Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/b19369-58c4-4f93-911e-a84adf49e787/1/MiRV2fneaAsgWO93ghkDeF5LByk.roa
File:                     MiRV2fneaAsgWO93ghkDeF5LByk.roa (raw, json)
Hash identifier:          OgdNHTB3nlZB9EzTDP/ffpWvM2x+X2R2HJr9+Sy1/9Q=
Subject key identifier:   32:24:55:D9:F9:DE:68:0B:20:58:EF:77:82:19:03:78:5E:4B:07:29
Certificate issuer:       /CN=73b760b99de4b40d0e7b4bd6582aa04ca780a6b2
Certificate serial:       018FDDAB14FAFC002F8461FE42C530C9745F
Authority key identifier: 73:B7:60:B9:9D:E4:B4:0D:0E:7B:4B:D6:58:2A:A0:4C:A7:80:A6:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c7dguZ3ktA0Oe0vWWCqgTKeAprI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/b19369-58c4-4f93-911e-a84adf49e787/1/MiRV2fneaAsgWO93ghkDeF5LByk.roa
Signing time:             Mon 03 Jun 2024 10:35:27 +0000
ROA not before:           Mon 03 Jun 2024 10:35:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49824
IP address blocks:        45.87.89.0/24 maxlen: 24
                          45.87.90.0/24 maxlen: 24
                          45.87.91.0/24 maxlen: 24
                          2a10:2f40:1::/48 maxlen: 48
                          2a10:2f40:2::/48 maxlen: 48
                          2a10:2f40:9::/48 maxlen: 48
                          2a10:2f40:a::/48 maxlen: 48
                          2a10:2f40:b::/48 maxlen: 48
                          2a10:2f40:c::/48 maxlen: 48
                          2a10:2f40:d::/48 maxlen: 48
                          2a10:2f40:1a::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 04 Jun 2024 08:07:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:ab:14:fa:fc:00:2f:84:61:fe:42:c5:30:c9:74:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73b760b99de4b40d0e7b4bd6582aa04ca780a6b2
        Validity
            Not Before: Jun  3 10:35:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=322455d9f9de680b2058ef77821903785e4b0729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:71:5c:3d:ee:0f:f9:5c:b1:e8:96:19:bf:6c:
                    7c:0f:58:58:98:ca:a8:0c:16:a1:16:6c:31:8f:5e:
                    88:23:50:87:4b:34:e5:ea:6a:fd:6b:1a:7d:9f:a8:
                    63:b4:31:9f:9a:43:1e:70:03:49:de:d2:ba:b6:c7:
                    3e:6b:ab:45:25:0c:be:f1:25:83:84:c9:9c:27:3b:
                    73:69:cf:8a:f9:bb:20:05:46:0a:0e:eb:07:50:7a:
                    2b:e5:6b:84:46:0a:d6:58:30:66:96:d1:fa:a8:dc:
                    59:c9:5b:02:e0:98:24:fe:96:a0:e3:da:9d:09:3a:
                    92:d5:3d:fa:d3:1e:0e:b5:d0:4e:23:91:de:d7:fc:
                    09:a6:ba:98:b4:75:4f:0e:76:ea:c8:ae:d8:43:31:
                    b7:f9:15:e2:b3:4c:f0:66:bd:c1:96:81:6d:1e:dc:
                    eb:ed:f0:73:cd:f5:89:60:92:d8:3e:e1:0f:06:9f:
                    e2:bc:0c:4c:c2:5d:93:85:3d:87:81:b8:55:98:4a:
                    63:c0:a8:13:d8:d6:cc:5d:be:98:28:3b:ae:f1:29:
                    15:fe:5d:88:ff:ec:38:ef:e5:32:30:63:6c:be:98:
                    b3:00:9c:5c:41:ee:eb:f1:a0:a3:81:4f:27:a7:5b:
                    df:50:47:e2:e7:62:94:08:50:59:8f:5d:75:1a:3d:
                    cb:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:24:55:D9:F9:DE:68:0B:20:58:EF:77:82:19:03:78:5E:4B:07:29
            X509v3 Authority Key Identifier:
                keyid:73:B7:60:B9:9D:E4:B4:0D:0E:7B:4B:D6:58:2A:A0:4C:A7:80:A6:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7dguZ3ktA0Oe0vWWCqgTKeAprI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/b19369-58c4-4f93-911e-a84adf49e787/1/MiRV2fneaAsgWO93ghkDeF5LByk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/b19369-58c4-4f93-911e-a84adf49e787/1/c7dguZ3ktA0Oe0vWWCqgTKeAprI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.89.0-45.87.91.255
                IPv6:
                  2a10:2f40:1::-2a10:2f40:2:ffff:ffff:ffff:ffff:ffff
                  2a10:2f40:9::-2a10:2f40:d:ffff:ffff:ffff:ffff:ffff
                  2a10:2f40:1a::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:c3:45:d9:67:ed:9c:c0:48:fa:50:f6:d6:5d:de:96:41:a8:
         64:b5:58:5d:12:b5:fc:c2:44:cd:ca:fe:02:da:95:4c:3a:b8:
         ce:49:59:0d:3e:60:55:b9:d3:a7:88:3b:c6:0b:43:ba:c7:7b:
         27:b6:48:82:e5:3d:06:01:af:2e:1e:42:e2:c7:6b:fb:15:b4:
         5e:cc:dd:71:be:93:4b:25:c5:c6:88:94:7e:8c:85:e6:73:0d:
         07:4f:c9:16:b9:d1:25:ad:3e:be:89:37:8a:ae:02:4a:17:68:
         1f:8c:1c:7a:c6:ba:87:fe:7e:2b:69:46:27:48:0d:12:e5:b4:
         98:6c:56:1a:0b:f2:cb:5d:a5:a1:fe:d4:8a:05:de:4b:8f:9b:
         0a:f2:32:27:e7:e0:c5:fb:12:f7:98:75:66:32:36:9b:e6:16:
         68:15:b6:ba:23:29:44:4d:06:1c:ad:55:7b:ca:87:b9:e2:83:
         79:e1:99:6a:6b:e0:eb:c7:fc:e5:97:20:e4:86:4b:bf:d0:0b:
         2e:0d:fd:4d:5b:e1:80:64:14:eb:00:d9:f2:02:7b:6c:3b:d7:
         f3:1a:f6:31:a7:0b:c9:96:3e:1b:46:3f:ea:67:dc:9a:b5:76:
         ec:10:2b:e9:fd:d9:09:3e:d2:d1:07:0c:9f:a8:28:0b:c2:4c:
         d4:a3:6e:90
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAY/dqxT6/AAvhGH+QsUwyXRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYjc2MGI5OWRlNGI0MGQwZTdiNGJkNjU4MmFhMDRjYTc4
MGE2YjIwHhcNMjQwNjAzMTAzNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjI0NTVkOWY5ZGU2ODBiMjA1OGVmNzc4MjE5MDM3ODVlNGIwNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHFcPe4P+Vyx6JYZv2x8D1hYmMqo
DBahFmwxj16II1CHSzTl6mr9axp9n6hjtDGfmkMecANJ3tK6tsc+a6tFJQy+8SWD
hMmcJztzac+K+bsgBUYKDusHUHor5WuERgrWWDBmltH6qNxZyVsC4Jgk/pag49qd
CTqS1T360x4OtdBOI5He1/wJprqYtHVPDnbqyK7YQzG3+RXis0zwZr3BloFtHtzr
7fBzzfWJYJLYPuEPBp/ivAxMwl2ThT2HgbhVmEpjwKgT2NbMXb6YKDuu8SkV/l2I
/+w47+UyMGNsvpizAJxcQe7r8aCjgU8np1vfUEfi52KUCFBZj111Gj3LfQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDIkVdn53mgLIFjvd4IZA3heSwcpMB8GA1UdIwQY
MBaAFHO3YLmd5LQNDntL1lgqoEyngKayMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzdkZ3VaM2t0QTBPZTB2V1dDcWdUS2VBcHJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iMTkzNjktNThjNC00ZjkzLTkxMWUt
YTg0YWRmNDllNzg3LzEvTWlSVjJmbmVhQXNnV085M2doa0RlRjVMQnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iMTkzNjktNThjNC00ZjkzLTkxMWUtYTg0YWRmNDllNzg3
LzEvYzdkZ3VaM2t0QTBPZTB2V1dDcWdUS2VBcHJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAUBAIAATAOMAwDBAAtV1kD
BAItV1gwNwQCAAIwMTASAwcAKhAvQAABAwcAKhAvQAACMBIDBwAqEC9AAAkDBwEq
EC9AAAwDBwAqEC9AABowDQYJKoZIhvcNAQELBQADggEBABLDRdln7ZzASPpQ9tZd
3pZBqGS1WF0StfzCRM3K/gLalUw6uM5JWQ0+YFW506eIO8YLQ7rHeye2SILlPQYB
ry4eQuLHa/sVtF7M3XG+k0slxcaIlH6MheZzDQdPyRa50SWtPr6JN4quAkoXaB+M
HHrGuof+fitpRidIDRLltJhsVhoL8stdpaH+1IoF3kuPmwryMifn4MX7EveYdWYy
NpvmFmgVtrojKURNBhytVXvKh7nig3nhmWpr4OvH/OWXIOSGS7/QCy4N/U1b4YBk
FOsA2fICe2w71/Ma9jGnC8mWPhtGP+pn3Jq1duwQK+n92Qk+0tEHDJ+oKAvCTNSj
bpA=
-----END CERTIFICATE-----