Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/UVRim5doF_5t_Z7IcPvsK8jAsVc.roa
File:                     UVRim5doF_5t_Z7IcPvsK8jAsVc.roa (raw, json)
Hash identifier:          yiumJ0vj/jB4fZ45c/wg6Tc6t8emKYV+8NOoX2pmobE=
Subject key identifier:   51:54:62:9B:97:68:17:FE:6D:FD:9E:C8:70:FB:EC:2B:C8:C0:B1:57
Certificate issuer:       /CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
Certificate serial:       018CC94C2AB8DD5D0207C82C8BD319688807
Authority key identifier: D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/UVRim5doF_5t_Z7IcPvsK8jAsVc.roa
Signing time:             Tue 02 Jan 2024 08:31:01 +0000
ROA not before:           Tue 02 Jan 2024 08:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8360
IP address blocks:        193.194.11.0/24 maxlen: 24
                          193.194.10.0/24 maxlen: 24
                          193.194.8.0/23 maxlen: 23
                          194.127.71.0/24 maxlen: 24
                          194.127.68.0/24 maxlen: 24
                          194.127.70.0/24 maxlen: 24
                          194.127.69.0/24 maxlen: 24
                          194.127.72.0/24 maxlen: 24
                          194.127.73.0/24 maxlen: 24
                          194.127.78.0/24 maxlen: 24
                          194.127.75.0/24 maxlen: 24
                          194.127.74.0/24 maxlen: 24
                          194.127.77.0/24 maxlen: 24
                          193.58.218.0/23 maxlen: 23
                          193.58.220.0/23 maxlen: 23
                          193.58.220.0/24 maxlen: 24
                          194.127.30.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 14 Mar 2024 15:31:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:2a:b8:dd:5d:02:07:c8:2c:8b:d3:19:68:88:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
        Validity
            Not Before: Jan  2 08:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5154629b976817fe6dfd9ec870fbec2bc8c0b157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:97:32:82:48:0a:15:57:c5:90:eb:57:ab:1c:
                    19:19:e1:f7:17:8a:45:df:ae:e5:c9:f7:30:62:41:
                    35:0c:f1:d6:b4:b1:5a:c9:f4:39:51:33:82:56:fd:
                    1b:c8:32:19:e3:d9:0b:87:38:5c:ce:7f:b9:ca:cc:
                    3d:b1:78:32:c7:d1:b6:69:a0:a7:2a:11:c5:21:5d:
                    73:8f:13:e2:d5:fa:55:0b:f9:64:16:3b:ef:d2:a1:
                    7a:29:d1:4e:22:54:88:ba:bf:13:ad:e9:11:9c:5f:
                    fc:af:12:90:8d:96:15:b4:af:cc:41:b5:8e:a0:46:
                    da:b9:c4:61:f0:22:36:2a:e5:d3:24:1f:9f:dd:9a:
                    91:65:a2:91:6f:21:a0:50:89:57:bf:ab:73:a1:1f:
                    f7:df:1e:a4:f8:c2:9f:d0:f5:78:22:83:ba:a7:c2:
                    f4:bb:6b:60:d2:b4:cd:3a:3d:57:77:c7:53:5d:d1:
                    dd:59:6e:12:52:6d:0e:f1:9b:be:09:f9:bd:b3:59:
                    19:f8:58:3d:b6:d4:1d:73:6b:c8:fe:06:05:79:61:
                    b6:95:7e:71:eb:ea:81:ee:9f:fb:fb:a1:56:6e:2a:
                    0e:e4:a2:12:81:a8:67:70:92:dd:57:01:e4:90:b6:
                    64:dc:ef:78:de:ca:3e:3c:f9:3a:c2:2f:72:ec:c5:
                    1e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:54:62:9B:97:68:17:FE:6D:FD:9E:C8:70:FB:EC:2B:C8:C0:B1:57
            X509v3 Authority Key Identifier:
                keyid:D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/UVRim5doF_5t_Z7IcPvsK8jAsVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.218.0-193.58.221.255
                  193.194.8.0/22
                  194.127.30.0/24
                  194.127.68.0-194.127.75.255
                  194.127.77.0-194.127.78.255

    Signature Algorithm: sha256WithRSAEncryption
         9f:20:a5:be:b0:77:0b:9b:69:49:30:be:88:42:d6:ac:d7:f6:
         ef:54:2d:76:6f:a9:15:88:ee:bd:e9:21:f7:f0:6e:75:83:ad:
         76:bf:75:0e:9f:51:b2:2d:e7:c7:8b:e3:59:45:d6:d2:f4:7d:
         e9:82:60:8a:ed:0f:b8:f0:3e:8d:4c:75:cf:a6:95:bb:f6:58:
         42:71:11:04:02:70:31:18:6c:c7:a4:05:a9:2a:19:4d:3b:91:
         b8:43:bd:b3:74:3a:3d:21:d9:99:f3:20:7a:25:c4:e0:db:35:
         f1:16:95:2c:8a:40:4b:8f:70:cf:91:d4:ec:18:fc:ba:60:e3:
         c5:11:c1:7a:bf:74:3f:60:9d:70:3f:b4:69:2e:f8:62:21:85:
         81:7a:c2:06:20:2c:f5:b4:78:7a:09:f9:3d:05:52:c9:2f:d0:
         df:bb:d6:5e:12:48:26:bf:87:c3:70:49:e4:19:68:69:c2:d6:
         80:7f:05:8a:fc:38:8f:31:e7:09:3a:64:d3:d4:48:da:77:30:
         71:88:f8:cd:d9:bd:0b:ab:de:41:7d:bd:cb:a7:d3:1e:03:26:
         3b:69:f2:4a:54:da:ed:7c:bc:f8:ac:2f:c6:8f:91:06:1f:9a:
         e7:b7:ae:25:04:fd:58:6f:91:d2:27:0b:e9:f7:07:16:fc:eb:
         00:98:ad:92
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYzJTCq43V0CB8gsi9MZaIgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWRkMWE1MTRkM2E3ZTNkZmRiOGJmYjc1ZDdkMjRlZDk4
ZDQ3OWYwHhcNMjQwMTAyMDgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTU0NjI5Yjk3NjgxN2ZlNmRmZDllYzg3MGZiZWMyYmM4YzBiMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJcygkgKFVfFkOtXqxwZGeH3F4pF
367lyfcwYkE1DPHWtLFayfQ5UTOCVv0byDIZ49kLhzhczn+5ysw9sXgyx9G2aaCn
KhHFIV1zjxPi1fpVC/lkFjvv0qF6KdFOIlSIur8TrekRnF/8rxKQjZYVtK/MQbWO
oEbaucRh8CI2KuXTJB+f3ZqRZaKRbyGgUIlXv6tzoR/33x6k+MKf0PV4IoO6p8L0
u2tg0rTNOj1Xd8dTXdHdWW4SUm0O8Zu+Cfm9s1kZ+Fg9ttQdc2vI/gYFeWG2lX5x
6+qB7p/7+6FWbioO5KISgahncJLdVwHkkLZk3O943so+PPk6wi9y7MUeDwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFFFUYpuXaBf+bf2eyHD77CvIwLFXMB8GA1UdIwQY
MBaAFNMd0aUU06fj39uL+3XX0k7ZjUefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjIt
YjE2NmFlMmVmMjg3LzEvVVZSaW01ZG9GXzV0X1o3SWNQdnNLOGpBc1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjItYjE2NmFlMmVmMjg3
LzEvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2MAwDBAHBOtoD
BAHBOtwDBALBwggDBADCfx4wDAMEAsJ/RAMEAsJ/SDAMAwQAwn9NAwQAwn9OMA0G
CSqGSIb3DQEBCwUAA4IBAQCfIKW+sHcLm2lJML6IQtas1/bvVC12b6kViO696SH3
8G51g612v3UOn1GyLefHi+NZRdbS9H3pgmCK7Q+48D6NTHXPppW79lhCcREEAnAx
GGzHpAWpKhlNO5G4Q72zdDo9IdmZ8yB6JcTg2zXxFpUsikBLj3DPkdTsGPy6YOPF
EcF6v3Q/YJ1wP7RpLvhiIYWBesIGICz1tHh6Cfk9BVLJL9Dfu9ZeEkgmv4fDcEnk
GWhpwtaAfwWK/DiPMecJOmTT1EjadzBxiPjN2b0Lq95Bfb3Lp9MeAyY7afJKVNrt
fLz4rC/Gj5EGH5rnt64lBP1Yb5HSJwvp9wcW/OsAmK2S
-----END CERTIFICATE-----