Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/ca34eb-8e20-4bf1-b1b2-5872109b67a8/1/Ra5LDx8ppGyqXUvQROvnB8fbwC8.roa
File:                     Ra5LDx8ppGyqXUvQROvnB8fbwC8.roa (raw, json)
Hash identifier:          1ZgPmz0gqtsUdNE8fjJpO1h1OXX1dB+Zc0kXSC5hP0c=
Subject key identifier:   45:AE:4B:0F:1F:29:A4:6C:AA:5D:4B:D0:44:EB:E7:07:C7:DB:C0:2F
Certificate issuer:       /CN=e5a6794b91b81406412a137870bfde3b170de094
Certificate serial:       018F583061A4890505267346FC5B3BFC8F63
Authority key identifier: E5:A6:79:4B:91:B8:14:06:41:2A:13:78:70:BF:DE:3B:17:0D:E0:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5aZ5S5G4FAZBKhN4cL_eOxcN4JQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/ca34eb-8e20-4bf1-b1b2-5872109b67a8/1/Ra5LDx8ppGyqXUvQROvnB8fbwC8.roa
Signing time:             Wed 08 May 2024 12:31:56 +0000
ROA not before:           Wed 08 May 2024 12:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199335
IP address blocks:        80.94.192.0/20 maxlen: 20
                          85.92.160.0/22 maxlen: 22
                          85.92.164.0/22 maxlen: 22
                          85.92.168.0/22 maxlen: 22
                          85.92.172.0/22 maxlen: 22
                          85.92.176.0/22 maxlen: 22
                          85.92.180.0/22 maxlen: 22
                          85.92.184.0/22 maxlen: 22
                          85.92.188.0/22 maxlen: 22
                          176.126.224.0/21 maxlen: 21
                          185.5.64.0/22 maxlen: 22
                          185.99.21.0/24 maxlen: 24
                          185.113.60.0/22 maxlen: 22
                          188.241.40.0/21 maxlen: 21
                          2a02:77c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 19:48:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:58:30:61:a4:89:05:05:26:73:46:fc:5b:3b:fc:8f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5a6794b91b81406412a137870bfde3b170de094
        Validity
            Not Before: May  8 12:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45ae4b0f1f29a46caa5d4bd044ebe707c7dbc02f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:cf:3a:16:31:2b:8c:ce:cf:bd:a6:d3:7b:98:
                    cc:7b:37:92:5c:c1:39:a5:24:81:47:eb:3c:66:55:
                    25:00:18:29:14:aa:75:c2:c8:27:63:bc:44:9f:ef:
                    60:06:b7:95:35:7e:79:cb:aa:90:cd:d3:46:96:8d:
                    7e:9e:ad:6c:1f:f2:62:c7:d9:d9:38:85:ae:73:c8:
                    40:19:f1:4a:e8:8b:3b:d0:c7:a4:0e:89:a1:f0:2f:
                    f0:36:c8:af:a7:c7:57:c8:a8:78:d5:9f:a5:9f:bb:
                    8c:81:79:81:65:fc:df:ae:53:90:6b:92:2b:ef:91:
                    d6:df:30:c8:46:2e:23:ba:fd:4a:12:42:3b:b0:d3:
                    90:5a:ff:e9:cf:d5:b0:34:0a:66:94:7b:09:2e:07:
                    52:a0:4e:5c:98:a4:58:25:02:1f:40:ea:9d:95:ad:
                    f1:96:32:c8:b8:1c:cd:61:75:df:7d:56:69:3a:37:
                    4a:91:fd:36:f9:bf:1c:a9:c1:0b:0f:48:95:0b:89:
                    3e:24:9b:09:2e:b1:78:ce:72:b3:24:f2:95:f6:58:
                    4a:a5:76:f3:56:23:e7:75:a3:d1:88:8f:60:60:f3:
                    3b:3e:e0:e9:7b:b3:3c:59:1b:06:2f:1d:c2:90:93:
                    b7:f1:52:be:b5:8f:1a:fc:69:57:c0:db:19:76:3a:
                    bd:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:AE:4B:0F:1F:29:A4:6C:AA:5D:4B:D0:44:EB:E7:07:C7:DB:C0:2F
            X509v3 Authority Key Identifier:
                keyid:E5:A6:79:4B:91:B8:14:06:41:2A:13:78:70:BF:DE:3B:17:0D:E0:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5aZ5S5G4FAZBKhN4cL_eOxcN4JQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ca34eb-8e20-4bf1-b1b2-5872109b67a8/1/Ra5LDx8ppGyqXUvQROvnB8fbwC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ca34eb-8e20-4bf1-b1b2-5872109b67a8/1/5aZ5S5G4FAZBKhN4cL_eOxcN4JQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.94.192.0/20
                  85.92.160.0/19
                  176.126.224.0/21
                  185.5.64.0/22
                  185.99.21.0/24
                  185.113.60.0/22
                  188.241.40.0/21
                IPv6:
                  2a02:77c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:70:af:7a:08:3d:fe:da:aa:9f:9e:55:46:73:bc:77:86:59:
         2e:c9:8d:ab:70:51:1c:48:14:7e:e5:e1:be:83:a9:ed:b9:7e:
         be:b5:32:a1:cb:e1:dc:c7:3c:1d:d2:9e:d0:83:5a:ac:cc:2f:
         bc:3a:01:5d:f9:1b:8a:c9:ea:15:7f:2b:fe:c4:22:56:cd:cc:
         60:73:80:d0:52:45:92:2e:74:a7:0c:b0:ed:c5:25:b8:6a:70:
         23:db:7c:5e:90:b5:d7:a4:c5:8e:1c:d3:1f:0c:22:91:69:ca:
         07:14:6a:af:b6:f5:9e:34:63:56:d9:5b:bb:8e:ed:c7:0c:fa:
         a3:5b:f6:ac:96:ed:df:46:e8:af:30:07:30:41:70:4f:65:08:
         0f:16:81:01:2b:c5:04:4f:2a:86:1f:be:8a:29:9e:0e:10:37:
         30:95:f0:01:fc:76:a2:2c:c3:fa:a7:ee:42:ab:c7:e1:d9:55:
         5b:9e:38:e1:33:9e:a5:cf:c5:43:3a:7d:b9:3f:ca:25:f1:bd:
         a2:1f:de:1c:cc:3a:5f:ec:93:f8:6d:86:04:d5:3c:3d:35:f0:
         3b:21:18:ab:4a:fa:f9:0b:b8:18:e7:32:84:13:d2:39:8e:aa:
         ca:82:79:d5:f7:a9:09:e4:02:d0:45:0b:f0:b9:b7:2c:c5:84:
         84:c7:63:a6
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAY9YMGGkiQUFJnNG/Fs7/I9jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTY3OTRiOTFiODE0MDY0MTJhMTM3ODcwYmZkZTNiMTcw
ZGUwOTQwHhcNMjQwNTA4MTIzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWFlNGIwZjFmMjlhNDZjYWE1ZDRiZDA0NGViZTcwN2M3ZGJjMDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm886FjErjM7PvabTe5jMezeSXME5
pSSBR+s8ZlUlABgpFKp1wsgnY7xEn+9gBreVNX55y6qQzdNGlo1+nq1sH/Jix9nZ
OIWuc8hAGfFK6Is70MekDomh8C/wNsivp8dXyKh41Z+ln7uMgXmBZfzfrlOQa5Ir
75HW3zDIRi4juv1KEkI7sNOQWv/pz9WwNApmlHsJLgdSoE5cmKRYJQIfQOqdla3x
ljLIuBzNYXXffVZpOjdKkf02+b8cqcELD0iVC4k+JJsJLrF4znKzJPKV9lhKpXbz
ViPndaPRiI9gYPM7PuDpe7M8WRsGLx3CkJO38VK+tY8a/GlXwNsZdjq99wIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFEWuSw8fKaRsql1L0ETr5wfH28AvMB8GA1UdIwQY
MBaAFOWmeUuRuBQGQSoTeHC/3jsXDeCUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFaNVM1RzRGQVpCS2hONGNMX2VPeGNONEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9jYTM0ZWItOGUyMC00YmYxLWIxYjIt
NTg3MjEwOWI2N2E4LzEvUmE1TER4OHBwR3lxWFV2UVJPdm5COGZid0M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9jYTM0ZWItOGUyMC00YmYxLWIxYjItNTg3MjEwOWI2N2E4
LzEvNWFaNVM1RzRGQVpCS2hONGNMX2VPeGNONEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEUF7AAwQF
VVygAwQDsH7gAwQCuQVAAwQAuWMVAwQCuXE8AwQDvPEoMA0EAgACMAcDBQAqAnfA
MA0GCSqGSIb3DQEBCwUAA4IBAQB6cK96CD3+2qqfnlVGc7x3hlkuyY2rcFEcSBR+
5eG+g6ntuX6+tTKhy+Hcxzwd0p7Qg1qszC+8OgFd+RuKyeoVfyv+xCJWzcxgc4DQ
UkWSLnSnDLDtxSW4anAj23xekLXXpMWOHNMfDCKRacoHFGqvtvWeNGNW2Vu7ju3H
DPqjW/aslu3fRuivMAcwQXBPZQgPFoEBK8UETyqGH76KKZ4OEDcwlfAB/HaiLMP6
p+5Cq8fh2VVbnjjhM56lz8VDOn25P8ol8b2iH94czDpf7JP4bYYE1Tw9NfA7IRir
Svr5C7gY5zKEE9I5jqrKgnnV96kJ5ALQRQvwubcsxYSEx2Om
-----END CERTIFICATE-----