Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/FPJQPUV2Fg3CZKjXJDK-h0BjpRY.roa
File:                     FPJQPUV2Fg3CZKjXJDK-h0BjpRY.roa (raw, json)
Hash identifier:          KtaeLNVYfiNqvihMepgYzHXQSdKW6cswc3hYJVzJJsY=
Subject key identifier:   14:F2:50:3D:45:76:16:0D:C2:64:A8:D7:24:32:BE:87:40:63:A5:16
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       0189ED8C3F53BF41D3D732E7EDBC408F522B
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/FPJQPUV2Fg3CZKjXJDK-h0BjpRY.roa
Signing time:             Sun 13 Aug 2023 06:18:58 +0000
ROA not before:           Sun 13 Aug 2023 06:18:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39216
IP address blocks:        188.72.56.0/24 maxlen: 24
                          188.72.63.0/24 maxlen: 24
                          188.72.62.0/24 maxlen: 24
                          188.72.61.0/24 maxlen: 24
                          188.72.60.0/24 maxlen: 24
                          188.72.59.0/24 maxlen: 24
                          188.72.4.0/24 maxlen: 24
                          188.72.2.0/24 maxlen: 24
                          188.72.7.0/24 maxlen: 24
                          188.72.6.0/24 maxlen: 24
                          188.72.5.0/24 maxlen: 24
                          188.72.35.0/24 maxlen: 24
                          188.72.34.0/24 maxlen: 24
                          185.72.253.0/24 maxlen: 24
                          185.72.252.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ed:8c:3f:53:bf:41:d3:d7:32:e7:ed:bc:40:8f:52:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: Aug 13 06:18:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=14f2503d4576160dc264a8d72432be874063a516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ec:a4:92:2e:68:d4:c2:e8:ea:a3:6f:49:92:
                    c1:71:56:26:7e:c6:4a:9f:eb:7b:a1:c5:a7:03:0f:
                    e4:9f:9b:e1:d0:61:ce:51:49:3b:e6:cc:32:55:87:
                    00:c9:db:7e:36:75:be:94:b2:c6:5d:c1:ee:b9:f1:
                    38:31:ad:47:1b:69:2f:6b:d4:14:4d:1a:c6:6e:9d:
                    4d:f0:3f:ee:0a:f2:91:c6:12:81:8c:be:94:1d:a8:
                    60:4d:1c:c6:39:d8:b1:c2:6f:34:86:d8:f4:23:ff:
                    c9:bc:bd:0a:c7:5a:33:c9:71:37:4f:93:81:8f:0e:
                    dc:35:f2:64:40:6d:ed:26:86:77:fb:f3:e1:e5:b7:
                    b9:d3:b7:d2:7d:a1:40:7e:d9:b8:48:a7:7f:5f:88:
                    b3:4d:ba:8f:85:77:0c:93:02:07:86:8f:f8:59:fb:
                    21:88:45:67:99:c1:6e:7b:67:75:d2:dc:cc:8c:1d:
                    1b:a3:e6:7f:30:63:d8:28:61:d9:17:83:7d:07:47:
                    22:8b:98:a6:09:4c:8f:0a:24:aa:6f:4e:9b:8f:67:
                    b0:36:04:9c:7a:6c:50:42:46:04:c6:b6:8f:15:f8:
                    a7:54:c7:cf:b0:f2:4d:f6:3a:16:b3:de:3a:1d:51:
                    f9:7b:a1:97:21:cc:48:18:ba:95:b6:37:60:99:4e:
                    62:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:F2:50:3D:45:76:16:0D:C2:64:A8:D7:24:32:BE:87:40:63:A5:16
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/FPJQPUV2Fg3CZKjXJDK-h0BjpRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.252.0/23
                  188.72.2.0/24
                  188.72.4.0/22
                  188.72.34.0/23
                  188.72.56.0/24
                  188.72.59.0-188.72.63.255

    Signature Algorithm: sha256WithRSAEncryption
         ea:a5:b9:f6:14:dd:15:3c:33:ee:ff:af:1f:03:25:84:73:b5:
         13:d3:1a:54:99:f4:e1:f4:b2:80:98:d1:b8:3e:a4:a9:03:a2:
         24:c2:a2:c2:81:02:99:bb:85:8e:c9:c9:b9:bc:9f:e9:54:2e:
         e0:47:cc:87:eb:56:a5:58:d5:37:c1:31:5b:4d:ef:c9:5f:5e:
         35:52:fd:56:6a:bd:81:d3:63:44:72:43:3b:f6:9f:d4:87:be:
         de:89:2e:c9:97:d7:9e:7c:3a:c2:f1:88:9c:e1:f4:8e:18:79:
         d1:9f:84:af:6f:56:f9:14:b8:26:11:c8:78:3f:cf:87:76:15:
         da:a4:b9:26:b6:0f:29:18:f9:27:f0:c2:4a:2d:63:cb:0d:98:
         a8:65:d0:3c:84:ef:70:7a:ce:66:87:4b:e4:f5:b8:a0:08:3c:
         98:56:1d:a5:3d:b7:e0:96:dc:37:35:70:54:a3:ab:61:45:24:
         1d:04:f7:02:2f:84:0d:9f:b2:61:c5:70:91:8f:1e:53:b5:c2:
         33:25:ed:28:cf:d0:a8:25:33:57:20:e1:77:bb:6c:26:58:8b:
         b4:67:9d:a7:2e:8b:2c:87:29:1d:80:ce:61:a9:ff:4b:86:d5:
         13:22:7d:fa:3c:49:e1:00:38:8b:f1:98:54:ca:b4:80:35:c0:
         b4:e1:42:4b
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYntjD9Tv0HT1zLn7bxAj1IrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjMwODEzMDYxODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGYyNTAzZDQ1NzYxNjBkYzI2NGE4ZDcyNDMyYmU4NzQwNjNhNTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOykki5o1MLo6qNvSZLBcVYmfsZK
n+t7ocWnAw/kn5vh0GHOUUk75swyVYcAydt+NnW+lLLGXcHuufE4Ma1HG2kva9QU
TRrGbp1N8D/uCvKRxhKBjL6UHahgTRzGOdixwm80htj0I//JvL0Kx1ozyXE3T5OB
jw7cNfJkQG3tJoZ3+/Ph5be507fSfaFAftm4SKd/X4izTbqPhXcMkwIHho/4Wfsh
iEVnmcFue2d10tzMjB0bo+Z/MGPYKGHZF4N9B0cii5imCUyPCiSqb06bj2ewNgSc
emxQQkYExraPFfinVMfPsPJN9joWs946HVH5e6GXIcxIGLqVtjdgmU5iFwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFBTyUD1FdhYNwmSo1yQyvodAY6UWMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvRlBKUVBVVjJGZzNDWktqWEpESy1oMEJqcFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBuUj8AwQA
vEgCAwQCvEgEAwQBvEgiAwQAvEg4MAwDBAC8SDsDBAa8SAAwDQYJKoZIhvcNAQEL
BQADggEBAOqlufYU3RU8M+7/rx8DJYRztRPTGlSZ9OH0soCY0bg+pKkDoiTCosKB
Apm7hY7Jybm8n+lULuBHzIfrVqVY1TfBMVtN78lfXjVS/VZqvYHTY0RyQzv2n9SH
vt6JLsmX1558OsLxiJzh9I4YedGfhK9vVvkUuCYRyHg/z4d2FdqkuSa2DykY+Sfw
wkotY8sNmKhl0DyE73B6zmaHS+T1uKAIPJhWHaU9t+CW3Dc1cFSjq2FFJB0E9wIv
hA2fsmHFcJGPHlO1wjMl7SjP0KglM1cg4Xe7bCZYi7RnnacuiyyHKR2AzmGp/0uG
1RMiffo8SeEAOIvxmFTKtIA1wLThQks=
-----END CERTIFICATE-----