Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/Dto6s9HqCElzpGGRaHyBpn_fQ58.roa
File:                     Dto6s9HqCElzpGGRaHyBpn_fQ58.roa (raw, json)
Hash identifier:          6iFRu+GLcMkhWreTLgKSYfhO3/SVjNu43iBTkdLiuLc=
Subject key identifier:   0E:DA:3A:B3:D1:EA:08:49:73:A4:61:91:68:7C:81:A6:7F:DF:43:9F
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018CC94E670C0518889A61F23CCDB256314A
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/Dto6s9HqCElzpGGRaHyBpn_fQ58.roa
Signing time:             Tue 02 Jan 2024 08:33:27 +0000
ROA not before:           Tue 02 Jan 2024 08:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        46.3.160.0/20 maxlen: 20
                          46.3.176.0/20 maxlen: 20
                          46.3.96.0/19 maxlen: 19
                          46.3.128.0/23 maxlen: 23
                          46.232.64.0/19 maxlen: 19
                          46.232.64.0/18 maxlen: 18
                          46.3.64.0/20 maxlen: 20
                          46.232.96.0/19 maxlen: 19
                          46.3.80.0/22 maxlen: 22
                          46.3.80.0/20 maxlen: 20
                          46.232.0.0/24 maxlen: 24
                          46.3.216.0/21 maxlen: 21
                          46.232.16.0/22 maxlen: 22
                          46.3.12.0/22 maxlen: 22
                          46.232.32.0/19 maxlen: 19

Validation:               Failed, certificate revoked on Fri 15 Mar 2024 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:67:0c:05:18:88:9a:61:f2:3c:cd:b2:56:31:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  2 08:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0eda3ab3d1ea084973a46191687c81a67fdf439f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d1:8b:4a:41:06:9b:01:f1:7c:39:48:5d:69:
                    67:12:01:57:aa:80:c3:c7:45:89:40:c0:78:ba:c4:
                    66:65:5b:31:9a:9c:56:a5:6f:6c:85:85:3f:f7:2e:
                    75:b3:53:c5:ac:f9:da:87:8d:2f:89:72:2b:1c:48:
                    1f:ff:3e:ca:b2:9c:3a:bb:cc:4f:86:9e:7c:3e:18:
                    ee:83:6c:62:f3:0c:0b:a3:b4:f8:47:38:2f:ba:bc:
                    00:8d:46:ba:d8:a3:e8:80:9a:d8:d7:bb:8a:12:f3:
                    51:d0:51:24:1a:22:4c:4b:27:9d:74:8a:8b:b2:75:
                    ff:e1:bf:bf:0a:f8:4c:a6:6e:d6:d9:dc:52:4d:b3:
                    37:51:57:c5:c8:9e:c9:1b:d3:1b:a1:80:c6:b7:ea:
                    1c:7b:3f:3c:72:e4:b5:21:79:83:11:86:bb:0c:fc:
                    8e:6b:ac:6f:4f:71:5f:89:8e:f8:51:b6:ff:b6:51:
                    86:8f:4d:c2:6c:c2:cc:1b:3c:a2:6c:2b:b1:1c:e1:
                    02:69:52:40:15:dd:f0:80:91:e5:cf:0d:bc:30:d1:
                    94:40:55:78:ef:6f:4b:ee:d3:94:d8:77:70:8f:f8:
                    eb:7d:26:fe:56:d0:b6:18:08:5b:66:66:4f:f1:18:
                    62:96:9c:9b:be:d3:1f:92:e8:b3:d3:d5:13:ae:cf:
                    b4:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:DA:3A:B3:D1:EA:08:49:73:A4:61:91:68:7C:81:A6:7F:DF:43:9F
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/Dto6s9HqCElzpGGRaHyBpn_fQ58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.12.0/22
                  46.3.64.0-46.3.129.255
                  46.3.160.0/19
                  46.3.216.0/21
                  46.232.0.0/24
                  46.232.16.0/22
                  46.232.32.0-46.232.127.255

    Signature Algorithm: sha256WithRSAEncryption
         8b:86:d0:8f:8b:7a:b8:0d:6e:a9:39:bf:f3:af:d2:40:0d:2b:
         72:a0:ac:48:34:f5:32:59:7f:26:ed:34:7f:ee:6b:41:26:c3:
         58:f5:e1:5a:72:30:b7:a0:eb:ba:10:0f:e9:b5:16:da:c4:d6:
         3a:8f:f5:d5:59:da:e5:2d:b9:a9:06:07:01:85:b4:3e:4a:2f:
         03:bb:af:20:04:28:59:51:c7:e7:45:6d:0e:0a:47:96:d8:7f:
         d7:8c:86:7f:af:93:5d:68:41:d9:6d:3a:65:53:d7:68:e8:79:
         ba:c7:95:00:5a:2b:ba:de:3f:48:2f:5b:6d:15:10:97:b5:93:
         d1:1c:de:ce:a8:b7:a9:9c:70:7e:e9:ae:8c:f1:f5:a5:c9:ee:
         f1:2c:b9:90:7d:5f:86:70:e3:0c:8e:37:14:a5:91:c7:7f:ba:
         0f:90:7c:a6:c0:5b:dd:19:1c:44:f4:b8:78:20:e0:f1:d1:ee:
         fc:d4:e2:29:a7:68:b3:32:30:e6:e3:c6:5c:7e:ca:2d:21:c3:
         a0:48:c4:74:9d:04:f1:33:e4:46:81:80:c8:87:91:9e:a2:f0:
         43:22:50:0d:ba:0d:91:bc:b7:25:9c:4c:fd:42:be:85:fe:13:
         9c:9d:32:7f:34:6a:69:39:b4:7e:ed:52:93:e9:3d:7c:87:ec:
         60:22:3d:99
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYzJTmcMBRiImmHyPM2yVjFKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwMTAyMDgzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWRhM2FiM2QxZWEwODQ5NzNhNDYxOTE2ODdjODFhNjdmZGY0MzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9GLSkEGmwHxfDlIXWlnEgFXqoDD
x0WJQMB4usRmZVsxmpxWpW9shYU/9y51s1PFrPnah40viXIrHEgf/z7Kspw6u8xP
hp58Phjug2xi8wwLo7T4RzgvurwAjUa62KPogJrY17uKEvNR0FEkGiJMSyeddIqL
snX/4b+/CvhMpm7W2dxSTbM3UVfFyJ7JG9MboYDGt+ocez88cuS1IXmDEYa7DPyO
a6xvT3FfiY74Ubb/tlGGj03CbMLMGzyibCuxHOECaVJAFd3wgJHlzw28MNGUQFV4
729L7tOU2Hdwj/jrfSb+VtC2GAhbZmZP8RhilpybvtMfkuiz09UTrs+0IwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFA7aOrPR6ghJc6RhkWh8gaZ/30OfMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvRHRvNnM5SHFDRWx6cEdHUmFIeUJwbl9mUTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQCLgMMMAwD
BAYuA0ADBAEuA4ADBAUuA6ADBAMuA9gDBAAu6AADBAIu6BAwDAMEBS7oIAMEBy7o
ADANBgkqhkiG9w0BAQsFAAOCAQEAi4bQj4t6uA1uqTm/86/SQA0rcqCsSDT1Mll/
Ju00f+5rQSbDWPXhWnIwt6DruhAP6bUW2sTWOo/11Vna5S25qQYHAYW0PkovA7uv
IAQoWVHH50VtDgpHlth/14yGf6+TXWhB2W06ZVPXaOh5useVAForut4/SC9bbRUQ
l7WT0Rzezqi3qZxwfumujPH1pcnu8Sy5kH1fhnDjDI43FKWRx3+6D5B8psBb3Rkc
RPS4eCDg8dHu/NTiKadoszIw5uPGXH7KLSHDoEjEdJ0E8TPkRoGAyIeRnqLwQyJQ
DboNkby3JZxM/UK+hf4TnJ0yfzRqaTm0fu1Sk+k9fIfsYCI9mQ==
-----END CERTIFICATE-----