Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/De7Dyy4F2spSx-S-ThhDTVux7HY.roa
File:                     De7Dyy4F2spSx-S-ThhDTVux7HY.roa (raw, json)
Hash identifier:          2IF4fphAv+l1ZGqwQJ31fWrbaQSZDcrA2L2jRWO9Kns=
Subject key identifier:   0D:EE:C3:CB:2E:05:DA:CA:52:C7:E4:BE:4E:18:43:4D:5B:B1:EC:76
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC79529E4AEE8824005BD3269995202B8
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/De7Dyy4F2spSx-S-ThhDTVux7HY.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        193.8.164.0/24 maxlen: 24
                          194.156.1.0/24 maxlen: 24
                          193.8.167.0/24 maxlen: 24
                          193.8.175.0/24 maxlen: 24
                          45.143.143.0/24 maxlen: 24
                          45.143.141.0/24 maxlen: 24
                          45.135.176.0/24 maxlen: 24
                          45.135.179.0/24 maxlen: 24
                          45.135.178.0/24 maxlen: 24
                          45.91.161.0/24 maxlen: 24
                          45.156.149.0/24 maxlen: 24
                          45.156.150.0/24 maxlen: 24
                          45.140.61.0/24 maxlen: 24
                          45.147.246.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 05:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:29:e4:ae:e8:82:40:05:bd:32:69:99:52:02:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0deec3cb2e05daca52c7e4be4e18434d5bb1ec76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:95:48:60:bd:89:16:04:5c:31:cc:7b:d0:fd:
                    77:a6:d7:c1:4a:0d:fa:93:16:51:8d:e7:48:23:0c:
                    a6:94:d7:3e:c6:37:18:72:c8:da:46:f2:07:89:f7:
                    03:c5:96:a3:68:5d:d5:bc:ad:69:b9:51:cb:06:c0:
                    d3:46:a0:78:d5:90:3d:fd:ee:c9:02:30:c8:09:69:
                    27:d7:1e:06:38:2b:9c:85:a2:27:58:bf:83:53:87:
                    44:62:de:f5:70:8e:db:f6:82:80:2f:d4:ba:94:e1:
                    f3:c9:78:20:33:26:ba:97:a4:e6:62:47:10:2d:c4:
                    89:e0:b8:27:52:9b:21:15:cc:fb:65:50:9d:11:c6:
                    b4:74:7d:e8:d7:f0:ee:bc:57:bf:89:75:06:eb:af:
                    ff:97:65:e8:f9:6e:ae:2b:60:51:80:94:26:1f:e3:
                    5f:0b:5b:91:9c:25:30:95:ec:68:39:8e:7f:e7:b3:
                    ef:ca:68:7d:1c:cb:98:c9:13:0d:09:db:a1:36:bd:
                    34:e4:7e:d3:01:40:e5:3b:fc:01:44:d9:92:84:29:
                    2e:73:24:21:d4:27:57:8f:ce:22:3b:7c:ce:16:da:
                    a6:51:ed:46:c5:1e:bc:65:f7:1e:ed:c2:93:3d:f7:
                    dd:94:cf:12:1e:96:7a:11:f8:55:b9:b5:9a:e7:a2:
                    33:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:EE:C3:CB:2E:05:DA:CA:52:C7:E4:BE:4E:18:43:4D:5B:B1:EC:76
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/De7Dyy4F2spSx-S-ThhDTVux7HY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.161.0/24
                  45.135.176.0/24
                  45.135.178.0/23
                  45.140.61.0/24
                  45.143.141.0/24
                  45.143.143.0/24
                  45.147.246.0/24
                  45.156.149.0-45.156.150.255
                  193.8.164.0/24
                  193.8.167.0/24
                  193.8.175.0/24
                  194.156.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:65:a2:b0:00:79:ad:1c:5d:73:12:03:db:9d:0e:3b:bc:d6:
         33:2b:55:65:a0:d3:95:71:ca:c4:07:c3:97:dc:f5:14:4e:4d:
         18:f4:77:4e:31:72:65:c2:bc:7c:67:b1:d9:53:75:70:8d:f1:
         90:a3:97:d0:0b:c7:16:da:d1:74:85:81:a2:e4:eb:f9:e2:db:
         3b:63:c4:54:76:7f:2e:0f:f5:46:a8:55:fa:b0:6b:fa:3a:67:
         2d:ab:b4:ac:21:a4:b7:51:40:51:9f:51:ef:29:c3:6f:5c:3a:
         ae:a7:13:dd:58:42:a5:2e:25:69:93:97:7d:2f:6c:10:ec:96:
         5a:a3:80:68:da:0b:ce:bd:49:80:31:d8:18:c6:c7:29:0f:7e:
         cc:02:af:cb:c8:c2:23:52:66:10:78:5b:45:30:78:7b:b0:63:
         71:fa:45:81:40:19:a2:dd:02:8b:32:89:52:4d:81:40:02:36:
         a7:72:dd:5b:a5:06:a3:74:12:a4:0d:14:24:15:b4:f1:8b:e5:
         c4:94:0f:26:f3:da:2a:9b:e0:15:c0:65:53:9b:7c:25:ee:1e:
         63:c6:04:82:41:df:b1:d2:1a:6d:3b:c0:2d:4c:8c:3a:c7:56:
         36:9e:d9:9f:f3:6e:05:92:97:e7:86:6b:34:3a:ae:e5:e5:ca:
         09:f8:66:59
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYzHlSnkruiCQAW9MmmZUgK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGVlYzNjYjJlMDVkYWNhNTJjN2U0YmU0ZTE4NDM0ZDViYjFlYzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05VIYL2JFgRcMcx70P13ptfBSg36
kxZRjedIIwymlNc+xjcYcsjaRvIHifcDxZajaF3VvK1puVHLBsDTRqB41ZA9/e7J
AjDICWkn1x4GOCuchaInWL+DU4dEYt71cI7b9oKAL9S6lOHzyXggMya6l6TmYkcQ
LcSJ4LgnUpshFcz7ZVCdEca0dH3o1/DuvFe/iXUG66//l2Xo+W6uK2BRgJQmH+Nf
C1uRnCUwlexoOY5/57Pvymh9HMuYyRMNCduhNr005H7TAUDlO/wBRNmShCkucyQh
1CdXj84iO3zOFtqmUe1GxR68Zfce7cKTPffdlM8SHpZ6EfhVubWa56IzBwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFA3uw8suBdrKUsfkvk4YQ01bsex2MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvRGU3RHl5NEYyc3BTeC1TLVRoaERUVnV4N0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALVuhAwQA
LYewAwQBLYeyAwQALYw9AwQALY+NAwQALY+PAwQALZP2MAwDBAAtnJUDBAAtnJYD
BADBCKQDBADBCKcDBADBCK8DBADCnAEwDQYJKoZIhvcNAQELBQADggEBAEFlorAA
ea0cXXMSA9udDju81jMrVWWg05VxysQHw5fc9RROTRj0d04xcmXCvHxnsdlTdXCN
8ZCjl9ALxxba0XSFgaLk6/ni2ztjxFR2fy4P9UaoVfqwa/o6Zy2rtKwhpLdRQFGf
Ue8pw29cOq6nE91YQqUuJWmTl30vbBDsllqjgGjaC869SYAx2BjGxykPfswCr8vI
wiNSZhB4W0UweHuwY3H6RYFAGaLdAosyiVJNgUACNqdy3VulBqN0EqQNFCQVtPGL
5cSUDybz2iqb4BXAZVObfCXuHmPGBIJB37HSGm07wC1MjDrHVjae2Z/zbgWSl+eG
azQ6ruXlygn4Zlk=
-----END CERTIFICATE-----