Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/9822bc-1593-498c-8f6a-703b6b70a7ec/1/o0DkuDVEJ6farJjxxJLgtaLachE.roa
File:                     o0DkuDVEJ6farJjxxJLgtaLachE.roa (raw, json)
Hash identifier:          1M9Es4gAIJBSjmcd8G0rXrtTgxqbqJq6aRFXBnSx3lQ=
Subject key identifier:   A3:40:E4:B8:35:44:27:A7:DA:AC:98:F1:C4:92:E0:B5:A2:DA:72:11
Certificate issuer:       /CN=92af03ca2df6423b77d0ef3737b0f4791aa035a3
Certificate serial:       019367A72EB5C8B97D87B92E76615B610CDD
Authority key identifier: 92:AF:03:CA:2D:F6:42:3B:77:D0:EF:37:37:B0:F4:79:1A:A0:35:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kq8Dyi32Qjt30O83N7D0eRqgNaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/9822bc-1593-498c-8f6a-703b6b70a7ec/1/o0DkuDVEJ6farJjxxJLgtaLachE.roa
Signing time:             Tue 26 Nov 2024 08:47:09 +0000
ROA not before:           Tue 26 Nov 2024 08:47:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42156
IP address blocks:        45.83.172.0/22 maxlen: 22
                          45.83.172.0/23 maxlen: 23
                          45.83.175.0/24 maxlen: 24
                          45.143.60.0/24 maxlen: 24
                          45.143.61.0/24 maxlen: 24
                          45.143.62.0/23 maxlen: 23
                          69.48.159.0/24 maxlen: 24
                          185.161.188.0/24 maxlen: 24
                          185.251.180.0/24 maxlen: 24
                          2a0e:8480::/29 maxlen: 29
                          2a0e:e2c0::/29 maxlen: 29
                          2a0e:e2c1::/32 maxlen: 32
                          2a0e:e2c2::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 27 Nov 2024 09:14:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:67:a7:2e:b5:c8:b9:7d:87:b9:2e:76:61:5b:61:0c:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92af03ca2df6423b77d0ef3737b0f4791aa035a3
        Validity
            Not Before: Nov 26 08:47:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a340e4b8354427a7daac98f1c492e0b5a2da7211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ec:79:37:d7:fa:5e:72:31:ba:38:cb:d2:e9:
                    49:5a:cf:10:8d:44:9c:36:75:a5:84:41:07:15:3e:
                    5f:25:23:02:cf:1f:4e:1d:4e:fe:1f:ed:de:5f:3f:
                    8d:8d:80:74:e8:14:f4:5e:9d:7b:dc:13:b0:8c:bc:
                    d6:4e:ea:af:39:f6:28:cc:90:13:58:a5:c7:f3:89:
                    12:d9:36:c3:f2:52:3f:ca:da:34:0a:60:be:55:bc:
                    28:c8:70:25:13:b6:c4:b7:e8:9a:b5:92:8a:34:67:
                    02:f2:cf:cc:ca:2e:63:53:63:6e:e2:87:78:02:c2:
                    6d:1c:95:88:c8:39:6c:68:73:ba:d3:56:0e:6e:cd:
                    45:04:68:0f:8a:cb:05:12:58:e6:00:1b:13:d4:f0:
                    e1:93:52:c4:bc:fe:da:ca:07:11:02:bb:63:37:48:
                    0a:1c:cb:53:f4:39:b8:f3:7b:ff:d4:eb:06:2e:df:
                    d3:a9:b5:e5:21:57:5d:aa:73:ae:4d:d5:ef:73:17:
                    e1:f3:7e:91:ad:3d:a0:24:9b:5c:34:44:bd:e6:7b:
                    df:02:90:71:cc:df:f0:72:cb:eb:8f:c9:c2:70:37:
                    07:87:c2:e8:1f:ac:9c:a2:16:83:b7:fa:50:2b:b1:
                    6e:75:2a:2b:c5:10:83:85:22:73:dc:a3:0f:e2:db:
                    ac:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:40:E4:B8:35:44:27:A7:DA:AC:98:F1:C4:92:E0:B5:A2:DA:72:11
            X509v3 Authority Key Identifier:
                keyid:92:AF:03:CA:2D:F6:42:3B:77:D0:EF:37:37:B0:F4:79:1A:A0:35:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kq8Dyi32Qjt30O83N7D0eRqgNaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/9822bc-1593-498c-8f6a-703b6b70a7ec/1/o0DkuDVEJ6farJjxxJLgtaLachE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/9822bc-1593-498c-8f6a-703b6b70a7ec/1/kq8Dyi32Qjt30O83N7D0eRqgNaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.172.0/22
                  45.143.60.0/22
                  69.48.159.0/24
                  185.161.188.0/24
                  185.251.180.0/24
                IPv6:
                  2a0e:8480::/29
                  2a0e:e2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:ca:1e:0c:0b:13:8e:b5:de:06:96:e0:b6:2e:ed:5b:66:3e:
         8a:20:e2:a0:99:26:85:3a:2d:19:12:7f:1d:0d:6e:05:d4:50:
         9c:8a:a9:69:33:05:5e:a0:43:d9:91:36:18:d6:2a:d3:ae:e0:
         9e:f0:57:cc:68:78:8c:ae:91:c7:00:b8:24:eb:85:0e:ef:43:
         1d:d1:aa:c5:2f:a5:bc:a3:7b:bc:7c:3f:26:03:ab:90:94:0f:
         e7:c3:7d:ba:e9:1c:19:6b:a4:58:4a:a1:a5:16:a4:46:32:6f:
         3e:82:d6:40:f8:18:d9:6a:a7:2a:99:3a:70:ad:d0:a0:66:78:
         ac:fd:8f:5f:0e:e3:c1:fb:a1:4f:e4:1e:f0:b5:94:12:b6:d6:
         1d:09:5d:42:f9:42:eb:bc:16:32:1b:7f:f6:54:a7:3c:2c:0f:
         ec:90:33:9c:40:33:a8:72:4a:22:1d:5a:8c:97:f7:22:b3:ef:
         cc:28:37:42:67:b4:78:88:95:b0:f7:20:16:38:14:f8:a1:79:
         ab:82:1b:3e:53:f9:ba:2e:88:af:29:07:dd:34:be:9d:1b:9b:
         49:b6:7c:44:ec:e6:65:01:a2:39:67:4b:17:d6:49:6a:03:75:
         1b:9a:f7:e7:24:24:35:87:90:f9:e1:90:62:9a:19:ce:05:33:
         4c:08:ee:3d
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZNnpy61yLl9h7kudmFbYQzdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYWYwM2NhMmRmNjQyM2I3N2QwZWYzNzM3YjBmNDc5MWFh
MDM1YTMwHhcNMjQxMTI2MDg0NzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzQwZTRiODM1NDQyN2E3ZGFhYzk4ZjFjNDkyZTBiNWEyZGE3MjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ux5N9f6XnIxujjL0ulJWs8QjUSc
NnWlhEEHFT5fJSMCzx9OHU7+H+3eXz+NjYB06BT0Xp173BOwjLzWTuqvOfYozJAT
WKXH84kS2TbD8lI/yto0CmC+VbwoyHAlE7bEt+iatZKKNGcC8s/Myi5jU2Nu4od4
AsJtHJWIyDlsaHO601YObs1FBGgPissFEljmABsT1PDhk1LEvP7aygcRArtjN0gK
HMtT9Dm483v/1OsGLt/TqbXlIVddqnOuTdXvcxfh836RrT2gJJtcNES95nvfApBx
zN/wcsvrj8nCcDcHh8LoH6ycohaDt/pQK7FudSorxRCDhSJz3KMP4tusiwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFKNA5Lg1RCen2qyY8cSS4LWi2nIRMB8GA1UdIwQY
MBaAFJKvA8ot9kI7d9DvNzew9HkaoDWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3E4RHlpMzJRanQzME84M043RDBlUnFnTmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS85ODIyYmMtMTU5My00OThjLThmNmEt
NzAzYjZiNzBhN2VjLzEvbzBEa3VEVkVKNmZhckpqeHhKTGd0YUxhY2hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS85ODIyYmMtMTU5My00OThjLThmNmEtNzAzYjZiNzBhN2Vj
LzEva3E4RHlpMzJRanQzME84M043RDBlUnFnTmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQCLVOsAwQC
LY88AwQARTCfAwQAuaG8AwQAufu0MBQEAgACMA4DBQMqDoSAAwUDKg7iwDANBgkq
hkiG9w0BAQsFAAOCAQEAR8oeDAsTjrXeBpbgti7tW2Y+iiDioJkmhTotGRJ/HQ1u
BdRQnIqpaTMFXqBD2ZE2GNYq067gnvBXzGh4jK6RxwC4JOuFDu9DHdGqxS+lvKN7
vHw/JgOrkJQP58N9uukcGWukWEqhpRakRjJvPoLWQPgY2WqnKpk6cK3QoGZ4rP2P
Xw7jwfuhT+Qe8LWUErbWHQldQvlC67wWMht/9lSnPCwP7JAznEAzqHJKIh1ajJf3
IrPvzCg3Qme0eIiVsPcgFjgU+KF5q4IbPlP5ui6IrykH3TS+nRubSbZ8ROzmZQGi
OWdLF9ZJagN1G5r35yQkNYeQ+eGQYpoZzgUzTAjuPQ==
-----END CERTIFICATE-----