Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/J2GkATr23_LCxPC8YB-35X9QMe0.roa
File:                     J2GkATr23_LCxPC8YB-35X9QMe0.roa (raw, json)
Hash identifier:          +u7/5Xv8huJjlheU4eQ+xVuOQ/TgI+mQZJBMtuiCHI4=
Subject key identifier:   27:61:A4:01:3A:F6:DF:F2:C2:C4:F0:BC:60:1F:B7:E5:7F:50:31:ED
Certificate issuer:       /CN=fe8199e8345567d8516b788fe2e1d397e27c73a4
Certificate serial:       0190CBA9C4385CA2CE255E58298AB279D163
Authority key identifier: FE:81:99:E8:34:55:67:D8:51:6B:78:8F:E2:E1:D3:97:E2:7C:73:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/J2GkATr23_LCxPC8YB-35X9QMe0.roa
Signing time:             Fri 19 Jul 2024 15:43:38 +0000
ROA not before:           Fri 19 Jul 2024 15:43:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62651
IP address blocks:        176.67.82.0/24 maxlen: 24
                          176.67.86.0/24 maxlen: 24
                          176.67.87.0/24 maxlen: 24
                          185.91.120.0/23 maxlen: 23
                          2a05:e9c0:1000::/40 maxlen: 40
                          2a05:e9c0:1400::/40 maxlen: 40
                          2a05:e9c0:1800::/40 maxlen: 40
                          2a05:e9c0:3800::/40 maxlen: 40
                          2a05:e9c0:4400::/40 maxlen: 40
                          2a05:e9c0:5000::/40 maxlen: 40

Validation:               Failed, certificate revoked on Tue 27 Aug 2024 15:34:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:cb:a9:c4:38:5c:a2:ce:25:5e:58:29:8a:b2:79:d1:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe8199e8345567d8516b788fe2e1d397e27c73a4
        Validity
            Not Before: Jul 19 15:43:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2761a4013af6dff2c2c4f0bc601fb7e57f5031ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:57:8b:12:4f:b5:bf:f3:99:c2:d9:20:55:2d:
                    3c:c9:b5:ae:33:68:ad:92:ce:6f:ac:b2:bb:fc:2e:
                    5e:aa:98:54:3d:ad:7a:c8:14:de:6a:85:e7:4d:1c:
                    e5:2e:1a:59:be:16:ca:a0:9b:ee:e1:e7:ea:ba:bc:
                    4b:a6:d1:40:9f:73:c9:93:c9:cf:25:70:6d:43:64:
                    49:b6:48:fb:d7:c0:22:af:23:43:6a:1e:1c:37:3a:
                    f5:e0:4b:36:57:c5:ba:45:d7:c2:51:17:1e:93:d4:
                    a7:4e:cd:39:8c:a0:25:f2:b6:c2:ee:0f:45:d4:d5:
                    8f:fc:01:77:b7:33:82:7a:00:0d:56:3f:87:13:97:
                    90:e3:74:76:de:56:a6:60:c1:2d:13:58:07:7e:c2:
                    9c:45:6f:81:99:95:41:5c:53:fa:4f:3d:a1:aa:52:
                    3b:4a:1e:3e:a8:4a:89:60:56:54:57:bd:c7:ae:5c:
                    e0:d2:8a:65:66:a0:6f:9e:72:05:e3:37:d9:26:85:
                    08:70:85:e3:5e:75:67:89:80:30:e1:4c:0e:39:4a:
                    f2:fa:c1:5a:2e:44:b0:b9:30:eb:25:7d:d0:31:87:
                    71:c6:d7:1f:63:c1:83:0f:c4:c6:2e:4f:ec:56:d4:
                    0a:84:92:b5:eb:e5:eb:47:26:25:08:4e:04:61:54:
                    87:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:61:A4:01:3A:F6:DF:F2:C2:C4:F0:BC:60:1F:B7:E5:7F:50:31:ED
            X509v3 Authority Key Identifier:
                keyid:FE:81:99:E8:34:55:67:D8:51:6B:78:8F:E2:E1:D3:97:E2:7C:73:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/J2GkATr23_LCxPC8YB-35X9QMe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.67.82.0/24
                  176.67.86.0/23
                  185.91.120.0/23
                IPv6:
                  2a05:e9c0:1000::/40
                  2a05:e9c0:1400::/40
                  2a05:e9c0:1800::/40
                  2a05:e9c0:3800::/40
                  2a05:e9c0:4400::/40
                  2a05:e9c0:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         05:00:ce:29:58:85:72:e5:6a:2f:b8:0b:bd:ea:e1:05:f2:26:
         38:3e:ce:99:20:f0:e8:49:89:98:c6:9e:b7:11:5d:23:10:72:
         83:12:dc:eb:91:81:1d:d8:fb:04:27:18:06:18:a7:ec:f9:58:
         2f:d1:0f:bd:af:75:d1:ca:d2:07:92:03:8f:1a:a4:85:44:80:
         d9:09:c7:e3:c6:35:33:b6:e6:74:85:b8:33:37:e0:9d:9f:3f:
         31:c8:19:26:70:59:7c:2d:7e:a3:78:d1:c8:52:32:43:bd:64:
         f6:2d:30:0e:76:af:ae:79:62:e8:80:4b:0b:13:0e:3d:89:c7:
         d1:5c:a8:fb:25:0d:b0:d6:f6:c8:c1:3b:dc:7e:9e:dd:7d:b8:
         50:4a:05:44:c6:0d:12:68:c0:aa:ac:31:ca:79:0f:2d:cb:b6:
         17:23:45:86:9c:e0:ec:bc:d8:e2:50:82:cc:21:94:eb:dd:f4:
         25:04:32:78:c4:50:29:a1:bc:ab:60:a4:c3:ea:d8:dd:cd:7c:
         3a:e3:53:3f:95:f8:ae:cc:75:0e:c0:d7:16:73:da:14:b6:7b:
         fd:43:65:a1:20:6e:14:50:33:cc:ef:6b:38:48:8d:ed:02:59:
         17:a0:95:5a:ac:d0:29:b0:2f:b7:88:2a:fc:6d:1b:52:16:78:
         4c:3b:33:a8
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZDLqcQ4XKLOJV5YKYqyedFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlODE5OWU4MzQ1NTY3ZDg1MTZiNzg4ZmUyZTFkMzk3ZTI3
YzczYTQwHhcNMjQwNzE5MTU0MzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzYxYTQwMTNhZjZkZmYyYzJjNGYwYmM2MDFmYjdlNTdmNTAzMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VeLEk+1v/OZwtkgVS08ybWuM2it
ks5vrLK7/C5eqphUPa16yBTeaoXnTRzlLhpZvhbKoJvu4efqurxLptFAn3PJk8nP
JXBtQ2RJtkj718AiryNDah4cNzr14Es2V8W6RdfCURcek9SnTs05jKAl8rbC7g9F
1NWP/AF3tzOCegANVj+HE5eQ43R23lamYMEtE1gHfsKcRW+BmZVBXFP6Tz2hqlI7
Sh4+qEqJYFZUV73Hrlzg0oplZqBvnnIF4zfZJoUIcIXjXnVniYAw4UwOOUry+sFa
LkSwuTDrJX3QMYdxxtcfY8GDD8TGLk/sVtQKhJK16+XrRyYlCE4EYVSHpwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFCdhpAE69t/ywsTwvGAft+V/UDHtMB8GA1UdIwQY
MBaAFP6Bmeg0VWfYUWt4j+Lh05fifHOkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX29HWjZEUlZaOWhSYTNpUDR1SFRsLUo4YzZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kMDllMzQtY2MxMS00Mzk0LTkwNGQt
ODQwY2NiMzRiM2Y1LzEvSjJHa0FUcjIzX0xDeFBDOFlCLTM1WDlRTWUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kMDllMzQtY2MxMS00Mzk0LTkwNGQtODQwY2NiMzRiM2Y1
LzEvX29HWjZEUlZaOWhSYTNpUDR1SFRsLUo4YzZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjAYBAIAATASAwQAsENSAwQB
sENWAwQBuVt4MDYEAgACMDADBgAqBenAEAMGACoF6cAUAwYAKgXpwBgDBgAqBenA
OAMGACoF6cBEAwYAKgXpwFAwDQYJKoZIhvcNAQELBQADggEBAAUAzilYhXLlai+4
C73q4QXyJjg+zpkg8OhJiZjGnrcRXSMQcoMS3OuRgR3Y+wQnGAYYp+z5WC/RD72v
ddHK0geSA48apIVEgNkJx+PGNTO25nSFuDM34J2fPzHIGSZwWXwtfqN40chSMkO9
ZPYtMA52r655YuiASwsTDj2Jx9FcqPslDbDW9sjBO9x+nt19uFBKBUTGDRJowKqs
Mcp5Dy3LthcjRYac4Oy82OJQgswhlOvd9CUEMnjEUCmhvKtgpMPq2N3NfDrjUz+V
+K7MdQ7A1xZz2hS2e/1DZaEgbhRQM8zvazhIje0CWReglVqs0CmwL7eIKvxtG1IW
eEw7M6g=
-----END CERTIFICATE-----