Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/j1UGTaSIkWbNQZ5wA4w30bZPRxk.roa
File:                     j1UGTaSIkWbNQZ5wA4w30bZPRxk.roa (raw, json)
Hash identifier:          O0EiO0KyYk8XJpfif1f8KfJG1MyQA4+EkLE3rqaofvE=
Subject key identifier:   8F:55:06:4D:A4:88:91:66:CD:41:9E:70:03:8C:37:D1:B6:4F:47:19
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0193061CF80F583FCD4E37782A962D41F9DA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/j1UGTaSIkWbNQZ5wA4w30bZPRxk.roa
Signing time:             Thu 07 Nov 2024 10:13:01 +0000
ROA not before:           Thu 07 Nov 2024 10:13:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          185.206.250.0/24 maxlen: 24
                          185.218.101.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          193.8.112.0/23 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Fri 08 Nov 2024 14:31:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:06:1c:f8:0f:58:3f:cd:4e:37:78:2a:96:2d:41:f9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov  7 10:13:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f55064da4889166cd419e70038c37d1b64f4719
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:21:27:5b:0a:8b:a9:a9:3a:c8:20:16:62:01:
                    bd:09:83:0a:70:92:0c:06:e6:ff:7f:2e:0d:0b:74:
                    3a:c1:66:14:cb:0c:c0:30:be:2e:7b:06:60:21:03:
                    11:95:26:9a:d9:df:ef:78:f2:29:2b:0b:a0:98:12:
                    6e:f9:57:5b:0e:84:4d:4d:0a:38:8a:56:8e:96:14:
                    b1:84:fa:64:9d:6c:fc:dd:d3:b0:7f:a3:ec:a1:5a:
                    52:e2:a7:ce:85:94:3f:6f:4c:79:49:7e:f5:03:56:
                    70:9b:33:21:19:d6:71:24:19:4e:f2:9c:fe:cf:69:
                    e0:be:6c:94:e5:a1:9b:92:e9:6c:22:42:69:1c:ab:
                    f8:d8:96:bc:a4:95:ff:92:50:c9:e8:98:0b:ae:ed:
                    74:61:7e:47:a3:f8:bb:69:2a:ab:6f:10:f4:e9:70:
                    b0:68:f3:67:39:21:5f:85:53:b6:a8:e4:31:63:39:
                    62:58:58:b4:2e:95:89:2c:bf:2c:33:3c:ed:0c:f5:
                    a3:12:bc:f4:34:98:3f:89:57:2a:0f:67:0d:95:94:
                    c2:b3:fb:c0:78:90:92:25:80:1f:30:e0:0b:de:7f:
                    f2:a3:fb:a1:a7:37:a7:24:15:85:d6:92:fb:71:87:
                    e4:a2:22:1c:74:ce:02:d7:09:a0:a1:87:54:d9:b0:
                    3c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:55:06:4D:A4:88:91:66:CD:41:9E:70:03:8C:37:D1:B6:4F:47:19
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/j1UGTaSIkWbNQZ5wA4w30bZPRxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.126.82.0/24
                  185.206.250.0/24
                  185.218.101.0/24
                  185.220.250.0/23
                  185.225.0.0/23
                  185.227.146.0/23
                  193.8.112.0/23
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:89:53:6e:3e:4a:a5:3c:44:75:dc:ef:9c:5d:e7:4a:50:50:
         fe:d6:87:1b:39:d9:fb:aa:fa:56:7b:97:75:18:9d:e1:fd:16:
         6e:85:8c:15:d5:db:0c:c9:47:10:48:27:39:fd:96:3a:6a:54:
         e7:8a:e0:c4:16:72:c5:d6:04:33:91:cd:00:a8:61:7d:58:87:
         53:55:19:ee:22:a7:5a:81:3b:39:7b:5b:f9:e3:07:97:68:1b:
         86:bd:d7:04:f8:c4:03:a1:39:dd:12:9f:6d:77:79:1d:1b:5b:
         56:76:54:63:e9:95:23:f7:9e:e7:e0:c3:1f:78:86:e4:5c:e4:
         d6:96:79:d3:dd:42:17:5e:30:7b:63:d8:fb:5c:33:18:2d:72:
         96:26:21:5d:a3:07:a7:13:ed:11:de:01:93:73:6d:cb:42:a9:
         8c:af:2b:ba:76:66:d9:ad:0a:e5:58:3d:54:4d:35:5e:3c:7d:
         08:06:48:7c:7c:b0:d4:9a:98:6e:f2:6d:07:bf:cc:ae:d6:eb:
         97:be:93:61:3b:07:b1:f1:43:86:18:f5:b7:ae:65:0c:50:89:
         08:08:fc:60:b9:60:e8:8d:f8:df:32:89:69:52:09:f3:a6:00:
         43:aa:4a:7c:92:7c:64:ca:de:74:04:e1:3f:05:c4:61:6b:50:
         24:59:c0:25
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZMGHPgPWD/NTjd4KpYtQfnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTA3MTAxMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjU1MDY0ZGE0ODg5MTY2Y2Q0MTllNzAwMzhjMzdkMWI2NGY0NzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yEnWwqLqak6yCAWYgG9CYMKcJIM
Bub/fy4NC3Q6wWYUywzAML4uewZgIQMRlSaa2d/vePIpKwugmBJu+VdbDoRNTQo4
ilaOlhSxhPpknWz83dOwf6PsoVpS4qfOhZQ/b0x5SX71A1ZwmzMhGdZxJBlO8pz+
z2ngvmyU5aGbkulsIkJpHKv42Ja8pJX/klDJ6JgLru10YX5Ho/i7aSqrbxD06XCw
aPNnOSFfhVO2qOQxYzliWFi0LpWJLL8sMzztDPWjErz0NJg/iVcqD2cNlZTCs/vA
eJCSJYAfMOAL3n/yo/uhpzenJBWF1pL7cYfkoiIcdM4C1wmgoYdU2bA8FQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFI9VBk2kiJFmzUGecAOMN9G2T0cZMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvajFVR1RhU0lrV2JOUVo1d0E0dzMwYlpQUnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQA
uX5SAwQAuc76AwQAudplAwQBudz6AwQBueEAAwQBueOSAwQBwQhwAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQASiVNuPkqlPER13O+cXedKUFD+1ocbOdn7qvpWe5d1
GJ3h/RZuhYwV1dsMyUcQSCc5/ZY6alTniuDEFnLF1gQzkc0AqGF9WIdTVRnuIqda
gTs5e1v54weXaBuGvdcE+MQDoTndEp9td3kdG1tWdlRj6ZUj957n4MMfeIbkXOTW
lnnT3UIXXjB7Y9j7XDMYLXKWJiFdowenE+0R3gGTc23LQqmMryu6dmbZrQrlWD1U
TTVePH0IBkh8fLDUmphu8m0Hv8yu1uuXvpNhOwex8UOGGPW3rmUMUIkICPxguWDo
jfjfMolpUgnzpgBDqkp8knxkyt50BOE/BcRha1AkWcAl
-----END CERTIFICATE-----