24 maxlen: 24
                          91.235.14.0/24 maxlen: 24
                          91.247.96.0/19 maxlen: 19
                          109.200.128.0/19 maxlen: 19
                          185.100.103.0/24 maxlen: 24
                          185.104.92.0/22 maxlen: 22
                          185.186.232.0/22 maxlen: 22
                          2a00:1d80::/32 maxlen: 32
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 07:47:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:9b:2f:03:f5:00:1e:1e:2b:8d:dd:18:25:48:4b:d2:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=808e238e30dcb759759fb8a394d9e211a28b9d87
        Validity
            Not Before: Dec  6 08:56:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0278030b8e1aa08d95d90f85a5862617c83647ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:9d:11:20:a2:cd:2e:58:a3:90:c8:ee:0b:b4:
                    9d:fe:1e:bf:b7:73:da:76:85:7b:b5:99:94:bb:c6:
                    00:94:56:f8:b7:c2:fa:16:d1:1a:6e:87:e1:ac:26:
                    12:2d:73:cf:5c:bc:4e:6c:e4:fc:b5:93:3c:19:79:
                    61:2c:7a:2b:5c:65:15:6d:97:d7:2a:79:ad:ec:37:
                    b8:70:b5:93:92:0a:64:01:77:2e:82:f8:cf:e7:a9:
                    86:19:4a:06:89:c0:66:8d:22:2d:32:1f:b3:e6:d3:
                    b4:67:33:af:b4:8e:d6:fc:08:1f:9e:55:76:31:6a:
                    8b:dc:ea:80:6d:a7:28:87:dc:5f:9e:46:f4:a1:b0:
                    76:e5:d9:ab:ab:52:9b:42:5a:bb:a6:06:3e:e6:6d:
                    c4:c0:49:b5:21:af:b9:f9:94:71:54:8d:f2:0d:61:
                    f1:31:70:d2:c8:c7:7d:0c:5d:2f:3c:f5:16:74:45:
                    ae:ab:98:b1:9e:0f:84:60:96:f4:54:90:e1:47:3c:
                    6b:69:3e:d0:e0:33:ac:6a:f5:56:ab:9a:95:db:e4:
                    d1:00:88:13:46:2a:65:9f:fa:e3:48:ec:99:48:23:
                    e7:78:ca:ff:52:db:c3:5c:47:21:9b:b5:75:90:52:
                    de:89:9b:b4:6d:03:50:ea:c7:2c:e2:bc:ff:e8:47:
                    ea:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:78:03:0B:8E:1A:A0:8D:95:D9:0F:85:A5:86:26:17:C8:36:47:ED
            X509v3 Authority Key Identifier:
                keyid:80:8E:23:8E:30:DC:B7:59:75:9F:B8:A3:94:D9:E2:11:A2:8B:9D:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/AngDC44aoI2V2Q-FpYYmF8g2R-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/gI4jjjDct1l1n7ijlNniEaKLnYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.244.0/22
                  80.245.112.0/20
                  83.222.0.0/22
                  85.91.192.0/19
                  91.235.12.0-91.235.14.255
                  91.247.96.0/19
                  109.200.128.0/19
                  185.100.103.0/24
                  185.104.92.0/22
                  185.186.232.0/22
                IPv6:
                  2a00:1d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:3a:32:36:8c:81:da:53:99:15:3a:b5:f4:cc:c1:de:c7:77:
         46:3b:df:12:83:78:77:61:8c:35:eb:62:24:fe:31:df:49:95:
         52:a5:a8:6d:d4:7e:c3:e9:16:f3:35:30:24:1b:b4:3d:bd:5d:
         40:8b:24:a4:e0:12:ec:4c:d2:c7:2b:79:c7:7a:af:b2:7d:e4:
         e7:07:ae:06:19:73:21:38:88:a1:79:75:91:d0:0c:59:05:a2:
         ae:0a:73:62:a5:52:c7:8b:06:fe:31:92:81:78:0d:4c:ac:73:
         31:f8:26:8a:97:44:97:e4:75:d3:f0:b8:71:8d:63:58:bf:8e:
         52:da:53:34:1c:69:38:ab:cc:cb:e9:36:d5:bf:14:67:ac:ab:
         ea:6f:25:cc:fe:ff:06:c4:bd:a1:88:b3:af:19:bf:4b:76:0b:
         0a:61:ce:8e:5d:d0:1c:57:56:3b:29:31:2d:6e:66:46:c3:f3:
         83:23:62:25:fe:1d:65:68:60:9a:df:07:de:f1:e7:f2:a2:20:
         4d:a8:98:ad:8c:16:72:35:5f:79:e6:9f:49:b6:8d:a7:76:37:
         15:cf:24:0d:7a:52:8b:64:ea:49:44:8f:b4:19:02:f7:c6:cc:
         dc:32:39:bb:3e:ed:eb:7b:33:4c:35:a2:8e:90:76:0d:9f:e5:
         4c:56:45:1f
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAZObLwP1AB4eK43dGCVIS9JDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwOGUyMzhlMzBkY2I3NTk3NTlmYjhhMzk0ZDllMjExYTI4
YjlkODcwHhcNMjQxMjA2MDg1NjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjc4MDMwYjhlMWFhMDhkOTVkOTBmODVhNTg2MjYxN2M4MzY0N2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA850RIKLNLlijkMjuC7Sd/h6/t3Pa
doV7tZmUu8YAlFb4t8L6FtEabofhrCYSLXPPXLxObOT8tZM8GXlhLHorXGUVbZfX
Knmt7De4cLWTkgpkAXcugvjP56mGGUoGicBmjSItMh+z5tO0ZzOvtI7W/AgfnlV2
MWqL3OqAbacoh9xfnkb0obB25dmrq1KbQlq7pgY+5m3EwEm1Ia+5+ZRxVI3yDWHx
MXDSyMd9DF0vPPUWdEWuq5ixng+EYJb0VJDhRzxraT7Q4DOsavVWq5qV2+TRAIgT
Ripln/rjSOyZSCPneMr/UtvDXEchm7V1kFLeiZu0bQNQ6scs4rz/6EfqCwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFAJ4AwuOGqCNldkPhaWGJhfINkftMB8GA1UdIwQY
MBaAFICOI44w3LdZdZ+4o5TZ4hGii52HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0k0ampqRGN0MWwxbjdpamxObmlFYUtMblljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83YjJjZDYtYjFmMy00M2ZjLTlmMDkt
Y2Q5NzQwNDI2NDlmLzEvQW5nREM0NGFvSTJWMlEtRnBZWW1GOGcyUi0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83YjJjZDYtYjFmMy00M2ZjLTlmMDktY2Q5NzQwNDI2NDlm
LzEvZ0k0ampqRGN0MWwxbjdpamxObmlFYUtMblljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQCLZX0AwQE
UPVwAwQCU94AAwQFVVvAMAwDBAJb6wwDBABb6w4DBAVb92ADBAVtyIADBAC5ZGcD
BAK5aFwDBAK5uugwDQQCAAIwBwMFACoAHYAwDQYJKoZIhvcNAQELBQADggEBAGs6
MjaMgdpTmRU6tfTMwd7Hd0Y73xKDeHdhjDXrYiT+Md9JlVKlqG3UfsPpFvM1MCQb
tD29XUCLJKTgEuxM0screcd6r7J95OcHrgYZcyE4iKF5dZHQDFkFoq4Kc2KlUseL
Bv4xkoF4DUysczH4JoqXRJfkddPwuHGNY1i/jlLaUzQcaTirzMvpNtW/FGesq+pv
Jcz+/wbEvaGIs68Zv0t2Cwphzo5d0BxXVjspMS1uZkbD84MjYiX+HWVoYJrfB97x
5/KiIE2omK2MFnI1X3nmn0m2jad2NxXPJA16Uotk6klEj7QZAvfGzNwyObs+7et7
M0w1oo6Qdg2f5UxWRR8=
-----END CERTIFICATE-----