Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZxoOQ7SOU7CRkrxlsox3jr2g8xs.roa
File:                     ZxoOQ7SOU7CRkrxlsox3jr2g8xs.roa (raw, json)
Hash identifier:          obOxdCyh3E4ZhVjlpJlBObDTnOjNdwAmebvLm/6dBZs=
Subject key identifier:   67:1A:0E:43:B4:8E:53:B0:91:92:BC:65:B2:8C:77:8E:BD:A0:F3:1B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019271C078A9258A214F5070BCCA09CD611C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZxoOQ7SOU7CRkrxlsox3jr2g8xs.roa
Signing time:             Wed 09 Oct 2024 14:48:12 +0000
ROA not before:           Wed 09 Oct 2024 14:48:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          185.218.101.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.226.104.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          193.8.112.0/23 maxlen: 24
                          193.8.113.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Sat 12 Oct 2024 13:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:71:c0:78:a9:25:8a:21:4f:50:70:bc:ca:09:cd:61:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct  9 14:48:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=671a0e43b48e53b09192bc65b28c778ebda0f31b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:52:a1:d3:ae:22:f1:07:3a:22:79:8d:93:41:
                    8c:ab:8d:3f:d3:55:9c:c3:47:cf:2d:fb:85:41:07:
                    64:92:ba:ba:99:42:02:6e:75:6a:b7:d0:08:4d:dd:
                    45:21:29:d3:ca:ee:0b:cc:9b:e9:5e:ed:d4:5d:c9:
                    8c:8d:f5:1f:a6:2f:a7:26:1a:88:b9:62:e3:54:96:
                    f8:5b:73:5e:1a:89:ce:4d:b4:04:bd:9d:b9:26:7c:
                    7e:be:08:cf:03:f3:72:e6:79:f4:08:9a:79:4f:c8:
                    30:cb:6b:06:03:b8:02:77:c9:3b:75:d2:a7:cb:ca:
                    27:78:42:e3:c6:67:8e:db:73:ee:ce:af:2f:7d:96:
                    17:1d:9a:72:df:e8:98:52:82:d3:da:5c:d7:1e:e1:
                    51:53:dd:fa:19:e3:7e:d9:27:dc:de:f0:0a:17:11:
                    76:b8:52:97:c4:e4:ac:ad:d5:8e:e5:c9:fa:1d:73:
                    90:bd:8b:b4:e5:55:7b:63:b8:13:98:6c:13:49:a1:
                    f1:5b:7e:0a:3a:3f:37:05:c2:23:1b:b6:e4:a9:97:
                    2a:f5:de:e1:a8:4f:6e:64:84:17:6b:c4:3a:f2:41:
                    49:94:72:4f:47:f7:e2:25:7e:9b:70:6c:e2:6f:05:
                    9f:ca:e3:e0:42:fb:0b:17:e4:22:6f:22:85:89:0b:
                    ff:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:1A:0E:43:B4:8E:53:B0:91:92:BC:65:B2:8C:77:8E:BD:A0:F3:1B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZxoOQ7SOU7CRkrxlsox3jr2g8xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.82.0/24
                  185.218.101.0/24
                  185.220.250.0/23
                  185.225.0.0/23
                  185.226.104.0/24
                  185.227.146.0/23
                  193.8.112.0/23
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:2d:08:8c:40:17:31:16:4d:c5:45:61:41:ce:b7:b8:7e:f6:
         67:63:4c:8f:6e:34:fb:48:93:e6:98:79:30:7b:e4:b0:8f:a4:
         b2:2f:4f:6c:42:81:d9:21:c4:b4:b0:30:d1:d1:0f:04:8f:b1:
         7a:50:64:6a:6b:b6:05:4f:c2:7e:e1:a3:67:1d:e7:d8:bb:e3:
         80:5a:56:5f:b9:7d:bf:b0:04:5c:1f:bf:97:3f:41:e1:2a:b1:
         ce:58:c1:51:3b:85:90:bf:07:c7:92:ed:d3:99:ac:07:31:02:
         85:fb:33:54:5e:96:d5:cc:d4:2d:3b:c2:e8:15:4e:16:ac:b4:
         ac:cc:a4:d8:c0:32:69:ac:59:0e:09:c9:41:a0:aa:a3:a6:70:
         cc:d8:a9:e6:cb:cb:4f:ed:f3:c0:10:03:9b:b7:17:fb:22:fa:
         8f:8e:90:93:65:bd:74:b7:b5:66:fd:14:4b:e5:be:e1:24:e8:
         f2:d4:40:28:f5:67:63:52:53:c2:eb:91:09:02:7d:a2:32:84:
         40:d4:bc:be:ab:c4:7d:7f:1b:6c:04:c2:ff:ea:f4:0d:75:2c:
         45:e6:34:08:f3:37:d2:4a:36:6c:fc:99:a5:a8:9c:9c:59:f0:
         06:c2:f1:ef:99:71:71:58:37:eb:63:d9:7a:5d:92:4e:c8:2f:
         04:a6:7e:46
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZJxwHipJYohT1BwvMoJzWEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMDA5MTQ0ODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzFhMGU0M2I0OGU1M2IwOTE5MmJjNjViMjhjNzc4ZWJkYTBmMzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVKh064i8Qc6InmNk0GMq40/01Wc
w0fPLfuFQQdkkrq6mUICbnVqt9AITd1FISnTyu4LzJvpXu3UXcmMjfUfpi+nJhqI
uWLjVJb4W3NeGonOTbQEvZ25Jnx+vgjPA/Ny5nn0CJp5T8gwy2sGA7gCd8k7ddKn
y8oneELjxmeO23Puzq8vfZYXHZpy3+iYUoLT2lzXHuFRU936GeN+2Sfc3vAKFxF2
uFKXxOSsrdWO5cn6HXOQvYu05VV7Y7gTmGwTSaHxW34KOj83BcIjG7bkqZcq9d7h
qE9uZIQXa8Q68kFJlHJPR/fiJX6bcGzibwWfyuPgQvsLF+QibyKFiQv/1wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGcaDkO0jlOwkZK8ZbKMd469oPMbMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWnhvT1E3U09VN0NSa3J4bHNveDNqcjJnOHhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQA
uX5SAwQAudplAwQBudz6AwQBueEAAwQAueJoAwQBueOSAwQBwQhwAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQB/LQiMQBcxFk3FRWFBzre4fvZnY0yPbjT7SJPmmHkw
e+Swj6SyL09sQoHZIcS0sDDR0Q8Ej7F6UGRqa7YFT8J+4aNnHefYu+OAWlZfuX2/
sARcH7+XP0HhKrHOWMFRO4WQvwfHku3TmawHMQKF+zNUXpbVzNQtO8LoFU4WrLSs
zKTYwDJprFkOCclBoKqjpnDM2Knmy8tP7fPAEAObtxf7IvqPjpCTZb10t7Vm/RRL
5b7hJOjy1EAo9WdjUlPC65EJAn2iMoRA1Ly+q8R9fxtsBML/6vQNdSxF5jQI8zfS
SjZs/JmlqJycWfAGwvHvmXFxWDfrY9l6XZJOyC8Epn5G
-----END CERTIFICATE-----