Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/PWSdE_c0-RlSucQACG2CEUu8Lr8.roa
File:                     PWSdE_c0-RlSucQACG2CEUu8Lr8.roa (raw, json)
Hash identifier:          Fx1XmOCwg0ymss1Tt5oxYP8NlSI+OTEawb6zcMwSTd0=
Subject key identifier:   3D:64:9D:13:F7:34:F9:19:52:B9:C4:00:08:6D:82:11:4B:BC:2E:BF
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AEACDF7EBE2EEF767E5F065C98478
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/PWSdE_c0-RlSucQACG2CEUu8Lr8.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207781
IP address blocks:        2a09:e1c1:efce::/48 maxlen: 48
                          2a09:e1c1:efc3::/48 maxlen: 48
                          2a09:e1c1:efc4::/48 maxlen: 48
                          2a09:e1c1:efc9::/48 maxlen: 48
                          2a09:e1c1:efca::/48 maxlen: 48
                          2a09:e1c1:efcf::/48 maxlen: 48
                          2a09:e1c1:efc0::/48 maxlen: 48
                          2a09:e1c1:efc5::/48 maxlen: 48
                          2a09:e1c1:efc6::/48 maxlen: 48
                          2a09:e1c1:efcb::/48 maxlen: 48
                          2a09:e1c1:efcc::/48 maxlen: 48
                          2a09:e1c1:efc1::/48 maxlen: 48
                          2a09:e1c1:efc2::/48 maxlen: 48
                          2a09:e1c1:efc7::/48 maxlen: 48
                          2a09:e1c1:efc8::/48 maxlen: 48
                          2a09:e1c1:efcd::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 30 Apr 2024 17:38:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ea:cd:f7:eb:e2:ee:f7:67:e5:f0:65:c9:84:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d649d13f734f91952b9c400086d82114bbc2ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:be:6d:a1:87:93:75:d4:db:f4:73:40:89:ac:
                    c2:a3:05:73:92:07:63:bd:eb:aa:83:67:52:1a:f8:
                    6b:f6:b2:bf:db:41:7a:8b:56:74:04:4e:e9:d0:6d:
                    d6:68:08:36:07:eb:45:44:3b:e7:18:29:7f:04:74:
                    f0:73:32:52:50:fb:7b:d4:cd:c1:e8:b6:cd:c8:45:
                    e1:00:7c:8a:04:5f:dd:41:2b:b9:66:24:f1:45:36:
                    1a:0e:39:6b:73:7a:1f:9a:77:9b:a7:33:ff:ba:f3:
                    d8:95:d4:a0:d0:ab:43:8f:c4:ed:db:e4:41:4a:b2:
                    eb:79:ed:98:24:75:90:5b:cd:e6:83:e3:2b:a4:ed:
                    1f:ab:51:f6:b1:1f:17:6f:58:0b:00:33:6c:65:07:
                    29:33:23:41:58:bd:a6:15:3e:af:43:aa:e7:a3:a5:
                    5f:6b:98:29:a1:29:a4:d5:35:79:55:63:d1:7c:c8:
                    73:87:9b:cf:8a:03:4d:fc:af:12:d5:10:97:17:8c:
                    59:9e:30:69:d7:ba:9d:d5:2c:06:08:de:6e:3d:d8:
                    d0:2c:51:af:f1:fd:ae:63:7d:b4:3a:f0:7a:bd:e2:
                    da:94:82:49:d3:b8:c5:43:75:2e:9c:67:18:90:de:
                    38:59:d2:f1:e9:1b:10:a1:49:75:62:9c:89:6a:b5:
                    5a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:64:9D:13:F7:34:F9:19:52:B9:C4:00:08:6D:82:11:4B:BC:2E:BF
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/PWSdE_c0-RlSucQACG2CEUu8Lr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e1c1:efc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:5c:ac:6c:7a:7b:6d:ed:e8:6b:7f:06:08:9a:00:db:0b:fc:
         e4:ce:b0:19:56:e7:0e:f4:41:8a:ba:74:52:50:4a:74:9c:0f:
         06:41:65:8d:26:9f:4f:5e:04:e3:f0:6d:3b:16:53:39:63:de:
         2c:9c:4e:dd:9c:5d:d7:4c:87:75:05:58:15:33:04:dc:dd:16:
         9c:61:d7:bb:81:61:2a:71:63:fb:06:bc:0f:5d:57:38:2f:5e:
         6a:d1:87:36:6d:f1:33:08:89:d3:91:4e:31:69:df:7b:b8:8c:
         3f:20:e4:38:9a:34:49:f2:28:dd:d8:43:47:7e:94:4e:17:65:
         0b:65:77:2b:0f:18:ab:3a:6b:fa:07:e9:dd:9c:58:98:0f:4b:
         4e:bb:85:ba:11:3b:b7:d6:0a:0f:ac:96:05:bf:c4:78:d6:43:
         50:0f:67:4b:24:aa:34:66:49:98:64:bc:b9:55:23:6e:3c:7f:
         d9:17:b0:37:a7:48:18:2f:ee:43:c6:86:31:85:4a:39:a7:7c:
         72:b1:5c:61:41:b6:05:49:95:bc:79:22:dc:ca:bc:55:c8:2c:
         16:6f:5d:63:e9:78:84:62:69:bf:3e:af:8c:c3:1c:42:7f:1f:
         1f:e0:8e:66:38:dd:75:7a:49:9b:e4:8f:a5:23:8e:65:89:79:
         00:42:f4:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSurN9+vi7vdn5fBlyYR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDY0OWQxM2Y3MzRmOTE5NTJiOWM0MDAwODZkODIxMTRiYmMyZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuL5toYeTddTb9HNAiazCowVzkgdj
veuqg2dSGvhr9rK/20F6i1Z0BE7p0G3WaAg2B+tFRDvnGCl/BHTwczJSUPt71M3B
6LbNyEXhAHyKBF/dQSu5ZiTxRTYaDjlrc3ofmnebpzP/uvPYldSg0KtDj8Tt2+RB
SrLree2YJHWQW83mg+MrpO0fq1H2sR8Xb1gLADNsZQcpMyNBWL2mFT6vQ6rno6Vf
a5gpoSmk1TV5VWPRfMhzh5vPigNN/K8S1RCXF4xZnjBp17qd1SwGCN5uPdjQLFGv
8f2uY320OvB6veLalIJJ07jFQ3UunGcYkN44WdLx6RsQoUl1YpyJarVa6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD1knRP3NPkZUrnEAAhtghFLvC6/MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvUFdTZEVfYzAtUmxTdWNRQUNHMkNFVXU4THI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgnhwe/A
MA0GCSqGSIb3DQEBCwUAA4IBAQAlXKxsentt7ehrfwYImgDbC/zkzrAZVucO9EGK
unRSUEp0nA8GQWWNJp9PXgTj8G07FlM5Y94snE7dnF3XTId1BVgVMwTc3RacYde7
gWEqcWP7BrwPXVc4L15q0Yc2bfEzCInTkU4xad97uIw/IOQ4mjRJ8ijd2ENHfpRO
F2ULZXcrDxirOmv6B+ndnFiYD0tOu4W6ETu31goPrJYFv8R41kNQD2dLJKo0ZkmY
ZLy5VSNuPH/ZF7A3p0gYL+5DxoYxhUo5p3xysVxhQbYFSZW8eSLcyrxVyCwWb11j
6XiEYmm/Pq+MwxxCfx8f4I5mON11ekmb5I+lI45liXkAQvSp
-----END CERTIFICATE-----