Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/OI0mzqmXqt7k3YDvXus72iH1Zlo.roa
File:                     OI0mzqmXqt7k3YDvXus72iH1Zlo.roa (raw, json)
Hash identifier:          jm9W5exJU8i1j2ibUQ/1Ym+rorCO2D7ZS1jx8qIbGk0=
Subject key identifier:   38:8D:26:CE:A9:97:AA:DE:E4:DD:80:EF:5E:EB:3B:DA:21:F5:66:5A
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01941C6C80E3957315DC746EA90CA3B6176F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/OI0mzqmXqt7k3YDvXus72iH1Zlo.roa
Signing time:             Tue 31 Dec 2024 11:14:20 +0000
ROA not before:           Tue 31 Dec 2024 11:14:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210876
IP address blocks:        45.134.84.0/22 maxlen: 24
                          45.134.84.0/23 maxlen: 23
                          45.142.228.0/22 maxlen: 24
                          45.147.116.0/22 maxlen: 24
                          45.159.76.0/22 maxlen: 24
                          93.189.123.0/24 maxlen: 24
                          185.216.30.0/24 maxlen: 24
                          185.216.31.0/24 maxlen: 24
                          185.226.8.0/24 maxlen: 24
                          185.236.24.0/22 maxlen: 22
                          185.247.6.0/24 maxlen: 24
                          194.35.40.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 13:48:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1c:6c:80:e3:95:73:15:dc:74:6e:a9:0c:a3:b6:17:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Dec 31 11:14:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=388d26cea997aadee4dd80ef5eeb3bda21f5665a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8f:ba:dd:4e:cf:ee:52:f1:12:a1:a2:d1:f3:
                    02:2a:ad:bc:97:ea:59:66:1f:7d:76:f9:be:43:1b:
                    98:22:52:7b:cd:98:11:24:40:01:79:51:44:f6:7a:
                    6a:f4:90:2d:40:d6:07:e7:3f:6a:66:bc:88:c6:f1:
                    63:5f:55:69:ca:e7:3a:ba:1e:e9:15:13:3f:8e:72:
                    fb:14:68:a6:8d:a0:8f:e3:5c:ed:17:8f:20:1f:f5:
                    10:a7:3e:f3:9e:cb:9c:82:c9:e8:7a:b1:63:2f:37:
                    99:c7:43:35:10:68:29:a2:65:c8:bb:73:b3:c6:6b:
                    54:64:1d:63:aa:9f:e6:a0:cc:c0:7d:05:b6:b0:4d:
                    a8:76:58:e5:9c:44:a2:6f:a2:93:a9:31:4a:5a:a6:
                    e5:a5:2c:a5:f6:01:34:c4:1c:99:20:16:f2:c0:04:
                    59:8e:5a:0b:86:3f:3d:b5:ee:5a:8b:54:b5:95:45:
                    11:34:33:7c:18:db:c8:7c:eb:bc:6f:34:f2:43:05:
                    45:c7:0e:27:7d:7b:b1:40:8b:0a:ca:6a:3a:79:4d:
                    e0:74:fb:69:8a:d4:07:34:e7:1f:93:d0:73:14:ae:
                    e9:5b:0a:ed:35:3c:61:90:e0:67:54:3a:cd:1f:e1:
                    c4:ec:4b:e0:01:dc:7d:61:58:21:72:6f:65:d2:7f:
                    e6:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:8D:26:CE:A9:97:AA:DE:E4:DD:80:EF:5E:EB:3B:DA:21:F5:66:5A
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/OI0mzqmXqt7k3YDvXus72iH1Zlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.84.0/22
                  45.142.228.0/22
                  45.147.116.0/22
                  45.159.76.0/22
                  93.189.123.0/24
                  185.216.30.0/23
                  185.226.8.0/24
                  185.236.24.0/22
                  185.247.6.0/24
                  194.35.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:7d:8b:68:ce:77:3d:07:66:95:77:6c:ee:55:b4:b9:83:8e:
         f7:a6:bb:8c:9b:ba:23:38:fb:37:88:dd:37:86:0b:a8:e4:e5:
         d0:3f:89:90:ec:65:1b:a3:2a:56:de:d3:36:99:07:70:c1:ee:
         cf:e7:6e:48:eb:84:79:3c:7b:8a:94:53:bb:be:24:f0:11:f2:
         d2:87:e8:b0:51:b0:33:f2:ba:52:d5:43:32:e5:8b:2b:13:6e:
         09:da:a9:88:f9:eb:89:f6:f2:0c:45:bd:71:6a:5b:ff:20:c2:
         01:10:0e:56:60:40:f2:45:a3:89:dd:18:f5:63:56:cd:30:da:
         04:6b:82:86:93:2f:1f:80:70:90:fe:09:dd:f0:15:f7:c4:90:
         e3:c5:ab:60:99:74:2d:c1:b0:07:f8:14:d1:ca:bc:2b:18:33:
         75:46:de:1d:32:2f:42:1f:7a:39:7d:25:fb:98:c7:ef:1e:c6:
         e1:22:da:08:98:14:32:62:9e:03:a8:16:8b:86:a5:44:b5:6a:
         f8:71:06:61:42:55:59:4e:ad:e2:02:52:62:ec:31:32:49:69:
         03:0c:68:c7:ee:f7:0c:db:11:c4:8a:f2:c2:d2:4a:66:8c:f3:
         ea:6b:b3:08:ed:ab:95:f9:86:ba:7e:63:4f:26:ac:7e:80:4a:
         70:fa:e1:7e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQcbIDjlXMV3HRuqQyjthdvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMjMxMTExNDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODhkMjZjZWE5OTdhYWRlZTRkZDgwZWY1ZWViM2JkYTIxZjU2NjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04+63U7P7lLxEqGi0fMCKq28l+pZ
Zh99dvm+QxuYIlJ7zZgRJEABeVFE9npq9JAtQNYH5z9qZryIxvFjX1Vpyuc6uh7p
FRM/jnL7FGimjaCP41ztF48gH/UQpz7znsucgsnoerFjLzeZx0M1EGgpomXIu3Oz
xmtUZB1jqp/moMzAfQW2sE2odljlnESib6KTqTFKWqblpSyl9gE0xByZIBbywARZ
jloLhj89te5ai1S1lUURNDN8GNvIfOu8bzTyQwVFxw4nfXuxQIsKymo6eU3gdPtp
itQHNOcfk9BzFK7pWwrtNTxhkOBnVDrNH+HE7EvgAdx9YVghcm9l0n/mmwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFDiNJs6pl6re5N2A717rO9oh9WZaMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvT0kwbXpxbVhxdDdrM1lEdlh1czcyaUgxWmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCLYZUAwQC
LY7kAwQCLZN0AwQCLZ9MAwQAXb17AwQBudgeAwQAueIIAwQCuewYAwQAufcGAwQA
wiMoMA0GCSqGSIb3DQEBCwUAA4IBAQAPfYtoznc9B2aVd2zuVbS5g473pruMm7oj
OPs3iN03hguo5OXQP4mQ7GUboypW3tM2mQdwwe7P525I64R5PHuKlFO7viTwEfLS
h+iwUbAz8rpS1UMy5YsrE24J2qmI+euJ9vIMRb1xalv/IMIBEA5WYEDyRaOJ3Rj1
Y1bNMNoEa4KGky8fgHCQ/gnd8BX3xJDjxatgmXQtwbAH+BTRyrwrGDN1Rt4dMi9C
H3o5fSX7mMfvHsbhItoImBQyYp4DqBaLhqVEtWr4cQZhQlVZTq3iAlJi7DEySWkD
DGjH7vcM2xHEivLC0kpmjPPqa7MI7auV+Ya6fmNPJqx+gEpw+uF+
-----END CERTIFICATE-----