Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/P4Pk2X6txSHBU8oC-j2J3-4ovzg.roa
File:                     P4Pk2X6txSHBU8oC-j2J3-4ovzg.roa (raw, json)
Hash identifier:          YIWxZ3YCl3pqKx8NrhpN7r2psEXKISOmUOp9DvlyvpI=
Subject key identifier:   3F:83:E4:D9:7E:AD:C5:21:C1:53:CA:02:FA:3D:89:DF:EE:28:BF:38
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       01938C855C2E0D4E7F0EA3126D448FE32FE8
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/P4Pk2X6txSHBU8oC-j2J3-4ovzg.roa
Signing time:             Tue 03 Dec 2024 12:36:10 +0000
ROA not before:           Tue 03 Dec 2024 12:36:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201776
IP address blocks:        2.63.144.0/20 maxlen: 20
                          2.63.176.0/20 maxlen: 20
                          2.63.224.0/20 maxlen: 20
                          46.61.150.0/24 maxlen: 24
                          46.61.245.0/24 maxlen: 24
                          84.42.92.0/22 maxlen: 22
                          92.50.204.0/23 maxlen: 23
                          176.208.74.0/24 maxlen: 24
                          176.211.120.0/22 maxlen: 22
                          188.128.76.0/23 maxlen: 23
                          188.254.122.0/23 maxlen: 23
Validation:               Failed, certificate revoked on Thu 05 Dec 2024 09:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:8c:85:5c:2e:0d:4e:7f:0e:a3:12:6d:44:8f:e3:2f:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Dec  3 12:36:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f83e4d97eadc521c153ca02fa3d89dfee28bf38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:bc:0e:90:4b:13:db:f2:ca:a4:2a:70:53:9e:
                    31:94:97:33:0f:df:39:36:b8:c3:54:24:d2:f9:0c:
                    d4:24:6a:a0:fa:8c:a3:58:b9:7c:d7:b4:be:34:8d:
                    93:5b:7b:75:d2:73:21:23:fa:52:67:81:bb:cd:15:
                    d0:03:3c:6f:40:8e:7f:12:f0:64:ed:24:f0:a3:1a:
                    60:31:6f:36:57:0f:57:db:42:f9:98:69:da:48:8f:
                    8b:3f:87:04:8c:1b:83:1a:47:a3:f0:b1:e9:2c:5d:
                    81:97:43:76:f2:20:14:33:99:b1:91:66:4f:13:8a:
                    c7:cb:c1:61:52:26:f1:c0:f4:36:43:1c:b7:cc:e6:
                    ea:b7:45:db:df:e7:1d:76:51:98:44:53:86:99:c2:
                    ea:4a:56:c7:2f:25:13:8f:1e:59:c7:8b:d8:57:94:
                    d0:4d:b6:00:5f:dc:8b:cf:cb:6c:89:c8:6a:39:e8:
                    c7:b1:ab:00:f8:27:88:58:0b:b4:6e:1a:96:94:cb:
                    b8:8d:4b:5c:36:40:62:b3:41:76:47:4f:e8:ac:7b:
                    de:a6:aa:ca:44:f8:b6:2a:3f:f3:22:b5:4b:e9:22:
                    b2:af:d3:be:b6:a0:9f:b2:3d:1a:e3:37:21:cf:55:
                    1f:b4:38:60:74:7f:d2:c5:ce:2d:04:67:00:d2:36:
                    47:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:83:E4:D9:7E:AD:C5:21:C1:53:CA:02:FA:3D:89:DF:EE:28:BF:38
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/P4Pk2X6txSHBU8oC-j2J3-4ovzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.63.144.0/20
                  2.63.176.0/20
                  2.63.224.0/20
                  46.61.150.0/24
                  46.61.245.0/24
                  84.42.92.0/22
                  92.50.204.0/23
                  176.208.74.0/24
                  176.211.120.0/22
                  188.128.76.0/23
                  188.254.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:7d:79:ec:f0:73:e2:dd:d7:24:e1:50:9f:61:5f:88:ce:04:
         df:5d:5a:43:98:89:fc:11:81:07:7f:d2:98:83:46:fc:1d:fe:
         a0:c5:4a:bc:4a:c8:5f:3c:a2:40:86:44:c3:1f:4c:74:2d:1a:
         13:04:15:da:d9:94:35:2a:8f:24:48:d5:c9:e2:8f:08:5b:ff:
         cf:ad:14:5f:f0:57:22:58:1e:06:9e:d7:a6:3e:07:02:ae:90:
         46:87:08:47:2e:cf:ad:80:6e:b2:91:3e:f5:ae:f2:6a:4e:9b:
         8a:94:2f:51:74:af:69:3b:2d:28:09:3c:5c:74:ca:9f:04:4c:
         e5:aa:87:aa:f2:21:32:d6:04:ae:e3:34:b1:ed:d6:02:cc:ba:
         e3:5b:6d:fc:39:98:ad:c7:dd:83:1e:d4:e3:cf:c4:15:fe:58:
         8f:67:66:69:c3:55:5d:df:55:7e:d9:57:29:1a:fc:e9:60:74:
         6e:fc:eb:1f:e6:2c:7a:c1:4b:51:70:c5:ca:63:75:63:d6:11:
         9d:bc:03:6d:57:15:12:2a:24:cd:cb:d0:f7:ac:29:bd:ee:4f:
         64:6b:3e:6d:aa:b9:91:c1:8c:0d:e0:d2:6b:bb:24:12:5f:9b:
         81:56:e2:f9:04:6c:fd:77:be:54:f3:8d:32:fc:fd:11:2e:34:
         18:92:1d:d3
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZOMhVwuDU5/DqMSbUSP4y/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQxMjAzMTIzNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjgzZTRkOTdlYWRjNTIxYzE1M2NhMDJmYTNkODlkZmVlMjhiZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7LwOkEsT2/LKpCpwU54xlJczD985
NrjDVCTS+QzUJGqg+oyjWLl817S+NI2TW3t10nMhI/pSZ4G7zRXQAzxvQI5/EvBk
7STwoxpgMW82Vw9X20L5mGnaSI+LP4cEjBuDGkej8LHpLF2Bl0N28iAUM5mxkWZP
E4rHy8FhUibxwPQ2Qxy3zObqt0Xb3+cddlGYRFOGmcLqSlbHLyUTjx5Zx4vYV5TQ
TbYAX9yLz8tsichqOejHsasA+CeIWAu0bhqWlMu4jUtcNkBis0F2R0/orHvepqrK
RPi2Kj/zIrVL6SKyr9O+tqCfsj0a4zchz1UftDhgdH/Sxc4tBGcA0jZHvwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFD+D5Nl+rcUhwVPKAvo9id/uKL84MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvUDRQazJYNnR4U0hCVThvQy1qMkozLTRvdnpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQEAj+QAwQE
Aj+wAwQEAj/gAwQALj2WAwQALj31AwQCVCpcAwQBXDLMAwQAsNBKAwQCsNN4AwQB
vIBMAwQBvP56MA0GCSqGSIb3DQEBCwUAA4IBAQATfXns8HPi3dck4VCfYV+IzgTf
XVpDmIn8EYEHf9KYg0b8Hf6gxUq8SshfPKJAhkTDH0x0LRoTBBXa2ZQ1Ko8kSNXJ
4o8IW//PrRRf8FciWB4GntemPgcCrpBGhwhHLs+tgG6ykT71rvJqTpuKlC9RdK9p
Oy0oCTxcdMqfBEzlqoeq8iEy1gSu4zSx7dYCzLrjW238OZitx92DHtTjz8QV/liP
Z2Zpw1Vd31V+2VcpGvzpYHRu/Osf5ix6wUtRcMXKY3Vj1hGdvANtVxUSKiTNy9D3
rCm97k9kaz5tqrmRwYwN4NJruyQSX5uBVuL5BGz9d75U840y/P0RLjQYkh3T
-----END CERTIFICATE-----