Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/a1c6ec-c260-4ca2-887b-4bb94cbc2e73/1/PF1SU67JNi_KOeb-JVggkp9ZOM0.roa
File:                     PF1SU67JNi_KOeb-JVggkp9ZOM0.roa (raw, json)
Hash identifier:          yvb1vCaix7Lr8LgIPZeE4HutJ2sEc1Dxu+/wzQVOc4o=
Subject key identifier:   3C:5D:52:53:AE:C9:36:2F:CA:39:E6:FE:25:58:20:92:9F:59:38:CD
Certificate issuer:       /CN=5b6d178f13851306b5634df159716319f4d82478
Certificate serial:       0192DEEBB1D818FE02B034C967E07EFC4F99
Authority key identifier: 5B:6D:17:8F:13:85:13:06:B5:63:4D:F1:59:71:63:19:F4:D8:24:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W20XjxOFEwa1Y03xWXFjGfTYJHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/a1c6ec-c260-4ca2-887b-4bb94cbc2e73/1/PF1SU67JNi_KOeb-JVggkp9ZOM0.roa
Signing time:             Wed 30 Oct 2024 19:34:01 +0000
ROA not before:           Wed 30 Oct 2024 19:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207459
IP address blocks:        80.253.254.0/24 maxlen: 32
                          80.253.255.0/24 maxlen: 32
                          91.217.119.0/24 maxlen: 32
                          193.31.117.0/24 maxlen: 32
                          213.142.134.0/24 maxlen: 24
                          213.142.149.0/24 maxlen: 24
                          213.142.150.0/24 maxlen: 32
                          213.142.156.0/24 maxlen: 24
                          2a0e:36c0::/29 maxlen: 32
                          2a0e:36c0::/32 maxlen: 32
                          2a0e:36c1::/32 maxlen: 32
                          2a0e:36c2::/32 maxlen: 32
                          2a0e:36c3::/32 maxlen: 32
                          2a0e:36c4::/32 maxlen: 32
                          2a0e:36c5::/32 maxlen: 32
                          2a0e:36c6::/32 maxlen: 32
                          2a0e:36c6:ff80::/48 maxlen: 48
                          2a0e:36c7::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 19 Nov 2024 11:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:de:eb:b1:d8:18:fe:02:b0:34:c9:67:e0:7e:fc:4f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b6d178f13851306b5634df159716319f4d82478
        Validity
            Not Before: Oct 30 19:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c5d5253aec9362fca39e6fe255820929f5938cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:2a:0c:bb:1d:74:df:ed:1c:b7:40:0e:c1:e2:
                    d2:95:12:29:72:7a:3b:48:e5:ca:cb:da:cf:88:1d:
                    08:79:64:27:da:16:90:74:4f:3d:19:00:a0:9b:83:
                    20:f2:f2:96:95:83:e6:15:35:9a:60:e7:78:bd:3c:
                    fe:e7:5c:73:44:ce:8f:9d:02:04:9b:6f:45:cf:75:
                    31:8f:7d:50:a8:40:92:cc:d6:ae:77:b8:ed:10:fb:
                    b1:96:88:1d:21:9e:4e:8b:06:30:8e:3d:bf:21:1e:
                    9c:f0:99:46:6f:37:dc:30:8b:3e:65:77:bd:44:6f:
                    80:f5:be:f7:e6:e2:b5:11:cd:ab:50:57:74:3f:2d:
                    55:a9:cf:09:b8:38:b8:b7:d6:03:a4:c9:01:3a:5e:
                    57:80:7e:77:2b:21:bf:7d:9c:0c:c5:c6:73:aa:2e:
                    1a:62:79:96:7f:b4:8e:32:d6:04:77:18:82:e8:23:
                    08:5c:73:dd:64:98:a2:27:23:f8:0c:f1:76:f4:38:
                    9d:32:34:8f:76:62:ab:f1:3f:4b:ca:fa:3c:15:ed:
                    e5:c5:db:ff:b8:00:37:00:9d:60:3b:f3:13:3f:09:
                    06:8e:35:58:e5:70:a0:16:73:e2:6c:00:d3:74:f7:
                    b8:ea:e3:51:b4:b2:47:a7:8f:98:ef:94:9b:39:ab:
                    79:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:5D:52:53:AE:C9:36:2F:CA:39:E6:FE:25:58:20:92:9F:59:38:CD
            X509v3 Authority Key Identifier:
                keyid:5B:6D:17:8F:13:85:13:06:B5:63:4D:F1:59:71:63:19:F4:D8:24:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W20XjxOFEwa1Y03xWXFjGfTYJHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a1c6ec-c260-4ca2-887b-4bb94cbc2e73/1/PF1SU67JNi_KOeb-JVggkp9ZOM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a1c6ec-c260-4ca2-887b-4bb94cbc2e73/1/W20XjxOFEwa1Y03xWXFjGfTYJHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.254.0/23
                  91.217.119.0/24
                  193.31.117.0/24
                  213.142.134.0/24
                  213.142.149.0-213.142.150.255
                  213.142.156.0/24
                IPv6:
                  2a0e:36c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:47:d6:3e:fc:66:73:13:4d:18:80:e2:78:c1:11:72:93:1b:
         a3:94:a1:a6:ef:93:f2:df:73:8b:6e:3f:a9:5c:16:42:29:ac:
         8a:eb:79:a0:d1:e0:d9:ae:27:c9:d8:57:c5:bd:10:69:a2:13:
         5e:0d:67:9e:c5:8a:77:d2:49:09:1c:f8:9a:32:93:c5:51:90:
         d0:89:1f:a7:e2:74:1c:7b:37:0c:91:ae:34:7e:ff:4f:be:37:
         d8:cc:04:17:8d:b7:70:5a:e3:3d:b8:03:60:b9:80:90:99:a8:
         59:05:e4:f7:02:c8:af:16:a8:fd:cc:30:42:17:3a:f0:ba:c0:
         55:86:28:44:a5:b3:55:34:8d:8a:4b:23:6c:69:86:5d:2c:ed:
         cd:67:7d:31:e7:31:0b:c7:b2:d5:a5:75:5d:58:50:12:01:de:
         b3:21:2d:4b:04:d8:82:5e:f3:1c:ac:11:10:4e:eb:7f:f0:d0:
         23:74:c8:5a:78:aa:57:71:ba:4c:d7:a0:33:99:1d:5e:fb:3a:
         c8:0c:fd:99:84:69:84:8b:99:6c:12:8a:82:55:25:b2:d8:dd:
         25:0f:66:97:b4:65:14:a2:d7:e8:74:f5:b9:57:7d:66:3e:c0:
         0a:a2:0a:6b:69:17:7f:55:73:0e:7c:ab:51:c3:04:26:e5:3b:
         9a:cf:2d:2a
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZLe67HYGP4CsDTJZ+B+/E+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNmQxNzhmMTM4NTEzMDZiNTYzNGRmMTU5NzE2MzE5ZjRk
ODI0NzgwHhcNMjQxMDMwMTkzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzVkNTI1M2FlYzkzNjJmY2EzOWU2ZmUyNTU4MjA5MjlmNTkzOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyoMux103+0ct0AOweLSlRIpcno7
SOXKy9rPiB0IeWQn2haQdE89GQCgm4Mg8vKWlYPmFTWaYOd4vTz+51xzRM6PnQIE
m29Fz3Uxj31QqECSzNaud7jtEPuxlogdIZ5OiwYwjj2/IR6c8JlGbzfcMIs+ZXe9
RG+A9b735uK1Ec2rUFd0Py1Vqc8JuDi4t9YDpMkBOl5XgH53KyG/fZwMxcZzqi4a
YnmWf7SOMtYEdxiC6CMIXHPdZJiiJyP4DPF29DidMjSPdmKr8T9Lyvo8Fe3lxdv/
uAA3AJ1gO/MTPwkGjjVY5XCgFnPibADTdPe46uNRtLJHp4+Y75SbOat56QIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFDxdUlOuyTYvyjnm/iVYIJKfWTjNMB8GA1UdIwQY
MBaAFFttF48ThRMGtWNN8VlxYxn02CR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzIwWGp4T0ZFd2ExWTAzeFdYRmpHZlRZSkhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9hMWM2ZWMtYzI2MC00Y2EyLTg4N2It
NGJiOTRjYmMyZTczLzEvUEYxU1U2N0pOaV9LT2ViLUpWZ2drcDlaT00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9hMWM2ZWMtYzI2MC00Y2EyLTg4N2ItNGJiOTRjYmMyZTcz
LzEvVzIwWGp4T0ZFd2ExWTAzeFdYRmpHZlRZSkhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQBUP3+AwQA
W9l3AwQAwR91AwQA1Y6GMAwDBADVjpUDBADVjpYDBADVjpwwDQQCAAIwBwMFAyoO
NsAwDQYJKoZIhvcNAQELBQADggEBAK1H1j78ZnMTTRiA4njBEXKTG6OUoabvk/Lf
c4tuP6lcFkIprIrreaDR4NmuJ8nYV8W9EGmiE14NZ57FinfSSQkc+Joyk8VRkNCJ
H6fidBx7NwyRrjR+/0++N9jMBBeNt3Ba4z24A2C5gJCZqFkF5PcCyK8WqP3MMEIX
OvC6wFWGKESls1U0jYpLI2xphl0s7c1nfTHnMQvHstWldV1YUBIB3rMhLUsE2IJe
8xysERBO63/w0CN0yFp4qldxukzXoDOZHV77OsgM/ZmEaYSLmWwSioJVJbLY3SUP
Zpe0ZRSi1+h09blXfWY+wAqiCmtpF39Vcw58q1HDBCblO5rPLSo=
-----END CERTIFICATE-----