Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/36c2aa-2e24-44fb-9e0a-b72398070823/1/3tUbIHMsBNCRzcYANW3q2dO__KY.roa
File:                     3tUbIHMsBNCRzcYANW3q2dO__KY.roa (raw, json)
Hash identifier:          dpd8zQp6QrupeZAA/CUIJNEqqKSKakbRdwMgyTSGltg=
Subject key identifier:   DE:D5:1B:20:73:2C:04:D0:91:CD:C6:00:35:6D:EA:D9:D3:BF:FC:A6
Certificate issuer:       /CN=dab1c03088ebfe553812b31547c03c90a25d8771
Certificate serial:       0193431E287D167BD97F4844A14EE45C2E34
Authority key identifier: DA:B1:C0:30:88:EB:FE:55:38:12:B3:15:47:C0:3C:90:A2:5D:87:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2rHAMIjr_lU4ErMVR8A8kKJdh3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/36c2aa-2e24-44fb-9e0a-b72398070823/1/3tUbIHMsBNCRzcYANW3q2dO__KY.roa
Signing time:             Tue 19 Nov 2024 06:31:09 +0000
ROA not before:           Tue 19 Nov 2024 06:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58130
IP address blocks:        176.116.96.0/20 maxlen: 20
                          176.116.96.0/24 maxlen: 24
                          176.116.104.0/24 maxlen: 24
                          176.116.105.0/24 maxlen: 24
                          176.116.106.0/24 maxlen: 24
                          176.116.107.0/24 maxlen: 24
                          176.116.108.0/24 maxlen: 24
                          176.116.111.0/24 maxlen: 24
                          176.116.112.0/22 maxlen: 22
                          185.165.140.0/23 maxlen: 23
                          185.165.142.0/23 maxlen: 23
                          2001:67c:1050::/48 maxlen: 48
                          2a0a:1a00::/29 maxlen: 29
                          2a0a:1a00::/30 maxlen: 30
                          2a0a:1a00:f000:9000::/56 maxlen: 56
                          2a0a:1a04::/30 maxlen: 30
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 11:48:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:43:1e:28:7d:16:7b:d9:7f:48:44:a1:4e:e4:5c:2e:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dab1c03088ebfe553812b31547c03c90a25d8771
        Validity
            Not Before: Nov 19 06:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ded51b20732c04d091cdc600356dead9d3bffca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:61:6a:7c:b0:82:36:50:e0:50:50:45:36:d1:
                    d4:d0:32:3b:ce:ef:ac:0f:c3:41:68:39:25:27:ac:
                    58:bf:77:8e:9d:28:05:e9:41:4e:9f:36:56:ea:f2:
                    0e:58:dc:70:07:c5:01:fa:c7:1d:0d:e6:5b:3a:44:
                    70:f1:ef:71:70:eb:94:ab:d8:08:43:1e:e3:11:33:
                    69:a7:1a:36:c3:ed:c2:a4:9c:44:09:9f:31:f4:ee:
                    89:8a:88:82:d7:17:04:4d:94:1b:13:e4:17:cd:d2:
                    ac:92:10:89:49:dc:fd:0c:30:1d:56:ad:31:4e:dd:
                    88:cb:01:f8:46:fd:d4:78:2a:6d:8a:d3:2c:d7:b8:
                    61:cf:f4:24:b7:e6:48:3c:4c:86:a8:11:f9:c5:08:
                    4e:9d:7a:6a:41:1d:36:53:24:33:8c:39:89:5a:0d:
                    cb:f5:b1:a2:2c:0c:08:42:ea:11:21:28:14:f4:ca:
                    28:59:08:6f:22:22:0a:50:c1:08:db:85:e9:23:46:
                    c5:f4:4f:28:ab:51:0a:a5:f6:ee:33:aa:0c:d4:91:
                    94:2f:cf:3a:2a:e4:12:75:59:d8:36:0c:49:7f:d0:
                    b8:a6:4b:3c:36:b0:7a:a7:68:14:fb:25:e7:7a:d2:
                    0b:88:48:6d:93:e0:23:c6:15:17:9e:b0:0d:a6:a2:
                    ca:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:D5:1B:20:73:2C:04:D0:91:CD:C6:00:35:6D:EA:D9:D3:BF:FC:A6
            X509v3 Authority Key Identifier:
                keyid:DA:B1:C0:30:88:EB:FE:55:38:12:B3:15:47:C0:3C:90:A2:5D:87:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2rHAMIjr_lU4ErMVR8A8kKJdh3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/36c2aa-2e24-44fb-9e0a-b72398070823/1/3tUbIHMsBNCRzcYANW3q2dO__KY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/36c2aa-2e24-44fb-9e0a-b72398070823/1/2rHAMIjr_lU4ErMVR8A8kKJdh3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.96.0-176.116.115.255
                  185.165.140.0/22
                IPv6:
                  2001:67c:1050::/48
                  2a0a:1a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:64:ae:c4:93:ec:6d:5c:67:94:da:02:2d:59:37:97:90:d6:
         7d:8e:71:73:46:38:8a:74:a1:f5:22:64:67:5a:4d:b6:08:b1:
         e7:84:bb:7a:2e:34:b7:fd:e7:62:29:99:cf:2c:ff:6d:78:90:
         50:73:c5:3e:bb:30:b7:1e:9c:c1:b2:9c:b5:9e:6c:f0:d8:73:
         94:40:47:57:9a:07:77:fb:1a:bf:7c:8f:1b:9a:2c:9b:e8:26:
         99:9c:05:a3:d4:70:ba:2a:d5:75:e2:96:52:e3:75:bb:d7:51:
         3c:e7:6e:9b:d2:ee:3c:97:46:0d:ac:de:ad:bf:6a:50:70:1a:
         36:38:f6:95:ef:2f:45:6a:1a:db:e7:45:8c:20:c2:83:02:89:
         3e:28:35:c5:d8:03:19:46:16:ab:62:1b:e8:bb:a5:a8:39:27:
         60:86:aa:ba:49:da:eb:4c:f5:f1:0c:51:62:33:ee:20:ed:af:
         a9:ee:75:d1:a4:ac:2a:42:16:0e:91:9e:50:c8:5d:d3:10:a3:
         4e:1e:78:61:b2:8c:62:ec:2f:24:28:24:9a:69:a4:79:10:38:
         f5:33:90:97:4a:9e:6d:9b:b0:21:66:fc:42:af:64:5e:0b:b4:
         75:93:5e:6a:db:1c:a3:22:ca:98:00:6d:e8:6a:60:62:52:04:
         a9:a0:b6:66
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZNDHih9FnvZf0hEoU7kXC40MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYjFjMDMwODhlYmZlNTUzODEyYjMxNTQ3YzAzYzkwYTI1
ZDg3NzEwHhcNMjQxMTE5MDYzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWQ1MWIyMDczMmMwNGQwOTFjZGM2MDAzNTZkZWFkOWQzYmZmY2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGFqfLCCNlDgUFBFNtHU0DI7zu+s
D8NBaDklJ6xYv3eOnSgF6UFOnzZW6vIOWNxwB8UB+scdDeZbOkRw8e9xcOuUq9gI
Qx7jETNppxo2w+3CpJxECZ8x9O6JioiC1xcETZQbE+QXzdKskhCJSdz9DDAdVq0x
Tt2IywH4Rv3UeCptitMs17hhz/Qkt+ZIPEyGqBH5xQhOnXpqQR02UyQzjDmJWg3L
9bGiLAwIQuoRISgU9MooWQhvIiIKUMEI24XpI0bF9E8oq1EKpfbuM6oM1JGUL886
KuQSdVnYNgxJf9C4pks8NrB6p2gU+yXnetILiEhtk+AjxhUXnrANpqLKmQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFN7VGyBzLATQkc3GADVt6tnTv/ymMB8GA1UdIwQY
MBaAFNqxwDCI6/5VOBKzFUfAPJCiXYdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnJIQU1JanJfbFU0RXJNVlI4QThrS0pkaDNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8zNmMyYWEtMmUyNC00NGZiLTllMGEt
YjcyMzk4MDcwODIzLzEvM3RVYklITXNCTkNSemNZQU5XM3EyZE9fX0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8zNmMyYWEtMmUyNC00NGZiLTllMGEtYjcyMzk4MDcwODIz
LzEvMnJIQU1JanJfbFU0RXJNVlI4QThrS0pkaDNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAaBAIAATAUMAwDBAWwdGAD
BAKwdHADBAK5pYwwFgQCAAIwEAMHACABBnwQUAMFAyoKGgAwDQYJKoZIhvcNAQEL
BQADggEBAC5krsST7G1cZ5TaAi1ZN5eQ1n2OcXNGOIp0ofUiZGdaTbYIseeEu3ou
NLf952Ipmc8s/214kFBzxT67MLcenMGynLWebPDYc5RAR1eaB3f7Gr98jxuaLJvo
JpmcBaPUcLoq1XXillLjdbvXUTznbpvS7jyXRg2s3q2/alBwGjY49pXvL0VqGtvn
RYwgwoMCiT4oNcXYAxlGFqtiG+i7pag5J2CGqrpJ2utM9fEMUWIz7iDtr6nuddGk
rCpCFg6RnlDIXdMQo04eeGGyjGLsLyQoJJpppHkQOPUzkJdKnm2bsCFm/EKvZF4L
tHWTXmrbHKMiypgAbehqYGJSBKmgtmY=
-----END CERTIFICATE-----