Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/361R_2_9Lf5HpwCkyRLco04C1as.roa
File:                     361R_2_9Lf5HpwCkyRLco04C1as.roa (raw, json)
Hash identifier:          nhc8oMFK/lHMMK+OrhiaJLb4LohihueXHDmMv6kqUBc=
Subject key identifier:   DF:AD:51:FF:6F:FD:2D:FE:47:A7:00:A4:C9:12:DC:A3:4E:02:D5:AB
Certificate issuer:       /CN=aca77c708af0ba1f81549c9f87089559390167a5
Certificate serial:       018ABD5F0B10FC1F99C3FE70E142B15C8632
Authority key identifier: AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/361R_2_9Lf5HpwCkyRLco04C1as.roa
Signing time:             Fri 22 Sep 2023 14:50:37 +0000
ROA not before:           Fri 22 Sep 2023 14:50:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15830
IP address blocks:        88.84.128.0/21 maxlen: 24
                          88.84.136.0/21 maxlen: 24
                          217.68.144.0/20 maxlen: 24
                          88.84.144.0/21 maxlen: 24
                          88.84.152.0/21 maxlen: 24
                          193.110.116.0/22 maxlen: 24
                          217.79.208.0/20 maxlen: 24
                          89.202.0.0/17 maxlen: 24
                          2a02:20ab::/32 maxlen: 32
                          2a02:20ac::/32 maxlen: 32
                          2a02:20a8::/32 maxlen: 48
                          2001:4c68::/32 maxlen: 48
                          2a02:20ad::/32 maxlen: 32
                          2a02:20aa::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:bd:5f:0b:10:fc:1f:99:c3:fe:70:e1:42:b1:5c:86:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca77c708af0ba1f81549c9f87089559390167a5
        Validity
            Not Before: Sep 22 14:50:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dfad51ff6ffd2dfe47a700a4c912dca34e02d5ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ef:a0:c4:3a:08:16:05:1a:bd:8e:43:fd:37:
                    87:7c:b1:3c:24:cb:f0:b9:e0:da:e9:64:1b:cf:82:
                    88:34:61:d7:e3:30:55:f2:a2:7d:4b:0b:3d:d3:01:
                    ab:81:59:82:8b:cb:5b:46:46:54:1b:03:81:7a:ae:
                    8a:62:f2:31:1f:fd:48:d3:46:e6:90:33:4c:42:a2:
                    e7:8f:fd:ee:42:35:1b:a1:20:81:0a:5d:cb:7c:bc:
                    f1:99:61:c8:26:5b:b3:df:b3:7a:2a:54:37:11:db:
                    5c:bf:7f:95:6e:aa:9c:bb:a3:35:46:0d:0b:dc:d2:
                    bd:06:d7:ec:ec:ca:c4:6f:ac:7b:0c:07:d1:42:40:
                    a4:1e:1c:b7:fd:63:03:72:22:0e:c6:69:1f:37:5c:
                    ca:d7:8b:24:2a:f0:2a:f6:5c:c3:0c:fe:91:3f:78:
                    f9:9c:1b:ad:93:a1:a0:95:20:20:51:a1:26:a9:1c:
                    3a:53:b5:77:fc:c3:88:a0:ee:79:67:f5:7f:17:e9:
                    6a:f3:6f:e1:07:eb:fe:a8:92:50:e0:1c:b2:2c:bf:
                    67:84:c4:50:b0:90:95:31:e5:fe:f7:80:14:09:cf:
                    ec:6b:5b:f9:25:2a:c8:9b:ca:14:aa:3e:24:95:d0:
                    05:b4:d3:05:22:c7:27:83:65:89:f3:32:34:2a:88:
                    8e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:AD:51:FF:6F:FD:2D:FE:47:A7:00:A4:C9:12:DC:A3:4E:02:D5:AB
            X509v3 Authority Key Identifier:
                keyid:AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/361R_2_9Lf5HpwCkyRLco04C1as.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.128.0/19
                  89.202.0.0/17
                  193.110.116.0/22
                  217.68.144.0/20
                  217.79.208.0/20
                IPv6:
                  2001:4c68::/32
                  2a02:20a8::/32
                  2a02:20aa::-2a02:20ad:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1e:64:c5:eb:fe:f9:93:a6:e3:c5:23:a7:19:f4:ad:96:b4:7a:
         11:88:67:22:39:3b:23:b2:5d:d9:11:4c:06:a3:50:50:e7:52:
         e5:1d:9a:eb:0b:93:af:38:21:f2:05:01:31:84:45:5a:15:3d:
         a1:1f:d2:24:cb:2e:24:c0:60:6e:0d:48:cf:0f:69:f0:cd:a1:
         4d:9c:eb:20:75:c2:a6:ed:9b:ce:bb:44:18:e2:c8:39:43:14:
         2c:e7:29:67:90:2f:6f:c4:de:db:04:e7:0f:56:1f:64:82:0b:
         69:4d:f5:81:59:1f:9d:c6:26:d6:28:b9:38:a2:d6:63:a7:d3:
         7c:6b:42:ad:ea:39:3f:9d:3e:77:62:f9:b0:88:95:17:b9:33:
         d7:dc:e8:be:16:c6:4b:62:36:08:01:62:fd:d0:59:6e:0f:db:
         66:5f:4d:a5:f1:df:ed:d2:ba:22:74:ad:3b:9b:06:3a:ba:25:
         ad:9b:de:97:c2:21:35:da:d9:bb:b3:36:5d:29:f9:70:b2:4b:
         0f:8e:98:ee:c1:30:0b:4f:89:ef:f2:d7:d3:47:73:99:7c:4e:
         ce:02:4c:2e:21:96:08:cc:81:79:64:53:93:04:04:88:be:86:
         33:65:8e:8a:06:83:97:95:0d:8b:1d:d0:ce:3a:4b:a3:91:52:
         58:7f:96:25
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYq9XwsQ/B+Zw/5w4UKxXIYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTc3YzcwOGFmMGJhMWY4MTU0OWM5Zjg3MDg5NTU5Mzkw
MTY3YTUwHhcNMjMwOTIyMTQ1MDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmFkNTFmZjZmZmQyZGZlNDdhNzAwYTRjOTEyZGNhMzRlMDJkNWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkO+gxDoIFgUavY5D/TeHfLE8JMvw
ueDa6WQbz4KINGHX4zBV8qJ9Sws90wGrgVmCi8tbRkZUGwOBeq6KYvIxH/1I00bm
kDNMQqLnj/3uQjUboSCBCl3LfLzxmWHIJluz37N6KlQ3Edtcv3+Vbqqcu6M1Rg0L
3NK9Btfs7MrEb6x7DAfRQkCkHhy3/WMDciIOxmkfN1zK14skKvAq9lzDDP6RP3j5
nButk6GglSAgUaEmqRw6U7V3/MOIoO55Z/V/F+lq82/hB+v+qJJQ4ByyLL9nhMRQ
sJCVMeX+94AUCc/sa1v5JSrIm8oUqj4kldAFtNMFIscng2WJ8zI0KoiOwwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFN+tUf9v/S3+R6cApMkS3KNOAtWrMB8GA1UdIwQY
MBaAFKynfHCK8LofgVScn4cIlVk5AWelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYt
MjhiMTllM2ZkNGE2LzEvMzYxUl8yXzlMZjVIcHdDa3lSTGNvMDRDMWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYtMjhiMTllM2ZkNGE2
LzEvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAkBAIAATAeAwQFWFSAAwQH
WcoAAwQCwW50AwQE2USQAwQE2U/QMCQEAgACMB4DBQAgAUxoAwUAKgIgqDAOAwUB
KgIgqgMFASoCIKwwDQYJKoZIhvcNAQELBQADggEBAB5kxev++ZOm48Ujpxn0rZa0
ehGIZyI5OyOyXdkRTAajUFDnUuUdmusLk684IfIFATGERVoVPaEf0iTLLiTAYG4N
SM8PafDNoU2c6yB1wqbtm867RBjiyDlDFCznKWeQL2/E3tsE5w9WH2SCC2lN9YFZ
H53GJtYouTii1mOn03xrQq3qOT+dPndi+bCIlRe5M9fc6L4WxktiNggBYv3QWW4P
22ZfTaXx3+3SuiJ0rTubBjq6Ja2b3pfCITXa2buzNl0p+XCySw+OmO7BMAtPie/y
19NHc5l8Ts4CTC4hlgjMgXlkU5MEBIi+hjNljooGg5eVDYsd0M46S6ORUlh/liU=
-----END CERTIFICATE-----