Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/GdTJ8zh10b1zS6-qPVnAXcvZst8.roa
File:                     GdTJ8zh10b1zS6-qPVnAXcvZst8.roa (raw, json)
Hash identifier:          D2IMpbR66IAP0YwnaJnSLPtTDV+dPs4FW3Afu0DwNVY=
Subject key identifier:   19:D4:C9:F3:38:75:D1:BD:73:4B:AF:AA:3D:59:C0:5D:CB:D9:B2:DF
Certificate issuer:       /CN=2452ab1d2d29bac9d52eb479de64c0700fc6724f
Certificate serial:       01856B6EA82684AC7AFB598DD90264F53E6D
Authority key identifier: 24:52:AB:1D:2D:29:BA:C9:D5:2E:B4:79:DE:64:C0:70:0F:C6:72:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFKrHS0pusnVLrR53mTAcA_Gck8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/GdTJ8zh10b1zS6-qPVnAXcvZst8.roa
Signing time:             Sun 01 Jan 2023 03:44:52 +0000
ROA not before:           Sun 01 Jan 2023 03:44:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47201
IP address blocks:        79.98.125.0/24 maxlen: 24
                          79.98.121.0/24 maxlen: 24
                          79.98.122.0/24 maxlen: 24
                          79.98.123.0/24 maxlen: 24
                          79.98.124.0/24 maxlen: 24
                          79.98.120.0/24 maxlen: 24
                          2a00:d30:122::/48 maxlen: 48
                          2a00:d30:125::/48 maxlen: 48
                          2a00:d30:120::/48 maxlen: 48
                          2a00:d30:123::/48 maxlen: 48
                          2a00:d30:121::/48 maxlen: 48
                          2a00:d30:124::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:32:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:6e:a8:26:84:ac:7a:fb:59:8d:d9:02:64:f5:3e:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2452ab1d2d29bac9d52eb479de64c0700fc6724f
        Validity
            Not Before: Jan  1 03:44:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=19d4c9f33875d1bd734bafaa3d59c05dcbd9b2df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:08:c1:0e:91:07:7b:e5:06:2f:e5:f9:cf:7f:
                    cd:bb:c8:68:3b:2e:45:f4:c0:ee:55:b5:55:3d:e7:
                    42:20:3c:62:f7:91:b9:7b:3a:2d:a0:76:28:11:42:
                    e7:07:d7:94:98:2f:e0:5f:5f:c7:61:76:09:82:63:
                    68:e1:71:be:c8:ea:12:73:b3:dd:0c:b7:9b:31:02:
                    47:b4:9f:41:c0:34:6e:6c:cd:6f:90:87:c5:9c:bc:
                    7d:82:87:0e:6a:d1:99:a6:71:e0:5a:c1:e8:ee:34:
                    98:3a:9c:7c:72:20:c1:eb:c4:e2:b6:bd:9f:e1:ba:
                    52:fa:f2:a1:3c:fe:da:7e:12:e8:aa:aa:3c:ed:af:
                    69:9b:54:ef:a7:21:4e:b0:83:07:be:0f:7c:95:fa:
                    48:fa:64:53:15:eb:88:47:ba:8b:77:86:26:56:75:
                    f8:60:7b:7f:c1:a9:4e:d6:20:3b:89:81:06:02:e0:
                    3f:ee:cd:13:9b:2b:62:8d:50:e0:9f:2d:2a:b7:df:
                    28:11:56:0f:00:e9:a4:13:fb:21:15:ff:bc:01:6f:
                    04:ec:08:37:70:a8:a2:8d:74:8e:59:ae:fe:8b:f2:
                    a0:ec:bb:6a:c5:f0:c0:76:81:77:49:68:10:d7:9e:
                    23:ba:cb:f5:b1:5a:1e:7d:bd:7e:43:65:b7:c6:f5:
                    f2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:D4:C9:F3:38:75:D1:BD:73:4B:AF:AA:3D:59:C0:5D:CB:D9:B2:DF
            X509v3 Authority Key Identifier:
                keyid:24:52:AB:1D:2D:29:BA:C9:D5:2E:B4:79:DE:64:C0:70:0F:C6:72:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFKrHS0pusnVLrR53mTAcA_Gck8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/GdTJ8zh10b1zS6-qPVnAXcvZst8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc1d14-15c8-48fd-9ec3-969c94de89a5/1/JFKrHS0pusnVLrR53mTAcA_Gck8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.120.0-79.98.125.255
                IPv6:
                  2a00:d30:120::-2a00:d30:125:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         83:ad:c5:72:db:29:75:1c:56:d9:e9:8f:d3:4b:d2:f0:d9:c8:
         f7:ed:54:e6:42:4f:3e:74:91:7d:a3:8e:e0:64:e3:2c:65:2f:
         8c:cb:87:2f:d9:88:7f:cb:c0:ae:44:45:ed:dd:4d:2e:cd:f9:
         09:94:23:d6:a4:87:b6:bc:30:09:17:92:56:07:90:4e:fc:21:
         ad:8c:fc:17:d3:8c:41:51:bb:22:dd:90:f8:61:b5:e9:e5:f7:
         ec:5f:fc:d5:82:09:e3:65:e4:97:ff:f4:0c:1c:c3:53:63:68:
         37:44:a2:c5:e2:57:20:3a:a7:7a:45:7f:e7:c6:a2:b9:a4:ae:
         f5:ab:e6:64:35:ea:6c:5f:41:f5:02:94:b1:b1:ac:c2:ea:03:
         ba:5e:b5:38:6c:c1:37:a2:50:9c:09:3d:d6:e8:11:f3:7c:2e:
         c5:b0:72:22:08:e2:06:e3:b4:8a:71:e5:9a:0c:ac:2e:21:fb:
         99:63:51:80:10:df:94:28:cb:e3:a5:a9:ec:e8:98:8a:fa:99:
         c3:f2:74:fd:bd:ea:36:43:80:7f:38:18:43:db:a2:e3:e2:1d:
         7a:b0:d3:bf:6a:8e:3b:5e:d0:3a:68:ea:fe:79:81:3f:ab:b6:
         d0:cd:13:e8:33:09:3b:f1:c4:58:17:b3:e8:7d:66:7c:d5:89:
         b5:11:3a:a3
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVrbqgmhKx6+1mN2QJk9T5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTJhYjFkMmQyOWJhYzlkNTJlYjQ3OWRlNjRjMDcwMGZj
NjcyNGYwHhcNMjMwMTAxMDM0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWQ0YzlmMzM4NzVkMWJkNzM0YmFmYWEzZDU5YzA1ZGNiZDliMmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwjBDpEHe+UGL+X5z3/Nu8hoOy5F
9MDuVbVVPedCIDxi95G5ezotoHYoEULnB9eUmC/gX1/HYXYJgmNo4XG+yOoSc7Pd
DLebMQJHtJ9BwDRubM1vkIfFnLx9gocOatGZpnHgWsHo7jSYOpx8ciDB68Titr2f
4bpS+vKhPP7afhLoqqo87a9pm1TvpyFOsIMHvg98lfpI+mRTFeuIR7qLd4YmVnX4
YHt/walO1iA7iYEGAuA/7s0TmytijVDgny0qt98oEVYPAOmkE/shFf+8AW8E7Ag3
cKiijXSOWa7+i/Kg7LtqxfDAdoF3SWgQ154jusv1sVoefb1+Q2W3xvXyTwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFBnUyfM4ddG9c0uvqj1ZwF3L2bLfMB8GA1UdIwQY
MBaAFCRSqx0tKbrJ1S60ed5kwHAPxnJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZLckhTMHB1c25WTHJSNTNtVEFjQV9HY2s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iYzFkMTQtMTVjOC00OGZkLTllYzMt
OTY5Yzk0ZGU4OWE1LzEvR2RUSjh6aDEwYjF6UzYtcVBWbkFYY3Zac3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iYzFkMTQtMTVjOC00OGZkLTllYzMtOTY5Yzk0ZGU4OWE1
LzEvSkZLckhTMHB1c25WTHJSNTNtVEFjQV9HY2s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAUBAIAATAOMAwDBANPYngD
BAFPYnwwGgQCAAIwFDASAwcFKgANMAEgAwcBKgANMAEkMA0GCSqGSIb3DQEBCwUA
A4IBAQCDrcVy2yl1HFbZ6Y/TS9Lw2cj37VTmQk8+dJF9o47gZOMsZS+My4cv2Yh/
y8CuREXt3U0uzfkJlCPWpIe2vDAJF5JWB5BO/CGtjPwX04xBUbsi3ZD4YbXp5ffs
X/zVggnjZeSX//QMHMNTY2g3RKLF4lcgOqd6RX/nxqK5pK71q+ZkNepsX0H1ApSx
sazC6gO6XrU4bME3olCcCT3W6BHzfC7FsHIiCOIG47SKceWaDKwuIfuZY1GAEN+U
KMvjpans6JiK+pnD8nT9veo2Q4B/OBhD26Lj4h16sNO/ao47XtA6aOr+eYE/q7bQ
zRPoMwk78cRYF7PofWZ81Ym1ETqj
-----END CERTIFICATE-----