Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/18L_mHIfyDeTde9D0w_-e9ayAZ0.roa
File:                     18L_mHIfyDeTde9D0w_-e9ayAZ0.roa (raw, json)
Hash identifier:          S+cQxqdbmvfZBbEF/oIjnlOW9qCJ9kDyULBdkAsfTYY=
Subject key identifier:   D7:C2:FF:98:72:1F:C8:37:93:75:EF:43:D3:0F:FE:7B:D6:B2:01:9D
Certificate issuer:       /CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Certificate serial:       0192CDAB6D7960506DA04D1233D8B24102D4
Authority key identifier: 81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/18L_mHIfyDeTde9D0w_-e9ayAZ0.roa
Signing time:             Sun 27 Oct 2024 11:10:16 +0000
ROA not before:           Sun 27 Oct 2024 11:10:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213176
IP address blocks:        209.35.224.0/24 maxlen: 24
                          209.35.225.0/24 maxlen: 24
                          209.35.226.0/24 maxlen: 24
                          209.35.227.0/24 maxlen: 24
                          209.35.228.0/24 maxlen: 24
                          209.35.229.0/24 maxlen: 24
                          209.35.230.0/24 maxlen: 24
                          209.35.231.0/24 maxlen: 24
                          209.35.233.0/24 maxlen: 24
                          209.35.234.0/24 maxlen: 24
                          212.59.64.0/24 maxlen: 24
                          212.59.65.0/24 maxlen: 24
                          212.59.66.0/24 maxlen: 24
                          212.59.67.0/24 maxlen: 24
                          212.59.68.0/24 maxlen: 24
                          212.59.69.0/24 maxlen: 24
                          212.59.70.0/24 maxlen: 24
                          212.59.71.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 27 Oct 2024 12:35:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:cd:ab:6d:79:60:50:6d:a0:4d:12:33:d8:b2:41:02:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
        Validity
            Not Before: Oct 27 11:10:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7c2ff98721fc8379375ef43d30ffe7bd6b2019d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e1:9d:37:5d:a3:61:0a:f3:01:5c:fe:c4:6f:
                    c8:e2:08:d7:8d:8a:e0:fa:08:9e:a0:aa:e4:29:2f:
                    72:b7:4a:2b:01:2c:18:10:84:90:cb:65:b9:34:4f:
                    64:3a:74:ee:46:0c:58:4a:56:20:20:8f:01:e3:dc:
                    15:03:6e:da:d4:e4:f9:61:e0:23:85:3d:ea:89:c2:
                    ca:21:69:51:a9:6e:0f:50:15:31:c4:8c:6a:1e:28:
                    60:83:bd:98:c9:54:78:1a:e8:a8:2a:b7:79:71:d1:
                    26:e9:c4:5c:ed:3a:30:2a:d5:c8:06:40:ef:b2:42:
                    e9:b5:ca:65:07:aa:85:68:19:e7:a8:5d:8d:a4:76:
                    c6:42:72:c3:f1:1d:4d:7e:f3:a6:e5:65:c6:02:a8:
                    e4:ab:95:26:f4:75:f1:51:f1:8f:d7:db:f7:2b:bb:
                    c7:ed:66:06:d8:0c:20:94:14:e1:f7:67:c3:5c:11:
                    e0:e1:1a:d0:54:17:c0:b8:59:7d:ad:d0:ed:f3:1f:
                    04:34:2c:80:8e:e1:a5:86:08:55:42:fd:6f:70:26:
                    0a:ff:c1:ae:7d:06:33:d8:78:8e:24:2a:ed:b7:25:
                    23:85:c3:6d:42:62:a3:70:88:bd:26:e3:3b:c1:c5:
                    72:2d:2b:eb:92:ea:4c:b5:4f:5c:27:2a:12:3f:aa:
                    2e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C2:FF:98:72:1F:C8:37:93:75:EF:43:D3:0F:FE:7B:D6:B2:01:9D
            X509v3 Authority Key Identifier:
                keyid:81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/18L_mHIfyDeTde9D0w_-e9ayAZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.35.224.0/21
                  209.35.233.0-209.35.234.255
                  212.59.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6f:2a:36:54:dc:3e:6b:9e:0a:38:84:40:c2:e4:c4:2f:29:5a:
         e0:5c:44:0b:74:b7:9f:28:1f:06:12:e5:ee:70:14:02:cb:aa:
         ad:fa:a4:4c:f2:d8:cd:1d:99:dd:72:c1:6e:a4:b6:c2:a0:ff:
         de:27:a5:17:68:3d:a7:85:58:5b:c1:3f:17:56:d9:df:b0:82:
         9f:e8:39:c1:ce:2a:b3:8e:5d:bf:c2:8b:94:26:21:a9:83:33:
         d3:d0:ff:ad:57:5f:64:fa:1d:ae:34:9c:72:1c:0d:86:cb:b8:
         13:fc:9b:ce:c5:11:01:ac:e9:7f:0e:7c:5e:87:e2:4b:10:15:
         cd:81:36:f6:61:0b:84:5f:30:6c:53:15:64:2f:1e:6d:d9:66:
         08:bb:bd:b4:49:bf:13:a1:cd:75:f9:46:3f:cb:34:c6:f8:63:
         17:ce:3f:0a:b6:b5:18:e8:9f:c5:05:9f:31:b5:98:bf:ad:50:
         1e:0b:46:24:52:92:3f:0a:26:85:11:08:ff:60:1d:08:72:10:
         51:9a:39:d4:e9:9d:fd:9d:d8:27:ed:68:70:fa:22:06:e7:40:
         bb:3d:59:d5:3f:06:7e:29:ea:64:cb:78:4b:e4:f6:c1:f3:b3:
         f8:1a:9f:0e:a2:88:4a:51:67:84:da:49:92:5f:ce:a6:00:0a:
         94:46:98:29
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZLNq215YFBtoE0SM9iyQQLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTJkMGRjZDUwYTY4MmY5NzVlYTNkOGMzOGU1ZTY3YmIw
MzIyZjkwHhcNMjQxMDI3MTExMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2MyZmY5ODcyMWZjODM3OTM3NWVmNDNkMzBmZmU3YmQ2YjIwMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleGdN12jYQrzAVz+xG/I4gjXjYrg
+gieoKrkKS9yt0orASwYEISQy2W5NE9kOnTuRgxYSlYgII8B49wVA27a1OT5YeAj
hT3qicLKIWlRqW4PUBUxxIxqHihgg72YyVR4GuioKrd5cdEm6cRc7TowKtXIBkDv
skLptcplB6qFaBnnqF2NpHbGQnLD8R1NfvOm5WXGAqjkq5Um9HXxUfGP19v3K7vH
7WYG2AwglBTh92fDXBHg4RrQVBfAuFl9rdDt8x8ENCyAjuGlhghVQv1vcCYK/8Gu
fQYz2HiOJCrttyUjhcNtQmKjcIi9JuM7wcVyLSvrkupMtU9cJyoSP6ougwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNfC/5hyH8g3k3XvQ9MP/nvWsgGdMB8GA1UdIwQY
MBaAFIGi0NzVCmgvl16j2MOOXme7AyL5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQt
ZmU0NWQ1MTYwYzM5LzEvMThMX21ISWZ5RGVUZGU5RDB3Xy1lOWF5QVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQtZmU0NWQ1MTYwYzM5
LzEvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQD0SPgMAwD
BADRI+kDBADRI+oDBAPUO0AwDQYJKoZIhvcNAQELBQADggEBAG8qNlTcPmueCjiE
QMLkxC8pWuBcRAt0t58oHwYS5e5wFALLqq36pEzy2M0dmd1ywW6ktsKg/94npRdo
PaeFWFvBPxdW2d+wgp/oOcHOKrOOXb/Ci5QmIamDM9PQ/61XX2T6Ha40nHIcDYbL
uBP8m87FEQGs6X8OfF6H4ksQFc2BNvZhC4RfMGxTFWQvHm3ZZgi7vbRJvxOhzXX5
Rj/LNMb4YxfOPwq2tRjon8UFnzG1mL+tUB4LRiRSkj8KJoURCP9gHQhyEFGaOdTp
nf2d2CftaHD6IgbnQLs9WdU/Bn4p6mTLeEvk9sHzs/ganw6iiEpRZ4TaSZJfzqYA
CpRGmCk=