Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/7t90fygWdxshFyf5ixgYNkNLDdw.roa
File:                     7t90fygWdxshFyf5ixgYNkNLDdw.roa (raw, json)
Hash identifier:          me74vVkWM1PjYkKNEp4kWFkG+U63DOLZlbtPXwXnNtw=
Subject key identifier:   EE:DF:74:7F:28:16:77:1B:21:17:27:F9:8B:18:18:36:43:4B:0D:DC
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018D633D459F8CBF33B3E8F54753A910B752
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/7t90fygWdxshFyf5ixgYNkNLDdw.roa
Signing time:             Thu 01 Feb 2024 05:56:16 +0000
ROA not before:           Thu 01 Feb 2024 05:56:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15723
IP address blocks:        46.23.110.0/24 maxlen: 24
                          62.217.129.0/24 maxlen: 24
                          62.217.131.0/24 maxlen: 24
                          62.217.134.0/24 maxlen: 24
                          62.217.138.0/24 maxlen: 24
                          62.217.141.0/24 maxlen: 24
                          62.217.142.0/24 maxlen: 24
                          62.217.146.0/24 maxlen: 24
                          62.217.147.0/24 maxlen: 24
                          62.217.148.0/24 maxlen: 24
                          62.217.149.0/24 maxlen: 24
                          62.217.151.0/24 maxlen: 24
                          62.217.156.0/24 maxlen: 24
                          62.217.157.0/24 maxlen: 24
                          62.217.158.0/24 maxlen: 24
                          62.217.159.0/24 maxlen: 24
                          164.215.97.0/24 maxlen: 24
                          188.64.8.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Wed 14 Feb 2024 06:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:63:3d:45:9f:8c:bf:33:b3:e8:f5:47:53:a9:10:b7:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Feb  1 05:56:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eedf747f2816771b211727f98b181836434b0ddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c4:9a:4d:0c:13:cb:35:e4:20:13:2e:02:4c:
                    58:13:f9:92:48:28:a4:a8:f8:5c:ad:1c:df:2c:95:
                    3e:fb:5e:52:f1:ff:1d:52:65:43:61:8a:7f:39:1d:
                    31:07:df:48:8e:e1:04:63:5f:8c:69:98:b3:9a:e3:
                    f8:a2:fd:31:3c:b6:67:fb:9c:ed:b6:a3:3d:da:89:
                    a0:78:63:93:70:cd:6e:b7:1d:c3:c9:c7:7c:68:34:
                    66:de:99:4f:b7:d1:68:cf:8d:c9:5b:ba:10:e1:32:
                    83:db:56:ca:b7:a8:ee:37:a1:c9:af:5c:26:8e:ef:
                    9e:52:56:3f:f8:18:c7:99:6b:74:e1:ea:fa:5f:28:
                    1a:44:b7:45:79:26:fb:1e:44:ad:0c:3b:16:3b:fb:
                    e8:11:c5:d5:72:ba:fe:0b:16:68:6e:fd:4a:a0:c3:
                    3d:6e:2f:16:21:2f:09:4e:eb:ee:cc:30:1c:b4:99:
                    d5:93:d8:b0:d5:18:06:d6:28:9a:de:36:26:71:73:
                    84:86:f4:44:59:bd:1c:79:3b:55:f9:af:a3:7d:6e:
                    79:22:90:5e:b9:8c:cc:74:36:7c:93:ee:fe:fa:ad:
                    0e:18:15:93:af:a9:bc:4f:b9:26:d2:a9:39:e0:1e:
                    ca:98:f7:0f:b3:81:49:b8:41:ec:ee:6a:58:11:30:
                    1a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:DF:74:7F:28:16:77:1B:21:17:27:F9:8B:18:18:36:43:4B:0D:DC
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/7t90fygWdxshFyf5ixgYNkNLDdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.23.110.0/24
                  62.217.129.0/24
                  62.217.131.0/24
                  62.217.134.0/24
                  62.217.138.0/24
                  62.217.141.0-62.217.142.255
                  62.217.146.0-62.217.149.255
                  62.217.151.0/24
                  62.217.156.0/22
                  164.215.97.0/24
                  188.64.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d0:af:d4:b2:bf:02:b3:d4:f6:88:38:90:f2:e2:79:bd:6d:4e:
         0f:2e:60:8a:90:10:32:4a:1a:5e:ec:5b:ab:64:90:f3:c7:ee:
         b8:6f:7e:49:fe:17:9b:c3:dc:9b:6b:f2:6e:92:fd:42:93:76:
         a6:a8:68:02:15:44:b5:d0:01:15:00:13:02:24:17:c6:f7:2d:
         d5:96:05:5e:20:12:84:e8:3c:ed:d2:c1:8c:5f:53:b0:53:ac:
         44:cf:7b:1a:17:14:3f:9a:7f:8c:ef:8d:23:11:c0:c0:9a:2e:
         6c:48:ee:09:56:65:fa:c2:05:a1:c1:34:ac:b3:09:d1:ce:ff:
         d6:04:65:7d:a4:43:82:47:8c:bc:f6:df:e3:d4:03:45:b5:48:
         27:8a:10:a2:ba:57:23:13:1f:29:a8:93:5f:0f:24:71:0d:c5:
         86:cf:d1:7f:b4:3c:44:c0:0a:f7:63:c6:a6:81:be:a2:c0:09:
         93:4f:72:60:6c:b9:c9:78:4b:d7:79:69:18:1b:5a:50:e5:a9:
         b9:41:16:ba:28:2d:17:09:48:be:a2:cc:88:be:6e:da:16:c8:
         f2:49:ff:24:83:f3:ce:a0:c1:2d:1f:85:8a:ff:4a:c0:35:4e:
         94:18:5f:68:1b:90:bc:ac:19:2d:70:96:2a:fa:28:92:43:05:
         07:e6:44:ce
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAY1jPUWfjL8zs+j1R1OpELdSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMjAxMDU1NjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWRmNzQ3ZjI4MTY3NzFiMjExNzI3Zjk4YjE4MTgzNjQzNGIwZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsSaTQwTyzXkIBMuAkxYE/mSSCik
qPhcrRzfLJU++15S8f8dUmVDYYp/OR0xB99IjuEEY1+MaZizmuP4ov0xPLZn+5zt
tqM92omgeGOTcM1utx3Dycd8aDRm3plPt9Foz43JW7oQ4TKD21bKt6juN6HJr1wm
ju+eUlY/+BjHmWt04er6XygaRLdFeSb7HkStDDsWO/voEcXVcrr+CxZobv1KoMM9
bi8WIS8JTuvuzDActJnVk9iw1RgG1iia3jYmcXOEhvREWb0ceTtV+a+jfW55IpBe
uYzMdDZ8k+7++q0OGBWTr6m8T7km0qk54B7KmPcPs4FJuEHs7mpYETAarQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFO7fdH8oFncbIRcn+YsYGDZDSw3cMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvN3Q5MGZ5Z1dkeHNoRnlmNWl4Z1lOa05MRGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQALhduAwQA
PtmBAwQAPtmDAwQAPtmGAwQAPtmKMAwDBAA+2Y0DBAA+2Y4wDAMEAT7ZkgMEAT7Z
lAMEAD7ZlwMEAj7ZnAMEAKTXYQMEArxACDANBgkqhkiG9w0BAQsFAAOCAQEA0K/U
sr8Cs9T2iDiQ8uJ5vW1ODy5gipAQMkoaXuxbq2SQ88fuuG9+Sf4Xm8Pcm2vybpL9
QpN2pqhoAhVEtdABFQATAiQXxvct1ZYFXiAShOg87dLBjF9TsFOsRM97GhcUP5p/
jO+NIxHAwJoubEjuCVZl+sIFocE0rLMJ0c7/1gRlfaRDgkeMvPbf49QDRbVIJ4oQ
orpXIxMfKaiTXw8kcQ3Fhs/Rf7Q8RMAK92PGpoG+osAJk09yYGy5yXhL13lpGBta
UOWpuUEWuigtFwlIvqLMiL5u2hbI8kn/JIPzzqDBLR+Fiv9KwDVOlBhfaBuQvKwZ
LXCWKvookkMFB+ZEzg==
-----END CERTIFICATE-----